From Consent to Compensation: RBI’s Draft Directions for REs on Sales Practices

/0 Comments/in /by

Highlights

  • Mis-selling, among others, will include selling an unsuitable financial product; consequences include compensation                                                                                                                               
  • Prohibition on Compulsory Bundling, eg., sale of insurance policy along with a loan
  • Explicit consent, wherever required, to be based on unambiguous affirmative action
  • Bank to do a due-diligence of a third party financial product that it markets, to avoid reputational risk
  • DSAs and DMAs of banks to come for tighter scrutiny; with undertaking for compliance with bank’s code and disciplinary action upon violation
  • Pricing difference, if any, between directly marketed bank products and indirectly (through agents) to be disclosed
  • Banks to take after-sale feedback from customers, and make necessary amendments in selling practices
  • Dark patterns not be used by regulated entities; periodic audit mandated
  • Controls over incentives favouring mis-selling

Regulating DSAs conduct, with visits to customers’ residence restricted, with narrower time window

Following the Statement on Developmental and Regulatory Policies dated February 6, 2026 (see a brief write-up here), the RBI has issued draft Directions for Advertising, Marketing and Sales of Financial Products and Services by Regulated Entities, to enforce responsible business conduct by the Regulated Entities (REs) and prevent mis-selling, through explicit consent requirements from customers, transparency in dealings of DSAs/ DMAs and third-party product distribution, targeted and affordability-based marketing, UI audit to prevent dark patterns, and strict controls on incentives, while ensuring customer choice, privacy, and ease of consent withdrawal.

In this article we analyse the Draft Amendment Directions for ‘Advertising, Marketing and Sales of Financial Products and Services by Regulated Entities (“Draft Directions”/ “NBFC Draft Directions/ “Commercial Bank Draft Directions, as may be applicable), detailing out the actionables and compliance requirements for commercial banks and NBFCs and their agents.

The draft Amendment Directions are expected to become effective from 1st July, 2026.

Applicability

Following the RE-wise segregation of Directions, separate Draft Amendment Directions have been issued for each form of RE, including commercial banks and NBFCs. The draft Directions applicable to NBFCs are extended to:

  1. Mortgage Guarantee Companies
  2. Standalone Primary dealers
  3. Non-Operating Financial Housing Company
Policy and Code requirements

Para 101A and 85A of the NBFC Draft Directions and Commercial Bank Draft Directions respectively  expressly mandates that every RE shall “put in place a comprehensive policy for advertising, marketing and sales of its own as well as third-party financial products / services.” When read together with the remaining provisions of Chapter IIIA/ Chapter IV, it becomes evident that the regulator expects REs to adopt one consolidated policy, which functions as an umbrella document governing the full customer acquisition and sales lifecycle.

This consolidated policy may be referred to, in practice, as an Advertising, Marketing, Sales and Customer Consent Policy (or similar nomenclature), and would subsume within it several thematic pillars that were earlier either scattered across internal documents or addressed informally through operating procedures.

At a conceptual level, the policy must operate across five interlinked topics: (i) product suitability and appropriateness, (ii) consent and customer choice, (iii) advertising and promotional standards, (iv) sales process governance and mis-selling prevention, and (v) digital interface integrity.

The policy should include the following minimum contents:

