RBI tightens bank product sales rules, effective 2027

What the RBI changed and why it matters

The Reserve Bank of India (RBI) on Monday issued amendments to its framework governing the advertising, marketing and sale of financial products and services by banks. The revised directions are aimed at strengthening customer protection, curbing mis-selling and improving accountability across banks and their distribution ecosystem. The rules are designed to apply across channels, including digital journeys, call-based sales, branches, agents and outsourced arrangements. The RBI said the changes come amid growing concerns over mis-selling of financial products and services to retail customers. The amended directions will come into force from January 1, 2027. The framework also expands how responsibility is assigned when banks use third parties to acquire customers or promote products.

Scope: banks, agents, and digital marketing intermediaries

A central feature of the amendments is a “principle-based and channel-agnostic approach,” with overall responsibility placed on the regulated entity for all advertising, marketing and sale activity. This responsibility applies whether the activity is undertaken directly by the bank or through agents and outsourced arrangements. The RBI said that influencers, affiliates, Loan Service Providers (LSPs) and other similar digital marketing intermediaries engaged for promotion or customer acquisition would fall under the broader category of Direct Selling Agents (DSAs) and Direct Marketing Agents (DMAs). By bringing these players into the compliance perimeter, the RBI is seeking to reduce gaps where accountability becomes unclear across social media and performance marketing channels. The amendments are positioned as a response to market practices that can blur the line between product information and sales pressure.

A wider definition of mis-selling, even where consent exists

The RBI laid out a broad definition of mis-selling and included scenarios that go beyond traditional disclosure failures. Mis-selling covers the sale of an unsuitable product for a customer, providing misleading or inaccurate information, selling products without obtaining explicit consent, and mandatorily bundling products together. It also includes cases where another product or service is compulsorily bundled with the product requested by the customer, and any other category defined by the relevant financial sector regulator. Importantly, the RBI clarified that even if a customer has provided consent, the sale of an unsuitable product may still be treated as mis-selling. This creates a clear expectation that banks must not rely only on form-based consent to justify sales. The amendments therefore shift the focus towards suitability, clarity and customer understanding.

Compulsory bundling is restricted, with limited exceptions

The directions introduce a definition of “compulsory bundling,” referring to situations where a bank makes the availability of one product or service conditional on the purchase of another product or service. Banks have been prohibited from compulsorily bundling any third-party product or service with their own products. The RBI, however, acknowledged that some third-party products may be used as risk mitigants. Where a third-party product such as insurance is required as a risk mitigant, customers must be given freedom to purchase it from any provider of their choice. The RBI also clarified that voluntary product packages and complimentary offerings without additional cost will not be treated as compulsory bundling. The intent is to stop forced add-ons while preserving legitimate, transparent packaging that does not restrict choice or add hidden costs.

Explicit consent becomes mandatory, recorded, and unbundled

Banks will be required to obtain “explicit consent” before selling any financial product or service, whether their own or offered through a third party. The RBI said consent may be obtained through physical or digital signatures, OTP-based approvals, digitally recorded confirmations, or clearly demarcated consent sections within agreements. The directions also tighten how consent is captured when more than one product is involved. Where a single application form contains multiple products or services, each product must be separately identified, and customers must be able to choose only those products they wish to purchase. The RBI said consent must be recorded and cannot be assumed or pre-selected. In digital interfaces, the default consent option must be “No” or “I do not agree.”

Consent records and digital design requirements

The RBI has added record-keeping and interface requirements to make the consent process auditable. Banks will be required to preserve consent records until one year after the contractual relationship for the product ends. Digital interfaces must ensure that consent cannot be granted without customers being exposed to applicable terms and conditions. This requirement targets common weak points in digital sales journeys where customers may proceed without seeing key terms. Alongside consent, the RBI also directed banks to design simple ways for customers to opt out of marketing communication. These changes collectively aim to improve traceability, reduce disputes, and create clearer evidence when complaints arise.

Suitability and appropriateness checks before selling

Before selling a financial product or service, banks will be required to assess its suitability and appropriateness for individual customers. The RBI said the assessment must consider the customer’s profile and also follow any product-specific suitability requirements prescribed by sectoral regulators such as SEBI, IRDAI or PFRDA. This strengthens the expectation that sales teams and agents evaluate whether a product fits a customer rather than treating disclosure as the only safeguard. It also aligns bank-led distribution with suitability standards used across securities, insurance and pensions. The RBI’s approach signals that mis-selling can exist even if paperwork is complete, when the product is not appropriate for the customer.

