The Reserve Bank of India (RBI) has issued a significant set of amendments on June 24, 2026, aimed at enhancing customer protection in digital transactions. Stemming from the draft issued on March 6, 2026, these amendments expand the scope of customer liability limits beyond mere “unauthorised” transactions to include broader categories of “fraudulent” electronic banking transactions. Key objectives include reducing complaint processing Turn Around Time (TAT) to 45 days for domestic and 60 days for cross-border cases, and introducing a mandatory compensation mechanism for small-value frauds (up to ₹50,000 loss, providing 85% of the net loss or ₹25,000, whichever is lower).
1. Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Applicable Entities
All Scheduled Commercial Banks (excluding Regional Rural Banks).
Specific Changes Required
- Expanded Scope: Systems must be updated to categorize and track not just “unauthorised” transactions (where the customer had no role), but broader “fraudulent” transactions (e.g., social engineering, phishing) reported within 5 calendar days.
- Accelerated Resolution (TAT): Strict adherence to completing investigations and communicating outcomes within 45 days for domestic and 60 days for cross-border fraud complaints.
- Small-Value Compensation: Implementation of a mechanism to compensate individual customers suffering genuine losses up to ₹50,000. Compensation is capped at 85% of the net loss or ₹25,000, whichever is lower (applicable once per lifetime).
Management Action Plan
- Technology Upgrade: Overhaul the Customer Relationship Management (CRM) and core banking systems to integrate the new categorization of “fraudulent” vs. “unauthorised” by Q3 2026.
- Process Re-engineering: Establish a dedicated fast-track desk within the dispute resolution team specifically handling the new small-value compensation mandate.
- Board Approval: Revise the Customer Protection Policy to reflect new liability limits and present it to the Board for approval by October 2026.
Real-World Example
Current State: A customer is tricked into sharing an OTP losing ₹30,000. The bank denies liability because the transaction was “authorized” via OTP.
Post-Amendment State: If reported within 5 calendar days, the bank treats this as a “fraudulent” transaction. Since the loss is under ₹50,000, the bank provides an immediate compensation of ₹25,000 (as 85% of 30,000 is 25,500, but capped at 25,000), and completes the final investigation within the 45-day domestic TAT.
2. Reserve Bank of India (Small Finance Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Applicable Entities
All Small Finance Banks (SFBs).
Specific Changes Required
- Proportionate Liability Caps: Adoption of the revised liability caps which may be structured differently for SFBs given their customer base compared to major commercial banks.
- Enhanced Reporting: Mandatory immediate reporting mechanisms for customers to block accounts/cards upon suspecting fraud, accessible via feature phones, given SFBs’ rural/semi-urban penetration.
Management Action Plan
- Communication Drive: Launch a massive regional-language SMS and IVR campaign educating customers on how to report frauds instantly.
- System Automation: Implement API-driven auto-crediting systems for the mandated small-value compensations to avoid manual processing bottlenecks.
- Staff Training: Train branch staff, especially in Tier 3/4 cities, on handling the new definitions of “fraudulent” transactions and assisting walk-in victims.
Real-World Example
An SFB customer in a semi-urban area loses ₹2,000 via a fraudulent UPI collect request and reports it on the Cyber Crime Helpline 1930 within 5 days. Under the new rules, the SFB must compensate the customer with ₹1,700 (85% of ₹2,000) well within the 45-day maximum TAT, significantly easing the burden on rural demographics.
3. Reserve Bank of India (Payments Banks – Responsible Business Conduct) Second Amendment Directions, 2026
Applicable Entities
All Payments Banks.
Specific Changes Required
- Wallet/Account Scrutiny: Given the high volume, low-value nature of Payments Banks, specific focus is required on the small-value compensation mechanism for wallet transfers and UPI.
- Merchant vs. P2P Fraud: Clearer demarcation and processing rules for frauds originating at merchant points (P2M) versus peer-to-peer (P2P) transfers.
Management Action Plan
- Fraud Analytics: Upgrade the real-time fraud monitoring engines to detect patterns indicative of the new, broader definition of “fraudulent” activities before they are completed.
- Liquidity Buffer: Finance teams must model the expected outflow for the new mandatory small-value compensations (85% up to ₹25,000) and provision a dedicated buffer.
- Partner SLAs: Renegotiate Service Level Agreements (SLAs) with BCs (Business Correspondents) to align with the strictly enforced 45-day domestic TAT for complaint resolution.
Real-World Example
A customer’s wallet is compromised, and multiple ₹500 recharges are made. The Payments Bank’s automated system must now immediately flag this, block the wallet, and initiate the small-value compensation protocol for the lost funds within the new, shorter deadline.
4. Reserve Bank of India (Local Area Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Applicable Entities
All Local Area Banks (LABs).
Specific Changes Required
- Tiered Compliance Implementation: Depending on the Tier of the UCB, implementation of robust dispute management systems to meet the reduced 45/60-day processing TAT.
- Shadow Reversals: Requirement to provide “shadow reversal” of the disputed amount within 5 days of receiving a complaint, particularly for credit card or domestic electronic frauds.
Management Action Plan
- Cyber Insurance Review: Reassess current cyber insurance policies to ensure adequate coverage for the expected increase in bank-borne liabilities due to the new compensation mandates.
- Shadow Credit Mechanism: The IT department must code a “shadow credit” or “provisional credit” ledger functionality into the CBS to comply with immediate relief requirements.
- Audit Committee Briefing: Prepare a detailed briefing for the Audit Committee on the financial impact of the small-value compensation mechanism.
Real-World Example
A UCB customer reports a fraudulent internet banking transfer. The UCB must provide a “shadow reversal” credit to the customer’s account within 5 days, allowing the customer to use funds while the bank completes its investigation before the 45-day domestic TAT deadline.
7. Reserve Bank of India (Rural Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Applicable Entities
State Co-operative Banks (StCBs) and District Central Co-operative Banks (DCCBs).
Specific Changes Required
- Basic Digital Safety Nets: Establishing foundational digital grievance redressal mechanisms, as many Rural Co-ops lag in digital infrastructure.
- Third-Party Breach Liability: Clear procedures for instances where fraud occurs due to breaches in third-party systems (like shared switch networks) connecting these banks.
Management Action Plan
- NABARD Consultation: Work closely with NABARD to access support or shared services for implementing the required 24/7 fraud reporting systems.
- Switch Provider Agreements: Review contracts with ASPs (Application Service Providers) and ATM switch networks to ensure liability falls on them if the fraud originates from their system compromise.
- Manual Override Controls: Create strict manual override protocols for branch managers to authorize small-value compensations where automated systems are not yet feasible.
Real-World Example
A farmer’s RuPay card issued by a DCCB is skimmed at a compromised ATM of another bank. The DCCB must process the customer’s complaint under the new accelerated TATs and provide compensation, subsequently raising the dispute with the acquiring bank/network switch regarding liability.