Bank Labelled Your Transaction "Suspicious": Lift the Hold

If you are short on time, jump to What to do in the next 30 minutes and the sample explanation letter.

A 28 year old IT engineer in Pune received ₹3.4 lakh from a friend, deposited ₹49,000 cash in two visits the same week, and bought ₹40,000 of crypto on a Friday. On Monday her UPI failed. Her relationship manager said only “compliance hold, ma'am, please visit branch”. No reason, no timeline, no SMS.

This page is for that moment. The “suspicious transaction” label scares citizens because banks cannot, by law, always tell you what tripped the flag. The RTI Wiki editorial team has walked dozens of friends through this process, and the lift-the-hold workflow is far more standardised than banks let on.

If your account is fully frozen by a cyber cell or police order, read why banks suddenly freeze accounts in India first. This article covers the internal “compliance hold” that sits one step before that.

Indian banks run continuous transaction monitoring software. The rules come from two sources:

1. The Prevention of Money Laundering Act 2002 (PMLA), especially §12 (record-keeping duty) and §43A (confidentiality of suspicion).
2. The Reserve Bank of India Master Direction on Know Your Customer 2016, updated through 2025.

When a transaction or pattern hits a threshold, the system raises an internal alert. A compliance officer reviews the alert. If the officer believes the activity is genuinely suspicious, the bank does three things, often in this order.

1. Marks the account for enhanced due diligence (EDD). Your profile is reviewed against your declared income, occupation, and KYC.
2. Applies a debit restriction or hold. Outward payments fail. Salary credits and inward remittances usually still land.
3. Files a Suspicious Transaction Report (STR) with the Financial Intelligence Unit of India (FIU-IND) within 7 working days of the suspicion forming.

The hold is an internal bank decision. It is not a court order. It is not an FIR. It is the bank saying, “we want to understand this before we let more money move.”

This is the single most important fact in this article.

FIU-IND is an intelligence body under the Department of Revenue, Ministry of Finance. It receives Cash Transaction Reports, Non-Profit Organisation Transaction Reports, Cross-Border Wire Transfer Reports, and Suspicious Transaction Reports from every reporting entity in India. Most STRs are filed for completeness, not for investigation. FIU-IND aggregates patterns across banks. Only a small fraction of STRs trigger an Enforcement Directorate inquiry, an Income Tax notice, or a CBI reference.

An STR being filed against your transaction does not make you an accused. It does not appear on your CIBIL. It does not show up on any public record. Even your branch manager often cannot see the STR itself, only the internal alert ID.

For comparison with a hard freeze, see why banks freeze accounts in India.

Bank software watches behaviour, not single transactions. These are the most common patterns flagged in 2026.

Large credit lands, ₹95% of it leaves within minutes or hours. Salary stays for days; mule money leaves fast. This is the dominant pattern flagged by AML engines in India.

Cash deposits or transfers of ₹49,000, ₹49,500, ₹48,000, just below the ₹50,000 PAN-quoting trigger or the ₹10 lakh aggregated cash threshold, repeated across days or branches. Structuring is explicitly listed as a red flag in the RBI KYC Master Direction.

A salaried teacher who declared ₹6 lakh annual income deposits ₹4 lakh cash in a month. A student account receives ₹2 lakh cash. The mismatch alone, without anything illegal, triggers a review.

A first-time SWIFT credit from West Asia, a wire to a country on the FATF grey list, a Liberalised Remittance Scheme outward of US$ 9,000 with no past international footprint. Cross-border alerts are heavy-weighted.

UPI or IMPS to a known Virtual Digital Asset exchange, especially in burst patterns or sums that match crypto-arbitrage signatures. Banks in 2026 actively flag VDA-linked accounts under the 2025 FIU-IND guidance on crypto reporting.

Account opened in the last 12 months. Low average balance. Then a sudden inward burst of ₹50,000 to ₹2 lakh from multiple unrelated UPI IDs, followed by an outward sweep. Mule patterns are flagged within minutes by modern AML systems.

An account inactive for 12 months suddenly receives high-value credits. The dormant-then-active pattern was added to the Master Direction red-flag list in the 2023 update because it correlates strongly with stolen-KYC abuse.

Money moves Bank A to Bank B to Bank C and back to Bank A in the same week, sometimes across joint accounts of the same person. Banks share metadata for these patterns under the Account Aggregator and CKYC frameworks.

Funds pass through a registered NGO or trust account that has no real activity record. NPO transaction reports are a separate FIU-IND category, but the layering pattern flags both ends.

