India’s banking regulator issues digital banking guidelines

Core Viewpoint - The Reserve Bank of India (RBI) has issued final guidelines for digital banking channels, emphasizing customer consent and the non-mandatory nature of opting for digital services [1][3]. Group 1: Customer Consent and Access - Banks are required to document explicit customer consent before providing digital banking services [1]. - Customers cannot be mandated to use digital banking channels to access services like debit cards [1][3]. - The choice to apply for digital banking facilities lies solely with the customer, even if some services may be more convenient when bundled [3]. Group 2: Risk Mitigation Measures - Banks must implement risk mitigation measures based on their internal policies and risk perception [2]. - These measures may include transaction limits (per transaction, daily, weekly, and monthly), transaction velocity limits, and fraud checks [2]. Group 3: Transaction Monitoring and Communication - Banks are mandated to implement transaction monitoring and surveillance systems based on risk assessment [4]. - Banks must clearly communicate to customers that SMS and email alerts will be sent for all account operations to the registered mobile number or email [4]. Group 4: Compliance and Penalties - The RBI has directed banks to comply with existing customer protection guidelines and ensure that terms and conditions meet regulatory requirements [5]. - A penalty of Rs91 million ($1 million) has been imposed on HDFC Bank for breaches of the Banking Regulation Act and RBI guidelines [5].