New Delhi: The Government of India has introduced major amendments to the Income-tax Rules, 1962, aiming to improve transparency in digital financial reporting and strengthen oversight of crypto-related transactions. The changes, notified by the Ministry of Finance’s Department of Revenue on March 5, 2026, revise Rules 114F, 114G, and 114H to address the growing role of digital assets in the financial ecosystem.

The updated framework expands definitions and reporting requirements related to central bank digital currencies (CBDCs), electronic money products, and crypto-assets. Officials say the move is intended to enhance regulatory clarity while improving monitoring of emerging financial technologies.

New Definitions for CBDC and Digital Money Products

Under the amended rules, Central Bank Digital Currency (CBDC) has been formally defined as a digital version of fiat currency issued by a central bank. The introduction of this definition supports India’s broader push toward a secure and regulated digital payments ecosystem.

The notification also introduces the term “specified electronic money product.” These are digital instruments that represent a single fiat currency in electronic form and are issued in exchange for funds intended for payment transactions. Such products must be redeemable at their face value and accepted as a payment method by entities other than the issuer.

However, the rules clarify that services designed purely for facilitating fund transfers will not fall under this category. Additionally, digital money products where funds remain unused for more than 60 days will be excluded from the specified electronic money classification.

Another new category introduced is “relevant crypto-asset.” This term applies to digital assets that are neither central bank digital currencies nor specified electronic money products, or those deemed unsuitable for payment or investment by reporting service providers. These assets will be covered under the reporting framework for regulatory oversight.

Expansion of the Financial Asset Reporting Framework

The amendments also broaden the scope of financial assets that must be reported. The updated definition now includes interests linked to crypto-assets such as futures contracts, forward contracts, and options contracts involving digital assets.

Financial institutions are now required to maintain comprehensive records for accounts, including self-certification documents, details of joint account holders, and information about controlling persons.

For joint accounts, institutions must preserve the identities and the number of all account holders. Additionally, even for accounts that are not classified as U.S. reportable accounts, institutions must document whether valid self-certification has been obtained from account holders.

The rules also require identification and role details of individuals who exercise control over financial accounts, ensuring greater transparency in ownership structures.

Updated Due Diligence and Compliance Procedures

The revised regulations introduce enhanced due diligence requirements for newly opened accounts during the reporting period. If self-certification from an account holder cannot be obtained promptly, institutions must temporarily apply procedures similar to those used for pre-existing accounts until proper certification is received and verified.

For accounts maintained up to December 31, 2025, information about controlling persons or equity interest holders must only be reported if such details are available in electronically searchable records maintained by the financial institution.

The government has also updated reporting rules for gross proceeds from the sale or redemption of financial assets, ensuring that the same transaction is not reported twice if it has already been captured under the crypto-asset reporting framework.

Aligning with Global Tax Transparency Standards

Experts say the amendments align India’s regulatory approach with international tax transparency initiatives, including frameworks designed for global financial information sharing.

As digital financial instruments continue to expand, authorities are increasingly relying on advanced technology and data-driven reporting systems to strengthen tax administration.

Officials believe the updated rules will help curb tax evasion, identify suspicious financial activity, and improve the exchange of financial information across borders. The reforms are also expected to help financial institutions adopt more structured compliance systems for managing digital asset transactions.

State Bank of India (SBI), India’s largest bank, has reported nearly 16,000 cyber fraud cases across its branches in just 22 months, highlighting the rapid rise of digital banking scams. RTI data reveals that while SBI accelerates its adoption of AI and technology-driven banking, cybercriminals are executing increasingly sophisticated attacks on unsuspecting customers.

What the RTI Data Shows

Between January 1, 2024, and October 31, 2025, SBI documented 15,956 cyber-related financial frauds. In comparison, non-cyber frauds numbered 5,105, meaning digital scams were nearly three times more frequent than traditional frauds.

The RTI response, filed by activist Abhay Kolarkar, confirms a clear trend: as banking shifts to apps, cards, and UPI, cybercrime has become the default mode of fraud, while legacy frauds still occur in isolated but high-value cases.

Financial Impact of Cyber Frauds

• Total losses from cyber fraud: ₹118.47 crore
• Total losses from other frauds: ₹477.64 crore
• Online banking frauds: 6,630 cases, ₹62.37 crore
• Mobile banking frauds: 227 cases, ₹3.23 crore
• ATM-related frauds: 1,085 cases, ₹7.6 crore

While traditional frauds account for higher cumulative losses, the high volume and velocity of cyber frauds make ordinary customers more vulnerable day-to-day. Each new digital banking feature is also a potential attack vector for fraudsters exploiting user behavior.

State-wise Trends and Insider Threats

• West Bengal recorded the highest number of cyber frauds: 1,838 incidents, ₹12.60 crore.
• Employee involvement: 606 cases, ₹222.24 crore.

These figures highlight a concerning insider angle, showing that internal collusion can amplify cybercriminal operations. Certain regions, like West Bengal, are emerging as hotspots for organized financial cybercrime rather than just isolated phishing incidents.

Why Cyber Frauds Are Increasing

Banks are adopting AI, automation, and digital-first banking to improve efficiency, but user security awareness is lagging. Fraudsters are employing layered tactics, including:

• Social engineering and fake customer-care calls
• App cloning and remote-access tools
• Mule accounts and insider collusion

The result: everything appears official—OTPs come from real bank numbers, payment screens look authentic—but a single click can transfer funds into fraud networks. RTI figures only capture reported incidents, suggesting the real exposure is likely much higher.

Steps SBI Customers Should Take

1. Treat every request for OTP, PIN, CVV, or device access as potentially malicious, even if it appears official.
2. Avoid installing remote-access apps or clicking on links claiming to be for KYC updates, account verification, or card upgrades.
3. In case of unauthorized transactions, call 1930, file a complaint on cybercrime.gov.in, and notify your branch in writing to establish a clear dispute trail.

The RTI findings serve as a warning for all Indian banking customers: the cyber fraud ecosystem is fully digital, but user awareness has not caught up. Vigilance is the first line of defense.