Mandating Human Oversight in RBI Ombudsman Complaints and Protecting Cardholders from Harassment – Commentary on Sarwar Raza v. Ombudsman RBI & Anr., 2025 DHC 10520

Mandating Human Oversight in RBI Ombudsman Complaints and Protecting Cardholders from Harassment – Commentary on Sarwar Raza v. Ombudsman Reserve Bank of India & Anr., 2025 DHC 10520

I. Introduction

The decision of the Delhi High Court in Sarwar Raza v. Ombudsman Reserve Bank of India & Anr., 2025 DHC 10520 (W.P.(C) 16659/2022, decided on 27 November 2025), is a significant development at the intersection of consumer protection in digital banking, regulatory accountability of the Reserve Bank of India (RBI), and the design of complaint redressal mechanisms.

The case arises from a relatively small-value but highly illustrative credit card fraud involving a sum of ₹76,777 debited from a newly issued credit card that the petitioner claims he never requested or activated. The facts reveal not just an alleged unauthorised transaction, but a chain of systemic failures:

  • Unexplained change of registered mobile number linked to the credit card account.
  • Issuance of a new credit card without a clear, provable request from the customer.
  • Automated and impersonal communications from the bank demanding payment despite a High Court order of “no coercive steps”.
  • Mechanical, system-generated closure of complaints by the RBI’s Integrated Ombudsman System on technical grounds.
  • Harassment by recovery agents visiting the petitioner’s residence.

Against this backdrop, the Court does two things:

  1. It grants individual relief to the petitioner, including non-recovery of the disputed amount, restoration of CIBIL score, and compensation for harassment.
  2. More importantly, it issues a set of systemic directions that effectively reshape how the RBI Ombudsman and regulated banks must handle:
    • Customer complaints, especially those relating to unauthorised electronic transactions; and
    • Recovery practices and communications with customers.

The judgment thus sets a precedent on three fronts:

  • No mechanical rejection of Ombudsman complaints; final rejections must undergo human, legally trained oversight.
  • Banks cannot levy interest/penalties or depress CIBIL scores on genuinely disputed, unresolved fraudulent transactions.
  • Recovery harassment is impermissible, and banks are vicariously responsible for their agents, warranting monetary consequences.

II. Factual and Procedural Background

A. The Credit Cards and the Disputed Transaction

The petitioner, a practising advocate in Delhi, held a Citibank credit card (“credit card No. 1” ending 6173) issued in January 2022. On 5 April 2022, a new credit card (“credit card No. 2” ending 9319) was issued. The petitioner asserts he:

  • Never requested this second card.
  • Was assured by customer care that if he did not activate it, it would not be updated in the bank’s records.

However, on 12 April 2022, the petitioner received an e‑mail statement reflecting:

  • A debit of ₹76,777 on 6 April 2022 via a Paytm rent payment transaction on credit card No. 2, allegedly a day after issuance.
  • The petitioner contends this transaction was never performed or authorised by him.

On the same date (12 April 2022), he lodged:

  • A complaint with Citibank, and
  • A complaint with the Cyber Cell of the Delhi Police.

Citibank initially provisionally credited back the disputed amount, but in July 2022:

  • Closed the complaint,
  • Reversed the provisional credit,
  • Resumed billing the disputed amount with interest and penalties.

The bank’s explanation: the transaction was executed using APIN / IPIN / OTP credentials and was treated as a genuine transaction. The petitioner countered that he had neither activated nor used credit card No. 2, nor received any OTP for this transaction on his registered mobile number.

B. Disputed Change of Mobile Number and Card Operations

Citibank’s counter-affidavit, summarised by the Court, sets out this chronology:

  • On 3 April 2022:
    • The petitioner’s Internet PIN (IPIN) for Citibank online access was changed, after an OTP was sent to the registered mobile number 9953692225.
    • Shortly thereafter, the registered mobile number itself was changed to 8710055661.
    • According to the bank, SMS alerts regarding the change were sent to the old number.
  • On 5 April 2022:
    • Credit card No. 1 was blocked, based on internal review.
  • On 6 April 2022:
    • Credit card No. 2 was issued, allegedly at the petitioner’s request.
    • IPIN and APIN were changed again, with OTPs sent to the new mobile number.
    • “Virtual card view” was accessed and transaction limits allegedly modified, followed by the Paytm transaction of ₹76,777.

