In a move to enhance consumer safeguards and curb potential abuses in online banking, the Reserve Bank of India (RBI) has introduced draft guidelines that prohibit banks from displaying third-party products on their digital platforms while mandating explicit customer approval and robust risk assessments. Unveiled on July 22, 2025, as part of the “Digital Banking Channels Authorisation Directions, 2025,” these proposals aim to foster transparency and prevent aggressive marketing tactics in an era of expanding fintech services. Public comments are open until August 11, 2025, paving the way for potential refinements before implementation.
Core Elements of the Proposed Framework
The guidelines emphasize user autonomy and operational integrity across internet and mobile banking channels, drawing from lessons in data privacy and fraud prevention.
- Prohibition on Third-Party Marketing: Financial institutions are barred from featuring or promoting non-banking products, such as insurance policies or investment options from affiliates or external partners, on their apps or websites without specific RBI clearance. This targets the common practice of cross-selling, which can overwhelm users and lead to uninformed decisions.
- Mandatory Explicit Consent: Banks must secure clear, verifiable permission from customers before activating digital services, with all terms covering charges, data usage and complaint mechanisms presented in straightforward, multilingual formats to accommodate diverse users.
- Ban on Compulsory Bundling: Institutions cannot require customers to sign up for digital banking as a prerequisite for other offerings, like credit cards or loans, promoting voluntary adoption and supporting those less comfortable with technology.
- RBI Oversight for Platform Launches: Any new or expanded digital channel requires prior RBI approval, with bank leadership held responsible for evaluating and mitigating associated risks.
- Strengthened Fraud Prevention: Banks are required to deploy advanced monitoring tools, including transaction caps, pattern analysis and real-time alerts via SMS or email, alongside strict adherence to Know Your Customer (KYC) standards to detect irregularities early.
Insights from Research and Regulatory Background
These measures extend the RBI’s recent regulatory evolution, including the 2025 Digital Lending Guidelines, which tackled issues like predatory lending and unauthorized data sharing. According to RBI’s own analyses and reports from organizations like the Basel Committee on Banking Supervision, such steps align with global best practices for managing digital risks, where cyber threats have escalated, costing economies billions annually. In India, digital banking penetration has grown rapidly, but so have complaints about unsolicited promotions and privacy breaches, with a 20% uptick in related grievances noted in recent consumer protection studies.
Independent research, such as from the Consumer Unity & Trust Society (CUTS International), highlights how multilingual disclosures can bridge digital divides, particularly in rural areas where only about 30% of the population actively uses online banking. This echoes findings from international benchmarks, like the EU’s General Data Protection Regulation (GDPR), adapted here to India’s context of high mobile adoption and varying literacy levels.
Potential Impact on the Banking Sector and Users
For banks, these rules may necessitate system upgrades and higher compliance costs but could build long-term trust and reduce litigation risks. Customers, especially in underserved segments, stand to benefit from greater control over their data and services, minimizing exposure to manipulative sales tactics. Overall, the framework supports India’s push toward a more inclusive digital economy, potentially setting a model for other emerging markets facing similar fintech challenges.
As the RBI continues to refine its approach, these guidelines reflect a balanced effort to encourage innovation while prioritizing security and fairness in digital finance.
