At Kotak Mahindra Bank, ₹160 crore in fixed deposits did not erode, fluctuate, or get delayed – it simply did not exist. A fixed deposit is supposed to be the safest place your money can sit. No volatility, no surprises, no ambiguity. And yet, in this case, ₹160 crore didn’t just lose value – it simply didn’t exist. Not lost, not delayed, not misallocated. Just… absent.

So what happened, here is the full story –

Kotak Mahindra Bank is in the headlines for a ₹150–160 crore fixed deposit fraud linked to the Panchkula Municipal Corporation in Haryana. And like most banking frauds, this one did not begin with suspicion. It began with trust.

The Corporation had placed funds into fixed deposits with the bank. The records existed. The Fixed Deposit Receipts existed. The statements existed. Everything, at least on paper, was in order.

Until the money was needed.

The fraud came to light when the Municipal Corporation requested the maturity proceeds of a ₹58 crore fixed deposit. According to the bank statement, the amount had already been transferred.

But the funds never reached the Corporation’s account.

What initially appeared to be a delay quickly unraveled into something far more serious. The bank statement itself was found to be counterfeit. The transfer had never happened. And more importantly – the deposit itself did not exist.

Subsequent verification exposed a deeper breakdown. Multiple Fixed Deposit Receipts issued to the Corporation were found to be fake, with no corresponding funds in the bank’s records. What had been treated as secure, interest-bearing deposits were, in reality, nothing more than fabricated entries supported by forged documentation.

This was not an isolated mismatch. As more records were examined, discrepancies began to surface across multiple deposits, pushing the total exposure to nearly ₹160 crore.

Officials confirmed that some of these FDRs had been held for extended periods, with no red flags raised during that time. The irregularities surfaced only when a maturity request forced a reconciliation.

—-That timeline is critical.

—-It means the system did not detect the fraud. It did not question it. It did not  flag it.

—-It simply carried it forward.

Authorities now suspect that the case may not be limited to internal manipulation within the bank. The possibility of collusion involving certain Municipal Corporation officials is also being examined, indicating that the fraud may have operated across multiple points of control.

Haryana Police have arrested Dileep Kumar Raghav, a former relationship manager at the bank, in connection with the case. His role is under investigation, but the scale and duration of the fraud suggest that this was not a one-person operation.

The Panchkula Municipal Corporation has since filed an FIR against the bank and approached the Haryana government seeking its de-empanelment. The matter has also been referred to State Vigilance.

Haryana Chief Minister Nayab Singh Saini has ordered an investigation.

On its part, Kotak Mahindra Bank has stated that it has initiated a reconciliation of all fixed deposits and linked accounts associated with the Corporation. The bank maintains that, based on records reviewed so far, all account opening procedures, KYC documentation, and transaction processes were carried out in accordance with applicable norms.

It has also said that a “significant portion” of the amounts under review has already been reconciled, and that it is cooperating with authorities.

The bank has filed a complaint with the Panchkula Police, describing it as part of its governance process to ensure an independent and comprehensive investigation.

At this stage, the case remains under investigation, with authorities examining the role of multiple individuals and the possibility of coordinated involvement.

What is already clear, however, is this: Funds believed to be securely held in fixed deposits were not there.

What Actually Happened

The case centres around funds deposited by the Panchkula Municipal Corporation with Kotak Mahindra Bank in the form of fixed deposits, traditionally considered one of the safest financial instruments. On record, these deposits existed – backed by Fixed Deposit Receipts (FDRs), supported by bank statements, and treated as legitimate holdings of public money.

The discrepancy surfaced only when the Corporation sought to access its funds.

A fixed deposit worth ₹58 crore had reached maturity, and a request was made to transfer the proceeds into the Corporation’s account. According to the bank statement, the transfer had already been completed.

The funds, however, never arrived.

What initially appeared to be a transactional delay quickly escalated when verification revealed that the bank statement itself was not genuine. The transfer had not taken place.

This triggered a broader examination of the Corporation’s deposits with the bank.

As records were scrutinised, multiple Fixed Deposit Receipts were found to be inconsistent with the bank’s actual records. Deposits that were reflected as active and valid on paper had no corresponding funds in the system. What had been treated as secure fixed deposits were, in effect, unsupported entries backed by forged documentation.

The scale of the discrepancy widened with each layer of verification, eventually bringing the total exposure to approximately ₹150–160 crore.

Officials confirmed that some of these FDRs had been held over extended periods, without any irregularities being flagged during that time. The issue came to light only when a maturity request necessitated reconciliation.

That sequence is central to the case – the system did not detect the discrepancy independently; it was exposed only when funds were demanded.

