Standard Operating Procedure (SOP) For Cyber-Fraud Complaints On NCRP–CFCFRMS (2026): A Simple Guide For Citizens And Banks

by

Download the MHA released SOP dated 02.01.2026

1. What is NCRP and CFCFRMS?

The National Cybercrime Reporting Portal (NCRP) is an online portal where any citizen can report cybercrime: www.cybercrime.gov.in. It was launched by the Ministry of Home Affairs in 2019.

It has two parts:

  1. Citizen side
    • You can file a cybercrime complaint (including financial fraud) online, without going to a police station.
  2. Investigation and recovery side
    • Used by police, banks and other financial entities to track the money trail and try to stop stolen money from leaving the financial system.
    • This part is called the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS).

CFCFRMS connects:

  • State and UT Police
  • Banks and other financial intermediaries
  • Payment system operators, e-commerce, stock brokers, VASPs (crypto exchanges) and others

From April 2021 to November 2025, CFCFRMS stopped around ₹7,647 crore from reaching cybercriminals, out of about ₹52,969 crore reported. But only about ₹167 crore has actually been restored to victims so far, which is just 2.18%.

That is why this detailed SOP has been issued on 02.01.2026.

2. Why was this SOP issued?

The SOP has been published to solve practical problems seen in the system so far:

  • Money kept “on hold” for long periods, without clear process to release it
  • Confusion about when to freeze accounts or suspend digital banking
  • Grievances of innocent account holders whose accounts are wrongly frozen
  • Difficulty in giving interim custody of money to real victims
  • Need to avoid unnecessary litigation, delay and cost
  • Threats from money mule accounts and repeated misuse of the same accounts
  • Need to fix accountability of police, banks and all participating entities

3. Main objectives of the SOP

The SOP aims to:

  • Create a clear, uniform process for all participating entities
  • Ensure fair and transparent handling of cyber-enabled financial crimes (CEFCs)
  • Prevent misuse of the “put on hold / freeze / seizure” powers
  • Provide fast, legally sound methods to give interim custody of money to victims
  • Provide a structured grievance redressal system with time limits
  • Protect basic rights like livelihood and privacy
  • Build a cybercrime-resilient financial ecosystem in India

4. Scope: which situations are covered?

The SOP applies only to cybercrime complaints:

  • Reported on NCRP or the national cybercrime helpline 1930, and
  • Escalated to CFCFRMS.

It covers:

  1. Putting on hold and restoring amounts related to suspicious transactions
  2. Suspension and restoration of digital banking services for suspected accounts
  3. Seizure and release of bank accounts or other money holding instruments or property
  4. Five alternative processes for interim custody and restoration of money to victims
  5. Disposal of unclaimed fraud proceeds
  6. Grievance redressal for actions taken based on CFCFRMS information

5. Key guiding principles

The SOP is built on these core principles:

  1. Legal basis
    • Holds and seizures are done under sections 94, 106, 168, 173 of BNSS 2023 (successor to CrPC provisions), the BUDS Act and other laws.
  2. Only genuine cyber-fraud cases
    • Police must push to CFCFRMS only those complaints where a prima facie cyber-enabled financial crime is made out.
    • Motivated or frivolous complaints must not be escalated.
  3. Controlled use of the system
    • Abuse of CFCFRMS (for private disputes, harassment etc.) can lead to suspension of user accounts and action against the concerned officers.
  4. Real-time response by banks
    • Banks are expected to integrate with NCRP through APIs and act in real time to put amounts on hold.
  5. Strict AML / CFT compliance
    • All banks and financial intermediaries must follow anti-money laundering and terror-financing norms, including enhanced due diligence for suspect accounts.
  6. Grievance rights for affected account holders
    • Anyone whose account suffers a hold, seizure or suspension of digital services can raise a grievance and must get a time-bound response.
  7. Fair process before seizure
    • Investigating officers should give account holders an opportunity to explain before ordering seizure or long-term suspension.
  8. Victim-friendly money release
    • The SOP encourages speedy release of money to victims, using either BNSS procedures or High Court-approved mechanisms.
    • If money is mixed from multiple victims, it should be distributed on equitable / pro-rata basis.
  9. No burden to repay where balance is zero
    • If money has already moved out and the account has no balance, the bank is not expected to pay victims out of its own funds.
    • However, any later amounts credited and put on hold can be released to the appropriate victim under the SOP.
  10. Protection for innocent account holders
  • IOs must consider that an account may be misused without the owner’s knowledge, and act accordingly.

