In a massive structural reset aimed at protecting retail consumer interests, the Reserve Bank of India (RBI) has issued a comprehensive regulatory circular via the Commercial Banks Responsible Business Conduct – Second Amendment Directions. The landmark guidelines permanently ban predatory marketing strategies, deceptive interface tricks, and unrequested product additions. The central bank confirmed that these heavily tightened rules will officially come into force on January 1, 2027, giving commercial banking entities a precise window to overhaul their operational frameworks.
The regulatory crackdown addresses long-standing public grievances regarding toxic sales environments inside Indian branches. For years, vulnerable retail savers and loan borrowers have routinely been manipulated into purchasing expensive insurance policies, long-term mutual fund packages, or complex investment instruments without true suitability checks, transparent disclosure protocols, or genuine voluntary intent.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
A Formal Legal Definition of Mis-Selling
To eliminate legacy enforcement loopholes, the RBI has established a formal legal definition of financial mis-selling for the first time. Under the newly amended directions, a transaction will be formally categorized as a violation if it falls within any of the following parameters:
- Profile Mismatch: Selling an investment or credit instrument that is entirely unsuitable for the customer’s financial standing or risk appetite.
- Inaccurate Disclosure: Closing a transaction by sharing wrong, partial, or misleading information regarding returns and structural penalties.
- Consent Failure: Executing a purchase without securing recorded, clear, and product-specific confirmation from the user.
- Compulsory Bundling: Making the processing of a primary financial request dependent on the forced acquisition of an secondary utility.
- Cross-Regulator Breaches: Any sales activity that violates protective definitions laid down by market bodies like SEBI, IRDAI, or PFRDA.
In a direct move to hold boards accountable, the RBI has mandated that if an internal or regulatory audit establishes mis-selling, the bank must provide a full refund of the entire principal amount paid by the customer, immediately cancel the transaction pipeline, and pay compensation for any documented financial damages.
Banning Compulsory Loan-Insurance Bundles
One of the most sweeping structural adjustments directly targets the highly criticized banking practice of “compulsory bundling.” Going forward, lenders are strictly prohibited from linking the clearance of essential credit—such as home loans, personal lines, or car loans—to the mandatory purchase of third-party retail products like life insurance policies or market-linked investment plans from their preferred corporate partners.
The RBI clarified a crucial operational exception: if a specific third-party backup product is genuinely required as a core risk-mitigant for a high-value loan (such as a home loan term protect policy), the bank can request coverage. However, the lender is legally barred from forcing their tied-up corporate partner on the borrower. The consumer must be given absolute freedom to purchase that risk safeguard from any registered insurance provider of their choice.
The “Default-No” Digital Consent Standard
The framework completely revamps how customer approvals are collected across physical forms and mobile interfaces. The RBI has ordered that the default option on every digital consent prompt, web portal page, and mobile banking screen must natively be set to “No” or “I do not agree.”
Furthermore, the system logic must prevent users from clicking a master approval button without actively showing they have scrolled through the detailed terms and conditions. If a single composite physical application form covers multiple financial offerings, every product line must be isolated with distinct opt-in signatures. Banks must also archive these consent audit trails for a minimum of one year after the contract ends.
Targeting Dark Patterns and Third-Party Intermediaries
The central bank has launched a direct offensive against “dark patterns”—manipulative user-experience configurations designed to impair consumer autonomy and trick them into unwanted actions. The regulatory ban strictly targets several deceptive online practices:
- Basket Sneaking & Interface Interference: Secretly adding supplementary accessory products to a checkout flow or using pre-checked agreement flags.
- Subscription Traps & Drip Pricing: Disguising ongoing transactional expenses or burying the cancellation route inside multi-layered system folders.
- False Urgency & Repetitive Nagging: Deploying countdown clocks or continuous, annoying notifications to pressure immediate choices.
Additionally, the RBI has expanded the definition of Direct Selling Agents (DSAs) and Direct Marketing Agents (DMAs) to formally encompass digital loan service providers (LSPs), financial affiliates, and social media influencers. All banks must maintain a transparent, updated public roster of these empanelled agents on their official websites.
To keep branch boundaries distinct, independent insurance or mutual fund field representatives stationed inside bank buildings must wear highly visible identification marking them apart from regular bank staff. Furthermore, third-party entities are completely barred from paying direct cash incentives or bonuses to bank employees, neutralizing individual motivations to drive aggressive, predatory sales pipelines.
