The story begins in Arera Colony, Bhopal, where the late Kedarnath Sharma, a retired engineer, consolidated his family’s finances at a single branch of HDFC Bank after retirement. The decision was practical: ease of access, familiarity, and the assurance offered by a bank’s senior-citizen services. Accounts were opened for his wife, Indira Sharma, and his daughter, Archana Sharma, who had settled in Dubai years earlier.
It was through this arrangement that Sanjay Thakur, a relationship manager assigned to the family, entered their lives. Thakur offered home visits, investment advice, and regular reassurance — particularly as Kedarnath Sharma’s memory began to decline following an accident. Over time, Archana Sharma, coordinating from overseas, came to rely on him as an informal bridge between her parents and the bank.
FCRF Launches Flagship Compliance Certification (GRCP) as India Faces a New Era of Digital Regulation
In 2020, Thakur proposed moving more than ₹2 crore from savings accounts into mutual funds, promising higher returns and steady income. The family agreed. Transaction alerts continued for a time, then abruptly stopped. When questioned, Thakur dismissed the silence as a technical issue. The balances, he said, were “visible in the system.” They were not.
The Disappearance of Money and the Appearance of Ghost Accounts
Months later, a cheque issued by the family bounced. Alarmed, Archana Sharma flew from Dubai to India in early 2023. What emerged, investigators later found, was not a single act of embezzlement but a coordinated manipulation of banking systems across cities.
While Archana was abroad and her mother stayed with relatives in Pune, new accounts were opened in their names at branches of Axis Bank, ICICI Bank, and IndusInd Bank in Bhopal. Mobile numbers linked to the family’s genuine accounts were quietly changed, cutting off transaction alerts. Net banking access was activated without consent. Mutual fund holdings were liquidated. The money flowed swiftly — from legitimate accounts into newly created ones — and then disappeared.
Police investigations led to Thakur’s arrest, but officers acknowledged a hard truth: a criminal conviction would not restore the family’s savings. Acting on their advice, Archana Sharma pursued a parallel path, filing a complaint before the Court of Adjudicating Officer under the Information Technology Act.
Inside the IT Court: Redefining Institutional Responsibility
The proceedings before the Madhya Pradesh IT Court shifted the focus from individual fraud to systemic failure. Represented by cyber-law expert Yashdeep Chaturvedi, the family argued that the fraud could not have occurred without widespread violations of Know Your Customer norms and internal controls.
Section 43(A) of the IT Act — typically invoked in data-protection cases — became central to the argument. Banks, the court heard, are custodians of sensitive personal information, including Aadhaar and PAN details. Negligence in safeguarding that data, or in verifying identities during account creation, carries liability for resulting losses.
After examining transaction trails and account-opening records, the court concluded that employees across multiple institutions had acted in collusion or with gross negligence. In its order, it held seven banks and one finance company jointly responsible, directing them to pay ₹2.5 crore in compensation — the largest such award issued by an IT court in the state.
The Human Cost of a Legal Milestone
For Archana Sharma, the judgment arrived with mixed emotions. During the five-year legal battle, her father died in July 2025. Her mother, now 85, has spent years waiting for access to savings meant to sustain her old age. Legal fees and repeated travel from abroad compounded the strain.
The ruling does not end the criminal case against Sanjay Thakur, nor does it guarantee swift recovery of funds. But it establishes a precedent with wider implications for India’s banking system: accountability does not stop at the counter or with a single rogue employee. It extends to the institutions that enable, overlook, or fail to prevent abuse of trust.