The petitioner categorically denies:

  • Any request for issuance of credit card No. 2.
  • Any authorisation for change of mobile number.
  • Any access to virtual card view or modification of limits.
  • Any receipt of OTPs for these activities.

The Court pointedly notes that how the registered mobile number was changed remains “shrouded in mystery” (para 35), but also recognises that resolving this would require detailed factual enquiry and evidence not suitable for a writ proceeding. It therefore avoids a conclusive finding on whether and by whom the credentials or OTP were compromised.

C. Complaints to the RBI Ombudsman and Mechanical Rejections

After Citibank closed his complaint, the petitioner approached the RBI Integrated Ombudsman on 22 July 2022, filing two complaints:

  • Complaint No. N202223022001847 – closed under clause 10(2)(f) of the RBI Integrated Ombudsman Scheme, 2021 on the ground that it was lodged “through an advocate”.
  • Complaint No. N202223022001848 – closed under clause 10(2)(a)(i) on the ground that the complainant had not approached the regulated entity (Citibank) before approaching the Ombudsman.

The RBI clarified that these were system-generated closures by the “Complaint Management System – Super Admin”, i.e., an automated mechanism and not a result of considered human adjudication.

D. Writ Petition, Interim Protection and Contempt

The petitioner then filed the present writ petition seeking, inter alia:

  • Refund of ₹76,777 with interest,
  • Restoration of his CIBIL score,
  • Refund of penalty charges, and
  • Costs and further directions.

On 5 December 2022, the Court issued notice and directed:

“No coercive steps shall be taken by the Citi Bank against the Petitioner in the meantime.”

Despite this, Citibank:

  • Issued a demand notice dated 2 January 2023 for ₹1,00,972 (including late payment fees and interest).
  • Sent e‑mails on 13 and 17 January 2023 threatening closure and demanding payment.
  • Made numerous recovery calls; a collection agent also visited the petitioner’s residence demanding a settlement amount of about ₹80,000.

This led to a contempt petition, CONT.CAS.(C) 150/2023. The Court expressed concern that:

  • The demand notices and e‑mails were impersonal and system-generated,
  • No identifiable bank official could be held responsible,
  • Customers could not easily contact any accountable officer.

The Court summoned the General Manager (Credit Card Division) of Citibank, and called for affidavits on:

  • Whether e‑mails could indicate responsible officials.
  • Verification processes for changing registered mobile numbers.
  • Functioning of helplines.
  • Appointment and regulation of collection agents.

Citibank tendered an unconditional apology and confirmed that all penalties and interest had been reversed. The Court discharged the contempt notice but recorded its dissatisfaction regarding:

  • The unexplained generation of OTP on an “unregistered mobile number”, and
  • The treatment of a victim of cyber fraud as a defaulter.

III. Summary of the Judgment

In its final judgment, the Court adopts a two‑pronged approach:

A. Individual Relief to the Petitioner

The Court holds:
  1. No liability for the disputed amount:
    • The disputed amount of ₹76,777 has already been re‑credited by the bank.
    • No late fees, interest, or any further amount in relation to this sum may be charged to the petitioner (Direction (1), para 47).
  2. Protection of CIBIL score:
    • The petitioner’s CIBIL score shall not be altered merely on the basis of the disputed transactions and must be restored if there are no other grounds for change (Direction (2)).
  3. Compensation for harassment:
    • For the conduct of the recovery agents and consequent harassment, the Court holds Citibank responsible and directs it to pay ₹1,00,000 as costs to the petitioner by 15 January 2026 (Direction (3)).

