बे टी बचाओ,
बे टी पढ़ाओ
भारतीय �रजवर् बैंक
RESERVE BANK OF INDIA
www.rbi.org.in
Draft for Comments
RBI/2025-26/xx
DoR.RAUG.AUT.REC.Sxxxx/24.01.041/2025-26 July xx, 2025
Reserve Bank of India – Digital Banking Channels Authorisation Directions, 2025
In exercise of the powers conferred under Section 35A read with Section 56 of the Banking
Regulation Act, 1949 (hereinafter called the Act), the Reserve Bank, being satisfied that it is
necessary and expedient in the public interest to do so, hereby, issues the following directions.
CHAPTER I
Preliminary
1. Short Title and Commencement
These Directions shall be called the Reserve Bank of India (Digital Banking Channels
Authorisation) Directions, 2025.
2. Effective Date
These Directions shall come into effect from the date of final issuance of these directions.
3. Applicability
The provisions of these Directions shall apply to all banks authorised to operate in India
(commercial banks and cooperative banks).
4. Definitions
4.1 In these Master Directions, unless the context otherwise requires, the following definitions
shall be applicable:
(a) Digital Banking Channels – Digital Banking Channels refer to modes provided by the
banks over web sites (i.e., internet banking), mobile phones (i.e., mobile banking) or other
digital channels through electronic devices/equipment for the execution of financial,
banking and other transactions as required for digital banking services which involve
significant level of process automation and cross-institutional service capabilities.
(b) Internet Banking – Digital banking channel offered by a bank to its customers for
managing their accounts and accessing its services over the internet (including web
browser-based applications but excluding mobile applications).
�(c) Mobile Banking – Digital banking channel offered by a bank to its customers for managing
their accounts and accessing its services using mobile applications, unstructured
supplementary service data (USSD), and short message service (SMS).
(d) View Only Banking Facility – A feature of digital banking channels which only allows
banking services that do not alter the asset or liability of the customer viz. balance enquiry,
balance viewing, account statement download, etc.
Note: Loans, funds transfers, and other such facilities, which create liability for the
customer and/or involve movement of funds, cannot be provided by banks having view
only facility over digital channels. However, banks providing view only facility can provide
downloadable forms for such facilities.
(e) Transactional Banking facility – A feature of digital banking channels through which all
fund-based or non-fund-based banking services can be provided.
(f) Commercial Banks - These include Public Sector Banks (PSBs), Private Sector Banks
(PVBs), Foreign Banks (FBs), Regional Rural Banks (RRBs), Small Finance Banks
(SFBs), Payment Banks, and Local Area Banks (LABs).
(g) Cooperative Banks – These include Primary (Urban) Co-operative Banks (UCBs), State
Co-operative Banks (StCBs), and District Central Co-operative Banks (DCCBs).
4.2 All other expressions unless defined herein shall have the same meaning as have been
assigned to them under the Banking Regulation Act, 1949 or the Reserve Bank of India Act,
1934 and rules / regulations made thereunder, or any statutory modification or re-enactment
thereto or as used in commercial parlance, as the case may be.
Chapter II
Prudential Requirements
5. Policies and Procedures
Banks shall put in place comprehensive policy(s) for all digital banking channels keeping in
account all statutory and regulatory requirements (including on management of liquidity and
operational risks in digital banking scenario). The responsibility of oversight for management
of risks emanating from these facilities shall remain with the senior management.
6. Eligibility Criteria for providing view only banking facility
6.1 All banks which have implemented Core Banking Solution (CBS) and have enabled their
public facing Information technology (IT) infrastructure to handle Internet Protocol Version 6
Page 2 of 10
�(IPv6) traffic are eligible to provide view only banking facility for internet banking, mobile
banking, and other digital banking channels-based services.
6.2 The banks commencing view only digital banking channel(s), from date of applicability (in
para 3), shall inform the concerned regional office of the Reserve Bank along with a copy of a
‘Gap Assessment and Internal Controls Adequacy’ (GAICA) report as prescribed in para
7.1(e)(i) below within thirty days of the launch of the facility. The process shall be subject to
scrutiny as deemed fit by the respective supervisors.
