RBI Cracks Down: New Digital Banking Rules for Banks Effective Jan 2026 - What You MUST Know!

The Reserve Bank of India (RBI) has announced new guidelines for digital banking channels, set to take effect from January 1, 2026. These comprehensive directions follow extensive industry feedback and aim to significantly enhance customer protection and regulatory oversight in the digital financial space.

New Digital Banking Framework

• The guidelines define digital banking channels as the various modes through which banks offer services, including internet banking, mobile banking, and other electronic platforms.
• These channels facilitate financial and banking transactions, supported by automation and cross-institutional capabilities.
• They encompass full transactional services as well as ‘view-only’ facilities for checking balances and account information.

Applicability and Permissions

• While industry players had hoped for wider application, the RBI has restricted these new rules primarily to various categories of banks.
• However, banks are responsible for ensuring that any outsourced activities to third parties or fintech firms comply with these instructions.
• Offering 'view-only' digital services is permissible for banks with a core banking solution (CBS) and IPv6-enabled IT infrastructure.
• Launching transactional digital banking services, however, requires prior approval from the RBI.

Strict Requirements for Banks

• To gain approval for transactional digital services, banks must meet stringent conditions, including an operational CBS, IPv6-enabled infrastructure, and meeting capital and net-worth requirements.
• Demonstrating adequate financial and technical capability, a strong compliance track record (especially in cybersecurity), and robust internal controls are mandatory.
• Detailed reports on expected expenditure, funding, cost-benefit analysis, technology providers, and personnel skills are required.
• Banks must now adhere to strict prudential, cybersecurity, and audit criteria, including minimum capital thresholds, CERT-In certified gap assessments, and a clean cyber-audit history.

Customer Protection and Transparency

• The framework mandates explicit, documented customer consent for registering or deregistering digital banking services.
• Banks cannot display third-party products post-login unless specifically permitted, reinforcing a customer-choice-driven approach.
• Mandatory SMS or email alerts for all account operations and provision of multiple registration channels are required to reduce reliance on branch visits.
• Terms and conditions must be presented in clear, simple language, covering charges, stop-payment processes, helpdesk information, and grievance pathways.

Impact on Users and Banking Operations

• Customers will no longer be required to opt into digital channels to access other services like debit cards; bundling is prohibited.
• This shift moves digital banking from a self-declared model to a controlled authorization regime, ensuring only institutions with strong risk management can scale.
• EY India noted that this 'consent-first, convenience-later' approach aims to build greater customer confidence, especially among rural and first-time users, and help control digital fraud.
• Vivek Mandhata of BCG highlighted that the rules are balanced, focusing on core banking and preventing third-party products from overshadowing the bank's primary offerings.

Impact

• These guidelines will likely increase compliance costs and necessitate significant investment in technology and security for banks aiming to offer transactional digital services. Customer trust and protection are expected to improve, potentially leading to wider digital banking adoption. Banks might need to redesign service activation processes for products like debit cards. Overall market impact on banking sector profitability could be mixed, with enhanced operational efficiency expected for compliant banks. Impact Rating: 8/10

Difficult Terms Explained

• Digital banking channels: Ways banks offer services digitally, like through websites or mobile apps.
• Core banking solution (CBS): The central system that allows banks to manage customer accounts, transactions, and services across all branches and channels.
• Internet Protocol Version 6 (IPv6): The latest version of the internet protocol, designed to support a vastly larger number of internet addresses compared to its predecessor.
• Prudential criteria: Rules related to financial health, such as capital requirements, designed to ensure the stability and solvency of financial institutions.
• Cybersecurity: The practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access.
• Third-party CERT-In certified gap assessments: Evaluations conducted by certified third parties to identify security weaknesses (gaps) in IT systems, following standards set by India's Computer Emergency Response Team (CERT-In).
• Bundling of services: Offering multiple products or services together as a package, often requiring customers to take one service to access another.