B. Structural and Systemic Directions

Recognising that the matter raises broader issues of systemic failure, the Court issues a series of consequential directions:

  1. Non-mechanical handling of Ombudsman complaints:
    • The RBI must ensure that complaints to the Ombudsman are not rejected by a purely mechanised process.
    • If complainants commit errors in forms/fields, they must be given an opportunity to correct them (Direction (4)).
  2. Mandatory human legal supervision of final rejections:
    • Whenever complaints before the RBI Ombudsman are finally rejected, there must be a second level of human supervision by trained legal personnel (e.g., retired judicial officers or lawyers with at least 10 years’ experience), ensuring that complaints are not rejected for minor mistakes (Direction (5)).
  3. Transparency in banks’ internal grievance hierarchy:
    • RBI shall direct all regulated banks to create a flowchart in the “complaints” tab on their websites, clearly indicating:
      • How to contact customer care,
      • How to escalate to the branch manager, and
      • How to approach the nodal officer (Direction (6)).
  4. Visibility of complaint-handling hierarchy:
    • The RBI Ombudsman shall ensure that all banks and financial institutions prominently display the hierarchy of officers handling consumer complaints on their websites via a flowchart (Direction (7)).
  5. Strengthening the Ombudsman’s office:
    • The Court emphasises that the Reserve Bank–Integrated Ombudsman Scheme, 2021 must be an effective mechanism and not a “toothless division” of the RBI (para 39).
    • If strengthening, expansion or supplementation of human resources at the Ombudsman is required, RBI must undertake it (Direction (4)).
  6. Implementation of RBI’s 2017 and 2022 circulars:
    • The Court reiterates that Circular No. RBI/2017‑18/15 (6 July 2017) on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions must be implemented in “letter and spirit” (para 43).
    • It also takes note of Circular No. RBI/2022‑23/108 (12 August 2022) on responsibilities of regulated entities employing recovery agents, reaffirming banks’ responsibility for their agents’ conduct (para 27).
  7. Continued judicial supervision:
    • The directions are to be brought to the notice of the concerned Deputy Governor, RBI.
    • The Deputy Governor must file an affidavit by 15 January 2026 indicating measures taken to implement the directions (para 48).
    • The case is listed for compliance reporting on 30 January 2026 (para 50).

IV. Normative Framework and “Precedents” Relied Upon

While the judgment does not cite earlier judicial authorities, it is anchored in statutory and regulatory instruments governing consumer protection in electronic banking. These operate as the functional “precedents” guiding the Court’s reasoning.

A. RBI Integrated Ombudsman Scheme, 2021 – Clause 10(2)

The Reserve Bank–Integrated Ombudsman Scheme, 2021 consolidates and streamlines grievance redressal for customers of banks and certain other regulated entities. The Court reproduces Clause 10(2) in full (para 39) which:

  • Specifies when a complaint “shall not lie”, i.e., grounds of non‑maintainability.
  • Conditions admissibility on:
    • Prior written complaint to the regulated entity and either rejection or no response within 30 days (clause 10(2)(a)),
    • Complaint not being already decided/pending elsewhere (clause 10(2)(b)),
    • Complaint not being frivolous or vexatious (clause 10(2)(c)),
    • Complaint to the entity being within limitation (clause 10(2)(d)),
    • Complainant providing complete information (clause 10(2)(e)), and
    • Personal filing by the complainant or via authorised representative other than an advocate (unless the advocate is the aggrieved person) (clause 10(2)(f)).

Two explanatory clauses are noteworthy:

  • Explanation 1 recognises complaints made “through other modes” as written, if proof of having made the complaint is available.
  • Explanation 2 clarifies that pending or decided criminal proceedings or police investigations do not bar complaint on the same cause of action before the Ombudsman.

In this case:

  • The first complaint was rejected because it was “through an advocate” (clause 10(2)(f)).
  • The second complaint was rejected on the premise that the petitioner had not approached the bank first (clause 10(2)(a)(i)), even though he clearly had (and had even received a provisional credit and later reversal).

The Court does not strike down Clause 10(2), but it criticises the mechanical, literal application of these pre‑conditions, particularly when operated through an automated system. It expects RBI to interpret and operate the Scheme in a consumer‑friendly, purposive manner, consistent with its protective intent.

B. RBI Circular of 6 July 2017 – Limiting Customer Liability

Circular No. RBI/2017‑18/15 dated 6 July 2017, titled “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”, is central to the Court’s critique. The judgment extracts the operative directions (para 41), which require banks to:

  • Mandatorily register customers for SMS alerts and, where possible, e‑mail alerts for electronic transactions.
  • Educate customers to report unauthorised transactions at the earliest, warning that delay increases risk.
  • Provide 24x7 multi‑channel reporting for unauthorised transactions and lost/stolen instruments (website, phone banking, SMS, e‑mail, IVR, toll‑free helpline, home branch, etc.).
  • Enable customers to reply directly to alert SMS/e‑mails to report unauthorised transactions without needing to search for contact details.
  • Provide instant automated acknowledgment with a complaint number.
  • Record timestamps for both alert delivery and customer response, as these determine liability.
  • Not offer non‑ATM electronic transaction facilities to customers who do not provide mobile numbers.
  • Immediately prevent further unauthorised transactions once a report is made.

