Download the MHA released SOP dated 02.01.2026
1. What is NCRP and CFCFRMS?
The National Cybercrime Reporting Portal (NCRP) is an online portal where any citizen can report cybercrime: www.cybercrime.gov.in. It was launched by the Ministry of Home Affairs in 2019.
It has two parts:
- Citizen side
- You can file a cybercrime complaint (including financial fraud) online, without going to a police station.
- Investigation and recovery side
- Used by police, banks and other financial entities to track the money trail and try to stop stolen money from leaving the financial system.
- This part is called the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS).
CFCFRMS connects:
- State and UT Police
- Banks and other financial intermediaries
- Payment system operators, e-commerce, stock brokers, VASPs (crypto exchanges) and others
From April 2021 to November 2025, CFCFRMS stopped around ₹7,647 crore from reaching cybercriminals, out of about ₹52,969 crore reported. But only about ₹167 crore has actually been restored to victims so far, which is just 2.18%.
That is why this detailed SOP has been issued on 02.01.2026.
2. Why was this SOP issued?
The SOP has been published to solve practical problems seen in the system so far:
- Money kept “on hold” for long periods, without clear process to release it
- Confusion about when to freeze accounts or suspend digital banking
- Grievances of innocent account holders whose accounts are wrongly frozen
- Difficulty in giving interim custody of money to real victims
- Need to avoid unnecessary litigation, delay and cost
- Threats from money mule accounts and repeated misuse of the same accounts
- Need to fix accountability of police, banks and all participating entities
3. Main objectives of the SOP
The SOP aims to:
- Create a clear, uniform process for all participating entities
- Ensure fair and transparent handling of cyber-enabled financial crimes (CEFCs)
- Prevent misuse of the “put on hold / freeze / seizure” powers
- Provide fast, legally sound methods to give interim custody of money to victims
- Provide a structured grievance redressal system with time limits
- Protect basic rights like livelihood and privacy
- Build a cybercrime-resilient financial ecosystem in India
4. Scope: which situations are covered?
The SOP applies only to cybercrime complaints:
- Reported on NCRP or the national cybercrime helpline 1930, and
- Escalated to CFCFRMS.
It covers:
- Putting on hold and restoring amounts related to suspicious transactions
- Suspension and restoration of digital banking services for suspected accounts
- Seizure and release of bank accounts or other money holding instruments or property
- Five alternative processes for interim custody and restoration of money to victims
- Disposal of unclaimed fraud proceeds
- Grievance redressal for actions taken based on CFCFRMS information
5. Key guiding principles
The SOP is built on these core principles:
- Legal basis
- Holds and seizures are done under sections 94, 106, 168, 173 of BNSS 2023 (successor to CrPC provisions), the BUDS Act and other laws.
- Only genuine cyber-fraud cases
- Police must push to CFCFRMS only those complaints where a prima facie cyber-enabled financial crime is made out.
- Motivated or frivolous complaints must not be escalated.
- Controlled use of the system
- Abuse of CFCFRMS (for private disputes, harassment etc.) can lead to suspension of user accounts and action against the concerned officers.
- Real-time response by banks
- Banks are expected to integrate with NCRP through APIs and act in real time to put amounts on hold.
- Strict AML / CFT compliance
- All banks and financial intermediaries must follow anti-money laundering and terror-financing norms, including enhanced due diligence for suspect accounts.
- Grievance rights for affected account holders
- Anyone whose account suffers a hold, seizure or suspension of digital services can raise a grievance and must get a time-bound response.
- Fair process before seizure
- Investigating officers should give account holders an opportunity to explain before ordering seizure or long-term suspension.
- Victim-friendly money release
- The SOP encourages speedy release of money to victims, using either BNSS procedures or High Court-approved mechanisms.
- If money is mixed from multiple victims, it should be distributed on equitable / pro-rata basis.
- No burden to repay where balance is zero
- If money has already moved out and the account has no balance, the bank is not expected to pay victims out of its own funds.
- However, any later amounts credited and put on hold can be released to the appropriate victim under the SOP.
