Rs 22.9 Cr Digital Arrest Scam: 5 Banks Ordered to Pay Rs 1.3 Cr Compensation

New Delhi, April 22, 2026: In a significant development that could reshape how banks handle suspicious transactions and their liability in cybercrime, the Reserve Bank of India (RBI) Ombudsman has passed a landmark order directing five major banks to pay a combined Rs 1.31 crore to a victim of a devastating “digital arrest” scam.

This ruling follows the harrowing ordeal of 78-year-old Naresh Malhotra, a retired banker from South Delhi, who lost his life savings of Rs 22.92 crore to fraudsters over a period of just six weeks in late 2025. While the recovery of the total lost amount remains an ongoing legal battle, the Ombudsman’s decision establishes a critical precedent regarding the accountability of beneficiary banks in failing to curb money laundering through “mule” accounts.

The Anatomy of the ‘Digital Arrest’

The case of Naresh Malhotra, described as one of the largest individual cyber fraud incidents in India, highlights the chilling efficiency of organized digital crime syndicates.

Between August and September 2025, Malhotra was coerced into a “digital arrest”—a psychological tactic where scammers impersonate law enforcement officials (such as the CBI, ED, or Mumbai Police) over video calls. Under the constant threat of false criminal charges related to “terror funding” or money laundering, victims are kept isolated, monitored on camera, and forced to transfer their assets for “verification.”

In Malhotra’s case, the scammers exercised near-total control. He was forbidden from contacting his family and was only permitted to step out of his home to visit bank branches to liquidate his investments—mutual funds, SIPs, and savings—to transfer the funds into accounts dictated by the fraudsters.

The complexity of the scam was staggering: the Rs 22.92 crore was splintered through 4,236 layered transactions across 47 different banks, making the money trail incredibly difficult to track.

Why Were the Banks Held Liable?

The RBI Ombudsman’s order, issued on February 25, 2026, focused on the role of the “beneficiary” banks—the institutions where the stolen money eventually landed in mule accounts.

While the remitting banks (where Malhotra held his accounts) were not found to have direct service deficiencies, as the transactions were initiated by the victim himself, the situation for the beneficiary banks was different. The investigation revealed significant lapses in:

• KYC/AML Compliance: The accounts receiving the stolen funds had inadequate compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) norms.
• Transaction Monitoring: Given the massive volume and the rapid-fire speed of the transfers, the banks failed to flag or halt these highly suspicious patterns of activity.

The Ombudsman noted that while it might not be possible to stop all transfers instantly, the systemic failure to monitor these accounts allowed the fraud to perpetuate. Consequently, Axis Bank, City Union Bank, ICICI Bank, IndusInd Bank, and Yes Bank were ordered to pay a combined total of Rs 1.31 crore, representing between 5% and 7.5% of the sums deposited in those specific accounts.

The Road Ahead: Fighting for Full Restitution

While Naresh Malhotra has received the Rs 1.31 crore, he views this only as a partial victory. He has since filed an appeal with the RBI, demanding the restitution of the entire defrauded sum, along with interest and damages.

“The compliance of banks is supposed to be 100%,” Malhotra stated in recent interviews. He argues that any bank failing to adhere to strict regulatory norms and allowing mule accounts to flourish is directly responsible for enabling such massive frauds. His case is currently being probed by the Central Bureau of Investigation (CBI), which was tasked by the Supreme Court in late 2025 to take over the investigation into digital arrest scams across the country.

A Lesson for Every Digital User

The Naresh Malhotra case is a stark reminder that even the most financially literate individuals can be ensnared by sophisticated psychological manipulation. As cybercrime syndicates evolve, here are three essential rules to stay safe:

1. The “Digital Arrest” Myth: No law enforcement agency—be it the CBI, ED, or local police—will ever “arrest” you over a video call, ask you to isolate yourself, or demand you transfer money to “verify” your accounts. If a caller claims this is happening, hang up immediately.
2. Verify, Don’t Comply: If you receive a call from someone claiming to be an official, do not follow their instructions on a WhatsApp call. Verify their identity by visiting the official website of the department or going to the nearest police station in person.
3. Report Immediately: If you realize you have been targeted, time is your most valuable asset. Report the incident immediately to the National Cyber Crime Helpline at 1930 or via www.cybercrime.gov.in. Freezing the money trail in the “golden hour” is the only way to prevent the funds from being moved across multiple layered accounts.

As the legal landscape shifts to hold institutions more accountable, this ruling may be the first of many aimed at forcing banks to become the first line of defense against the rising tide of digital financial crimes in India.