6. Who are the key stakeholders?

Download the MHA released SOP dated 02.01.2026

The SOP lists a large set of stakeholders.

Sample of major ones:

CategoryExamples
BanksPublic and private sector banks, regional rural banks, small finance banks, payment banks, co-operative banks, local area banks
Financial regulatorsReserve Bank of India, Securities and Exchange Board of India, Insurance Regulatory and Development Authority of India, Pension Fund Regulatory and Development Authority
Payment ecosystemNPCI, PSOs, TPAPs, PAs, PGs, PPIs, wallets, UPI ecosystem players
Market intermediariesStock brokers, mutual fund houses, trading platforms, exchanges
Digital asset playersVASPs, crypto exchanges
Law enforcement and governmentState/UT Police, DGPs/CPs, Indian Cyber Crime Coordination Centre, National Informatics Centre, Indian Banks’ Association

7. How to file a cyber-fraud complaint: step-by-step

7.1 Filing directly on NCRP (www.cybercrime.gov.in)

Step 1 – Registration

Step 2 – Login

  • Log in with the credentials you just created.

Step 3 – Fill in complaint details

  • Choose the correct category (financial fraud, etc.).
  • Fill detailed information about:
    • How the fraud happened
    • Date, time, amount, transaction ID
    • Bank details, UPI ID, wallet, merchants involved
    • Screenshots or documents, if available

Step 4 – Submit the complaint

  • Submit the complaint online.
  • You will receive a 14-digit acknowledgement number starting with “2” through SMS (header XXNCRP, where XX is state code).

Step 5 – Internal routing

  • The complaint goes to the State and District nodal officers and the concerned police station.

Step 6 – Police screening

  • The police officer checks whether a prima facie cyber-enabled financial crime exists.
  • If yes, the complaint is pushed to CFCFRMS for money trail action.

Step 7 – Notices to banks and FIs

  • Notices under BNSS provisions (sections 94 and 168, plus 106 for seizure) are electronically sent to concerned banks and financial intermediaries.
  • They are directed to put the reported amount on hold or take other steps.

Step 8 – Intimation to you

  • You receive SMS/email if the reported amount (or part of it) has been put on hold, along with a link explaining the release process.

7.2 Filing through the national cybercrime helpline 1930

Step 1 – Call 1930

  • Dial 1930 and speak to the state / UT cyber helpline operator.

Step 2 – Share basic details

  • Provide your name, contact details and transaction details.

Step 3 – Ticket creation

  • The officer creates a ticket on CFCFRMS after satisfying herself that it is a cyber-enabled financial crime.

Step 4 – Acknowledgement

  • You receive a 14-digit acknowledgement starting with “3” via SMS from XXNCRP.

Step 5 – Complete details online

  • The SMS asks you to complete the complaint details on www.cybercrime.gov.in using that acknowledgement number.

Step 6 – After that

  • Once you fill details on the portal, the same process as for NCRP complaints (section 7.1) is followed.

7.3 Complaints initiated by banks via NCRP

Step 1 – Victim informs bank

  • You report unauthorised cyber-fraud to your bank.

Step 2 – Bank records details

  • Authorised bank officials verify data with their systems.

Step 3 – Bank files on NCRP

  • Bank logs into NCRP using its registered credentials and files the complaint on your behalf.

Step 4 – Further flow

  • The complaint is processed exactly like any other NCRP complaint.

In future, the SOP envisages that complaints may also be filed directly through banking apps.

7.4 Complaints at a police station

Step 1 – Visit any police station

  • You can walk into any police station and report the cyber-fraud.

Step 2 – Officer files on CFCFRMS/NCRP

  • An authorised officer uploads the complaint into CFCFRMS, apart from taking other legal steps like FIR.

Step 3 – Subsequent process

  • The complaint is then handled similarly to 1930-based complaints.