  1. Product Suitability and Appropriateness
    1. The parameters used for customer profiling, such as age, income, employment profile, financial literacy, risk tolerance and investment horizon.
    2. The internal classification of products based on complexity, tenure, and risk-return profile.
    3. The internal logic for mapping customer profiles with product categories.
    4. Circumstances in which sale of complex or high-risk products would require additional checks or senior-level approval.
  1. Consent and Customer Choice Framework
    1. What constitutes explicit consent across physical and digital channels.
    2. The approved modes of capturing consent (signed forms, OTP-based confirmation, digital tick-box etc.)
    3. Mechanisms for recording, storing and retrieving consent trails.
    4. Processes for withdrawal or modification of consent.
  1. Advertising and Promotional Material Standards
  1. Commercial Communication and Customer Contact
    1. Communication only to customers who have provided explicit consent to receive promotional communications.
    2. Adherence to Code of Conduct
  1. Sales Process Governance and Prevention of Mis-selling
    1. Prohibition on compulsory bundling.
    2. Requirement of separate application forms for each product.
    3. Confirmation from customers after application for third-party products.
    4. Delivery of executed agreements / terms to customers post-sale.
    5. Incentive design principles to ensure that internal sales targets or competitions do not encourage pushing of unsuitable products.
    6. Methodology to arrive at compensation to be paid to customers for mis-selling
  1. Digital Interface Integrity and Dark Pattern Prevention
    1. Prohibition on deployment of dark patterns.
    2. Internal standards for user interface and user experience design
    3. Mandatory user testing before deployment of new interfaces
    4. Periodic internal audit of digital journeys to identify unfair or manipulative features
  1. Approving Authority and Governance
  1. Review and Updation
Consent from customers

Unlike earlier regimes, where advertising, marketing and sale of financial products and services by REs were addressed indirectly through fair practices and disclosure requirements, the Draft Directions place marketing and sales within a distinct regulatory chapter and subject them to detailed conduct standards.

A central feature of this framework is the requirement that REs who offer or sell any product or service whether their own or that of a third party can do so based only on the basis of explicit customer consent. Consent is no longer treated as a routine formality embedded in application forms. Instead, it becomes the foundation on which lawful marketing and distribution activity rests.

  1. Consent as a Pre-condition to Offering Products

Para 101G and 85G of the NBFC Draft Directions and Commercial Bank Draft Directions require REs to ensure that products or services are offered or sold only with explicit consent of the customer. The use of the expression “offered or sold” is significant. It indicates that consent is required even at the stage of solicitation and not merely at the point of execution of a contract.

This departs from traditional practice, where institutions assumed that they could freely approach existing customers with promotional communications and seek consent only when a customer decided to proceed. Under the Draft Directions, the RE must first have a valid consent to approach the customer for marketing a particular product or category of products.

In practical terms, this means that an existing borrower relationship does not, by itself, permit a RE to market insurance, investment products or other financial services. Each such outreach must be backed by a demonstrable consent.

  1. What Constitutes “Explicit Consent”?

The Draft Directions define explicit consent as:

Explicit consent refers to a specific, informed and unambiguous indication of an individual’s choice / option, given through a statement or by a clear affirmative action, which indicates agreement to a specific action by or arrangement with an RE. The consent shall be duly recorded / documented by the RE.

This definition mirrors the standard of consent under the Digital Personal Data Protection Act, 2023 (“DPDPA”), which also requires consent to be free, specific, informed and unambiguous. Once the DPDPA is operationalised in full, marketing consent under RBI regulations and data protection consent under the DPDPA will effectively operate together.

Two practical consequences follow:

  • implied consent is insufficient. Silence, inactivity or continued use of an app cannot be treated as consent.
  • the RE must be able to prove that consent was obtained. This requires system-level recording of the date, time, mode and purpose of consent.

Pre-ticked boxes, blanket acceptance clauses and catch-all declarations such as “I agree to receive offers from the RE and its partners” will not meet this standard.

  1. Granularity of Consent: One Product, One Purpose

Para 101G and 85G of NBFC Draft Directions and Commercial Bank Draft Directions further provides that consents for multiple products, services, or purposes shall not be clubbed together and must be obtained individually. This requirement is founded on the principle that a customer’s willingness to receive information about, or avail, one product does not automatically imply willingness in respect of another product or purpose.

In this context, reference may also be drawn to the definition of “Compulsory Bundling”, which states as follows:

Compulsory bundling shall mean the practice by an RE of making availment of one product / service by a customer conditional upon availment of another product / service, whether own or third-party, offered by the RE. However, offering of multiple products / services as a package based on voluntary consent from the customer and / or on a complimentary basis (i.e., without any additional direct or indirect cost to the customer) shall not be construed as compulsory bundling.