7. Eligibility Criteria for providing transactional banking facility
7.1 Banks shall require prior approval of the Reserve Bank for launching transactional banking
facility. Subject to fulfilment of the prudential eligibility criteria as enumerated below, banks
may apply to the respective Regional Office of Reserve bank (through the PRAVAAH portal)
for launch of transactional banking facility, along with a board resolution and other necessary,
supporting documents.
a) Full implementation of CBS and public facing IT infrastructure being enabled to handle
Internet Protocol Version 6 (IPv6) traffic.
b) Compliance with minimum regulatory CRAR requirement.
c) Net worth as per minimum regulatory requirement or ₹50 crore, whichever is higher, as on
March 31st of the immediately preceding financial year.
d) Availability of adequate financial and technical capabilities for this facility. The applicant
bank shall submit detailed report indicating the expected expenditure (on set up,
maintenance, and upgradation) along with availability of funds for the proposed facility over
the next five financial years. Further, the report shall also include the details of cost-benefit
analysis, third-party technology service providers (if any), technology proposed to be
adopted, and availability of skilled personnel to manage the operations / oversee the
outsourcing partners’ operations.
e) A satisfactory track record of regulatory compliance including with cyber security guidelines
and a sound internal control system. This shall be assessed through the following:
i. A Gap Assessment and Internal Controls Adequacy (GAICA) report with respect
to the technological controls prescribed in Para 8 of these directions. The report
shall be certified by (third party) CERT-In empanelled auditor(s).
ii. Absence of any major adverse observations in the Information Security (IS) Audit
reports for the last two financial years.
iii. Inputs of the supervisory authority of the bank.
Page 3 of 10
�7.2 All approvals under this MD will be granted for all types of digital banking channels.
However, if a bank has the approval for a particular digital banking channel (like mobile
banking) before the date of applicability of this MD, it shall require prior approval for launching
any other digital banking channel.
Chapter – III
Guidelines on Technological Issues in Digital Banking
8. The following instructions (as updated from time to time) shall be applicable for banks
offering digital banking services as per the table appended below:
Table – I
No. Circular/Direction Currently Additionally applicable to (for
applicable to digital banking channels)
I. DoS.CO.CSITEG/SEC.1/31. SCBs No change.
01.015/2023-24 dated April (excluding
10, 2023 – Master Direction RRBs); SFBs;
on Outsourcing of PBs; LABs; T3
Information Technology and T4 UCBs
Services
II. DoS.CO.CSITEG/SEC. SCBs No change.
7/31.01.015/2023-24 dated (excluding
November 07, 2023 – RRBs); SFBs;
Master Direction on PBs.
Information Technology
Governance, Risk, Controls
and Assurance Practices
III. DoS.CO.CSITE. SCBs Select UCBs as prescribed by
SEC.No.1852/31.01.015/20 (excluding Department of Supervision (DoS),
20-21 dated February 18, RRBs); SFBs; Reserve Bank.
2021 – PBs Chapters III and IV of the MD are
Master Direction on Digital now extended to all the other banks*
Payment Security Controls that are not covered currently.
Page 4 of 10
� * Chapter II of the MD shall not apply to
these banks regardless of cross-references
in Chapters III and IV.
IV. DBS.CO.ITC.BC.No.6/31.02 RRBs, UCBs LABs
.008/2010-11 dated April 29, and RCBs
2011 – offering internet
Working Group on banking
Information Security, services
through
Electronic Banking,
Technology Risk circulars issued
Management and Cyber in November
Frauds- Implementation of 2015.
recommendations
V. UBD.No.Admn.46b/17:36:00 UCBs RRBs, RCBs, and LABs.
/97-98 dated March 30, 1998 (RRBs and RCBs shall comply with
–
reporting requirements as
Risks and Control in prescribed by NABARD.)
Computer and
Telecommunication
Systems
VI. DCBS.CO.PCB.Cir.No.1/18. UCBs
01.000/2018-19 dated
October 19, 2018 –
Basic Cyber Security
Framework for Primary
(Urban) Cooperative Banks
(UCBs)
VII. DoS.CO/CSITE/BC.4083/31 UCBs
.01.052/2019-20 dated
December 31, 2019 –
Comprehensive Cyber
Security Framework for
Page 5 of 10
� Primary (Urban) Cooperative
Banks (UCBs) – A Graded
Approach
VIII. DOS.CO.FMG.SEC.No.5/23 All Commercial No change
.04.001/2024-25 dated July Banks
15, 2024 - Master Directions (including
on Fraud Risk Management Regional Rural
in Commercial Banks Banks)
(including Regional Rural
Banks) and All India
Financial Institutions
IX. DOS.CO.FMG.SEC.No.6/23 UCBs and LABs.
.04.001/2024-25 dated July RCBs
15, 2024 – Master Directions
on Fraud Risk Management
in Urban Cooperative Banks
(UCBs) /State Cooperative
Banks (StCBs) / Central
Cooperative Banks (CCBs)
Note: It is reiterated that extensions as indicated in the fourth column above shall apply only to
banks offering services over digital banking channels.
