RBI issues final guidelines for digital banking channels, makes it mandatory for banks to obtain consent for onboarding

The Reserve Bank of India (RBI) on Friday issued it’s final guidelines for digital banking channels making it mandatory for banks to obtain explicit consent from the customer for providing digital banking services which may be duly recorded/documented.

As per the guidelines, banks cannot make it mandatory for customers to opt for any digital banking channel to avail facilities like debt cards.

“While it may be more convenient for the customer to opt for some services together (for example, virtual access to card controls), the choice to apply for digital banking facilities shall lie solely with the customer. However, it is clarified that banks can continue to obtain and record mobile numbers of customers to send transaction alerts and other purposes in line with KYC requirements at the time of opening the accounts,” the RBI said.

Banks will need to put in place appropriate risk mitigation measures in accordance with their policies like transaction limit (per transaction, daily, weekly, monthly), transaction velocity limit, fraud checks, etc. depending on their risk perception.

“It is clarified that wherever specific requirements have been prescribed by the Reserve Bank or payment system operators (for example, NPCI, Card networks like VISA, Mastercard, etc.), the stricter requirements of the two shall be applicable. Banks shall ensure continuous compliance with instructions issued by DPSS under the Payment and Settlement Systems Act, 2007 in this regard as updated from time to time,” the RBI said. 

Banks offering mobile banking service (other than through mobile applications) must ensure that customers across mobile network operators can avail of the service, i.e., the service must be network independent.

Banks are required put in place risk-based transaction monitoring and surveillance mechanism. 

“Study of customer transaction behaviour pattern and monitoring unusual transactions or obtaining prior confirmation from customers for outlier transactions may be incorporated in the systems in accordance with the Fraud Risk Management Policy of the bank,” as per the RBI guideline.

Third-party products and services, including those of promoter groups or bank group entities (subsidiaries/joint ventures/associates), can not be displayed on banks’ digital banking channels except as specifically permitted by the Reserve Bank from time to time.

Banks have to clearly communicate that SMS/email alerts will be sent to the mobile number/email of the customer registered with the bank for operations, both financial and non-financial, in their account(s).

RBI has asked banks to comply with the guidelines on customer protection including limiting of liability in unauthorised electronic banking transactions1&2 (as updated from time to time), sending of alerts (through SMS, email, etc.), and ensure that the terms and conditions provided to customers are compliant with the instructions.

The Reserve Bank said it may, if it considers necessary for avoiding any hardship or for any other just and sufficient reason, grant extension of time to comply with or exempt any regulated entity, from all or any of the provisions of these directions either generally or for any specified period, subject to such conditions as the Reserve Bank may impose.