Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

RBI Issues Draft Amendment Directions for ‘Review of Framework of Limiting Customer Liability in Digital Transactions’

March 06, 2026 4 min read Economics Polity & Governance GS3 (Indian Economy digital payments banking regulation) GS2 (Government policies consumer protection)
On This Page

What Happened

  • The Reserve Bank of India (RBI) issued draft amendment directions on March 6, 2026, proposing to revise its 2017 framework on customer liability in unauthorised electronic banking transactions.
  • The revised framework expands scope beyond the original 2017 circular to cover additional categories of fraudulent electronic banking transactions, addressing gaps exposed by the rapid evolution of digital payments.
  • A new compensation mechanism for small-value fraudulent transactions has been introduced, with the RBI and banks sharing liability; the arrangement is designed to run for one year before review to shift more responsibility onto banks.
  • All categories of banks are covered: commercial banks, small finance banks, payments banks, local area banks, regional rural banks, urban co-operative banks, and rural co-operative banks.
  • Stakeholder feedback is invited until April 6, 2026, via the "Connect 2 Regulate" portal.

Static Topic Bridges

RBI's 2017 Customer Liability Framework: Foundation and Principles

The RBI issued its landmark circular "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" on July 6, 2017 (RBI/2017-18/15). It established the zero liability principle: if an unauthorised transaction occurs due to bank negligence or a third-party breach (not the customer's fault), the customer bears zero liability, provided they notify the bank promptly. The circular introduced time-based liability slabs: reporting within 3 working days = zero customer liability; 4-7 days = limited liability (capped by transaction value); beyond 7 days = liability determined by bank board policy. Crucially, the burden of proof lies with the bank — customers are not required to prove their innocence.

  • Issued: July 6, 2017 (RBI/2017-18/15)
  • Zero liability: applies when bank is negligent, or third-party breach occurs without customer fault
  • 3-day reporting threshold: zero customer liability
  • 4-7 day reporting: limited liability (capped amounts by account type)
  • Bank must credit the amount to customer within 10 working days of notification
  • Complaint resolution deadline: 90 days from receipt
  • Burden of proof: on the bank, not the customer

Connection to this news: The 2026 draft amendment builds on this 2017 framework, expanding its coverage to new fraud categories (e.g., SIM swap, deepfake-based fraud, UPI interoperability fraud) that emerged after 2017 and were not explicitly covered.

India's Digital Payment Ecosystem: Scale and Fraud Risks

India is one of the world's leading digital payment markets. UPI (Unified Payments Interface), launched in 2016 by NPCI, processed over 15 billion transactions per month by 2025-26 — the largest real-time payment system globally by volume. The rapid scale-up has been accompanied by rising digital fraud. The RBI's Annual Report and cybercrime data show a significant increase in phishing, vishing (voice phishing), SIM swap, and social engineering frauds targeting bank accounts. The number of digital payment fraud cases reported to cybercrime portals has grown year-on-year, with small-value transactions particularly underserved by existing redressal mechanisms.

  • UPI: Launched April 2016; operated by NPCI (National Payments Corporation of India)
  • UPI volume (2025-26): ~15 billion+ transactions/month
  • India ranks #1 globally in real-time payment transactions
  • Digital fraud categories: phishing, vishing, SIM swap, mule accounts, QR code scams
  • RBI's "Payments Vision 2025" target: 3x UPI volume, enhanced consumer protection

Connection to this news: The 2026 amendment responds to the explosion in digital fraud types not covered under the 2017 framework — particularly in non-traditional payment channels and cooperative bank customers who had less robust protections.

RBI's Regulatory Architecture for Consumer Protection in Banking

The RBI exercises banking regulation under the Reserve Bank of India Act, 1934, and the Banking Regulation Act, 1949. Consumer protection in banking is underpinned by the Banking Ombudsman Scheme (now Integrated Ombudsman Scheme 2021), which provides a single-window alternate dispute resolution for bank customers. The RBI Integrated Ombudsman handles complaints against banks, NBFCs, payment system operators, and prepaid instruments under one roof. In 2023, the RBI launched the "Daksh" supervisory system for real-time complaint monitoring. The proposed compensation mechanism — where RBI and banks share liability for small-value frauds — is a novel approach that creates a shared financial incentive for banks to improve fraud prevention infrastructure.

  • RBI Banking Regulation Act, 1949: primary statute for banking sector oversight
  • RBI Integrated Ombudsman Scheme: launched November 2021 (replaced 3 separate schemes)
  • Daksh: RBI's advanced supervisory monitoring system (2023)
  • "Connect 2 Regulate" portal: RBI's stakeholder feedback platform for draft regulations
  • New mechanism: RBI + bank shared liability for small-value frauds — transitions to bank-only after 1 year

Connection to this news: The draft amendment is a regulatory response using the RBI's standard consultation process ("Connect 2 Regulate") — the shared liability model is designed to incentivise banks to invest in fraud prevention rather than treating losses as solely the customer's or insurer's problem.

Key Facts & Data

  • Original framework: RBI Circular dated July 6, 2017 (RBI/2017-18/15)
  • New draft issued: March 6, 2026
  • Feedback deadline: April 6, 2026 (via "Connect 2 Regulate" portal or mcsdorfeedback@rbi.org.in)
  • Scope expanded: All fraudulent electronic banking transactions (not just unauthorised ones)
  • Covered institutions: Commercial banks, SFBs, Payments Banks, LABs, RRBs, UCBs, rural co-operative banks
  • New mechanism: RBI + bank shared liability for small-value frauds; reviewed after 1 year to increase bank's share
  • 2017 rule: zero liability if reported within 3 days; bank must credit within 10 working days
  • UPI volume: 15+ billion transactions/month (2025-26); India is world's largest real-time payments market