RBI Issues Draft Norms to Curb Mis-selling, Ban Dark Patterns, Forced Bundling by Regulated Entities

The Reserve Bank of India has proposed a sweeping overhaul of rules governing the advertising, marketing and sale of financial products by regulated entities, tightening safeguards against mis-selling and compulsory bundling. The draft amendment directions for ‘Advertising, Marketing and Sales of Financial Products and Services by Regulated Entities’, slated to take effect from July 1, 2026, lay down granular standards aimed at strengthening consumer protection and accountability.

The proposed framework will apply to all regulated entities, and NBFCs. At its core is a requirement that regulated entities adopt a comprehensive board-approved policy covering the sale of both their own and third-party financial products. The policy must address product suitability and appropriateness, customer feedback mechanisms, and compensation procedures in cases where mis-selling is established.

Before marketing or selling a financial product, regulated entities will have to assess its suitability for the customer. This evaluation must consider product features, risk-return characteristics, tenure, complexity and fee structure, in relation to the customer’s age, income, financial literacy and risk tolerance. The central bank has made it clear that internal incentive structures must not encourage aggressive cross-selling or create pressures that could lead to unsuitable recommendations.

The draft defines mis-selling to include the sale of unsuitable products, provision of misleading information and transactions executed without explicit customer consent. Consent for multiple products cannot be clubbed together. Compulsory bundling is expressly prohibited, though voluntary or complimentary packages are allowed if transparently offered and accepted.

Regulated entities will be barred from bundling third-party products with their own offerings or marketing such products as proprietary. All promotional material must be factual and transparent, with full disclosure of fees, charges and interest rates. In addition, regulated entities are prohibited from deploying “dark patterns” on digital platforms — such as fake countdown timers or pre-ticked add-ons — that nudge customers into hasty decisions. User interface testing and periodic internal audits will be required to identify and eliminate such practices.

The RBI has also tightened norms around Direct Selling Agents and Direct Marketing Agents. Regulated entities must maintain and publish an updated list of such agents on their websites. Any agent operating within bank premises must be clearly distinguishable from bank employees, including through visible identification. Sales calls and visits will be restricted to between 9:00 am and 6:00 pm unless specifically authorised by the customer.

A mandatory post-sale safeguard has also been introduced. Regulated entities must seek customer feedback within 30 days of a product sale to confirm understanding and consent. If mis-selling is established, the bank must refund the full amount paid and compensate the customer for any consequential loss.

Separately, under the draft amendment to the Undertaking of Financial Services Directions, regulated entities may undertake only regulated financial products and services. They may act as insurance brokers departmentally, subject to conditions, and undertake agency business on a fee basis without risk participation. Referral arrangements with third-party product and service providers will be tightly controlled, with only a one-time fee permitted and no ongoing commissions allowed.