Dormant or Dangerous? Managing the “Inactive” Account Risk

The January 2026  Mandate: Turning Account Governance into Opportunity

For years, “dormant accounts” were an operational nuisance a list of customers who stopped transacting, costing you maintenance fees (or arguably, saving you service costs).

As of January 2026, they are officially a security threat.

With the RBI’s new Account Hygiene Norms now in effect, the definition of a “healthy ledger” has changed. The regulator is no longer just asking “How many inactive accounts do you have?” They are asking: “Why are they still open, and who controls them?”

For COOs and Heads of Retail Banking, this shifts the focus from cost-saving to active defense. Here is your operational roadmap for the new mandate.

The Mandate: What Changed on January 26?

The RBI’s updated 2026 guidelines have tightened the screw on account classification. The days of passive “bulk closures” are over.

• The Old Rule: Classify as “Inoperative” after 24 months. Freeze debits.
• The New Reality (2026): You must actively prove “Liveness” or “Closure” within defined windows.
  • Proactive Alerting: Banks must notify customers before the 12-month “Inactive” mark and again before the 24-month “Inoperative” mark.
  • Zero-Liability Reactivation: Reactivation must be fee-free and digital-first.
  • Mule Prevention: Any account reactivated after 2 years requires Enhanced Due Diligence (EDD), not just standard KYC.

The Risk: The “Mule” in the Haystack

Why the regulatory heat? Because dormant accounts are the preferred vehicle for Money Mules.

Fraud rings don’t open new accounts; they buy old ones. A savings account that has been “sleeping” for 18 months is the perfect Trojan Horse. It has a vintage, a history, and flies under the radar of standard fraud models—until sudden high-velocity transfers begin.

The Ops Challenge: You have 5 million accounts. 15% are inactive.

• If you close them all, you lose 750,000 potential future customers.
• If you keep them open without checks, you invite regulatory penalties and fraud.

The Solution: Automated “Liveness” Journeys

You cannot solve this with a call center. Dialing 750,000 customers to ask “Are you still there?” is cost-prohibitive and low-yield.

Leading banks are now deploying Automated Re-KYC Journeys.

1. The “Nudge” Workflow (Months 10-12)

Instead of a generic “Use it or lose it” email, the system triggers a personalized engagement hook via WhatsApp/App notification:

“Hi [Name], your [Card Type] benefits are paused. Make one transaction of ₹1 to keep your lounge access active.”

• Result: filters out the “Forgetful Savers” from the truly “Departed.”

2. The “Safety Check” (Months 18-23)

For accounts approaching the “Inoperative” danger zone, the workflow shifts to security.

• Action: Prompt a “Liveness Check” via the banking app (FaceID or OTP).
• Orchestration: If the customer verifies, the timer resets. If they fail or don’t respond, the account is auto-segmented into a “High-Risk/Freeze” bucket before the mule ring attacks.

Governance: The Audit Trail

The new 2026 norms require an audit trail of intent.

Regulators will look for the “Decision Log”:

• Why was Account X kept open despite a 0 balance?
• Who authorized the reactivation of Account Y after 3 years?

If your answer relies on manual email approvals, you are non-compliant. You need an orchestration layer that logs the re-KYC trigger, the customer’s digital consent, and the system’s automated validation in a single, immutable timeline.

Compliance Note: A zero balance does not imply that an account is inoperative.

A crucial distinction in the Jan 26 rules:

• Zero Balance: A balance status. You cannot close an account solely for this without notice.
• Inoperative: A transaction status (24 months of silence).

Do not conflate the two. A zero-balance account receiving a government DBT (Direct Benefit Transfer) is active. Closing it triggers immediate grievance redressal penalties. Your system must be smart enough to distinguish a “Empty Wallet” from a “Ghost User.”

The Verdict

The “Sleepy” account is no longer harmless. It is a dormant liability waiting to be weaponized.

By January 31, your goal should be to convert your “Inactive” list into two clean piles: Recovered Customers and Safely Closed Files.

For more information, please contact us at sales@simple.works