Repeated transfers to or from offshore gaming wallets, fantasy sports operators outside the licensed list, or merchant categories on the bank's high-risk register.

You can sit inside one of these patterns without doing anything illegal. A friend paying back a loan in cash, a wedding gift arriving from a cousin in Dubai, a side gig in freelancing all look statistically like the bad patterns. That is why the workflow exists: to give you a chance to explain before anything escalates.

Three laws shape what your bank can and cannot do.

PMLA §12 makes every bank a “reporting entity”. The bank must maintain records of transactions, verify customer identity, and report suspicious transactions to FIU-IND. PMLA §43A creates a confidentiality duty: the bank, its officers, and its agents cannot disclose that an STR was filed, or the contents of the STR, to the customer or anyone else. This is the legal reason your relationship manager refuses to say “we filed an STR on you”.

The confidentiality is not absolute. It applies to the existence and contents of the STR. It does not bar the bank from explaining, in general terms, that compliance review is in progress or that updated KYC and source-of-funds documents are needed.

The Master Direction on Know Your Customer 2016, last amended in 2025, sets the operational rules: customer due diligence, enhanced due diligence, ongoing monitoring, periodic re-KYC, and the red-flag indicators. Paragraph 38 onwards covers monitoring of transactions and the categories of suspicion. The Master Direction is the rulebook your bank's compliance team works from.

This 2024 direction overhauled fraud classification and customer-protection timelines. It clarified that a bank running an internal compliance review must communicate, in writing, the broad nature of the restriction and the documents needed, even if it cannot disclose the specific suspicion category. The 2024 direction also re-affirmed the customer's right to escalate to the Internal Ombudsman and then to RB-IOS 2021.

For the related cyber-fraud customer-protection layer, see the golden-hour zero-liability rule for cyber fraud.

PMLA §43A is real, but it is narrower than branch staff often suggest. The bank can:

1. Say compliance review is in progress.
2. List the documents you must submit.
3. Give you a service-request number and a target review date.
4. Confirm, in writing, that the restriction is internal, not a court order or police notice.

The bank cannot:

1. Confirm or deny that an STR was filed.
2. Share the specific transaction list that triggered the review.
3. Name the FIU-IND alert ID or the compliance officer who flagged it.

If your branch refuses to give you even the lift-the-hold document list, that refusal is itself a deficiency of service and a Banking Ombudsman ground. Insist on a written response, even one paragraph long, on bank letterhead or as a stamped service-request slip.

This plan works for a vanilla compliance hold without any layered cyber-cell or police order. If a police notice is layered on top, the freeze is harder to lift and you should read the cyber-freeze article first.

Walk into the home branch. Ask for a written acknowledgement that your account is “under compliance review” with the service-request number, the date of the restriction, and the contact person. Do not leave without a paper slip or an email. Verbal answers vanish.

Banks have a standard EDD document checklist. Ask for it. It usually includes: updated address proof, updated PAN, last 6 to 12 months of salary slips or income proof, source-of-funds proof for the transactions in question, and a written explanation for the activity flagged.

Use the template in the sample letter section below. One paragraph per flagged pattern. Plain language. Attach proofs.

A voluntary KYC refresh signals cooperation. Update your latest address, latest employer, latest income range, and any change in occupation. Use the CKYC route if your bank supports it.

Salary slips for salary credits. Sale deed and bank statement of the buyer for property sale credits. Wedding gift declaration with names of givers for gift credits. Loan agreement for friend-loan credits. UPI statement for crypto-to-fiat conversions. Be specific.

Most compliance holds resolve in 7 to 21 days from the date the bank has all your documents. The clock does not start until you have submitted everything. Push the relationship manager for the target review-completion date in writing.

If the branch is silent at 14 days, email the bank's principal nodal officer for grievances. Every bank publishes this on its website. Reference the service-request number, attach the original branch acknowledgement, and ask for a status update within 7 days.

If 30 days from your first written complaint pass without a substantive reply, file at the RBI Complaint Management System at https://cms.rbi.org.in. The Banking Ombudsman under RB-IOS 2021 has jurisdiction over deficiency of service even when the underlying restriction is compliance-driven. Read the full walkthrough at how to file at RB-IOS 2021.

Public-sector banks (SBI, PNB, Bank of Baroda, Canara, Indian Bank, BoI, BoM, UCO, Union, Punjab and Sind, Central, Indian Overseas) are “public authorities” under §2(h) of the RTI Act 2005. You can ask for the broad category of suspicion, the date of the internal alert, the date the STR was filed (if any), and the documents needed to lift the hold. Section 8 of the RTI Act has exemptions you must work around, covered in the RTI section below.