Accordingly, compulsory bundling refers to situations where a RE denies or restricts access to a product or service unless the customer also avails another product or service (whether offered by the RE itself or by a third party). Conversely, a bundled offering would not be regarded as “compulsory bundling” where the additional product is provided on a voluntary basis and/or on a complimentary basis without any additional cost to the customer. Question may arise on practices where a service, not chargeable in practice, is compulsorily bundled with another product. For instance, requiring a customer to open a savings account in order to avail a personal loan/ home loan. Can such practices continue on the grounds that the savings account product, being a non-chargeable service, does not constitute compulsory bundling?

That said, even in cases where voluntary packaging or complimentary bundling is permissible, the mandate under para 101G and para 85G of NBFC Draft Directions and Commercial Bank Draft Directions continues to apply. Specifically, while obtaining consent from the customer, consents for multiple products, services, or purposes must not be clubbed and must be obtained individually.

Essentially, the Draft Directions clarify that offering multiple products as a package is permissible where:

  • The customer voluntarily chooses the package, and/or
  • The additional product is provided on a complimentary basis without extra cost.

The critical distinction lies in whether the customer has a real choice. Even in a voluntary package, the customer must be able to decline one product and still obtain the other. This view is also supported by para 101 Q and 85 Q of the NBFC Draft Directions and Commercial Bank Draft Directions state that : An RE shall use separate application form for the sale of a particular product / service and prominently indicate the nature (e.g., insurance, mutual fund, pension fund, hybrid product (insurance + investment), etc.), and features of the product / service in the respective application form”

Therefore, the consent architecture should, at a minimum, incorporate the following elements:

  • Separate and clear disclosure of each product or service.
  • Separate and affirmative opt-in mechanism (e.g., individual checkboxes) for each product or service.

  • A clear statement that refusal to opt for any particular product or service will not affect the customer’s ability to avail the other product(s) or service(s).

Illustrative – Permissible Structure

  •  I want a personal loan from XYZ NBFC/Bank.
  •  I want credit life insurance from ABC Insurance.

Illustrative – Impermissible Structure

  • I agree to avail loan, insurance and investment products from XYZ NBFC/Bank and its partners.

In practical terms, this means that:

  • Consent to market a personal loan cannot be treated as consent to market insurance.
  • Consent to market a RE’s own products cannot be treated as consent to market third-party products.
  • Consent to receive transactional or service-related SMS alerts cannot be treated as consent to receive telemarketing or promotional calls.

Each product category and each marketing purpose must therefore have its own distinct affirmative opt-in. For example, where a RE proposes to market a personal loan, credit life insurance, and mutual fund units, three separate consents must be obtained. A single consolidated consent for “financial products” would be non-compliant

  1. Consent and User Interface (UI) Design

The Draft Directions do not confine themselves to the wording of consent; they also regulate how consent is obtained.

Paragraph 101H and 85 H of the NBFC Draft Directions and Commercial Bank Draft Direction respectively, states that:

The process flow for obtaining consent through any user interface shall be designed in such a way that consent cannot be granted by the user without going through the applicable terms and conditions, if any

Hence the same requires that the consent flow through any user interface be designed in such a way that consent cannot be granted without the customer going through applicable terms and conditions.

In addition, paragraph 101X and 85 X of the NBFC Draft Directions and Commercial Bank Draft Directions respectively, states that:

An RE shall ensure that its user interfaces do not deploy any dark pattern. User interfaces deployed by the RE shall be subject to user testing and periodic internal audit for identification of any unfair features, including dark patterns. An illustrative list of dark patterns, which may be relevant to REs, is given in Annex III/Annex IIA (for NBFC and Banks respectively). Further, the NBFC shall ensure adherence to the ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’ issued by the Central Consumer Protection Authority (CCPA), as amended from time to time

Hence the Draft Directions prohibit deployment of dark patterns design techniques that nudge or manipulate users into taking actions they may not otherwise take.