This Should Not Be Possible

A fixed deposit is not a complex financial instrument. It does not rely on market movements, external pricing, or layered derivatives. It is a simple contract – money is deposited, recorded, and held by the bank until maturity.

Which is precisely why this case raises a more fundamental concern.

How do fixed deposits that do not exist continue to exist on record?

For a discrepancy of this scale to sustain over time, multiple layers of control would have had to fail or be bypassed.

At a minimum, this includes:

• Internal record-keeping systems
• Periodic reconciliations
• Branch-level supervision
• Audit mechanisms
• And transaction verification processes

None of these flagged the absence of underlying funds.

The deposits were documented. Statements were generated. Receipts were issued. And for an extended period, these records were accepted as valid.

The system did not question the entries. It carried them forward.

The irregularity surfaced only when a maturity request forced a reconciliation between what was recorded and what actually existed.

That gap – between record and reality – is where the entire case sits.

It is also where the explanation becomes inadequate. Because this cannot be explained purely as an operational lapse. An operational error may delay a transaction. It may misroute funds. It may create temporary inconsistencies. It does not create deposits that have no backing.

The arrest of a relationship manager introduces accountability at an individual level. But the persistence of the discrepancy over time points to something broader – either systemic weakness, or a breakdown in oversight that allowed unsupported entries to remain unquestioned.

The possibility of collusion, now under investigation, only reinforces that this was not a momentary failure.

It was a condition that existed and continued until it was forced into the open.

And that leads to a more direct question: If deposits can remain unverified until withdrawal, what exactly is being monitored in the interim?

Not an Isolated Case

The timing of this case makes it harder to dismiss as an exception.

Just weeks earlier, a ₹590 crore discrepancy surfaced at IDFC First Bank involving funds linked to Haryana government accounts. That case, too, came to light only when the account holder attempted to access the funds.

The explanation offered there followed a now familiar line – “unauthorised activities” by branch-level employees.

The sequence is almost identical.

—Funds believed to be securely held.
—Records indicating everything is in order.
—No detection during the holding period.
—And discovery only at the point of withdrawal.

Different institutions. Similar failure points. This matters because it shifts the conversation. If such incidents were rare, they could be treated as isolated breakdowns – specific to a branch, an employee, or a lapse in supervision.

But when the trigger, the explanation, and the pattern begin to repeat, it becomes harder to frame them as unrelated.

In both cases:

—Public or institutional funds were involved
—The discrepancy remained undetected over time
—Internal systems did not flag the issue
—And accountability surfaced only after exposure

The recurrence of these elements suggests that the vulnerability is not confined to a single bank. It exists within the system.

And the explanation – that these are simply the actions of individuals operating outside established processes – becomes less sufficient when similar outcomes emerge across different institutions.

Because at that point, the question is no longer about who acted. It is about what allowed it.

Beyond One Employee

At the centre of the case is the arrest of a relationship manager. It is a necessary step. But it is also the most convenient explanation available. Because it allows the system to reduce a ₹160 crore discrepancy to the actions of one individual.

That explanation does not hold.

A relationship manager does not operate in isolation. He operates within a structure – one that includes verification layers, reporting systems, supervisory oversight, and audit checks.

For fabricated fixed deposits to exist and persist, multiple points of validation would have had to be either bypassed or rendered ineffective.

–Documents were generated.
–Receipts were issued.
–Statements were produced.

And none of these triggered a breakdown in the system.

That is not a single point failure.

It is a chain.

The length of time over which these deposits remained unquestioned only strengthens that conclusion. These were not one-off entries created and immediately withdrawn. They were held, carried forward, and treated as legitimate over an extended period.

Which means they were seen…. And accepted!

The possibility of collusion, now under investigation, further complicates the picture. If confirmed, it shifts the case from internal misconduct to coordinated activity across institutional boundaries.

But even without establishing collusion, the core issue remains unchanged.

A system designed to verify the existence of funds failed to do so.

The “rogue employee” explanation addresses who may have initiated the act. It does not explain how it was sustained.

And that distinction matters. Because accountability cannot stop at the point of action. It has to extend to the mechanisms that allowed the action to remain undetected.

If those mechanisms fail – or fail repeatedly – then the issue is no longer individual. It is structural.

The System That Rewards Volume, Not Vigilance

Modern banking, particularly in the private sector, no longer runs purely on deposits and lending. A significant part of its growth is driven by distribution – insurance, wealth products, investment plans – all of which carry commissions.

And that changes behaviour.

Inside branches, the relationship manager is no longer just a service point. He is a sales engine. Performance is measured not by how safely money is held, but by how much additional revenue is generated.

Data reflects the pressure clearly:

• Over 84% of relationship managers report constant sales pressure
• Nearly 58% say they are explicitly told to sell at any cost
• Close to 60% operate under unrealistic targets
• More than half fear job loss if those targets are not met

This is not incidental pressure. It is built into the system.