Chapter IV
General Guidelines
All banks, regardless of type of facility, shall comply with the directions contained in this chapter
on a continuous basis for their digital banking services.
9. Compliance
Banks shall ensure continuous adherence to the following in conduct of their digital banking
operations:
I. The provisions (as amended from time to time) of the Information Technology Act, 2000,
Digital Personal Data Protection Act, 2023, and other legal requirements. The
jurisdiction of legal settlement would be within India.
Page 6 of 10
� II. For transfer of funds from the accounts of customers using digital banking for delivery
in cash to the recipients, conditions stipulated in the circulars dated July 24, 2024 on
‘Domestic Money Transfer – Review of Framework’ and dated October 05, 2011 on
‘Domestic Money Transfer- Relaxations’ as issued and updated from time to time by the
Department of Payment and Settlement Systems (DPSS), Reserve Bank.
III. Instructions issued by the Reserve Bank on ‘Customer Services Provided by Banks’
and other authorities on provision of banking facilities to persons with disabilities.
IV. FEMA 1999 and applicable instructions issued by the Reserve Bank.
V. Relevant instructions issued by the DPSS under the Payment and Settlement Systems
(PSS) Act, 2007.
VI. The instructions/Directions on KYC/AML/CFT issued and as updated by RBI from time
to time.
10. Customer Conduct and Other Instructions
10.1 Banks shall obtain explicit consent from the customer for providing digital banking
services which may be duly recorded/documented. It shall also be clearly indicated that
SMS/email alerts will be sent to the mobile number/email of the customer registered with the
bank for operations, both financial and non-financial, in their account(s).
10.2 Multiple channels for registration of these services may be provided to minimize the need
for branch visits and application processing time.
10.3 For registration, banks shall provide the terms and conditions in clear and simple
language (preferably in English, Hindi, and the local language) which is easily comprehensible
to the customer. These shall provide details of charges (if any) to be levied under specific
circumstances, timeframe and process to initiate stop-payment instructions, helpdesk details,
grievance redress, and risks, responsibilities, and liabilities of customers.
10.4 Banks shall comply with the guidelines on customer protection including limiting of liability
in unauthorised electronic banking transactions 1& 2 (as updated from time to time), sending of
alerts (through SMS, email, etc.), and ensure that the terms and conditions provided to
customers are compliant with the instructions.
1
DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017
2
DCBR.BPD.(PCB/RCB).Cir.No.06/12.05.001/2017-18 dated December 14, 2017
Page 7 of 10
�10.5 Banks shall not make it mandatory for the customer to opt for any digital banking channel
to avail any other facility like debit cards. While it may be more convenient for the customer to
opt for some services together (for example, virtual access to card controls), the choice to
apply for digital banking facilities shall lie solely with the customer. However, it is clarified that
banks can continue to obtain and record mobile numbers of customers to send transaction
alerts and other purposes in line with KYC requirements at the time of opening the accounts.
10.6. Banks shall put in place appropriate risk mitigation measures in accordance with their
policies like transaction limit (per transaction, daily, weekly, monthly), transaction velocity limit,
fraud checks, etc. depending on their risk perception. It is clarified that wherever specific
requirements have been prescribed by the Reserve Bank or payment system operators (for
example, NPCI, Card networks like VISA, Mastercard, etc.), the stricter requirements of the
two shall be applicable. Banks shall ensure continuous compliance with instructions issued by
DPSS under the Payment and Settlement Systems Act, 2007 in this regard as updated from
time to time.
10.7. Banks offering mobile banking service (other than through mobile applications) must
ensure that customers across mobile network operators can avail of the service, i.e., the
service shall be network independent.
10.8. Banks shall put in place risk-based transaction monitoring and surveillance mechanism.
Study of customer transaction behaviour pattern and monitoring unusual transactions or
obtaining prior confirmation from customers for outlier transactions may be incorporated in the
systems in accordance with the Fraud Risk Management Policy of the bank.