- Protection for innocent account holders
- IOs must consider that an account may be misused without the owner’s knowledge, and act accordingly.
6. Who are the key stakeholders?
Download the MHA released SOP dated 02.01.2026
The SOP lists a large set of stakeholders.
Sample of major ones:
| Category | Examples |
|---|---|
| Banks | Public and private sector banks, regional rural banks, small finance banks, payment banks, co-operative banks, local area banks |
| Financial regulators | Reserve Bank of India, Securities and Exchange Board of India, Insurance Regulatory and Development Authority of India, Pension Fund Regulatory and Development Authority |
| Payment ecosystem | NPCI, PSOs, TPAPs, PAs, PGs, PPIs, wallets, UPI ecosystem players |
| Market intermediaries | Stock brokers, mutual fund houses, trading platforms, exchanges |
| Digital asset players | VASPs, crypto exchanges |
| Law enforcement and government | State/UT Police, DGPs/CPs, Indian Cyber Crime Coordination Centre, National Informatics Centre, Indian Banks’ Association |
7. How to file a cyber-fraud complaint: step-by-step
7.1 Filing directly on NCRP (www.cybercrime.gov.in)
Step 1 – Registration
- Visit www.cybercrime.gov.in.
- Register using your mobile number and email ID.
Step 2 – Login
- Log in with the credentials you just created.
Step 3 – Fill in complaint details
- Choose the correct category (financial fraud, etc.).
- Fill detailed information about:
- How the fraud happened
- Date, time, amount, transaction ID
- Bank details, UPI ID, wallet, merchants involved
- Screenshots or documents, if available
Step 4 – Submit the complaint
- Submit the complaint online.
- You will receive a 14-digit acknowledgement number starting with “2” through SMS (header XXNCRP, where XX is state code).
Step 5 – Internal routing
- The complaint goes to the State and District nodal officers and the concerned police station.
Step 6 – Police screening
- The police officer checks whether a prima facie cyber-enabled financial crime exists.
- If yes, the complaint is pushed to CFCFRMS for money trail action.
Step 7 – Notices to banks and FIs
- Notices under BNSS provisions (sections 94 and 168, plus 106 for seizure) are electronically sent to concerned banks and financial intermediaries.
- They are directed to put the reported amount on hold or take other steps.
Step 8 – Intimation to you
- You receive SMS/email if the reported amount (or part of it) has been put on hold, along with a link explaining the release process.
7.2 Filing through the national cybercrime helpline 1930
Step 1 – Call 1930
- Dial 1930 and speak to the state / UT cyber helpline operator.
Step 2 – Share basic details
- Provide your name, contact details and transaction details.
Step 3 – Ticket creation
- The officer creates a ticket on CFCFRMS after satisfying herself that it is a cyber-enabled financial crime.
Step 4 – Acknowledgement
- You receive a 14-digit acknowledgement starting with “3” via SMS from XXNCRP.
Step 5 – Complete details online
- The SMS asks you to complete the complaint details on www.cybercrime.gov.in using that acknowledgement number.
Step 6 – After that
- Once you fill details on the portal, the same process as for NCRP complaints (section 7.1) is followed.
7.3 Complaints initiated by banks via NCRP
Step 1 – Victim informs bank
- You report unauthorised cyber-fraud to your bank.
Step 2 – Bank records details
- Authorised bank officials verify data with their systems.
Step 3 – Bank files on NCRP
- Bank logs into NCRP using its registered credentials and files the complaint on your behalf.
Step 4 – Further flow
- The complaint is processed exactly like any other NCRP complaint.
In future, the SOP envisages that complaints may also be filed directly through banking apps.
7.4 Complaints at a police station
Step 1 – Visit any police station
- You can walk into any police station and report the cyber-fraud.
Step 2 – Officer files on CFCFRMS/NCRP
- An authorised officer uploads the complaint into CFCFRMS, apart from taking other legal steps like FIR.
Step 3 – Subsequent process
- The complaint is then handled similarly to 1930-based complaints.