Read together, these provisions mean that:

  • The option to decline marketing consent must be as visible as the option to accept.
  • Customers should not be forced to scroll through multiple screens or pop-ups after declining.
  • Core services (such as loan servicing or repayment) cannot be made contingent on agreeing to marketing.

Consent obtained through manipulative design is unlikely to be treated as valid. Furthermore, the REs would also need to undertake periodic internal audits as well to identify any unfair features including dark patterns in the systems and processes employed by such an RE.

  1. Consent in Third-Party Product Distribution

Third-party products are subject to additional safeguards. Beyond the requirement of explicit consent under para 101G and para 85G of NBFC Draft Directions and Commercial Bank Draft Directions respectively, para 101S and para 85S of NBFC Draft Directions and Commercial Bank Draft Directions respectively states that:

Subsequent to receipt of an application from the customer for a third party product / service, the NBFC, through an SMS / email or any other secure medium made available by it, shall seek confirmation from the customer about having applied for the specific product / service.

Hence even where consent has been obtained for availing of third party services an NBFC is required to enquire through an SMS/e-mail or any other secure medium on whether the customer actually has applied for the specific product/service or not. This seems to be a rather unnecessary requirement, considering that the offering to the customer is based on explicit consent obtained from the same, and separate applications are obtained from the customer for the product offered.

Alternatively, this may also be viewed as a second-level check, with the intent of reducing the risk of applications being generated without genuine customer intent.

  1. Funding of Add-on Products

Para 101W and para 85 W of NBFC Draft Directions and Commercial Bank Draft Directions respectively, prohibits REs from funding the purchase of any product own or third-party out of a loan facility without explicit consent of the customer.

A customer may agree to purchase insurance but may not wish to finance the premium from loan proceeds. These are two distinct decisions, and both require consent.

REs must therefore capture:

  • Consent to purchase the product, and
  • Consent to fund it through the loan.
  1. Withdrawal of Consent

While the Draft Directions do not contain a standalone provision on withdrawal, para101M and 85 M of NBFC Draft Directions and Commercial Bank Draft Directions respectively, requires that unsubscribing from commercial communication be as easy as subscribing.

This reflects the broader principle that consent must remain revocable. Customers must be able to change their preferences without friction, and withdrawal of marketing consent should not affect their access to existing financial services.

Suitability and appropriateness of products/ services offered

The RBI Directions define mis-selling and includes, amongst others:

Sale of a product / service, which is neither suitable nor appropriate in view of the customer’s profile even if with his / her explicit consent;

The operating provisions further specify the requirements in relation to the same. REs are expected to determine the “suitability” and “appropriateness” of the financial product/ service offered, for a customer, based on an analysis of the features, risk-return attributes, time horizon, complexity, fee structure, etc. vis-à-vis the customer’s age, income, level of financial literacy, risk tolerance, etc.

Determination of suitability and appropriateness requires comparison of the product vis-a-vis the customer’s profile. This requires collation of various information w.r.t. the customer, some of which are required to be sourced directly from the customer, while some information may be sourced from external, verifiable sources.

Globally, customer suitability considerations in retail sale of financial products/ services is a well-recognised concept. An April, 2008 report of Basel Committee discusses the relevance of suitability requirements in managing the risk of potential mis-selling with a study of the requirements across jurisdictions. The 2017 edition of Good Practices for Financial Consumer Protection by the World Bank Group specifies “product suitability” as an important component of responsible finance. Principle 9 of the  G20/OECD High-Level Principles on Financial Consumer Protection, 2020 also requires that:

Depending on the nature of the transaction and based on information primarily provided by consumers, financial services providers and intermediaries should assess the related financial capabilities, situation and needs of consumers before agreeing to provide them with a product, advice or service. They should recommend to consumers suitable products or services that aim to deliver appropriate outcomes and ultimately contribute to their financial well-being.