10.9 Third-party products and services, including those of promoter groups or bank group
entities (subsidiaries/joint ventures/associates), shall not be displayed on banks’ digital
banking channels except as specifically permitted by the Reserve Bank from time to time in
terms of the paragraphs 18 and 19 of the Master Direction - Reserve Bank of India (Financial
Services provided by Banks) Directions, 2016 dated May 26, 2016, circular on ‘Establishment
of Digital Banking Units (DBUs)’ dated April 07, 2022, applicable instructions on ‘Branch
Authorisation’, and other related instructions, as updated from time to time.
Page 8 of 10
� Chapter – V
Exemptions, Interpretations and Repeal
11. Exemptions
The Reserve Bank may, if it considers necessary for avoiding any hardship or for any other
just and sufficient reason, grant extension of time to comply with or exempt any regulated
entity, from all or any of the provisions of these Directions either generally or for any specified
period, subject to such conditions as the Reserve Bank may impose.
12. Interpretations
For the purpose of giving effect to the provisions of these Directions, the Reserve Bank may,
if it considers necessary, issue necessary clarifications in respect of any matter covered herein,
and the interpretation of any provision of these Directions given by the Reserve Bank shall be
final and binding on all the parties concerned.
13. Repeal Provisions
13.1 With the issue of these directions, the instructions/guidelines contained in the following
circulars, issued by the Reserve Bank stand repealed.
No Circular No. Date Subject
i) DBOD.COMP.BC.No.130/ June 14, Internet Banking in India – Guidelines
07.03.23/ 2000-01 2001
ii) DBOD No. July 20, Internet Banking in India – Guidelines
Comp.BC.14/07.03.29/2005 2005
-06
iii) DBOD No. Comp. BC. 1658 August 22, Internet Banking - Internet based
/07.23.29/2006-07 2006 Platforms for Dealing in Foreign
Exchange
iv) DBOD Comp BC No. 5853 November Internet Banking - Internet Based
/07.03.29/2007-08 15, 2007 Platforms for Dealing in Rupee Vostro
Accounts
v) DPSS.CO.No.619/02.23.02/ October Mobile Banking Transactions in India –
2008-09 08, 2008 Operative Guidelines for Banks
vi) DPSS.CO.No.1357/02.23.0 December Mobile Banking Transactions in India –
2/2009-10 24, 2009 Operative Guidelines for Banks
Page 9 of 10
� vii) DPSS.CO.No.2502/02.23.0 May 04, Mobile Banking Transactions in India –
2/2010-11 2011 Operative Guidelines for Banks
viii) UBD.BPD.(SCB)Cir No. Sep 26, Internet Banking for Customers of
1/09.18.300/2011-12 2011 UCBs
ix) DPSS.CO.PD.No.1098/02.2 December Mobile Banking Transactions in India –
3.02/2011-12 22, 2011 Operative Guidelines for Banks
x) UBD.BPD. (PCB). Cir No. October Internet Banking (View Only) Facility for
21/09.18.300/2014-15 13, 2014 Customers of UCBs
xi) DPSS.CO.PD.No.1017/02.2 December Mobile Banking Transactions in India –
3.02/2014-15 04, 2014 Operative Guidelines for Banks
xii) DCBR.BPD.(PCB/RCB) Cir. November Internet Banking Facility for Customers
No. 6 /19.51.026/2015-16 05, 2015 of Cooperative Banks
xiii) DBR.RRB.BC.No. November Internet Banking Facility for Customers
59/31.01.001 19, 2015 of Regional Rural Banks
/2015-16
xiv) DPSS.CO.PD.No./1265/02. December Mobile Banking Transactions in India –
23.001/2015-2016 17, 2015 Operative Guidelines for Banks
xv) DPSS.CO.PD.Mobile July 1, Master Circular – Mobile Banking
Banking. 2016 transactions in India – Operative
No./2/02.23.001/2016-2017 Guidelines for Banks
xvi) DoR.AUT.REC.81/24.01.00 November Eligibility Criteria for offering Internet
1/2022-23 01, 2022 Banking Facility by Regional Rural
Banks, 2022
13.2 All approvals/acknowledgements given under the above Circulars shall be deemed as
given under these Directions. Further, all the repealed Circulars are deemed to have been in
force during the relevant periods, prior to the coming into effect of these Directions.
Page 10 of 10
