IDFC First Bank on Friday received the forensic review report from KPMG on the fraud at its Chandigarh branch, with findings confirming it was an isolated incident involving collusion between certain current and former bank employees, government department officials and third parties.
In an exchange filing, the private sector lender said the forensic review pegged the net principal amount involved at around ₹646 crore, consistent with the bank's earlier disclosures.
Based on claims received, the bank paid a net principal of ₹645.59 crore along with applicable interest to 11 government accounts and two school accounts. The bank had recognised the same in its fourth-quarter accounts of fiscal year 2026.
1 June 2026
Get the latest issue of Outlook Business
The review confirmed that the fraud was confined to one branch and that similar incidents had not been observed at other branches. "The bank is a victim of this financial fraud," IDFC First Bank said, adding that it is cooperating with investigative authorities.
The bank noted that records maintained in its Core Banking System remained accurate throughout the period. Customers continued to receive monthly account statements reflecting balances and transactions, and SMS transaction alerts were sent wherever applicable.
Following the incident, IDFC First Bank dispatched physical and electronic account statements showing closing balances as of February 28, 2026, to all government and TASC — Trusts, Associations, Societies and Clubs — account holders across the country. The bank said it has not received any discrepancy reports or claims from other customers.
Remedial Measures
The bank said it has implemented additional preventive controls to strengthen oversight, particularly around collusion risk at the branch level. These include oversight processes by a centralised team in addition to branch-level authorisation, enhanced customer communication, and technology-led system controls.
KPMG noted that its procedures were limited to understanding the incident, its financial impact and the individuals responsible. The firm added that its procedures, which included selective data testing, may not identify all errors or risks, including process risks, illegal acts, or regulatory non-compliance with direct or indirect financial impact.
