RBI/2026-27/116
DOR.MCS.REC.No.95/01-01-033/2026-27 June 15, 2026 Reserve Bank of India (Small Finance Banks - Responsible Business Conduct) Second Amendment Directions, 2026 Certain instructions on customer appropriateness and suitability and other related matters have been issued to Small Finance Banks under the Reserve Bank of India (Small Finance Banks – Undertaking of Financial Services) Directions, 2025. The extant instructions have since been reviewed and it has been decided to issue comprehensive instructions on advertising, marketing and sale of financial products / services to all Small Financial Banks (hereinafter referred to collectively as “SFBs” and individually as an “SFB”) under the Reserve Bank of India (Small Finance Banks – Responsible Business Conduct) Directions, 2025. 2. In exercise of the powers conferred by Section 35A of the Banking Regulation Act,1949, the Reserve Bank, being satisfied that it is necessary and expedient in public interest so to do, hereby issues the Amendment Directions hereinafter specified. 3. Short Title and Commencement (1) These Directions shall be called the Reserve Bank of India (Small Finance Banks - Responsible Business Conduct) Second Amendment Directions, 2026. (2) These Directions shall come into effect from January 1, 2027. 4. These Amendment Directions shall modify the Reserve Bank of India (Small Finance Banks – Responsible Business Conduct) Directions, 2025 as under: (1) In paragraph 4, the following definition shall be inserted after sub-paragraph 4(6), namely: “4(6A) Compulsory bundling means the practice by an SFB of making availment of one product / service by a customer conditional upon availment of another product / service, whether own or third-party, offered by the SFB.” (2) In paragraph 4, the following definition shall be inserted after sub-paragraph 4(10), namely: “4(10.1A) Dark pattern means any practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights.” (3) In paragraph 4, the following definitions shall be inserted after sub-paragraph 4(10A), namely: “4(10B) Direct Selling Agent (DSA) / Direct Marketing Agent (DMA) means an entity or individual (other than an SFB’s own employee) engaged by an SFB, irrespective of the contractual designation / nomenclature used for such engagement (such as Business Correspondent (BC), Loan Service Provider (LSP), etc.), to sell or market / promote / influence customers for purchase of its own or third-party product / service. 4(10C) DSA / DMA sub-agent means an individual, engaged by a DSA / DMA, who is involved in selling / marketing related activities, on behalf of an SFB, at the point of customer interface. Explanation: Wherever an individual is directly engaged by an SFB under an outsourcing arrangement for selling / marketing related activities, instructions applicable to DSA / DMA as well as DSA / DMA sub-agent shall apply to such an individual.” (4) In paragraph 4, the following definition shall be inserted after sub-paragraph 4(13), namely: “4(13A) Explicit consent means a specific, informed and unambiguous indication of an individual’s choice, given through a duly recorded / documented statement or clear affirmative action, which indicates agreement to a specific action by or arrangement with an SFB.” (5) In paragraph 4, the following definition shall be inserted after sub-paragraph 4(20), namely: “4(20A) Mis-selling means sale of a financial product / service, whether own or third party, in the following cases: (i) Sale of a product / service, which is neither suitable nor appropriate in view of the customer’s profile evaluated at the time of sale, notwithstanding her / his explicit consent; or (ii) Sale of a product/ service without providing correct or complete information or by giving misleading information; or (iii) Sale of a product / service without customer’s explicit consent; or (iv) Compulsory bundling of another product / service with sale of the requested product / service; or (v) Sale of a product / service involving any other element defined by the financial sector regulator concerned as mis-selling.” (6) In paragraph 4, the following definition shall be inserted after sub-paragraph 4(26), namely: “4(26A) Third-party Product or Service (TPPS) means a product or service offered by an SFB to its customers on behalf of a third-party product / service provider (TPPS Provider) after entering into an agency business or referral services arrangement with the TPPS Provider as permitted under Reserve Bank of India (Small Finance Banks – Undertaking of Financial Services) Directions, 2025.” (7) In Chapter IV on ‘Customer Guidance and Protection’, the following section and paragraphs shall be inserted after paragraph 85, namely: “F. Advertising, Marketing and Sale of Financial Products / Services by SFBs F.1 Policy 85A. An SFB shall put in place a comprehensive policy for advertising, marketing and sale of its own as well as third-party financial products / services, which shall, amongst others, cover aspects related to criteria for determination of suitability and appropriateness of products / services offered to customers, feedback mechanism, customer compensation in cases of mis-selling, etc. 85B. An SFB, availing the services of DSAs / DMAs, shall also include in its policy, aspects related to their eligibility criteria, due diligence at the pre and post-engagement level, training of DSA / DMA sub-agents, functions / activities that may be assigned, performance evaluation standards, inspection / audit, control mechanisms to ensure compliance with statutory requirements along with procedures to be followed and penal actions to be taken in case of non-compliant DSAs / DMAs. F.2 Engagement of DSAs / DMAs 85C. An SFB, availing the services of DSAs / DMAs for sale / marketing of its own or third-party financial products / services, shall maintain and display an up-to-date list of DSAs / DMAs empanelled / engaged with it on its website for reference by the members of public. Such list shall include the name and other details of the DSAs / DMAs such as type (corporate / individual), address, the period of engagement, and products / services they deal with. An SFB shall update the list within seven calendar days of any modification to the list. 85D. An SFB shall ensure that its employees or DSA / DMA sub-agents engaged in the sale of own or third-party financial products / services possess the requisite qualification / certification, if any, prescribed by the respective financial sector regulators. 