Just as the Supreme Court often serves as a sentinel guarding our precious fundamental rights, so does the Reserve Bank of India (RBI) periodically come to the rescue of the common man by stipulating strict, non-negotiable guidelines. The RBI’s final guidelines on sales and marketing practices strictly prohibit banks and NBFCs from mis-selling financial products. Key mandates include the requirement of explicit, recorded customer consent; banning of forced or compulsory bundling (like forcing insurance with a loan); and compelling banks to assess product suitability before a sale.
Core guidelines & prohibited practices: Under the RBI framework, a sale is officially classified as mis-selling, if it offers a financial product or service that does not match the customer’s risk and investment profile; provides wrong, incomplete, or inaccurate information; sells any product without the customer’s explicit, unambiguous and documented consent; and purchases one product (such as a loan) conditional on buying another third-party product (such as an insurance policy) or any practice that another financial regulator – such as Securities & Exchange Board of India, the Insurance Regulatory & Development Authority of India (IRDAI) or the Pension Fund Regulatory & Development Authority (PFRDA) – defines as mis-selling.
If mis-selling is proven, banks are legally required to refund the entire amount paid by the customer, and/or even be directed to compensate for any financial loss or mental anguish suffered, and must proactively contact customers within 30 days of a sale to verify that they understand the product features and associated risks. One can only imagine going to a bank for a home loan and returning with an insurance policy that one did not ask for. This happens more often than not, hence, the RBI’s latest diktat aims to prevent that. On 15 June 2026, the RBI issued the Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Second Amendment Directions, 2026, that apply to all commercial banks with a different set for small finance banks, payments banks, regional rural banks and local area banks. These will come into effect from 1 January 2027, giving banks ample time to reset themselves.
Bar on loan with insurance or an allied product: It is common for banks to force borrowers to buy insurance from their tied-up partner as a precondition for getting a home loan or a personal loan approved. Calling it a ‘compulsory bundling’, the RBI has now formally prohibited it. Although the bank could insist on insurance as a risk safeguard on a loan, the customer must be free to buy that insurance from the provider of his choice and not the one preferred by the bank.
Consent redefined: Until now, ‘consent’ was a simple signature, a pre-ticked box on a form, or an omnibus clause that said something like ‘I agree to receive offers from the bank and its partners’. The new guidelines proscribe this generic style and insist on an explicit recorded consent for that specific product. Consent for one product cannot be treated as consent for another. A customer who agrees to a personal loan cannot automatically be sent insurance promotions on that basis. Each product/each purpose needs its own separate and clear opt-in. Significantly, the notification states that the default setting on any digital consent screen must be ‘No’ or ‘I do not agree’. Banks will be keeping all consent records for at least one year after the contractual relationship ends. The small fine print now makes way for prominent disclosure of key features of the product – fees, charges, interest rate, risks, lock-in period and exit penalties. The customer must know what he is getting into.
Consent for one product cannot be treated as consent for another. A customer who agrees to a personal loan cannot automatically be sent insurance promotions on that basis
Agents under a microscope: Direct selling agents (DSAs) and direct marketing agents (DMAs), commission-based agents who work on behalf of banks, often spearhead customer acquisition, aggressively selling the product. Banks must now publish and maintain an updated list of all empanelled DSAs and DMAs on their website, updated within seven calendar days of any change and ensure that any agent or third-party product representative present inside a bank branch is clearly distinguishable from bank employees by wearing a clear identification badge. It is mandatory to obtain a written undertaking from DSAs and DMAs and that they and their sub-agents will follow the bank’s code of conduct, which must be publicly displayed on the bank’s website. To visit customers between 9 am and 7 pm and only with the customer’s consent, they are barred from making any false commitments on the bank’s behalf, failing which disciplinary action would follow.
Assess the product: Before selling any complex financial product to an individual customer, the bank must now assess its viability for that person. The assessment must consider the customer’s age, income, financial literacy and risk tolerance against the product’s risk profile, fees, tenure and complexity. In rural areas, the product details must be available in the regional language or the one which the customer understands. In this manner, the banks are protecting those who have historically been the most vulnerable to pressure selling.
Customers free from any digital deception: The notification’s most elaborate section is its Annex II A, which lists about 11 specific digital tricks. Calling them dark patterns, the RBI now prohibit banks and their agents from using them in any app, website or user interface. One is to avoid phrases like ‘Act Now’, ‘Hurry’ or ‘Offer Ends Soon’ on loan offers, which used to panic a customer into signing up before comparing other options. Adding loan protection insurance or fraud cover by default during a loan application, so the customer pays for something they never consciously chose, is barred. The language of any opt-out button should not shame a customer by stating something like ‘No, I don’t want extra security for my account’, and appropriate words should be used, which should be simply matter-of-fact. The ‘close’ button should not redirect the user to a personal loan page and in fact should simply close the process. The sign-up for credit cards or insurance plans is always easy, but the same ease should apply to cancellation as well. Do not set default consent to ‘Yes’ and ensure that the bank’s preferred option is proper, and that the account closure is facile.
Before selling any complex financial product to an individual customer, the bank must now assess its viability for that person
Most banks used to advertise a low interest rate but charge a higher one at the point of application, and also promise a lifetime-free credit card without disclosing the minimum transaction conditions required. These gimmicks have now been barred. The banks have to ensure that the customer sees the full price upfront and is not confronted with it after the customer has committed. Promotional messages should come across as such and not as urgent account alerts. To repeatedly ask a customer to enable non-essential cookies or provide data permissions even after they have already said ‘No’ is to be avoided. Using confusing double negatives on consent checkboxes, such as ‘Uncheck this box, if you do not want to receive offers’, to make customers accidentally opt in is clearly prohibited. The above 11 digital compliances have to be regularly monitored by the banks and their DSAs must conduct periodic internal audits of all their digital interfaces to identify and remove these proscribed practices.
Conclusion
On the positive side, the aforesaid stance by the RBI clearly shows that it is genuinely concerned for the rights of the customers. Negatively, it is a clear indicator of the malpractices adopted by the banks to ensure that maximum money is brought inside the banks through myriad products, often at the altar of ethics, only to meet those desired targets that they often unreasonably set for themselves and push their employees to achieve on their behalf. Over three decades of legal practice, I have learnt that money can be ‘commissioned as a percentage’, but ethics operates as a whole. If not practised daily, it only chips away gradually, resulting in a complete evaporation of the organisation and its ethos!
If only more banks would agree with the great American Supreme Court Judge Potter Stewart, who said: “Ethics is knowing the difference between what you have a right to do and what is right to do.”