A regulatory example may be drawn from the Guideline on Appropriate Products and Services for Banks and Authorized Foreign Banks by the Financial Consumer Agency of Canada (FCAC). Key requirements include:

  • Establishing relevant policies and procedures in relation to the same, with the bank’s senior management and/ or board committee overseeing its implementation
  • The policies and procedures should cover, amongst others, what information of the customer is required to be collected, and manner of usage, manner of verification of information, circumstances where consumers refuse/ are unable to provide the relevant information etc.
  • Inform consumers if a product/ service is assessed as inappropriate, or if the bank is unable to conduct the assessment
  • Ensure processes for internal assessment, review and approval of own as well as third-party products offered by the bank directly/ through agents
  • Provide initial and ongoing training to persons involved in the offer or sale of products/ services related to the appropriateness of the product/ services
  • Assessment to be conducted for both products/ services offered by the bank, as well as products/ services requested by the customers

In the Indian context as well, there have been various regulatory references in relation to the product suitability requirements. For instance, the RBI requires market makers carry out proper due diligence regarding ‘user appropriateness’ and ‘suitability’ of products before offering derivative products to users [see an article on the same here]; AMFI Guidelines mandate MFDs to assess the investor’s risk profile and suitability of the product; the IRDAI requires life insurers to have a policy on suitability assessment of a product to the prospect etc.

Promotional material/ communication

RBI has further prescribed guidelines governing promotional materials and the conduct of agents, DSAs/DMAs while marketing the products or services of the RE or any third party. Key compliance requirements include the following:

  • All materials/ communication by the RE shall in no manner advertise / market any third-party product/ service as its own. REs shall clarify its role in providing any third party financial product/ service.
  • Content of the materials and communication by the RE shall be clear and factual.
  • All promotional materials shall clearly disclose the applicable interest rates and all related fees and charges.
  • Updated terms and conditions of the product or service shall be prominently displayed across all points of sale and digital platforms, including the website and mobile application.
  • Commercial communications or promotional alerts relating to the RE’s own or third-party products or services shall be sent to a customer only upon obtaining their explicit prior consent to receive such communications.[REs shall ensure that such promotional communication is done through number series 1400xx in line with Prevention of financial frauds perpetrated using voice calls and SMS – Regulatory prescriptions and Institutional Safeguards]
  • The process for unsubscribing from any service or commercial communication shall be as simple and seamless as the process for subscribing to such service or communication.
  • A consolidated list of all services and commercial communications subscribed to by the customer shall be made available through a dedicated link on the customer’s login page across digital channels, including the mobile application and website.
Empanelment of DSAs/ DMAs

While empanelling DSAs/ DMAs, REs shall take note of some prior requirements that may affect the business of the Company:

  • Policy:

The Policy on Advertising, Marketing and Sales of Financial Products / Services shall include areas such as eligibility criteria, due diligence at the pre and post-engagement level, training, functions / activities that may be assigned, performance evaluation standards, inspection / audit, control mechanisms to ensure compliance with statutory requirements along with procedures to be followed and penal actions to be taken in case of non-compliant DSAs / DMAs.

  • On person identification:

Any agent of the RE or representative of a third-party present within the RE’s premises for marketing or selling products must be clearly distinguishable from the RE’s regular employees.This includes visible “on person” identification such as distinct ID cards, badges, uniforms, or desk signage clearly specifying their status as DSA/ DMA or third-party representatives.

  • Disclosure of Upfront fee

DSAs/ DMAs shall clearly disclose to the customer any difference in interest rates, fees, commissions, processing charges, or other costs where a product is sourced through them as compared to sourcing it directly from the RE.

This requirement may constrain the competitive positioning of DSAs/DMAs by limiting their ability to differentiate on pricing where customers are made aware of lower direct-channel costs. If customers become aware that availing the product directly from the RE is more economical, they may bypass intermediaries altogether.

  • Prohibition on incentives

REs shall structure their internal sales policies and incentive frameworks in a manner that does not promote aggressive or target-driven selling that could result in mis-selling. Practices such as sales competitions, product-specific drives, or volume-based targets must be calibrated to ensure that suitability and customer interest are not compromised in pursuit of business numbers.

