The Reserve Bank of India (RBI) has issued draft guidelines to regulate the authorisation of digital banking channels. The guidelines, which have been published in a draft circular, seek to bring uniformity in the way banks and financial institutions run their digital platforms, including internet banking, mobile apps, and other online offerings.
Online banking has grown very quickly in recent years to become the preferred method of banking for most customers. As online banking has become more prevalent, ensuring digital services are both reliable and secure has emerged as a major challenge. The draft framework aims to address this challenge by establishing clear procedures and standards that banks will have to adhere to.
Main Highlights of the Draft
The draft guidelines stress maintaining strong surveillance over digital banking channels. They identify the importance of risk management, sound cybersecurity operations, and adherence to prevailing standards of regulation. Imposing these measures, RBI aims to curb threats such as fraud, data theft, and operational failure.
The recommendations include a controlled approval process for the establishment or extension of digital banking channels, as well as regular mandatory security audits. Multi-factor authentication shall be made mandatory for the login and transactions of customers by banks. The proposal also seeks real-time fraud detection procedures and specific guidelines for cybercrime reporting. Banks shall also have to set up separate infrastructure for data protection and install standardised grievance redressal mechanisms to address digital banking grievances.
Customer Safety Measures
The draft introduces several measures aimed at improving customer protection and ensuring transparency:
Banks must obtain explicit consent from customers for digital banking services, with proper documentation.
SMS or email alerts must be sent for all financial and non-financial transactions.
Multiple channels for registration must be provided to minimise branch visits.
Terms and conditions must be in simple language (English, Hindi, and local languages), with clear details of charges, stop-payment procedures, help desk contacts, and grievance redress mechanisms.
Banks have to abide by RBI guidelines on capping liability for unauthorised electronic transactions.
Customers cannot be forced to use electronic banking if they opt for services such as debit cards. However, banks can ask for their mobile numbers to send transaction alerts and to comply with KYC regulations.
There should be transaction limits (daily, weekly, monthly) and fraud detection checks.
Mobile banking services should be network-independent and operable on all mobile operators' networks.
There should be real-time monitoring of transactions with customer validation for suspect or outlier transactions.
Promotions of third-party products on digital platforms are not allowed without RBI approval.
RBI is actively promoting public participation in the consultation process. The stakeholders, including banks, fintech firms, and consumer rights associations, have been urged to provide their inputs on the draft. RBI has guaranteed that all comments will be considered carefully before finalising the guidelines.
The 'Connect 2 Regulate' portal has also been established to ease the process of making suggestions. Feedback can also be given directly in the form of an email to the concerned RBI department.
Such regulations are likely to nudge banks to invest more in improved security systems, tighter login credentials, and user-friendly websites and apps. Local and small banks can also gain from this, as clear regulation will encourage them to enhance their online services and help them compete with larger banks.
After the public consultation is over, the RBI will go through the response and publish the final Master Direction. The new regulations will act as a guideline for all banks that provide digital services. The final guidelines will be communicated after August 11, 2025, after the responses are received.
