RBI Mandates Explicit Customer Consent for Digital Banking Services
The Reserve Bank of India (RBI) has issued final guidelines making it mandatory for banks to obtain explicit, documented customer consent before onboarding them to digital banking channels.
Key Takeaways
- Banks must obtain explicit customer consent for digital banking services.
- Digital banking channels cannot be forced on customers for basic facilities like debit cards.
- Banks must implement robust risk mitigation and transaction monitoring systems.
- Third-party product promotions on banking channels are restricted.
Customer Choice and Consent
Banks cannot mandate customers to opt for digital banking channels to avail facilities like debit cards. The RBI emphasized that “the choice to apply for digital banking facilities shall lie solely with the customer.” However, banks can continue to collect mobile numbers for transaction alerts and KYC compliance during account opening.
Risk Management Requirements
Banks must implement comprehensive risk mitigation measures including:
- Transaction limits (per transaction, daily, weekly, monthly)
- Transaction velocity limits
- Advanced fraud detection systems
- Risk-based transaction monitoring
The central bank clarified that wherever specific requirements exist from RBI or payment system operators like NPCI, VISA, or Mastercard, the stricter requirements shall apply.
Service Accessibility and Monitoring
Mobile banking services must be network-independent, ensuring accessibility across all mobile operators. Banks are required to study customer transaction behavior patterns and monitor unusual transactions as part of their fraud risk management policy.
Third-Party Product Restrictions
Banks cannot display third-party products and services, including those from promoter groups or bank entities, on their digital channels unless specifically permitted by RBI.
Customer Communication and Protection
Banks must clearly communicate that alerts will be sent to registered mobile numbers and email addresses for all account operations. They must comply with customer protection guidelines including liability limits for unauthorized transactions and ensure terms and conditions align with RBI instructions.
The RBI may grant extensions or exemptions from these guidelines where necessary to avoid hardship, subject to conditions it may impose.
