C&M E-Alert: RBI Release Draft Direction On “Digital Banking Channels Authorisation”, 2025

The Reserve Bank of India (RBI) issued a press release on July 21, 2025, containing draft circular on the Digital Banking Channels Authorisation Directions, 2025 (“Draft Directions”). These Draft Directions aim to guide banks and provide a regulatory framework for offering digital banking services such as internet and mobile-based banking.

The Draft Directions regulate the provision of digital banking services offered by banks, ensuring customer protection, operational integrity, and transparency. The framework also provides clarity by defining key terms related to digital banking, such as Digital Banking Channels, Internet Banking, Mobile Banking, View-Only Facility, and Transactional Facility.

These Draft Directions apply to all commercial and cooperative banks operating in India and are issued under Section 35A, read with Section 56, of the Banking Regulation Act, 1949.

RBI has invited public feedback on the Draft Directions until 11 August 2025. This consultative process will allow stakeholders to share their inputs before the final framework is issued.

Banks are not permitted to display or promote third-party products or services, including those of affiliates, group companies, or unrelated entities on their digital platforms without prior approval from the RBI. This restriction seeks to avoid mis-selling and address potential conflicts of interest, except as specifically permitted by the RBI from time to time in terms of paragraphs 18 and 19 of the Master Direction – Reserve Bank of India (Financial Services provided by Banks) Directions, 2016 dated May 26, 2016.

1. Banks must obtain clear and explicit consent from customers before enabling digital banking channels. Enrolment in digital services must be voluntary, and customers should be given the option to select between view-only access (i.e., balance enquiry, account statements) or full transactional capabilities based on their preference.

2. Access to basic banking services, such as issuance of debit cards or passbooks, must not be made conditional upon opting for digital banking. Customers who opt not to use digital channels must not face any disadvantage or service denial.

1. Banks are required to implement a risk-based monitoring mechanism to detect unusual patterns or suspicious activities in digital transactions. This includes defining thresholds for transaction size and frequency, flagging high-risk behavior, and promptly alerting customers through appropriate channels.

2. Banks must send timely alerts via SMS or email for all customer activities on digital platforms, including login attempts, fund transfers, and any changes in profile or security settings. These alerts aim to increase transparency and enable customers to respond swiftly to suspicious activity.

3. Digital banking services must operate seamlessly across all mobile networks. Banks are required to ensure that digital access is not dependent on a specific telecom operator, thereby promoting service continuity and universal access.

1. Banks seeking to offer transactional digital banking both funds based, or non-fund based must obtain prior approval from the RBI. To be eligible, the bank should have a minimum net worth of ₹50 crore (INR Fifty Crores), passed board resolution, submits Information Security (IS) Audit, and CERT audit, and regulatory compliance to the respective regional office of the RBI (through the PRAVAAH portal).

2. Implementation of Core Banking Solution (CBS) with IPv6-enabled IT infrastructure, adequate technical and financial capability, and a strong track record of regulatory compliance. View-only services may be launched by eligible banks upon submission of a Gap Assessment and Internal Controls Adequacy (GAICA) report to the respective regional office of the RBI (through the PRAVAAH portal).

1. All terms and conditions related to digital banking services must be clearly presented in English, Hindi, and the relevant regional language. Customers must be informed about their rights, responsibilities, limits of liability in fraud cases, and grievance redressal in a transparent manner.

2. Banks must comply with all applicable laws, including the Information Technology Act, 2000, Digital Personal Data Protection Act, 2023 (DPDP Act), Foreign Exchange Management Act, 1999 (FEMA), Payment and Settlement Act, 2007 (PSS Act), and KYC/AML norms.

3. For transfer of funds from the accounts of customers using digital banking for delivery in cash to the recipients, Banks shall compliance with the conditions stipulated in the circulars dated July 24, 2024, on ‘Domestic Money Transfer – Review of Framework’ and dated October 05, 2011, on ‘Domestic Money Transfer- Relaxations’ as issued and updated from time to time.

4. Banks shall also comply with various technological and cyber security frameworks as set out under Chapter III of the Draft Directions. These include adherence to the Master Directions on IT Outsourcing, Digital Payment Security Controls, IT Governance and Risk Controls, Cyber Security Frameworks for Urban Co-operative Banks, and Fraud Risk Management Directions applicable to both commercial and cooperative banks etc.

The Draft Directions are an important move towards creating a safe and accessible digital banking system in India. By setting clear rules for who can offer digital services, how they should operate, and how customers should be protected, the RBI aims to build trust and ensure transparency. Once these Draft Directions are finalised, they will act as a common set of guidelines for all banks providing digital banking services.