You can draft the RTI in three minutes using the AI RTI Draft tool.

Compile these before you walk into the branch. Keep one photocopy set and one digital set.

• Latest Aadhaar (front and back) or passport for address proof.
• Latest PAN card.
• Latest 3 months of salary slips or income certificate from a Chartered Accountant.
• Form 16 of the last completed financial year.
• Latest filed Income Tax Return acknowledgement.
• Bank statements of the last 12 months from all your accounts at this bank.
• Source-of-funds proof for each transaction the bank specifically asks about. Match the exact amount, date, and counter-party.
• A signed explanation letter (template below).
• An updated address proof if your address has changed in the last 24 months.
• For crypto on-ramp credits: the exchange's KYC statement and the tax-deducted-at-source certificate for the period.
• For business or freelance income: GST registration certificate, invoices for the flagged credits, client agreement.

• Paying an “unblock agent” on Telegram or WhatsApp. Every such offer is a scam. No agent can lift a compliance hold. You will lose money and add a second STR for paying a fraudster.
• Closing the account or moving funds. Trying to drain the account by issuing self-cheques, taking out cash through a relative's card, or rushing to a new bank, all add to the suspicion. Section 12 of PMLA requires the bank to preserve records and report unusual closure patterns.
• Filing a police complaint against the bank. Branch staff are following a Master Direction. A police complaint will not help and will look adversarial when your nodal escalation lands.
• Sending angry emails without documents. Compliance teams act on paperwork. A two-line angry email gets stamped “follow-up” and parked. A five-page polite letter with twelve attachments gets actioned.
• Telling the branch “I will go to media”. Confidentiality under §43A makes the bank more cautious if you raise public-pressure threats. Keep media out until after the RB-IOS step.

Only Public Sector Banks are “public authorities” under §2(h) of the RTI Act 2005. Private banks (HDFC, ICICI, Axis, Kotak, IndusInd, Yes, IDFC First, RBL, AU Small Finance, Bandhan, DCB, City Union) are not. For private banks, the equivalent route is RB-IOS 2021.

For public sector banks, here is what the §8 exemption matrix looks like for a “suspicious transaction” RTI.

• Whether your account is currently under a compliance hold (yes or no).
• The date the restriction was applied.
• The broad category of documents required to lift the hold.
• The bank's internal turnaround time policy for compliance reviews.
• The name and contact of the nodal officer handling your branch.
• The bank's published EDD checklist for retail customers.

§8(1)(h) of the RTI Act exempts information which would “impede the process of investigation or apprehension or prosecution of offenders”. The PIO will usually invoke this for:

• Whether an STR was filed on your account.
• The transaction list that triggered the internal alert.
• The internal alert ID, scoring model output, or compliance officer's notes.
• Any communication with FIU-IND.
• Whether the Enforcement Directorate or Income Tax has been notified.

§8(1)(d) protects commercial confidence. §8(1)(e) protects information held in a fiduciary capacity. PIOs may invoke these for the bank's internal risk-scoring model and AML rule thresholds, which are commercial intellectual property.

The strategy that usually works: ask the disclosable questions first. The reply itself proves the hold is internal-compliance, which is useful for any later RB-IOS or consumer-court case. Read the citizen RTI playbook for drafting tactics, and RTI vs ombudsman vs CPGRAMS for when to pick which.

1. Day 0 to 14. Branch and relationship manager. Get everything in writing.
2. Day 14. Email the bank's principal nodal officer. Most banks publish nodal contacts on a “Customer Care” or “Grievance Redressal” page.
3. Day 21. Email the bank's Internal Ombudsman. Mandatory at every scheduled commercial bank under RBI's Internal Ombudsman Scheme 2018.
4. Day 30. File at https://cms.rbi.org.in under RB-IOS 2021. Use the full walkthrough at RB-IOS 2021 step-by-step.
5. Day 30 parallel track. File an RTI to the bank's PIO if it is a public sector bank.
6. Day 60. If RB-IOS does not respond, the appeal lies with the RBI's Deputy Governor as Appellate Authority under clause 17 of RB-IOS 2021.
7. Parallel. A Consumer Commission complaint under §35 of the Consumer Protection Act 2019 for deficiency of service is independent of the RB-IOS route and can run in parallel.