85E. For the benefit of the customers, any DSA / DMA sub-agent or representative of a TPPS Provider, who is present within the SFB’s premises for sale / marketing of the SFB’s own or third-party financial product / service, shall be distinguishable from the employees of the SFB, including clear ‘on person’ identification. 85F. An SFB, based on the instructions mentioned in these Directions, shall put in place a Code of Conduct for sale and marketing of financial products / services, which shall be applicable to the SFB’s own employees, DSAs / DMAs and their sub-agents as well as representatives of any TPPS Provider deployed for the purpose in the SFB’s premises. Prior to assigning any sale / marketing related activities on its behalf, the SFB shall obtain an undertaking from DSAs / DMAs that they and their sub-agents agree to abide by the Code of Conduct. The SFB shall obtain a similar undertaking from its own employees and representatives of TPPS Provider to whom the Code of Conduct is applicable. The agreement entered between the SFB and any DSA / DMA shall cover the penal / disciplinary action to be taken in case the DSA / DMA and / or its sub-agents are found to be in violation of the SFB’s Code of Conduct. The SFB shall display the Code of Conduct on its website for reference by public. F.3 Consent aspects 85G. An SFB shall ensure that products / services, whether own or third-party, are offered / sold to a customer only with her / his explicit consent, which may be obtained either through a signed declaration (either physically or electronically), OTP based approval, digitally recorded confirmation, consent embedded in a clearly demarcated section of the agreement for the product / service, etc. Further, while obtaining consent from a customer for more than one product / service on a single form, each product / service shall be clearly enumerated and the customer shall have the option to choose only the desired product(s) / service(s). The SFB shall store or preserve consent and related records of a product / service sold by it till one year from the date of cessation of the contractual agreement with respect to the product / service. 85H. An SFB, while obtaining consent for any product / service from a customer, shall prominently disclose the key features of the product / service, e.g., fees / charges / interest rate, etc., risks involved, financial commitment for the customer, lock in conditions, exit terms including penalties, etc. in a manner to draw the attention of the customer to such important information. Wherever the Reserve Bank or other financial sector regulator has prescribed any specific format for disclosure of such key features of any product / service such as Key Facts Statement (KFS), Most Important Terms and Conditions (MITC), etc., an SFB shall use the prescribed format for disclosure of such key features. 85I. The process flow for obtaining consent through any user interface shall be designed in such a way that consent cannot be granted by the user without going through the applicable terms and conditions, if any. Further, the default choice for the customer to give consent shall be ‘No’ / ‘I do not agree’. F.4 Advertisement and Marketing F.4.1 Promotional Materials / Communications 85J. An SFB shall not advertise / market any TPPS as its own. While giving the details of any TPPS Provider to a customer, the SFB shall clarify its role in providing such financial product / service. 85K. An SFB shall ensure that all its advertising / promotional materials such as pamphlets, brochures, etc., whether in physical or digital form, are clear and factual. Such materials shall disclose the interest rate and other fees / charges associated with the financial product / service being promoted. The terms and conditions pertaining to the product / service shall be prominently disclosed at all points of sale / digital channels such as website, mobile app, etc. 85L. An SFB shall send promotional communication / alerts about promotional offers in respect of its own or third-party financial products / services to a customer only if he / she has given explicit consent to receive such communication / alerts. 85M. An SFB shall ensure that the process for unsubscribing from any kind of services or promotional communication is easy and simple. F.4.2 Conduct of SFB’s employees, DSAs / DMAs and their sub-agents 85N. An SFB shall ensure that its employees, DSAs / DMAs and their sub-agents as well as representatives of any TPPS Provider deployed for sale or marketing activities in the SFB’s premises: (1) make upfront disclosure regarding the fees / charges, interest rate, etc., while marketing / selling a product / service offered by the SFB; (2) communicate the terms and conditions to the customer, if he / she plans to buy the product / service and make such other information / details available which are required to understand the product / service further; (3) send any communication to the customer only in the mode and format approved by the SFB; (4) make telephonic contacts and / or visits to customers normally between 09:00 hours and 19:00 hours. Calls / visits earlier or later than the prescribed time period shall be done only when the customer has expressly given a request or authorisation to do so; (5) provide the contact details of the customer care and the grievance redressal official, if requested by the customer; (6) respect the customer’s privacy and discuss the matters of her / his interest with any other individual only if the customer has given an explicit request or consent for sharing of such information; (7) provide the details of the customers, who have expressed their desire to be flagged as “Do Not Disturb” for promotional communication, to the SFB; (8) do not visit a customer at her / his residence / business / office without her / his explicit consent; (9) do not mislead or coerce the customer in purchase of any product / service offered by the SFB; and (10) do not make any false / unauthorised commitment on behalf of the SFB. 85O. An SFB shall ensure that its DSAs / DMAs and their sub-agents neither mislead the customer about their business or organisation’s name nor the DSA / DMA sub-agents or representatives of any TPPS Provider deployed for sale or marketing activities in the SFB’s premises falsely represent themselves as the SFB’s employees. F.5 Sale of Financial Products / Services F.5.1 Suitability and Appropriateness for Individual Customers 85P. Before a financial product / service, other than those determined as suitable for all customers as per the SFB’s policy, is sold to an individual customer, its suitability and appropriateness for the customer shall be determined by the SFB based on an analysis of the features, risk-return attributes, time horizon, complexity, fee structure, etc. vis-à-vis the customer’s age, income, level of financial literacy, risk tolerance, etc. Wherever the financial sector regulator has prescribed any specific suitability assessment analysis for determining the suitability and appropriateness of the product / service regulated by it, an SFB shall ensure adherence to the same. F.5.2 Application Forms and Other Documents 85Q. In case of physical application, an SFB shall use a specific application form for the sale of a particular product / service and prominently indicate the nature (e.g., loan, deposit, insurance, mutual fund, pension fund, hybrid product (insurance + investment), etc.), and features of the product / service in the respective application form. In case of a digital application form containing more than one product / service, the SFB shall clearly distinguish each product / service through a dedicated section / module, prominently indicate the nature and features of the respective product / service therein, and obtain explicit consent for each product / service. 85R. An SFB shall ensure that all documents related to sale of its own products / services, including the terms and conditions, are also available in the language of the region or in a language understood by the customer. In case of TPPS, the SFB shall ensure adherence to the instructions, if any, issued by the respective financial sector regulators on the subject. 85S. Subsequent to receipt of an application from the customer for purchase of a product / service, the SFB, through a message / email or any other secure medium, shall send an acknowledgement to the customer regarding receipt of her / his application for the specific product / service. The acknowledgement shall also contain a telephone number on which the customer can contact in case he / she has further queries with respect to the application / product / service. 85T. On completion of a sale, copy of the terms and conditions / agreement signed by the customer and the employee of the SFB or the TPPS Provider, as applicable, shall be provided to the customer, either physically or digitally. While doing so, it shall be ensured that the documents are delivered in a secure manner to maintain confidentiality of the customer information. F.5.3 Measures for prevention of mis-selling 85U. An SFB shall ensure that its policies and practices do not create incentives for mis-selling of products / services, whether its own or offered on behalf of a third-party. Further, it shall be ensured that no incentive is directly or indirectly received by the SFB’s employees from the TPPS Provider for sale / marketing of TPPS. 85V. An SFB shall not resort to compulsory bundling of any TPPS with any of its own product / service. However, if the sale of the SFB’s own product / service is contingent on purchase of a TPPS as a risk mitigant, the customer shall be provided the option to purchase the same from any TPPS Provider. Further, offering of multiple products / services as a package based on voluntary consent from the customer and / or on complimentary basis (i.e., without any additional direct or indirect cost to the customer) shall not be construed as compulsory bundling. 85W. An SFB shall not fund the purchase of a product / service by a customer, whether of its own or of a third-party, out of any loan facility sanctioned to the customer without her / his explicit consent. 