Further, employees involved in marketing or selling third-party products must not receive any direct or indirect incentive, commission, or benefit from the third-party provider, thereby preventing conflict of interest and ensuring that product recommendations remain unbiased and customer-centric.

  • Conduct of DSAs/ DMAs

REs shall put in place a Code of Conduct (‘CoC’) for marketing and sales of financial products / services, which shall be applicable to the RE’s own employees as well as DSAs / DMAs.

The CoC shall include at least the below points as prescribed under the Draft Directions:

  • Permissible Hours: Contact customers only between 09:00–18:00 hours, unless expressly authorised otherwise.
    • Approved Channels: Communicate only through modes and formats approved by the RE.
    • Supervisor Disclosure: Provide details of the supervisor/ RE official upon customer request.
    • Privacy & Confidentiality: Share customer information only with explicit consent.
    • Product Explanation: Clearly explain terms and conditions, if customer is interested and address customer queries before sale.
    • Do Not Disturb (DND) Compliance:  Report customers opting for DND to the RE.
    • Visits: Do not visit or contact customers at residence/business without explicit consent.
    • Prohibition on Mis-selling or Coercion: Do not mislead or pressure customers into purchases.
    • No Post-Sale Solicitation: Avoid calls regarding sold products; redirect customers to RE customer service.
    • Upfront Cost Disclosure: Disclose any difference in fees/interest where sourced through DSA/DMA.
    • No False Representation: Do not misrepresent identity or claim to be RE employees.
    • No Unauthorized Commitments: Do not make false or unauthorised commitments on behalf of the RE.

Before assigning any marketing or sales activities, the RE shall obtain a written undertaking from DSAs/DMAs confirming adherence to the CoC. The agreement with such agents shall also clearly stipulate the penal or disciplinary actions applicable in case of any breach.

Feedback and compensation to customers

The Draft Directions require REs to incorporate aspects related to feedback mechanism as a part of the policy on advertising, marketing and sales. In the context of commercial banks, Para 85Y to 85ZA of the Draft Directions specifies requirements in relation to feedback and compensation to customers. The following are required:

  • Feedback mechanism from customers
    • to obtain feedback within 30 days from sale of any product/ service
    • to ensure that customers have understood features of the product/ service and associated risks
    • may include random selection of customers, and obtain feedback through call-backs/ surveys
    • to be carried out by a department/ vertical not associated with the sale of products/ services
  • Half-yearly report on the findings of the feedback to be prepared and utilised for review of existing policies and features of products/ services
  • Complaints regarding mis-selling
    • May be lodged by customer within the time specified by respective financial sector regulators
    • If no timeline specified, within 30 days of receipt of signed copy of terms/ agreement
  • If mis-selling established
    • Refund the entire amount paid by the customer for the product/ service
    • Intimation to customer about cancellation of sale, if applicable
    • Compensation to customer for loss arising due to mis-selling, as per bank’s approved policy
Conclusion 

The Draft Directions signal a decisive shift in the regulatory treatment of advertising, marketing and sales of financial products by regulated entities. What was earlier majorly governed through general fair practices is now being brought under the RBI framework with granular, enforceable obligations.

RBIs intent is clear in this case: growth in distribution cannot come at the cost of customer protection. Placing emphasis on ex-ante controls such as suitability assessment, granular consent architecture, UI governance to eliminate dark patterns, structured DSA/ DMA oversight, and calibrated incentive design. Mis-selling is no longer viewed merely as a reputational issue; it is a regulatory breach with compensation consequences.

Refer to our presentation here

Watch our YouTube video here

You might also like
RBI amends mode of payment and remittance norms for units of Investment vehicles
Choppy landing for soft lending: Regulatory concerns on quality of lending
Operational Risk Assessment for NBFCs : Understanding The Basics
Revised ODI Norms: A step towards greater clarity & liberalization?
The NBFC that doesn’t have to be: CICs and Principal Business paradox
Would the doses of TLTRO really nurse the financial sector?
RBI to strengthen corporate governance for Core Investment Companies.
Streamlined Regulatory Reporting Across Specified Entities
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *