India’s banking regulator issues digital banking guidelines

India’s banking regulator, the Reserve Bank of India (RBI), has issued its final guidelines for digital banking channels.

Under the new RBI digital banking guidelines, banks are required to record or document the explicit consent of customers before providing digital banking services.

The guidelines specifically state that banks cannot make it mandatory for customers to opt for any digital banking channel to access facilities such as debit cards.

Banks must implement appropriate risk mitigation measures according to their internal policies based on their risk perception.

The measures may include setting transaction limits per transaction, daily, weekly, and monthly limits, as well as transaction velocity limits and fraud checks.

RBI, in its statement, said: “While it may be more convenient for the customer to opt for some services together (for example, virtual access to card controls), the choice to apply for digital banking facilities shall lie solely with the customer.

“However, it is clarified that banks can continue to obtain and record mobile numbers of customers to send transaction alerts and other purposes in line with KYC requirements at the time of opening the accounts.”

“It is clarified that wherever specific requirements have been prescribed by the Reserve Bank or payment system operators (for example, NPCI, Card networks like VISA, Mastercard, etc.), the stricter requirements of the two shall be applicable.”

Banks providing mobile banking services through channels other than mobile applications must ensure that these services are accessible to customers regardless of their mobile network operator. In other words, the mobile banking service should function independently of the customer’s network provider.

The guidelines also mandate that banks implement transaction monitoring and surveillance systems based on risk assessment.

Display of third-party products and services on banks’ digital banking channels is being restricted unless specifically permitted by the regulator.

Banks are instructed to clearly communicate to customers that SMS and email alerts will be sent to the mobile number or email registered with the bank for all account operations, both financial and non-financial.

The RBI has further directed banks to comply with existing guidelines on customer protection and ensure that the terms and conditions meet regulatory requirements.

In a separate development, RBI has imposed a Rs91m ($1m) penalty on HDFC Bank for breaches of the Banking Regulation Act and RBI guidelines.

According to the regulator, the bank used multiple loan benchmarks, non-permissible subsidiary business, and outsourced the function of determining compliance with KYC norms of certain customers.

The penalty follows RBI’s supervisory evaluation and review of the bank’s responses to show-cause notices.

"India’s banking regulator issues digital banking guidelines " was originally created and published by Retail Banker International, a GlobalData owned brand.

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.