While the extracted portion focuses on procedural safeguards, this circular more broadly sets out the principle of “zero liability” or “limited liability” for customers in certain kinds of unauthorised transactions, particularly where:

  • The fault lies with the bank/system; or
  • The customer reports promptly after becoming aware of the transaction.

The Court underscores that this circular must be followed “in letter & spirit”, effectively treating it as a binding standard of care for banks in handling electronic fraud disputes.

C. RBI Circular of 12 August 2022 – Recovery Agents

RBI’s Circular No. RBI/2022‑23/108 (DOR.ORG.REC.65/21.04.158/2022‑23) dated 12 August 2022 on “Outsourcing of Financial Services – Responsibilities of regulated entities employing Recovery Agents” is invoked by RBI in its affidavit (para 27). It:

  • Prohibits banks/recovery agents from:
    • Intimidation or harassment (verbal or physical),
    • Public humiliation,
    • Intrusion into privacy of debtors’ family and friends,
    • Sending inappropriate messages,
    • Threatening or anonymous calls,
    • Persistently calling debtors, especially before 8:00 a.m. or after 7:00 p.m.,
    • Making false or misleading representations.
  • Emphasises that ultimate responsibility for actions of recovery agents lies with the regulated entity (the bank).

This circular dovetails with the Court’s finding that harassment by collection agents is “condemnable and not at all permissible” (para 36) and the consequent award of ₹1 lakh costs against the bank.

V. Court’s Legal Reasoning

A. Limited Fact-Finding in Writ Jurisdiction

The Court carefully delineates the limits of its role under Article 226 when confronted with contested factual questions such as:

  • Whether the petitioner shared OTPs or credentials.
  • Whether a third party misused his phone or data.
  • Whether all SMS alerts claimed by the bank were actually received.

It notes that resolving these would require detailed factual analysis and evidence, better suited to a civil/consumer trial or criminal investigation (para 35). Consequently:

  • The Court does not make a definitive finding on who was at fault for the unauthorised transaction.
  • Instead, since the bank has already re-credited the disputed amount and reversed penalties, the Court focuses on systemic and procedural aspects:
    • The denials and closure of complaints,
    • The harassment by recovery agents,
    • The functioning of RBI’s Ombudsman and automated complaint-handling systems.

B. Consumer Protection Orientation and the Role of Banks

The judgment is explicitly consumer-centric. It opens by acknowledging the “long and arduous journey” of a credit card holder after fraud (para 2) and the growing risks of misuse with increasing digital transactions (para 3).

From this standpoint, the Court emphasises:

  • Banks and regulators must design systems to safeguard customers rather than exacerbate their distress.
  • When a customer is a victim of cyber fraud, banks should not:
    • Subject them to incessant automated demands and harassment,
    • Levy interest and late fees while complaints remain unresolved, or
    • Damage their creditworthiness through CIBIL reporting based on disputed transactions.

The Court distils the overarching purpose of financial regulatory mechanisms as threefold (para 46):

  1. To put in place adequate safeguards to avoid misuse.
  2. To take stringent action against perpetrators of fraud.
  3. To ensure that innocent credit card holders are not harassed through e‑mails, messages and demands.

This framing indirectly establishes a benchmark of reasonableness and fairness in bank conduct under public law scrutiny.

C. Critique of Mechanical Rejections by the RBI Ombudsman

A central theme is the Court’s strong disapproval of how the RBI Ombudsman’s complaint management system operates. Specifically:

  • Both of the petitioner’s complaints were closed by system-generated orders, without apparent human application of mind.
  • The first was closed on a formalistic reading of clause 10(2)(f) (“filed through an advocate”), even though:
    • The petitioner himself is an advocate and the aggrieved person.
      • he is the aggrieved person.
  • The second was closed based on data field inputs suggesting that the bank had not been approached first, whereas, factually, the petitioner had:
    • Complained to the bank,
    • Obtained provisional credit, and
    • Suffered reversal of that credit.