If the underlying restriction is actually a cyber-cell lien, the workflow is different. See cyber freeze workflow. If the issue is a lien marked for non-cyber reasons, see how to remove a lien amount from a bank account. If the bank is also charging minimum-balance penalties on a salary account that converted itself, see salary account MAB refund. If a CIBIL “NPA” or “wilful defaulter” tag has been added on top, see removing the NPA or wilful defaulter tag.

If the hold has not lifted at 30 days, one of three things is going on.

The bank is unable to lift because a fresh order from a cyber cell or police station is in force. This is common in UPI-chain freezes. The fix is to get the underlying police order rescinded, which is a different workflow. If the cyber freeze is the real issue, walk through the cyber freeze playbook. If you are the original cyber-fraud victim and the freeze is on the fraudster's account, call 1930 and follow the golden-hour zero-liability protocol.

§226(3) of the Income Tax Act 1961 and §83 of the CGST Act 2017 allow tax authorities to attach bank accounts up to the demand amount. The bank cannot lift this. You must contact the assessing officer.

If your documents do not cover the flagged transactions, the bank will keep the hold and ask for more. Match each flagged transaction to a specific proof. If a transaction is unexplainable (a cash gift with no paper trail, a forgotten old loan), say so honestly in writing. Compliance officers are trained to accept honest “I cannot prove this but here is the context” answers better than vague denials.

Edit and print on plain paper. Sign each page. Attach proofs as Annexure 1, Annexure 2, etc.

To,
The Branch Manager
[Bank name], [Branch name and address]
Through: The Principal Nodal Officer
[Bank name], Head Office

Subject: Explanation of recent transactions and request to lift compliance hold on Account No. XXXX-XXXX-1234
Service Request No.: [SR number from branch slip]
Date: [Date]

Sir / Madam,

I am the holder of the above savings account, opened on [date]. I have been a customer of [Bank name] for [N] years. My account has been under a debit restriction since [date], as informed orally by the branch on [date] and noted in service request [SR number].

I write to provide a full and honest explanation of the transactions in the period [date range], and to request that the restriction be lifted at the earliest, after due verification.

1. Credit of ₹[amount] on [date] from [counter-party].
   This represents [salary / freelance fee / property sale / gift / loan repayment / etc.]. Supporting proof is attached as Annexure 1.

2. Cash deposit of ₹[amount] on [date] at [branch].
   This represents [festival gift from named family member / sale of household asset / etc.]. A signed declaration is attached as Annexure 2.

3. Transfer of ₹[amount] to [counter-party] on [date].
   This represents [crypto purchase on registered Indian exchange / loan repayment to friend / etc.]. Exchange KYC and transaction statement attached as Annexure 3.

[Repeat for each flagged transaction.]

I confirm that:
- All funds in this account are from legitimate, tax-paid sources.
- I have filed my Income Tax Return for the last 3 assessment years. Acknowledgements are attached as Annexure [N].
- I am not aware of any criminal or civil proceeding pending against me.
- I am happy to attend the branch in person and to provide further documents if asked.

I request you to:
- Complete the compliance review within the bank's published turnaround time.
- Communicate, in writing, the target date of review completion.
- Lift the debit restriction once verification is satisfactory.

I retain my rights under the Banking Ombudsman Scheme RB-IOS 2021 and under the Consumer Protection Act 2019 if the review is not completed in a reasonable time.

Yours faithfully,

[Signature]
[Full name]
[Mobile, email]
[Account number]

Annexures: As listed above.
CC: Principal Nodal Officer; Internal Ombudsman.

• Open your last 90 days of bank statement on net banking. Note every credit and debit over ₹25,000. You will be asked about each.
• List the 3 transactions most likely to have triggered the alert. Match them against the 10 patterns above.
• Gather PAN, Aadhaar, last 3 salary slips, last ITR acknowledgement. Photograph them and keep them in a single folder on your phone.
• Call your home branch and ask for a written service-request number. Do not accept a verbal “we will check”.
• Do not move money out. Do not pay any “unblock agent”.
• Draft the explanation letter from the template above. One paragraph per flagged transaction.
• If you want an RTI on day 30 against a public sector bank, draft it now using the AI RTI Draft tool.

No. A “suspicious transaction” tag triggers an internal compliance hold or debit restriction. A “freeze” is a stronger word usually associated with a court order, police notice, or cyber-cell instruction. The hold is internal to the bank and usually lifts in 7 to 21 days. A freeze sourced from outside the bank can take longer. See the cyber freeze guide for the freeze workflow.

No. STRs go to FIU-IND, which is an intelligence body. They are not credit events. They do not appear on CIBIL, Experian, Equifax, or CRIF. Your credit score is not affected by an STR. If a CIBIL tag has been added separately, see how to remove an NPA or wilful defaulter tag.

