New rules proposed by RBI to curb mis-selling by banks: Here’s what customers should know

The Reserve Bank of India (RBI) has proposed several rules on how banks can advertise, market and sell their products, as well as third-party financial products. These rules are designed to target mis-selling and dark patterns. 

The proposed framework, released on Wednesday, January 11, states that lenders must take explicit, recorded consent for the sale of each product. This is expected to prevent coercive cross-selling, as it also requires full refunds with compensation if mis-selling is proven. 

“...it has been decided to issue comprehensive instructions on advertising, marketing and sales of financial products and services (including third-party products and services) to all banks and NBFCs, which shall include various aspects related thereto, such as activities of Direct Sales Agents (DSAs) / Direct Marketing Agents (DMAs), dark patterns, prevention of mis-selling, etc,” the RBI said in a release on Wednesday.

In the RBI’s monetary policy meeting last week, the central bank said that mis-selling of financial products and services has significant consequences for both customers and institutions. 

"Mis-selling financial products and services has significant consequences for both customers and institutions alike. There is a felt need to ensure that third-party products and services that are being sold at the bank counters are suitable for customer needs and are commensurate with the risk appetite of individual clients," the RBI had said. 

What will change under the new rules?

Consent

Under the new rules, until and unless a customer gives explicit consent, a lender cannot sell a financial product to them. 

“A bank shall ensure that products/ services, whether own or third-party, are offered/ sold to the customers only with their explicit consent. While obtaining consent from the customer, consents for multiple products/ services or purposes shall not be clubbed together but shall be obtained individually,” the draft rules said.

The process for obtaining consent should be such that consent cannot be granted by the user without going through the applicable terms and conditions, the RBI added. 

Importantly, banks can promote/ or advertise promotional offers for their financial products or services only if the customer has given explicit consent to receive such communication.

“A bank shall send commercial communication/ alerts about promotional offers in respect of its own or third-party products/ services to a customer only if he/ she has given explicit consent to receive such communication/ alerts,” the rules said.

Further, a bank’s employee or DSAs (Direct Selling Agents)/ DMAs (Direct Marketing Agents) can share a customer’s information with any other individual if the customer has given an explicit request or consent for sharing of such information. 

Dark patterns

Lenders shall ensure that their user interfaces do not deploy any dark patterns, the RBI said, listing a number of dark patterns that may be relevant to banks. “User interfaces deployed by the bank shall be subject to user testing and periodic internal audit for identification of any unfair features, including dark patterns,” the RBI said.

These dark patterns include:

1. False urgency: Creating false urgency by stating or implying a sense of urgency or scarcity to mislead a user into making an immediate purchase. For example, if a bank communicates to the customer about charges or fees for certain products that will increase after a specific date, it will motivate them to buy quickly to avoid paying more.
2. Basket sneaking: Including additional items such as products, services, payments to charity or donations at the time of checkout from a platform, without the consent of the user. Sometimes, banks add products like protection against online fraud by default, which leads to higher payments by the customer without their consent.
3. Confirm shaming: Using messages (text, video, audio or any other means) to create a sense of fear or shame in the mind of the user to manipulate them into acting a certain way that results in the user purchasing the product or service. For example: Are you sure you want to miss out on exclusive offers and updates?
4. Forced action: Forcing a customer to take an action that would require them to buy an additional product, subscribe or sign up for an unrelated service, or share personal information to buy the original product or service. For example: Displaying pop-up advertisements for own or third-party products that cannot be closed without redirection to the concerned products. 
5. Subscription trap: Making the process of cancellation of a paid subscription a complex and lengthy process, or impossible by various measures. This is done by hiding the cancellation option, forcing a user to provide payment details for auto debits for availing a free subscription or making the instructions related to cancellation confusing. 

There are several other dark patterns, like Interface Interference, Bait and Switch, Drip Pricing, Disguised Advertisement, Nagging and Trick Wording that are used by banks to manipulate customers into buying their products. The RBI has now barred the use of these tactics. 

Additionally, banks can’t sell products unsuitable for specific customers even if consent is provided. Lenders are now required to assess product features, risks, fees and complexity against a customer’s profile to check if the product is suitable for them. 

“Before a financial product/ service is marketed/ sold to a particular customer, its suitability and appropriateness for the customer shall be determined by the bank based on an analysis of the features, risk-return attributes, time horizon, complexity, fee structure, etc. vis-à-vis the customer’s age, income, level of financial literacy, risk tolerance, etc,” the draft rules said. 

There are many other rules for commercial banks, small finance banks, payments banks, NBFCs, housing finance companies, urban co-operative banks, rural co-operative banks, regional rural banks, local area banks and All India Financial Institutions that will come into effect in July and are aimed at preventing mis-selling. All relevant details are available on the RBI website. 

The new rules will come into effect from July 1, 2026. The central bank has invited comments and views on the draft rules from the public and other relevant stakeholders until March 4.