The Court concludes that:

“The rejection of complaints filed by the public due to such technical reasons show that the functioning of the Ombudsman of the RBI is not more consumer friendly.” (para 43)

The remedy is two-fold:

  • Opportunity to cure technical defects: Complaints should not be rejected outright for minor errors or incorrect fields; complainants must be allowed to correct mistakes (Direction (4)).
  • Mandatory human legal oversight: A second-level review by legally trained personnel (retired judges or experienced lawyers) is required for all final rejections (Direction (5)).

These directions effectively transform the Ombudsman from a largely automated gatekeeping mechanism into a human-supervised quasi-judicial body with a clear duty to facilitate, not thwart, consumer redress.

D. Accountability for Recovery Agents and Bank Vicarious Liability

The Court condemns:

  • Threatening calls,
  • Repeated demands despite pending disputes,
  • Physical visits by recovery agents to the petitioner’s residence demanding a “settlement”,
  • All conducted despite a subsisting High Court order restraining coercive measures.

Importantly, the Court does not accept the bank’s attempt to distance itself from the actions of collection agents or automated systems. Instead, echoing RBI’s own circular, it treats:

  • The actions of recovery agents as the bank’s own actions, and
  • The bank as vicariously responsible for harassment.

By directing payment of ₹1 lakh as costs specifically for harassment (Direction (3)), the Court:

  • Signals that non-financial harm—anxiety, intimidation, reputational damage—can attract monetary redress in a writ proceeding.
  • Deters aggressive and unethical recovery practices, especially where disputes about fraud remain unresolved.

E. Protection of CIBIL Scores and Fair Reporting Practices

The Court’s direction on CIBIL scores is a notable innovation. It holds:

“The CIBIL score of the Petitioner shall not be changed merely based on the disputed transactions and the same shall be restored, if there are no other grounds for changing the score.” (Direction (2))

Legally, this implies:

  • Where transactions are genuinely disputed as fraudulent, banks cannot:
    • Continue to treat the customer as a defaulter for credit reporting purposes, while
    • Simultaneously refusing to adjudicate or escalate the dispute properly.
  • Credit reporting must be aligned with a fair assessment of liability, not just with the bank’s unilateral classification of dues.

Although directed in an individual case, this principle has broader implications for:

  • How banks and credit bureaus handle “disputed” flags on accounts.
  • Potential claims for correction of credit histories where fraud complaints were mishandled.

F. Transparency in Complaint Redress within Banks

The Court identifies a structural problem: customers frequently:

  • Interact only with faceless helplines and generic e‑mail addresses,
  • Cannot easily identify or escalate to responsible officials.

Accordingly, it directs RBI to ensure:

  • Every bank must host a clear, visual flowchart on its website’s complaints tab, showing:
    • First contact points (customer care),
    • Escalation to branch manager,
    • Escalation to nodal officer.
  • Banks and financial institutions must also display the hierarchy of officers dealing with complaints (Direction (6) & (7)).

This improves not just transparency but accountability, as consumers (and courts) can identify where the system failed.

G. Structural Directions and Continuing Mandamus

Recognising that mere declarations are insufficient, the Court employs a form of continuing mandamus:

  • Directs RBI’s Deputy Governor to file an affidavit of compliance by 15 January 2026 (para 48).
  • Lists the matter for a compliance hearing on 30 January 2026 (para 50).

This mechanism ensures:

  • The Court retains supervisory control over the implementation of its directions.
  • RBI cannot treat the judgment as merely advisory.

Such structural directions are consistent with the High Court’s wide powers under Article 226 to:

  • Issue directions not only to remedy individual grievances but also to reform systemic deficiencies in administrative machinery.

VI. Simplifying Key Legal and Technical Concepts

A. Writ of Mandamus

A writ of mandamus is a constitutional remedy whereby a High Court (or the Supreme Court) directs:

  • A public authority,
  • A statutory body, or
  • Even certain private bodies performing public functions,

to perform a public duty imposed by law. In this case, mandamus operates:

  • Against RBI to ensure that its Ombudsman Scheme and circulars are implemented properly.
  • Against Citibank (a regulated entity) to adhere to its obligations under RBI’s regulatory framework and general principles of fairness.

B. RBI Integrated Ombudsman Scheme

The RBI Integrated Ombudsman Scheme, 2021 is a consumer redressal mechanism allowing customers of banks and certain other regulated entities to complain about deficiencies in service. Key points:

  • It is free of cost for customers.
  • It is intended to be speedy and informal.
  • Clause 10(2) sets out conditions for maintainability, e.g., prior approach to the bank and limitation period.
  • In theory, it should reduce litigation by resolving disputes at a specialised forum.

In practice, as this case shows, if the Scheme is operated by rigid algorithms and automated rules, it can end up:

  • Rejecting complaints on technicalities,
  • Without considering the substance of the consumer grievance.

C. Unauthorised Electronic Banking Transactions, OTP, IPIN, APIN

  • Unauthorised electronic banking transaction: Any transaction carried out through digital means (internet banking, mobile banking, cards, wallets) that:
    • Was not authorised by the account holder, or
    • Resulted from fraud, hacking, or misuse of credentials.
  • OTP (One-Time Password): A time-limited numeric code sent (usually by SMS) to the registered mobile number to authenticate a transaction or change of credentials.
  • IPIN (Internet Personal Identification Number): The password used to log in to online banking or manage services like card settings.
  • APIN (ATM/Authentication PIN): A PIN associated with card-based or ATM transactions.

If a fraudster manages to:

  • Change the registered mobile number, and
  • Receive OTPs on that new number,

they can potentially take over the account. This is why the Court stresses:

  • Banks must have robust verification for mobile number change.
  • There must be a clear, quick way for customers to block cards and report anomalies.

D. CIBIL Score

A CIBIL score is a credit score generated by a credit information company (like TransUnion CIBIL) based on:

  • Past loan and credit card repayment history,
  • Outstanding liabilities,
  • Defaults or delays,
  • Credit utilisation and length of credit history.

Lenders use this score to:

  • Evaluate loan applications,
  • Set interest rates,
  • Assess creditworthiness.

If a bank wrongly reports a customer as a defaulter due to a disputed fraudulent transaction, it can unfairly:

  • Lower the person’s CIBIL score,
  • Impact their ability to obtain future credit,
  • Cause long-term financial harm.

The judgment’s insistence on not altering CIBIL scores merely on disputed transactions is a significant protection for consumers.

E. Recovery Agents

Recovery agents are third-party agencies engaged by banks to:

  • Contact borrowers,
  • Remind or pressure them to repay dues,
  • Sometimes negotiate settlements.

Due to numerous complaints of harassment, RBI has:

  • Issued detailed guidelines prohibiting abusive and intrusive practices.
  • Made it clear that banks remain ultimately responsible for their conduct.

In this case, recovery agent visits and threats, despite a court order and pending dispute, crossed the line into unlawful harassment, prompting the Court to impose costs.

VII. Impact and Implications

A. For the RBI and the Ombudsman System

This judgment is a strong nudge—arguably a push—towards meaningful reform of the RBI’s Ombudsman mechanism:

  • End to “toothless” functioning: The Court explicitly warns that the Scheme must not be a mere formality but must resolve disputes at the Ombudsman level.
  • Humanisation of the complaint process: Final complaint rejections require human, legally trained review, which will:
    • Reduce erroneous technical dismissals,
    • Increase public confidence.
  • Resource implications: RBI may need to:
    • Recruit retired judicial officers and experienced lawyers,
    • Set up dedicated panels or units within the Ombudsman office,
    • Re‑engineer its “Complaint Management System” software.
  • Reduced downstream litigation: If implemented properly, many disputes that now reach consumer fora, civil courts and High Courts should be resolved at the Ombudsman level itself (para 47(4)–(5)).