Very unlikely. STRs are aggregated intelligence. Police involvement happens only if FIU-IND analysis, combined with other inputs, leads the Enforcement Directorate or another agency to open a case. Most STRs never escalate beyond FIU-IND's database. If a cyber cell does contact you, that is usually about a separate complaint, not the STR itself.

There is no fixed statutory limit, but the RBI Master Direction on Frauds 2024 requires the bank to communicate, in writing, the broad nature of the restriction and the documents required. The 2024 direction also requires the bank to follow its published turnaround time, which is typically 7 to 21 days for compliance reviews. Beyond 30 days without a substantive reply, file at https://cms.rbi.org.in under RB-IOS 2021.

You can, but the new bank will see the existing relationship through the Account Aggregator framework and may apply its own enhanced due diligence. Be honest at the new bank's KYC stage about the existing hold. Hiding it can itself become a fresh red flag. The cleaner route is to lift the hold on the existing account first.

No. PMLA §43A's confidentiality duty binds the bank against disclosing the STR or its contents to anyone, including your employer or family. The hold itself is visible only to you when net banking fails. The branch may call your registered number, but they will not contact your employer.

Two parallel steps. First, ask the vendor to follow the explanation workflow with their bank. Second, prepare your own proof of the payment, the underlying invoice, and your tax records, in case the vendor's bank asks you for a confirmation. If the original transaction was actually a fraud, file at 1930 helpline within the golden-hour window.

You can file a Consumer Commission complaint under §35 of the Consumer Protection Act 2019 if you can show deficiency of service: refusal to give written reasons, refusal to share the document list, missed turnaround time. The Consumer Commission cannot order the STR to be undone, but it can order compensation for the deficiency of service and direct the bank to follow its own published policy. Read how to file at the Consumer Commission online via E-Daakhil for the process.

Do not. Ask for the full form text. Read it. If it is a routine KYC refresh form, fill it in your own handwriting. If it looks like a settlement or a confession (“I acknowledge that the transactions were suspicious”), refuse and ask for the legal basis. No bank can lawfully require you to sign a confession to lift a compliance hold.

Yes. The same RBI KYC Master Direction and PMLA apply. NRE, NRO, and FCNR accounts are often flagged on cross-border inflow patterns. The explanation workflow is the same. The escalation route is the same RB-IOS 2021. Some banks have a dedicated NRI nodal officer who is faster than the regular branch.

No, not directly. PMLA §43A and the FIU-IND's confidentiality rules block both. An RTI to the bank under §8(1)(h) of the RTI Act will be refused on the STR question. An RTI to FIU-IND will likewise be refused. The only way you learn an STR was acted upon is if an Enforcement Directorate or Income Tax officer contacts you directly, which is rare.

• Prevention of Money Laundering Act 2002, particularly §12 (records and reporting duty) and §43A (confidentiality of suspicion). Bare Act at https://www.indiacode.nic.in.
• Reserve Bank of India, Master Direction on Know Your Customer (KYC) 2016, as amended through 2025. Available at https://rbi.org.in.
• Reserve Bank of India, Master Direction on Frauds, Risk Management and Reporting in Commercial Banks 2024. Available at https://rbi.org.in.
• Financial Intelligence Unit, India. Official site at https://fiuindia.gov.in.
• Reserve Bank Integrated Ombudsman Scheme 2021 (RB-IOS 2021). Scheme text and CMS portal at https://cms.rbi.org.in.
• Right to Information Act 2005, particularly §8(1)(d), §8(1)(e), §8(1)(h). Bare Act at https://www.indiacode.nic.in.
• Consumer Protection Act 2019, particularly §35. Bare Act at https://www.indiacode.nic.in.
• Internal Ombudsman Scheme 2018 (RBI). Available at https://rbi.org.in.

• Why banks freeze accounts suddenly: cyber crime, UPI chains, and police notices
• Lien amount on bank account: what it is and how to remove it
• Salary account minimum balance penalty refund
• How to remove an NPA or wilful defaulter tag from CIBIL
• How to file a Banking Ombudsman complaint under RB-IOS 2021
• 1930 cyber fraud helpline: exact script and timing
• Golden hour zero-liability rule for cyber fraud
• The citizen RTI playbook: drafting tactics
• RTI vs CPGRAMS vs Ombudsman vs Consumer Commission: pick the right route

Last reviewed: 2026-05-16. The RTI Wiki editorial team welcomes corrections at [email protected].