Reserve Bank of India (Commercial Banks - Responsible Business Conduct) Third Amendment Directions, 2026

What Happened

• The Reserve Bank of India issued the Third Amendment to the RBI (Commercial Banks — Responsible Business Conduct) Directions, 2025, on June 24, 2026, with provisions effective from January 1, 2027.
• The amendment introduces standardised definitions for electronic banking transactions (EBTs), including "Card Not Present," "Card Present," "Fraudulent EBT," and "Unauthorised EBT."
• Banks are mandated to send SMS alerts for all transactions above ₹500 and email alerts for all EBTs where contact details are available, containing details such as account/card number, amount, date, time, and transaction channel.
• A revised liability framework establishes zero-liability for customers when fraud stems from bank negligence or third-party breaches reported within five calendar days; customers bear liability only for their own negligence.
• Compensation for eligible customers is capped at 85% of net loss (maximum ₹25,000 per lifetime claim) for verified losses up to ₹50,000, with the RBI covering 65–76% of compensation amounts and beneficiary banks contributing proportionally.
• Banks must resolve domestic complaints within 45 days and cross-border complaints within 60 days, with the burden of proof resting on the institution.

Static Topic Bridges

RBI (Commercial Banks — Responsible Business Conduct) Directions, 2025

The Responsible Business Conduct (RBC) Directions were issued by the RBI under Section 35A of the Banking Regulation Act, 1949, which empowers the RBI to issue binding directions to any banking company in the public interest, to prevent affairs being conducted in a manner detrimental to depositors, or to secure proper management. The original RBC Directions, 2025, issued on November 28, 2025, consolidated and strengthened regulatory instructions relating to customer service and fair conduct across commercial banks. The Third Amendment builds on this framework specifically to address the growing volume and complexity of digital/electronic banking fraud.

Customer Liability in Unauthorised Electronic Banking Transactions

Customer liability norms for unauthorised digital transactions were first codified by the RBI in a 2017 circular and have since been progressively tightened. The principle is that when fraud is attributable to bank-side negligence or systemic vulnerability, the customer must be made whole. The 2026 amendment sharpens this by specifying a tiered framework: zero liability for bank-negligence or third-party breach (if reported within five days), and proportional liability for customer negligence.

Digital Payments Architecture and Fraud Typology

India's digital payments ecosystem is regulated by the RBI under the Payment and Settlement Systems Act, 2007, and the National Payments Corporation of India (NPCI) operates key retail payment systems including UPI, IMPS, NACH, and RuPay. "Card Not Present" (CNP) transactions — where the physical card is not used and only credentials are entered online — are disproportionately targeted in fraud because authentication relies on static data such as card numbers and CVVs. The amendment's definitional clarity on CNP vs. Card Present transactions directly strengthens the fraud-type classification that determines liability.

Key Facts & Data

• Legal basis: Section 35A, Banking Regulation Act, 1949.
• Notification date: June 24, 2026; effective date of new provisions: January 1, 2027.
• SMS alert threshold: transactions above ₹500.
• Zero-liability window for third-party breach reporting: five calendar days.
• Compensation cap: 85% of net loss, maximum ₹25,000 per lifetime claim, for verified losses up to ₹50,000.
• RBI contribution to compensation: 65–76% of the compensated amount.
• Domestic complaint resolution deadline: 45 days; cross-border: 60 days.
• Burden of proof: rests on the bank, not the customer.
• Parallel amendments issued for Local Area Banks, Small Finance Banks, and Regional Rural Banks under equivalent Responsible Business Conduct Directions.