RBI Introduces Stricter Consumer Protection Norms For Banks And Regulated Entities

New Delhi, Jun 16 (KNN) The Reserve Bank of India (RBI) has finalised its consumer protection framework under responsible business conduct guidelines, introducing stricter norms on mis-selling, deceptive digital practices and unauthorised bundling by regulated entities.

RBI Tightens Consent Norms Under New Framework

The framework shifts to a more prescriptive regime and mandates banks to obtain explicit customer consent through verifiable modes, including signed physical or electronic declarations, OTP approvals, recorded confirmations or clearly demarcated agreement clauses, reported the Times Of India.

Under the new rules, digital interfaces must default to options such as ‘No’ or ‘I do not agree’, requiring customers to actively opt in. Banks will also be required to disclose key product terms upfront, including interest rates, fees, risks, lock-in periods and exit penalties.

The RBI has prohibited bundled consent, directing banks to present each product in separate modules to enable customers to make selective choices. Consent records must be retained for one year after the end of a contract to facilitate dispute resolution and audits.

Wider Oversight Of Marketing And Sourcing Agents

The framework expands the definition of direct selling and marketing agents to include all sourcing entities, such as business correspondents, loan service providers and sub-agents interacting with customers. 

Banks must publish and update directories of empanelled agents within seven days, detailing their identity, location and authorised products.

RBI Cracks Down On Digital Dark Patterns

The directions reaffirm the ban on forced bundling and digital dark patterns, including practices such as basket sneaking, subscription traps, confirm shaming and drip pricing. 

The RBI said consent must be active, specific and obtained separately through interfaces designed to support informed decision-making.

Refunds Mandated In Proven Mis-Selling Cases

Customers will be allowed to file complaints related to mis-selling within regulator-prescribed timelines or within 30 days of receiving signed agreements. 

In cases where mis-selling is established, banks will be required to provide full refunds and compensate customers for losses incurred. Banks will also remain fully accountable for the conduct of their agents and must publish a code of conduct governing their activities.

New Directions To Take Effect From January 2027

The central bank clarified that requests for device data, including location, camera or contact access, will not be treated as dark patterns if required for regulatory compliance and transparently disclosed to customers. The framework also permits voluntary or zero-cost product bundles.

The revised directions will come into effect from January 1, 2027, following a six-month transition period granted by the RBI to enable regulated entities to upgrade their systems and processes.

(KNN Bureau)