8. What banks and financial entities must do when notified
Below is a simplified view of the duties laid down in Section II of the SOP. Download the MHA released SOP dated 02.01.2026
8.1 Banks
When CFCFRMS notifies a transaction:
- If money is still in the beneficiary account
- Immediately put the reported amount (or available part) on hold.
- If the account is repeatedly reported, suspend digital banking (RTGS, NEFT, IMPS, UPI, AePS, ATM, cards etc.) and, if required, seize the account under lawful directions.
- If balance is insufficient
- Place a “prospective hold” so that any future credits can be held.
- This is mainly for first-layer mule accounts, not for nodal / pool / escrow accounts.
- If money has moved out
- Provide exit details (ATM ID, device IDs, wallet details, etc.) in CFCFRMS.
- Special accounts
- For nodal/pool/escrow accounts, banks hold only the disputed amount; seizure or suspension should be rare.
- Link with loans and credit cards
- If fraud proceeds are used to repay loans or card dues, the bank must hold the disputed amount and notify other linked accounts.
- Analyse repeat offenders
- Accounts repeatedly reported on CFCFRMS must be put through enhanced due diligence and appropriate AML/PMLA action.
8.2 Merchants and e-commerce platforms
When notified about a fraud transaction:
- If goods/services not delivered
- Cancel order, hold the amount in pool/nodal accounts and update CFCFRMS.
- If payment is with a Payment Aggregator
- Escalate to PA; PA’s bank holds the amount and updates CFCFRMS.
- If goods/services already delivered
- Upload order details, delivery address and recipient identifiers to CFCFRMS.
- For gift cards, coupons, wallet top-ups
- Cancel or discredit them where possible and hold the amount.
- If a merchant’s account has multiple complaints
- Conduct EDD and, if needed, suspend the account.
8.3 Payment system operators, wallets and CBDC
- If money is in a wallet
- Hold the disputed amount and update CFCFRMS.
- If money has moved from wallet to another wallet or bank
- Hold where balance exists; otherwise update complete money trail.
- If funds are spent via merchants
- Escalate to merchants/TPAPs and hold where goods/services not delivered; otherwise provide recipient details.
8.4 Virtual Asset Service Providers (crypto exchanges)
- If INR balance lies in customer account
- Hold equivalent amount and ensure corresponding hold on exchange’s bank account.
- If INR has been converted into crypto and still lies in wallet
- On LEA’s instructions, liquidate to INR, deposit in exchange bank account and transfer interim custody to victim’s bank account, updating all details in CFCFRMS.
- If victim lost VDAs
- Hold equivalent VDAs in beneficiary wallet and transfer interim custody to victim’s wallet as per SOP.
- If VDAs were bought P2P
- Hold the VDA in purchaser’s wallet; initiate hold in beneficiary banks of seller; share full KYC, wallet and transaction details with CFCFRMS.
8.5 TPAPs, PAs, PGs and utility payments
- If money is lying in PA / intermediary / utility pool or escrow
- Hold amount, upload intended beneficiary details.
- If money already settled to merchants
- Upload settlement and transaction details.
- If used for bill payments or mobile recharges
- Escalate to the utility provider, which must conduct EDD, suspend suspicious transactions and share beneficiary KYC details.
- If same UPI ID is repeatedly reported
- EDD must be done; the UPI ID/account can be suspended and escalated to the linked bank.
8.6 Mutual funds, stock trading and brokers
- If money is just lying as trading balance
- Hold trading balance equal to reported amount.
- If money has bought stocks/mutual funds/securities
- Hold these assets in demat and upload details.
- If assets already sold and money transferred to bank
- Escalate to bank, which holds equivalent amount.
- In off-market transfers
- First platform shares beneficiary platform details; next platform repeats hold process.
- Accounts with multiple complaints
- Subject them to due diligence and possible suspension; update full beneficiary details.
8.7 Business correspondents and CSPs
- If funds went to BC / CSP account and are still available
- Corporate BC must hold the money and upload details.
- If balance not available
- Update settlement details on CFCFRMS.
8.8 Cross-border money transfer companies
- If funds not yet settled overseas
- Partner bank holds the amount in nodal/pool/escrow account and informs foreign counterpart.
- If already settled to foreign beneficiary
- Update details on CFCFRMS; LEAs may use international channels.
8.9 Credit card issuer / acquirer banks
- Route-wise action
- If via PSO → follow PSO rules.
- If via PA/PG → follow PA/PG rules.
- If via e-commerce → follow e-commerce rules.
- If used to pay card dues → card issuer holds disputed amount.
- If withdrawn via ATM/POS/CSC → issuer uploads withdrawal details on CFCFRMS.
9. Grievance redressal: what if your account or money is affected?
Download the MHA released SOP dated 02.01.2026
A dedicated online Grievance Redressal Module is part of NCRP-CFCFRMS. States/UTs must appoint:
- State-level grievance officer (ADG / IG / DIG rank)
- District-level grievance officers (Addl. SP / DySP rank)
- Each bank and FI must also appoint central, state and branch-level grievance officers.
9.1 If the amount in your account is put on hold
Step 1 – Approach your bank branch
- Visit your branch or designated office and file a grievance.
- Bank verifies KYC, conducts CDD and EDD, and if convinced, forwards grievance to online Grievance Module within 7 days.
Step 2 – Assignment to IO
- SHO assigns grievance to IO / concerned police officer, and informs District Grievance Officer.
Step 3 – Verification via video conference
- IO issues notice to you to appear, preferably by video conference.
- Bank representative may also join.
- Physical appearance should be avoided unless unavoidable and FIR/e-FIR exists.
Step 4 – Assistance from local police
- IO may use CIAR module (Samanvaya platform) to seek help from local police station where you reside.
Step 5 – Decision within 15 days
- If satisfied, IO directs bank to remove hold within 15 days and updates portal.
- If not satisfied, IO records reasons and communicates rejection via SMS/email.
Step 6 – Escalation to District Grievance Officer
- If IO does not act within 15 days, system auto-notifies District Grievance Officer.
- You can also seek review within 15 days of IO’s decision.
- District officer decides within 15 days; IO then has 2 days to carry out instructions.
Step 7 – Long-pending holds (90 days rule)
- If no lawful direction is received within 90 days from the date bank raised grievance, bank notifies LEA 15 days before expiry.
- If no extension is asked and amount is not needed in any other case, bank may remove hold after EDD, on account holder’s request, and update NCRP-CFCFRMS.
9.2 If your digital banking is suspended or your account is seized
The steps are similar, but applied to suspension / seizure orders under section 106 BNSS or other laws.
- You approach your bank branch and file grievance.
- Bank does CDD/EDD, and if convinced, forwards grievance to module within 7 days.
- Grievance is assigned to IO who ordered seizure / suspension.
- IO verifies via video conference and local police, then either:
- Restores digital banking / unfreezes account while keeping disputed amount on hold, or
- Records reasons for continuing seizure, within 15 days.
- Non-action within 15 days triggers auto-escalation to District Grievance Officer.
- You can appeal to District and then to State Grievance Officer, each deciding within 15 days and IO acting within 2 days.
- At any stage, you can also approach the jurisdictional court.
9.3 If you are the victim but your own account is frozen
- If your account was seized by mistake or at your own request as a precaution, you can ask the bank to release it.
- Bank should release it, provided there is no contrary lawful direction and after CDD/EDD if your account itself appears on CFCFRMS.
10. How is money finally released back to victims?
There are five alternative legal processes for giving interim custody of the amount or restoring property.
Download the MHA released SOP dated 02.01.2026
10.1 Snapshot table of the five processes
| Process | When used | Key legal basis | Who orders release? |
|---|---|---|---|
| Process 1 | Single victim, money on hold / seized | Section 106(3) BNSS | IO with SP/DCP approval, via notice to bank |
| Process 2 | Multiple victims, shared pool of money | Section 106(3) BNSS with pro-rata principles | IO with SP/DCP approval |
| Process 3 | Court-directed disposal | Sections 497, 498, 503 BNSS | Jurisdictional criminal court |
| Process 4 | Attachment, forfeiture, restoration through court | Section 107 BNSS | Competent court |
| Process 5 | Any specific direction by jurisdictional court | As per court’s order | Court |
The SOP explains each with illustrations and scenarios.
10.2 Process 1: single victim – step-by-step
- Victim checks status
- Victim checks NCRP-CFCFRMS to see if any amount is on hold on the basis of her complaint.
- Victim applies for restoration
- She submits an online request in the Money Restoration Module.
- Request reaches police station
- The request is routed to the concerned police station.
- IO verifies facts
- IO ensures:
- Amount is held against this single complaint, and
- Retention is not needed for investigation.
- IO ensures:
- Notice to suspect account holder
- Within 7 days, IO issues notice to account holder (video conference preferred).
- Account holder gets up to 15 days to appear and explain.
- Non-response or unsatisfactory explanation
- If suspect does not appear or cannot justify transactions, IO records reasons.
- Approval and order to bank
- IO gets approval from SP/DCP.
- IO issues notice under section 106(3) BNSS to bank, directing transfer to victim against indemnity bond.
- Bank releases money
- Bank credits victim’s account within 15 days of receiving notice, updates NCRP-CFCFRMS and informs all banks in the money trail.
- Report to court
- IO forwards report and indemnity bond to jurisdictional court and informs court once amount is actually released.
- If suspect contests later
- If suspect contests within 15 days of refund, IO continues investigation and both bank and account holder must cooperate.
10.3 Process 2: multiple victims – core idea
Where many victims’ funds are mixed in one or more accounts:
- Victims apply via Money Restoration Module.
- IO maps the total amount held and total verifiable claims.
- If attribution to individual victims is not possible, IO distributes the amount on equitable / pro-rata basis (for example, each victim gets in proportion to her loss).
- Same basic safeguards apply as in Process 1, including notices, verification, SP/DCP approval, indemnity bonds and updates to NCRP-CFCFRMS.
The remaining processes (3, 4, 5) place primary responsibility on the courts to order attachment, forfeiture, disposal and restoration, especially in complex or high-value cases.
11. Key takeaways for citizens
Download the MHA released SOP dated 02.01.2026
- Act fast
- Immediately call 1930 and/or file complaint at www.cybercrime.gov.in as soon as you notice a fraudulent transaction.
- Give full details
- The better your information (screenshots, IDs, messages), the easier it is to trace and hold the money.
- Track your complaint
- Keep your 14-digit NCRP/1930 acknowledgement safe and check the status periodically.
- Use grievance mechanisms
- If your account or money is wrongly affected, go through your bank to raise a grievance under this SOP.
- Know that restoration is possible
- The SOP creates specific, time-bound procedures for interim release of money to victims, including in multi-victim scenarios.
- Courts remain the final safeguard
- At any stage, you can approach the jurisdictional court if you are aggrieved by freezing, seizure or denial of restoration.
FAQs on NCRP–CFCFRMS Cyber-Fraud SOP (2026)
Q1. What is the NCRP–CFCFRMS system?
A. It is India’s national system for reporting cyber-fraud and managing the money trail. NCRP handles complaints; CFCFRMS helps police and banks trace, freeze, and recover fraudulent funds.
Q2. Why was the new SOP issued in 2026?
A. To fix procedural gaps, clarify responsibilities of banks and police, prevent arbitrary freezing of accounts, and create a transparent, victim-friendly system for fund restoration.
Q3. What types of cybercrimes are covered under this SOP?
A. Only cyber-enabled financial crimes reported through NCRP or helpline 1930, which are then escalated to CFCFRMS for money-trail action.
Q4. How do I file a cyber-fraud complaint quickly?
A. Call 1930 immediately or file online at www.cybercrime.gov.in with full transaction details.
Q5. What happens after I file a complaint on NCRP?
A. Police screen the complaint. If it is a prima facie cyber-fraud, it is pushed to CFCFRMS, which sends electronic notices to banks to hold suspicious funds.