From the bank’s perspective, the incentive is straightforward. Commission income has become a meaningful contributor to overall revenue.

Across major banks:

• Axis Bank: ~25% of income from commissions
• IDFC First Bank: ~23.6%
• IndusInd Bank: ~22.1%
• Kotak Mahindra Bank: ~19.4%

That shift matters because it redefines priorities.

When revenue is tied to selling, attention follows selling.

When attention shifts, other functions – verification, monitoring, reconciliation – become procedural rather than active.

This does not directly create fraud. But it creates an environment where:

• Oversight can become secondary
• Red flags can be missed or delayed
• And systems can continue operating without being challenged

The same structure that drives aggressive selling also reduces the emphasis on scrutiny. And when scrutiny weakens, discrepancies do not always get detected when they should. They get detected when they cannot be ignored anymore.

The Defence Always Sounds Familiar

This is not the first time Kotak Mahindra Bank has had to respond to concerns around fraud reporting. In August 2022, the bank issued the following statement:

Official Statement — Kotak Mahindra Bank (30th August 2022)

“**The news reports on bank frauds that appeared recently are comparing apples to oranges. The total number of frauds reported by Kotak Mahindra Bank (Kotak), in line with regulatory requirements, also include instances of skimming, phishing, vishing, ecommerce frauds, across debit cards, credit cards, UPI, mobile banking, internet banking, payment gateways etc., regardless of whether customers and/or the bank faced losses, or whether the fraud amounts were recovered eventually.

We have observed that there is significant variance in what is chosen to be reported to the regulator by other banks. We have appealed to the regulator vide our letters dated 17th March, 2022 and 30th August 2022 to enforce standardisation in reporting requirements.

For the period reported, of the 5,278 instances for Kotak, 97% are digital and card-related frauds that occurred due to customers unwittingly compromising their credentials by clicking on unknown links, or giving access to their devices or sharing their credentials with unscrupulous individuals willingly. It is our submission that other banks do not appear to be exhaustively or uniformly reporting these types of frauds. Such frauds are not a reflection of any vulnerabilities in the bank’s secure infrastructure and systems.

The bank continues its efforts towards customer education on safe banking and exhorting them never to compromise confidential banking details. The bank has seen a steady downward trend year-on-year (27%) in such digital fraud transactions reported by customers while customer acquisition and digital transactions are increasing exponentially.”**

What This Statement Actually Says

On the surface, the statement attempts to clarify reporting methodology. But read closely, and a pattern emerges.

The emphasis is not on institutional vulnerability, it is on classification.

Frauds are reframed as:

—Customer-driven incidents
—Digital behaviour issues
—Reporting inconsistencies across banks

The number that stands out is 97%.

According to the bank, 97% of fraud instances are attributed to customers compromising their own credentials. The implication is clear – the system is largely secure, and the problem lies outside it.

That argument may hold in cases involving phishing links, card misuse, or digital access breaches.

It becomes harder to reconcile when the issue is not digital access, but the existence of deposits themselves.

Because in the current case:

—No customer clicked a malicious link
—No credentials were compromised
—No external phishing event triggered the loss

—The deposits were recorded within the system.
—The receipts were issued through formal channels.
—The statements reflected transactions that did not occur.

Hence, this is not customer error; it is internal breakdown.

The earlier framing – that fraud is largely external and customer-driven – sits uneasily alongside a case where records within the banking system itself do not align with reality.

And that is where the fault line begins to show. Because the question is no longer about how fraud is classified. It is about where it originates.

The Pattern That Cannot Be Ignored

The ₹160 crore fixed deposit discrepancy is not emerging in isolation for Kotak Mahindra Bank. Over the past few years, the bank has repeatedly surfaced in situations that point to gaps – not always identical in nature, but similar in what they reveal.

In 2024, the Reserve Bank of India imposed restrictions on the bank’s digital operations, including onboarding new customers and issuing fresh credit cards. The reason cited was not a single incident, but deficiencies in IT systems and risk management that had not been adequately addressed despite prior observations.

That action was significant.

Regulators do not typically intervene in a bank’s growth engine unless concerns move beyond routine compliance and into systemic risk.

• Around the same period, the bank also faced monetary penalties for non-compliance with regulatory norms – again, not for one-off violations, but for lapses in adhering to established guidelines.

• Separately, a court ruling found the bank guilty in a case involving criminal breach of trust and falsification of records, resulting in financial penalties. This moved the issue from regulatory non-compliance into the domain of judicial scrutiny.

• There have also been instances of internal misconduct, including cases where bank employees were found to have diverted funds using forged documentation and unauthorised accounts.