8. What banks and financial entities must do when notified

Below is a simplified view of the duties laid down in Section II of the SOP. Download the MHA released SOP dated 02.01.2026

8.1 Banks

When CFCFRMS notifies a transaction:

  1. If money is still in the beneficiary account
    • Immediately put the reported amount (or available part) on hold.
    • If the account is repeatedly reported, suspend digital banking (RTGS, NEFT, IMPS, UPI, AePS, ATM, cards etc.) and, if required, seize the account under lawful directions.
  2. If balance is insufficient
    • Place a “prospective hold” so that any future credits can be held.
    • This is mainly for first-layer mule accounts, not for nodal / pool / escrow accounts.
  3. If money has moved out
    • Provide exit details (ATM ID, device IDs, wallet details, etc.) in CFCFRMS.
  4. Special accounts
    • For nodal/pool/escrow accounts, banks hold only the disputed amount; seizure or suspension should be rare.
  5. Link with loans and credit cards
    • If fraud proceeds are used to repay loans or card dues, the bank must hold the disputed amount and notify other linked accounts.
  6. Analyse repeat offenders
    • Accounts repeatedly reported on CFCFRMS must be put through enhanced due diligence and appropriate AML/PMLA action.

8.2 Merchants and e-commerce platforms

When notified about a fraud transaction:

  • If goods/services not delivered
    • Cancel order, hold the amount in pool/nodal accounts and update CFCFRMS.
  • If payment is with a Payment Aggregator
    • Escalate to PA; PA’s bank holds the amount and updates CFCFRMS.
  • If goods/services already delivered
    • Upload order details, delivery address and recipient identifiers to CFCFRMS.
  • For gift cards, coupons, wallet top-ups
    • Cancel or discredit them where possible and hold the amount.
  • If a merchant’s account has multiple complaints
    • Conduct EDD and, if needed, suspend the account.

8.3 Payment system operators, wallets and CBDC

  • If money is in a wallet
    • Hold the disputed amount and update CFCFRMS.
  • If money has moved from wallet to another wallet or bank
    • Hold where balance exists; otherwise update complete money trail.
  • If funds are spent via merchants
    • Escalate to merchants/TPAPs and hold where goods/services not delivered; otherwise provide recipient details.

8.4 Virtual Asset Service Providers (crypto exchanges)

  • If INR balance lies in customer account
    • Hold equivalent amount and ensure corresponding hold on exchange’s bank account.
  • If INR has been converted into crypto and still lies in wallet
    • On LEA’s instructions, liquidate to INR, deposit in exchange bank account and transfer interim custody to victim’s bank account, updating all details in CFCFRMS.
  • If victim lost VDAs
    • Hold equivalent VDAs in beneficiary wallet and transfer interim custody to victim’s wallet as per SOP.
  • If VDAs were bought P2P
    • Hold the VDA in purchaser’s wallet; initiate hold in beneficiary banks of seller; share full KYC, wallet and transaction details with CFCFRMS.

8.5 TPAPs, PAs, PGs and utility payments

  • If money is lying in PA / intermediary / utility pool or escrow
    • Hold amount, upload intended beneficiary details.
  • If money already settled to merchants
    • Upload settlement and transaction details.
  • If used for bill payments or mobile recharges
    • Escalate to the utility provider, which must conduct EDD, suspend suspicious transactions and share beneficiary KYC details.
  • If same UPI ID is repeatedly reported
    • EDD must be done; the UPI ID/account can be suspended and escalated to the linked bank.

8.6 Mutual funds, stock trading and brokers

  • If money is just lying as trading balance
    • Hold trading balance equal to reported amount.
  • If money has bought stocks/mutual funds/securities
    • Hold these assets in demat and upload details.
  • If assets already sold and money transferred to bank
    • Escalate to bank, which holds equivalent amount.
  • In off-market transfers
    • First platform shares beneficiary platform details; next platform repeats hold process.
  • Accounts with multiple complaints
    • Subject them to due diligence and possible suspension; update full beneficiary details.