Q6. Does the SOP guarantee that my stolen money will be recovered?
A. No, but it significantly improves the chances by enabling real-time freezing and five structured restoration mechanisms.
Q7. How will I know if my money has been put on hold?
A. You will receive an SMS/email from NCRP with details of the amount held and a link explaining the next steps.
Q8. What is the difference between ‘hold’ and ‘seizure’?
A. A hold temporarily blocks the disputed amount. A seizure (under BNSS 2023) restricts full access to the account or digital banking services.
Q9. For how long can a bank keep my account on hold?
A. Typically up to 90 days, unless a lawful direction extends the period.
Q10. What happens if my account is wrongly frozen?
A. You can file a grievance through your bank. The IO must verify your claim and decide within 15 days.
Q11. Does the SOP protect innocent account holders?
A. Yes. IOs must consider if an account was misused without the owner’s knowledge and avoid unnecessary hardship.
Q12. Can my digital banking be suspended under this SOP?
A. Yes, but only if your account is repeatedly linked to cyber-fraud or appears suspicious. Suspension requires proper justification and is reviewable.
Q13. What are the duties of banks under the SOP?
A. Banks must act in real time, put money on hold, update CFCFRMS, conduct due diligence, and cooperate in fund recovery.
Q14. What if the fraud amount has already moved to another account?
A. Banks must share the complete exit trail (wallet, device, ATM, merchant, VASP details) so police can follow the money.
Q15. What if I am the victim but my own account is frozen?
A. You can request immediate unfreezing through your bank unless a lawful direction requires otherwise.
Q16. How many ways exist for returning money to victims?
A. There are five legal processes—including BNSS-based restoration, court-directed release, and pro-rata distribution for multiple victims.
Q17. What is the BNSS section used for releasing money to victims?
A. Section 106(3) of BNSS allows interim release of money held/seized, with SP/DCP approval.
Q18. What happens in cases with multiple victims?
A. If individual attribution is not possible, money is distributed on equitable/pro-rata basis.
Q19. What are money mule accounts and how does the SOP deal with them?
A. Mule accounts receive stolen money for criminals. The SOP mandates enhanced due diligence, suspension, and AML/PMLA action for repeat offenders.
Q20. Are merchants and e-commerce platforms covered under this SOP?
A. Yes. They must cancel undelivered orders, hold funds, and upload all relevant order/delivery details to CFCFRMS.
Q21. How are payment gateways, aggregators and wallets treated?
A. They must hold fraudulent funds, escalate to merchants, and update the complete trail, including wallet transfers and settlement details.
Q22. What about crypto-related fraud?
A. VASPs must hold equivalent INR or VDA, liquidate crypto on direction, update CFCFRMS with full KYC/wallet details, and assist in victim restoration.
Q23. What is the grievance mechanism under this SOP?
A. It includes bank-level, district-level, and state-level grievance officers with strict deadlines (7 days for bank, 15 days for IO, 15 days for appeals).
Q24. Do I need to physically visit the police station for grievance?
A. No. Verification should preferably be done through video conference unless unavoidable.
Q25. What is the 90-day rule for long-pending holds?
A. If no lawful direction is received within 90 days, the bank may remove the hold after enhanced due diligence and intimation to LEA.
Q26. Can I challenge the IO’s decision?
A. Yes. You can appeal to the District Grievance Officer, then the State Grievance Officer, or move the jurisdictional court.
Q27. Does the SOP cover preventive freezing?
A. Yes. Banks can place prospective holds to block future credits in suspicious accounts involved in cyber-fraud.
Q28. How does the SOP address privacy and rights?
A. By requiring proportionality, notice, opportunity to explain, video-based hearings, and timely review.
Q29. What records must banks and financial intermediaries maintain?
A. Transaction logs, beneficiary details, KYC, device IDs, order IDs, and all responses uploaded on CFCFRMS.
Q30. Can courts override the SOP?
A. Yes. Courts remain the final authority and can pass specific orders for attachment, release, disposal, or restoration of funds.