MUMBAI: The Reserve Bank of India (RBI) has said a bank or financial services provider cannot force a customer to use digital banking channels as a precondition for accessing other services and that the lender has to take explicit prior consent from the customer for offering digital banking services. The regulator Friday issued the final draft guidelines on digital banking channels, stating that banks must obtain explicit consent from customers before providing digital banking services which may be duly recorded/documented.

The central bank further said lenders cannot make it mandatory for customers to opt for any digital banking channel to avail other facilities, such as debit cards. Digital banking channels are the services provided by a bank to its customers through its website, mobile apps, or other digital channels via any electronic equipment, granting people access to carry out banking and financial transactions. In other words, the new digital banking rules mandate lenders to take explicit customer consent, and prohibit them from forcing digital channels for accessing other services and tighten risk controls apart from mandating banks to implement risk-based transaction monitoring and surveillance mechanisms.

“While it may be more convenient for the customer to opt for some services together (for example, virtual access to card controls), the choice to apply for digital banking facilities shall lie solely with the customer,” the RBI said in its final digital banking directions.

“However, it is clarified that banks can continue to obtain and record mobile numbers of customers to send transaction alerts and other purposes in line with KYC requirements at the time of opening the accounts,” the RBI said. Banks will need to put in place appropriate risk mitigation measures in accordance with their policies such as transaction limits (per transaction, daily, weekly, monthly), transaction velocity limits, and fraud checks among others depending on their risk perception.

“It is clarified that wherever specific requirements have been prescribed by the Reserve Bank or payment system operators (for example, NPCI, card networks like Visa, Mastercard etc), the stricter requirements of the two shall be applicable. Banks shall ensure continuous compliance with instructions issued by DPSS under the Payment and Settlement Systems Act, 2007 in this regard as updated from time to time,” the RBI said in its directions.

The central bank also said banks will have to comply with the guidelines on customer protection, including limiting liability in fraud protection, to better regulate digital banking services. “Banks shall comply with the guidelines on customer protection, including limiting of liability in unauthorised electronic banking transactions,” the RBI said.Banks offering mobile banking services (other than through mobile applications) must ensure that customers across mobile network operators can avail of the services, i.e., the service must be network independent.

On mandating banks to put in place risk-based transaction monitoring and surveillance mechanism, the direction says, “study of customer transaction behaviour pattern and monitoring unusual transactions or obtaining prior confirmation from customers for outlier transactions may be incorporated in the systems in accordance with the fraud risk management policy of the bank.

”Third-party products and services, including those of promoter groups/bank group entities (subsidiaries/joint ventures/associates), cannot be displayed on banks’ digital banking channels except as specifically permitted by the Reserve Bank from time to time. Banks also have to clearly communicate that SMS/email alerts will be sent to the mobile number/email of the customer registered with the bank for operations, both financial and non-financial, in their accounts.

The RBI has also asked banks to comply with the guidelines on customer protection, including limiting of liability in unauthorised electronic banking transactions, sending of alerts (through SMS, email, etc), and ensure that the terms and conditions provided to customers are compliant with the instructions. The new guidelines also asks banks to ensure that  a person with over Rs 50 crore networth must ask for the bank's prior approval to access digital transactional banking facility due to the minimum regulatory requirement.

“Net worth as per minimum regulatory requirement or Rs 50 crore, whichever is higher, as on March 31 of the immediately preceding financial year,” said the RBI in the draft. It further says banks will have to clearly outline the terms and conditions in a “clear and simple” language in English, Hindi, and the local language of the customer to understand easily. The Reserve Bank has further said it will seek industry's opinion before implementing these directives.