Individually, each of these can be explained.

A systems issue
A compliance lapse
An employee-level violation
A case-specific dispute

But collectively, they begin to form a pattern.

A pattern where: Issues are detected after escalation, Action follows exposure, And explanations remain confined to specific incidents. What ties them together is not the scale or the exact nature of each event, but the recurring theme of controls being either insufficient or ineffective at the point where they are needed most.

The current case fits into that pattern.

Not because it is identical to past incidents, but because it raises the same underlying question – whether the systems designed to detect, prevent, and escalate risks are functioning as intended.

And when that question begins to repeat across different contexts, it stops being about individual events.

It becomes about reliability.

The Regulator in the Room

At the centre of India’s banking system sits the Reserve Bank of India – the authority responsible for ensuring that deposits are safe, systems are sound, and risks are identified before they turn into losses.

Which makes cases like this difficult to ignore. Because the failure here is not just transactional. It is supervisory. 

Banks operate under a framework that includes:

• Periodic audits
• Regulatory inspections
• Compliance reporting
• Risk assessment systems
• Mandatory reconciliation processes

These are not optional safeguards. They are designed to ensure that discrepancies – especially those involving public funds – are identified early. 

And yet, in this case, deposits that had no underlying funds remained on record over extended periods. The system did not flag it. The bank did not detect it. And the regulator did not intervene before exposure.

This raises a basic question.

What exactly is being monitored?

The Reserve Bank of India has, in recent years, tightened several norms – from stricter KYC requirements to guidelines on fraud classification, digital security, and grievance redressal.

On paper, the framework is comprehensive.

In practice, cases like this suggest a different reality.

Detection appears reactive, not proactive.

Frauds come to light when:

Funds are withdrawn, Accounts are closed Or discrepancies are externally triggered. Not when they originate. This is not a one-off observation.

From cooperative bank failures to large-scale discrepancies in private banks, the pattern is consistent – the system responds after the event, not before it.

Regulatory oversight, in theory, is designed to act as an early warning system.

In effect, it often functions as a post-event validator.

There is also a structural limitation.

The RBI regulates systems. It does not monitor every transaction in real time. It relies on banks to report accurately, audit internally, and escalate irregularities.

That dependence becomes a vulnerability when internal controls fail or are bypassed. Because the regulator then sees what the bank reports – not necessarily what actually exists.

Which creates a gap. Between reported reality and actual reality. And it is within that gap that discrepancies can persist. The question, then, is not whether rules exist.

They do.

The question is whether enforcement and detection mechanisms are keeping pace with the complexity — and in some cases, the intent — within the system.

Because when ₹160 crore can sit as a recorded deposit without underlying funds, the issue is no longer about compliance on paper.

It is about verification in practice.

The Last Bit, If Deposits Need Verification, What Is Left to Trust? A Pattern, Not a Problem

Kotak Mahindra Bank is not dealing with an isolated incident. It is dealing with a pattern.

A pattern where:

• issues surface after escalation
• controls fail quietly before they fail publicly
• and accountability arrives only after exposure

The ₹160 crore fixed deposit fraud is not just about missing money. It is about a system that allowed records to exist without reality, oversight to exist without intervention, and risk to exist without detection.

Over the past few years, the Kotak Mahindra Bank has faced regulatory restrictions, compliance penalties, judicial findings, and internal misconduct cases. Each explained away individually. Together, they point to something else entirely – a gap between how the system is supposed to function and how it actually does.

In the case of Kotak, the issue is no longer operational. It is structural. And that is where the discomfort lies. Because a bank does not just manage money. It manages trust. And trust does not erode in a single event.

It erodes when failures repeat, when explanations start sounding identical, and when the system keeps operating on the assumption that whatever is recorded must be real.

Kotak Mahindra Bank has, time and again, found itself at the centre of issues that are too frequent to be dismissed and too similar to be ignored. At this point, calling them isolated incidents is not analysis – it is avoidance.

Because when:

• deposits don’t exist
• controls don’t detect
• systems don’t question
• and accountability arrives only after exposure

What exactly is working?

Call it incompetence. Call it failure. But let’s stop pretending it is accidental.

This is what repeated breakdown looks like.

And yet, nothing fundamentally changes. The cycle remains the same — incident, explanation, investigation, and then silence until the next one surfaces.

So the question is no longer about what went wrong.

The question is: what is the cost of letting it continue?

Because if repeated failure does not lead to proportionate consequence, then the system is not just overlooking the problem – it is enabling it.

At some point, the conversation has to move beyond statements and reconciliations.

Because if a bank repeatedly fails at the most basic function – holding and accounting for money – then the question is not about fixing processes.

It is about whether the system is willing to draw a line at all.