8.7 Business correspondents and CSPs

  • If funds went to BC / CSP account and are still available
    • Corporate BC must hold the money and upload details.
  • If balance not available
    • Update settlement details on CFCFRMS.

8.8 Cross-border money transfer companies

  • If funds not yet settled overseas
    • Partner bank holds the amount in nodal/pool/escrow account and informs foreign counterpart.
  • If already settled to foreign beneficiary
    • Update details on CFCFRMS; LEAs may use international channels.

8.9 Credit card issuer / acquirer banks

  • Route-wise action
    • If via PSO → follow PSO rules.
    • If via PA/PG → follow PA/PG rules.
    • If via e-commerce → follow e-commerce rules.
    • If used to pay card dues → card issuer holds disputed amount.
    • If withdrawn via ATM/POS/CSC → issuer uploads withdrawal details on CFCFRMS.

9. Grievance redressal: what if your account or money is affected?

Download the MHA released SOP dated 02.01.2026

A dedicated online Grievance Redressal Module is part of NCRP-CFCFRMS. States/UTs must appoint:

  • State-level grievance officer (ADG / IG / DIG rank)
  • District-level grievance officers (Addl. SP / DySP rank)
  • Each bank and FI must also appoint central, state and branch-level grievance officers.

9.1 If the amount in your account is put on hold

Step 1 – Approach your bank branch

  • Visit your branch or designated office and file a grievance.
  • Bank verifies KYC, conducts CDD and EDD, and if convinced, forwards grievance to online Grievance Module within 7 days.

Step 2 – Assignment to IO

  • SHO assigns grievance to IO / concerned police officer, and informs District Grievance Officer.

Step 3 – Verification via video conference

  • IO issues notice to you to appear, preferably by video conference.
  • Bank representative may also join.
  • Physical appearance should be avoided unless unavoidable and FIR/e-FIR exists.

Step 4 – Assistance from local police

  • IO may use CIAR module (Samanvaya platform) to seek help from local police station where you reside.

Step 5 – Decision within 15 days

  • If satisfied, IO directs bank to remove hold within 15 days and updates portal.
  • If not satisfied, IO records reasons and communicates rejection via SMS/email.

Step 6 – Escalation to District Grievance Officer

  • If IO does not act within 15 days, system auto-notifies District Grievance Officer.
  • You can also seek review within 15 days of IO’s decision.
  • District officer decides within 15 days; IO then has 2 days to carry out instructions.

Step 7 – Long-pending holds (90 days rule)

  • If no lawful direction is received within 90 days from the date bank raised grievance, bank notifies LEA 15 days before expiry.
  • If no extension is asked and amount is not needed in any other case, bank may remove hold after EDD, on account holder’s request, and update NCRP-CFCFRMS.

9.2 If your digital banking is suspended or your account is seized

The steps are similar, but applied to suspension / seizure orders under section 106 BNSS or other laws.

  • You approach your bank branch and file grievance.
  • Bank does CDD/EDD, and if convinced, forwards grievance to module within 7 days.
  • Grievance is assigned to IO who ordered seizure / suspension.
  • IO verifies via video conference and local police, then either:
    • Restores digital banking / unfreezes account while keeping disputed amount on hold, or
    • Records reasons for continuing seizure, within 15 days.
  • Non-action within 15 days triggers auto-escalation to District Grievance Officer.
  • You can appeal to District and then to State Grievance Officer, each deciding within 15 days and IO acting within 2 days.
  • At any stage, you can also approach the jurisdictional court.

9.3 If you are the victim but your own account is frozen

  • If your account was seized by mistake or at your own request as a precaution, you can ask the bank to release it.
  • Bank should release it, provided there is no contrary lawful direction and after CDD/EDD if your account itself appears on CFCFRMS.

10. How is money finally released back to victims?

There are five alternative legal processes for giving interim custody of the amount or restoring property. Download the MHA released SOP dated 02.01.2026

10.1 Snapshot table of the five processes

ProcessWhen usedKey legal basisWho orders release?
Process 1Single victim, money on hold / seizedSection 106(3) BNSSIO with SP/DCP approval, via notice to bank
Process 2Multiple victims, shared pool of moneySection 106(3) BNSS with pro-rata principlesIO with SP/DCP approval
Process 3Court-directed disposalSections 497, 498, 503 BNSSJurisdictional criminal court
Process 4Attachment, forfeiture, restoration through courtSection 107 BNSSCompetent court
Process 5Any specific direction by jurisdictional courtAs per court’s orderCourt

The SOP explains each with illustrations and scenarios.

