RBI Cracks Down on Deceptive Lender Practices
Effective January 1, 2027, the Reserve Bank of India (RBI) is introducing stringent new regulations to safeguard customers from prevalent issues like product mis-selling, unauthorized bundling, and various deceptive digital practices employed by financial institutions. These comprehensive directives, part of the 'Commercial Banks Responsible Business Conduct - Second Amendment Directions,' aim to empower consumers and foster greater transparency in the banking sector.
Explicit Consent Becomes Mandatory
A cornerstone of the new regulations is the requirement for explicit customer consent before any product or service, whether proprietary or third-party, can be offered or sold. This consent must be obtained through verifiable methods such as:
- Signed declarations (physical or electronic)
- OTP-based approvals
- Digitally recorded confirmations
- Consent embedded in a clearly demarcated section of the product agreement
Crucially, if multiple products are presented on a single form, each must be distinctly enumerated, allowing customers to select only their desired services. Furthermore, banks must retain consent records for one year post-contract cessation. The default option for granting consent on any user interface will be 'No' or 'I do not agree,' ensuring active user choice after reviewing terms and conditions.
Banning Compulsory Bundling and Dark Patterns
The RBI has also moved to prohibit the compulsory bundling of a bank's own products with third-party offerings. If a bank's product sale is contingent on purchasing a third-party risk mitigant, customers must be given the option to acquire it separately.
Moreover, the new directions specifically target 'dark patterns'—deceptive user interface designs—used by banks and their direct selling agents. Examples include creating a false sense of urgency or scarcity to induce immediate action, or luring customers with pre-approved loans under the guise that interest rates will rise if not availed promptly.
Addressing Data Access and Other Malpractices
The guidelines also tackle concerns regarding data access. While lenders may request personal data like contact lists or location for regulatory compliance, such requests must be transparently disclosed and not construed as forced actions. The RBI's crackdown extends to other problematic practices, including:
- Drip pricing: Where pricing elements are not revealed upfront or only after payment confirmation.
- Subscription traps: Where canceling a subscription is intentionally hidden or made overly complex.
- Forced action: Compelling users to purchase additional products or subscribe to unrelated services.
These forward-looking regulations underscore the RBI's commitment to enhancing consumer protection and ensuring ethical conduct within India's financial landscape.