B. For Banks and Other Regulated Entities

Banks will need to take concrete steps in light of this precedent:

  • No interest/penalty during unresolved fraud disputes:
    • The judgment implies that charging late fees and interest while a bona fide fraud complaint is unresolved is impermissible.
  • Internal controls on automated communications:
    • System-generated demand e‑mails and SMS must be aligned with:
      • Pending disputes, and
      • Existing court orders.
    • There should be “breakers” in the system that pause or stop recovery triggers once disputes or legal restraints exist.
  • Better verification for mobile number changes:
    • Banks must strengthen processes to prevent fraudulent change of registered mobile numbers which enable account takeover.
  • Website disclosures:
    • They must design and publish clear complaint flowcharts and officer hierarchies, ensuring:
      • Ease of escalation,
      • Traceability of accountability.
  • Recovery practices:
    • Banks must ensure their agents strictly comply with RBI’s circulars on recovery, failing which:
      • They may face judicial censure,
      • Cost orders, and
      • Potential reputational and regulatory consequences.

C. For Consumers and Cardholders

For consumers, the judgment:

  • Reaffirms their right to:
    • Report fraud easily via multiple channels 24x7,
    • Expect immediate preventive action from banks,
    • Be free from harassment by recovery agents while disputes are unresolved.
  • Creates a basis to:
    • Challenge mechanical Ombudsman rejections,
    • Seek correction of wrongfully depressed CIBIL scores,
    • Insist on banks’ compliance with the 2017 and 2022 RBI circulars.

Although the judgment directly binds parties within the Delhi High Court’s jurisdiction, it will likely be:

  • Persuasive authority across other High Courts in India, especially in cases involving:
    • Unauthorised electronic transactions,
    • Misuse of automated complaint management systems.

VIII. Critical Appraisal

The decision is strongly pro-consumer and sets out pragmatic directions. A few salient observations:

  • Balance between individual and systemic justice:
    • The Court consciously avoids a detailed fact-finding on who was at fault for the fraud itself.
    • Still, it provides full relief to the petitioner (no liability, restored CIBIL, compensation) because:
      • The bank had already re-credited the amount, and
      • The systemic failures in complaint handling and recovery harassment were undisputed.
    • Simultaneously, it uses the case to reform the broader regulatory architecture.
  • Use of RBI’s own framework against inaction:
    • Instead of creating new rules from scratch, the Court relies on RBI’s existing:
      • Ombudsman Scheme (2021),
      • Customer protection circular (2017),
      • Recovery agents circular (2022).
    • The problem is framed as one of non-implementation or misimplementation, rather than legal vacuum.
  • Judicial oversight of automated decision-making:
    • The judgment implicitly recognises the dangers of “black box” automation in complaint handling.
    • By mandating human legal supervision for final rejections, it introduces a necessary safeguard in an increasingly algorithm-driven environment.
  • Scope of directions and separation of powers:
    • Some might argue that prescribing internal structures (e.g., flowcharts, hierarchy displays) verges on micro‑management.
    • However, these directions can also be justified as ancillary to enforcing already existing legal duties of fair and transparent functioning.
  • Unaddressed areas:
    • The Court does not frame a detailed standard for:
      • Allocating liability between bank and customer where credentials are compromised, or
      • Determining the precise effect of delay in reporting under the 2017 circular.
    • Those questions remain open for future cases and more evidence-heavy proceedings.

IX. Conclusion

The Delhi High Court’s judgment in Sarwar Raza v. Ombudsman RBI & Anr. transforms an individual’s ordeal over a ₹76,777 fraudulent credit card transaction into a landmark on systemic consumer protection in digital banking.

Key takeaways include:

  • Ombudsman complaints cannot be rejected mechanically. Final rejections require human, legally trained oversight, and complainants must be permitted to correct technical errors.
  • Banks cannot, consistent with fairness and RBI’s 2017 circular, levy interest or penalties on amounts involved in bona fide disputed fraudulent transactions while those disputes remain unresolved.
  • CIBIL scores cannot be adversely affected solely due to disputed fraud entries; credit reporting must reflect fair attribution of liability.
  • Harassment by recovery agents is impermissible, and banks are vicariously liable for their agents’ conduct, warranting monetary redress.
  • Transparency and accountability in complaint handling are no longer optional; banks must disclose complaint hierarchies and contact points clearly on their websites.

In essence, the judgment insists that digital banking infrastructure and regulatory mechanisms must be designed around consumer protection, not institutional convenience. It signals that courts are willing to intervene not only to correct individual injustices but to reshape the architecture of grievance redress in the financial sector when existing safeguards are rendered ineffective by automation and bureaucratic rigidity.

Case Details

Year: 2025
Court: Delhi High Court

Advocates

Comments