Disclosures: key product terms must be clearly presented

Before obtaining customer consent, banks must prominently disclose key features of the product. The RBI listed disclosures such as interest rates, fees and charges, financial commitments, risks involved, lock-in periods, and exit conditions and penalties. Where regulators have prescribed standard disclosure formats such as Key Facts Statements (KFS) or Most Important Terms and Conditions (MITC), banks must use those formats. The emphasis is on clarity and comparability, particularly for retail customers who may not be able to evaluate product complexity. By tying disclosure to standard formats where available, the RBI is seeking to reduce ambiguity and uneven disclosure quality across banks and channels.

Sales communications: tighter outreach rules and conduct expectations

The amended framework restricts how promotional outreach can be conducted. Banks will only be allowed to send promotional communications if customers have explicitly consented to receive them. Sales calls and visits can generally be made only between 9 a.m. and 7 p.m., unless customers specifically authorise communication outside those hours. The RBI also prohibited sales personnel from making false commitments or misleading customers. These requirements are intended to reduce high-pressure selling tactics and improve customer control over marketing contact. They also create clearer compliance expectations for DSAs, DMAs and other third parties acting on behalf of banks.

Dark patterns banned across apps, websites, and digital journeys

The RBI has prohibited banks and their agents from using “dark patterns” in digital interfaces. Dark patterns were described as deceptive design practices that manipulate customer choices or impair informed decision-making, including design or user-experience techniques that mislead or trick customers into taking actions they did not intend. The ban applies across banking apps, websites and other sales channels. This step directly targets digital tactics that can nudge customers into unintended add-ons, consent or product selection. The regulator’s inclusion of dark patterns also reflects the growing role of digital acquisition funnels in retail finance.

Incentives and accountability across the distribution chain

The RBI clarified that while payment of incentives to regulated entity employees by third parties has been prohibited, the directions do not prohibit payment of incentives by regulated entities to their employees. The objective, the central bank said, is to ensure incentive structures do not encourage aggressive sales practices or lead to mis-selling. The RBI also said the final norms follow draft directions issued in February and were amended after reviewing stakeholder feedback. Overall, the framework places responsibility on the regulated entity for advertising, marketing and sale activity conducted directly or through agents and outsourced arrangements. This is meant to reduce gaps where customer harm occurs but accountability is diffused across multiple intermediaries.

Key provisions at a glance

Market impact and what changes for customers

For customers, the amendments are designed to make product buying more deliberate and better documented. Separate identification of products within a single application and default “No” consent options aim to reduce unintended purchases and add-ons. Restrictions on compulsory bundling, especially for third-party products, directly address a common retail complaint where customers feel pushed into insurance or other add-ons with banking products. The ban on dark patterns targets the digital layer of mis-selling, where interface design can shape decisions as much as sales scripts do. For banks and their sales partners, the changes imply tighter controls on customer acquisition and lead conversion practices, with clearer compliance obligations for agents and marketing intermediaries.

Why the RBI’s approach is different this time

Two design choices stand out in the RBI’s amendments. First, the focus on suitability and appropriateness means compliance is not only about documentation but also about product-customer fit. Second, the channel-agnostic approach assigns responsibility to the regulated entity even when sales happen through a wide network of agents, outsourced partners and digital promoters. The explicit classification of influencers and similar intermediaries under DSA and DMA categories also reflects how retail product distribution has shifted toward social and digital channels. Together, these steps aim to reduce the mismatch between fast-moving acquisition models and slower, complaint-driven accountability mechanisms.

Conclusion

The RBI’s amended directions tighten consent, suitability checks, disclosures, outreach practices, bundling rules and digital design standards to curb mis-selling by banks and their distribution partners. With an effective date of January 1, 2027, banks and intermediaries have a defined timeline to update policies, sales scripts, consent capture processes and digital interfaces. The RBI has also clarified incentive boundaries to reduce third-party influence over frontline staff behaviour. The next phase is operational implementation, including system changes to record and retain consent, redesign digital journeys, and enforce conduct norms consistently across agents and marketing intermediaries.