1. Executive Summary
On April 21, 2026, the Reserve Bank of India (RBI) issued consolidated directions regarding the E-mandate framework for digital payments. The update standardizes the processing of recurring online transactions, enhancing consumer protection through mandatory Additional Factor of Authentication (AFA), flexible mandate controls, and revised transaction limits. This report outlines the changes and provides a strategic management action plan to ensure immediate compliance.
2. Applicable Entities
The directions are applicable to all payment system providers and participants handling recurring digital payments, specifically:
- All Scheduled Commercial Banks (including RRBs, UCBs, StCBs, and DCCBs)
- Payments Banks and Small Finance Banks
- Card Payment Networks (e.g., Visa, Mastercard, RuPay)
- Non-bank Prepaid Payment Instrument (PPI) Issuers
- National Payments Corporation of India (NPCI)
3. Detailed Amendments & Management Action Plan
A. Mandatory AFA for Registration & Initial Transaction
Specific Changes Required: A customer opting for the e-mandate facility must complete a one-time registration process validated by an Additional Factor of Authentication (AFA). Furthermore, the first transaction executed under any new e-mandate must be authenticated with AFA, supplementing standard issuer checks.
Management Action Plan:
- Product/UX Team: Overhaul the e-mandate onboarding flow across web and mobile platforms to natively integrate seamless AFA (e.g., device binding, biometrics, or dynamic OTP).
- IT/Core Banking: Update transaction routing logic to explicitly flag and intercept the first transaction of a newly registered mandate, ensuring it undergoes mandatory AFA validation.
- Compliance: Conduct an immediate audit of current registration gateways to ensure no mandates are activated passively.
B. Revised Thresholds for AFA Exemption
Specific Changes Required: Subsequent recurring transactions are exempt from AFA up to certain limits. The standard limit is capped at ₹15,000. However, for specific categories—insurance premiums, mutual fund subscriptions, and credit card bill payments—the AFA exemption limit is extended up to ₹1,00,000. Any transaction exceeding these respective limits mandates AFA.
Management Action Plan:
- Risk & Fraud Management: Update the risk-engine rules to dynamically trigger AFA based on the transaction value and the Merchant Category Code (MCC).
- Technology: Implement automated MCC verification to accurately distinguish between general recurring payments (₹15k limit) and the exempted categories (₹1L limit).
- Customer Communication: Deploy targeted alerts (SMS/Email) to customers with existing mandates exceeding these limits, advising them of the new authentication requirements prior to the next billing cycle.
C. Customer Controls: Validity, Variable Amounts, & Modifications
Specific Changes Required: Customers must define a specific validity period for each mandate. For variable amount mandates, customers must set a maximum transaction cap. Users must be granted the flexibility to modify or cancel the mandate at any time. Any structural change to an existing mandate requires fresh AFA.
Management Action Plan:
- Digital Channels: Launch a centralized “Mandate Management Dashboard” within the banking app/portal, allowing users to view, pause, modify, or revoke active mandates.
- Backend Engineering: Implement strict validation rules to automatically decline transactions that surpass the user-defined cap for variable mandates.
- Security: Ensure that the API endpoints handling mandate modifications (e.g., extending validity, increasing cap) enforce a new AFA challenge before committing the change.
D. Zero Customer Charges for E-mandate Facility
Specific Changes Required: The RBI strictly mandates that no separate fees or charges can be levied on customers for registering, utilizing, modifying, or cancelling the e-mandate facility for recurring payments.
Management Action Plan:
- Finance & Billing: Immediately review the master tariff schedule and eliminate any line items associated with e-mandate registration or processing fees.
- Operations: Reconfigure automated billing systems to guarantee zero deductions occur during mandate lifecycle events.
- Customer Support: Train the grievance redressal team to proactively identify and immediately refund any fees erroneously charged to customers post the April 21, 2026 effective date.