10.2 Process 1: single victim – step-by-step

  1. Victim checks status
    • Victim checks NCRP-CFCFRMS to see if any amount is on hold on the basis of her complaint.
  2. Victim applies for restoration
    • She submits an online request in the Money Restoration Module.
  3. Request reaches police station
    • The request is routed to the concerned police station.
  4. IO verifies facts
    • IO ensures:
      • Amount is held against this single complaint, and
      • Retention is not needed for investigation.
  5. Notice to suspect account holder
    • Within 7 days, IO issues notice to account holder (video conference preferred).
    • Account holder gets up to 15 days to appear and explain.
  6. Non-response or unsatisfactory explanation
    • If suspect does not appear or cannot justify transactions, IO records reasons.
  7. Approval and order to bank
    • IO gets approval from SP/DCP.
    • IO issues notice under section 106(3) BNSS to bank, directing transfer to victim against indemnity bond.
  8. Bank releases money
    • Bank credits victim’s account within 15 days of receiving notice, updates NCRP-CFCFRMS and informs all banks in the money trail.
  9. Report to court
    • IO forwards report and indemnity bond to jurisdictional court and informs court once amount is actually released.
  10. If suspect contests later
  • If suspect contests within 15 days of refund, IO continues investigation and both bank and account holder must cooperate.

10.3 Process 2: multiple victims – core idea

Where many victims’ funds are mixed in one or more accounts:

  • Victims apply via Money Restoration Module.
  • IO maps the total amount held and total verifiable claims.
  • If attribution to individual victims is not possible, IO distributes the amount on equitable / pro-rata basis (for example, each victim gets in proportion to her loss).
  • Same basic safeguards apply as in Process 1, including notices, verification, SP/DCP approval, indemnity bonds and updates to NCRP-CFCFRMS.

The remaining processes (3, 4, 5) place primary responsibility on the courts to order attachment, forfeiture, disposal and restoration, especially in complex or high-value cases.

11. Key takeaways for citizens

Download the MHA released SOP dated 02.01.2026

  1. Act fast
    • Immediately call 1930 and/or file complaint at www.cybercrime.gov.in as soon as you notice a fraudulent transaction.
  2. Give full details
    • The better your information (screenshots, IDs, messages), the easier it is to trace and hold the money.
  3. Track your complaint
    • Keep your 14-digit NCRP/1930 acknowledgement safe and check the status periodically.
  4. Use grievance mechanisms
    • If your account or money is wrongly affected, go through your bank to raise a grievance under this SOP.
  5. Know that restoration is possible
    • The SOP creates specific, time-bound procedures for interim release of money to victims, including in multi-victim scenarios.
  6. Courts remain the final safeguard
    • At any stage, you can approach the jurisdictional court if you are aggrieved by freezing, seizure or denial of restoration.

FAQ

Q1. What is CFCFRMS under the NCRP?
A. It is the Citizen Financial Cyber Fraud Reporting and Management System that connects police, banks and other entities to trace and hold money lost in cyber-enabled financial crimes.

Q2. How do I report an online financial fraud in India?
A. Call 1930 or file a complaint on www.cybercrime.gov.in with full transaction details and supporting documents.

Q3. Can the bank return my stolen money through NCRP?
A. Yes, if the money is traced and put on hold, it can be returned through processes given in the 2026 SOP, including interim custody under section 106 BNSS.

Q4. What if my account is wrongly frozen due to someone else’s fraud?
A. You can approach your bank, which will raise a grievance on the NCRP-CFCFRMS Grievance Module; the IO and grievance officers must decide within fixed timelines.

Q5. Who issues the SOP for NCRP-CFCFRMS?
A. The SOP is issued by the Ministry of Home Affairs, Government of India, and implemented through the Indian Cyber Crime Coordination Centre (I4C).

Leave a Comment