85X. An SFB and its DSA / DMA shall ensure that their user interfaces do not deploy any dark pattern. User interfaces deployed by the SFB and the DSA / DMA shall be subject to user testing and periodic internal audit for identification of any unfair features, including dark patterns. An illustrative list of dark patterns, which may be relevant to SFBs, is given in Annex IIA. Further, the SFB and the DSA / DMA shall ensure adherence to the ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’ issued by the Central Consumer Protection Authority (CCPA), as amended from time to time. F.6 Feedback and Compensation to Customers 85Y. An SFB shall establish a mechanism to seek feedback from customers, within a period of 30 days from the sale of any financial product / service to ensure that customers have understood the features of the financial product / service and also the risks associated with such financial product / service. The mechanism may include selection of the customers on a random basis for such feedback through modes such as call-backs or surveys carried out by a department / vertical of the SFB not associated with sale of products / services. A half-yearly report on the findings of the feedback shall be prepared and utilised for review of existing policies and features of financial products / services. 85Z. A customer can lodge complaint regarding mis-selling of a financial product / service with the SFB within the timeline specified by the respective financial sector regulators. In cases where no such timeline has been specified, customers can lodge complaint within 30 days of receiving the signed copy of the terms and conditions / agreement. In cases where mis-selling of a financial product / service is established, the SFB shall refund the entire amount paid by the customer for purchase of the financial product / service and also intimate the customer about cancellation of the sale, wherever applicable. Further, the SFB shall also compensate the customer for any loss arising due to mis-selling, as per its approved policy. F.7 Adherence to other regulations issued by the Reserve Bank / other authorities 85ZA. In addition to the Directions mentioned herein, an SFB shall also ensure compliance with: (1) guidelines issued by the relevant authorities from time to time, including the guidelines issued by Department of Telecommunications (DoT), Government of India and Telecom Regulatory Authority of India (TRAI) on aspects related to commercial communication such as the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, as amended from time to time; (2) guidelines issued by the respective financial sector regulators, viz., Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority of India (IRDAI), and Pension Fund Regulatory and Development Authority (PFRDA) regarding products/ services falling under their respective domains; and (3) any relevant guidelines issued by the Reserve Bank on related matters, as applicable to the SFBs, such as undertaking agency business by SFBs, outsourcing of financial services, mobilisation of deposits through agents, etc.” (8) In Annexures, the following Annexure shall be inserted after Annex II, namely: “Annex IIA – Illustrative List of Dark Patterns Relevant to SFBs (1) False Urgency: Falsely stating or implying the sense of urgency or scarcity so as to mislead a user into making an immediate purchase or taking an immediate action, which may lead to a purchase. Illustrations: (i) Advertising / notifying customers that charges / fees for certain products / services will increase after a specific date, thereby pushing customers to sign up quickly without comparing with other available options. (ii) Offering pre-approved loans at attractive interest rates and luring the customer that the interest rate of the loan is likely to rise if the offer is not availed.
(iii) Displaying countdown timers on the SFB's website or app for promotional offers / cashback / reward points, forcing users to act fast to benefit from the deal. (iv) Using phrases like ‘Act Now’, ‘Hurry’, ‘Limited Time Only’, or ‘Offer Ends Soon’ in communications, thereby, inducing a sense of urgency, leading customers to act faster than they might otherwise. (2) Basket Sneaking: Inclusion of additional items such as products, services, payments to charity or donation at the time of checkout from a platform, without the consent of the user, such that the total amount payable by the user is more than the amount payable for the product / service chosen by the user. Provided that addition of necessary fees disclosed at the time of purchase or providing complimentary services shall not be considered as basket sneaking. Illustration: Selecting additional products / services by default, on behalf of the customer, e.g., adding protection against online fraud / loan protection insurance by default during the loan application process. (3) Confirm Shaming: Using a phrase, video, audio or any other means to create a sense of fear or shame or ridicule or guilt in the mind of the user so as to nudge the user to act in a certain way that results in the user purchasing a product / service from the platform or continuing a subscription of a service, primarily for the purpose of making commercial gains by subverting consumer choice. Illustrations: (i) Displaying a message like, “Are you sure you want to miss out on exclusive offers and updates?” or “No, I prefer to stay uninformed about great deals,” while customer attempts to unsubscribe from marketing emails, implying that opting out is unwise. (ii) If a customer decides against adding a service, such as protection against fraud, displaying a message like, “No, I don't want extra security for my account,” making the customer feel irresponsible. (iii) When a customer decides not to upgrade to a premium account, displaying a message like, “No thanks, I don’t want extra security and benefits,” implying the customer is making a poor choice. (4) Forced Action: Forcing a user into taking an action that would require the user to buy an additional product or subscribe or sign up for an unrelated service or share personal information in order to buy or subscribe to the product / service originally intended by the user. Illustrations: (i) Displaying pop-up advertisements for own or third-party products / services in digital channels which cannot be closed without redirection to the concerned products / services. For example, pop-up after logging in to mobile banking which leads to personal loan section even if user clicks on the exit / closure button of the pop-up. (ii) Requesting for access to personal data like contact list, camera, data storage, location, etc. without which the registration for the SFB’s services cannot be completed / the application cannot be used. However, if such request is made to ensure compliance with regulatory instructions and the same has been transparently disclosed to the customer, it shall not be construed as a forced action. (5) Subscription Trap: The process of - (i) making cancellation of a paid subscription impossible or a complex and lengthy process; or (ii) hiding the cancellation option of a subscription; or (iii) forcing a user to provide payment details or authorisation for auto debits for availing a free subscription; or (iv) making the instructions related to cancellation of subscription ambiguous, latent, confusing, cumbersome. Illustration: Making it easy for customers to sign up for a product / service (e.g. credit card, insurance product, etc.) but making the procedure for cancelling the same significantly cumbersome like not providing a direct link for cancellation, keeping the cancellation option in complex navigation requiring multiple confirmation steps. (6) Interface Interference: A design element that manipulates the user interface in ways that (i) highlights certain specific information; and (ii) obscures other relevant information relative to the other information; to misdirect a user from taking an action as desired. Illustrations: (i) Displaying the preferable option for the SFB in bright colours / bold fonts on website / mobile app. (ii) Default choice for consent being ‘Yes’ in various menu options on website / mobile app. (iii) Embedding information related to / options on how to close account, delete personal data, etc., deep in the user interface rather than being made easily accessible. (7) Bait and Switch: The practice of advertising a particular outcome based on the user’s action but deceptively serving an alternate outcome. Illustrations: (i) Advertising a lower interest rate initially and charging a higher interest rate at the time of actually applying for a loan, at times accompanied by non-disclosure of processing fees and other charges upfront. (ii) Advertising a higher interest rate in savings accounts, without specifying the requirement of minimum balance for the same. (iii) Nudging customers to make more number of transactions to receive cashbacks / rewards, whereas the fine print imposes certain additional conditions for actually availing the cashback / rewards. (iv) Offering customers life-time free credit cards, without disclosing the condition of minimum value of transactions required or any other pre-condition for waiver of annual fee. (8) Drip Pricing: A practice whereby – (i) elements of prices are not revealed upfront or are revealed surreptitiously within the user experience; or (ii) revealing the price post-confirmation of purchase i.e., charging an amount higher than the amount disclosed at the time of checkout; or (iii) a product or service is advertised as free without appropriate disclosure of the fact that the continuation of use requires in-app purchase; or (iv) a user is prevented from availing a service which is already paid for unless something additional is purchased. Illustration: Not revealing processing fees and other charges upfront (9) Disguised Advertisement: A practice of posing, masking advertisements as other types of content such as user generated content or new articles or false advertisements, which are designed to blend in with the rest of an interface in order to trick customers into clicking on them. Illustrations: (i) Sending push notifications through mobile application or emails that appear to be urgent account alerts or important updates but, in effect, are advertisements for new services or promotions, such as, "Important: Your account might benefit from this new feature!". (ii) When searching for specific features or services on website / mobile application, showing products or services beneficial to the SFB at the top of the results. (10) Nagging: A dark pattern practice due to which a user is disrupted and annoyed by repeated and persistent interactions, in the form of requests, information, options, or interruptions, to effectuate a transaction and make some commercial gains, unless specifically permitted by the user. Illustrations: (i) Repeatedly asking the customer to enable non-essential cookies on website / mobile application despite the customer having refused earlier. (ii) Inserting multiple dialogue boxes (e.g., for seeking reviews) and asking the customer to mandatorily select an option before allowing him / her to leave the application / website. (11) Trick Wording: Deliberate use of confusing or vague language like confusing wording, double negatives, or other similar tricks, in order to misguide or misdirect a user from taking desired action or leading consumer to take a specific response or action. Illustrations: (i) Using confusing double negatives to trick users into opting for promotional emails or additional services, e.g., a checkbox that says, “Uncheck this box if you do not want to receive offers” (ii) When adjusting privacy settings, a question like, “Do you want to disable data sharing?” with options “Enable” and “Disable” can be confusing, leading users to inadvertently enable data sharing.” 5. Consequent to amendments in terms of paragraph 4 above, another Amendment Direction, viz., Reserve Bank of India (Small Finance Banks – Undertaking of Financial Services) Second Amendment Directions, 2026 is being issued separately. (Veena Srivastava)
Chief General Manager |