RBI/DOR/2025-26/386
DOR.RAUG.AUT.REC.309/24.01.041/2025-26 November 28, 2025 Reserve Bank of India (Rural Co-operative Banks – Digital Banking Channels Authorisation) Directions, 2025 In exercise of the powers conferred under Section 35A read with Section 56 of the Banking Regulation Act, 1949 (hereinafter called the Act), the Reserve Bank, being satisfied that it is necessary and expedient in the public interest so to do, hereby, issues the following directions. Chapter I – Preliminary 1. Short Title and Commencement These Directions shall be called the Reserve Bank of India (Rural Co-operative Banks - Digital Banking Channels Authorisation) Directions, 2025. 2. Effective Date These Directions shall come into effect from January 01, 2026. 3. Applicability The provisions of these Directions shall be applicable to Rural Co-operative Banks operating in India (hereinafter collectively referred to as 'banks' and individually as a 'bank'). In this context, rural co-operative banks shall mean State Co-operative Banks and Central Co-operative Banks, as defined in the National Bank for Agriculture and Rural Development Act, 1981. 4. Definitions 4.1 In these Directions, unless the context otherwise requires, the following definitions shall be applicable: (a) Digital Banking Channels – Digital Banking Channels refer to modes provided by the banks over web sites (i.e., internet banking), mobile phones (i.e., mobile banking) or other digital channels through customer's electronic devices/equipment for the execution of financial and other banking transactions as required for digital banking services involving significant level of process automation and/or interfacing with other institutions/entities. (b) Internet Banking Channel – Digital banking channel offered by a bank to its customers for operating their accounts and accessing its services over the internet (including web browser-based applications but excluding mobile applications). (c) Mobile Banking Channel – Digital banking channel offered by a bank to its customers for operating their accounts and accessing its services using mobile applications, unstructured supplementary service data (USSD) and short message service (SMS). (d) View Only Banking Facility – A feature of digital banking channels which only allows banking services that do not alter the asset or liability of the customer viz. balance enquiry, balance viewing, account statement download, etc. Note: Loans, funds transfers, and other such facilities, which create liability for the customer and/or involve movement of funds, cannot be provided by banks having view only facility over digital channels. However, banks providing view only facility can provide downloadable forms for such facilities. (e) Transactional Banking Facility – A feature of digital banking channels through which all transactions involving funds or other banking services can be provided. 4.2 All other expressions unless defined herein shall have the same meaning as have been assigned to them under the Banking Regulation Act, 1949 or the Reserve Bank of India Act, 1934 and rules / regulations made thereunder, or any statutory modification or re-enactment thereto, or Glossary of terms published by the Reserve Bank or as used in commercial parlance, as the case may be. Chapter II – Prudential Requirements 5. Policies and Procedures Banks shall put in place comprehensive policy(ies) for all digital banking channels keeping in account all statutory and regulatory requirements (including on management of liquidity and operational risks in digital banking scenario). 6. Eligibility Criteria for providing view only banking facility 6.1 All banks which have implemented Core Banking Solution (CBS) and have enabled their public facing Information technology (IT) infrastructure to handle Internet Protocol Version 6 (IPv6) traffic are eligible to provide view only banking facility for internet banking, mobile banking, and other digital banking channels-based services. 6.2 The banks commencing view only digital banking channel(s), from date of applicability of these Directions, shall intimate the Department of Regulation, Reserve Bank of India (through the PRAVAAH portal) along with a copy of the 'Gap Assessment and Internal Controls Adequacy' (GAICA) report as prescribed in para 7.1(e)(i) below within thirty days from the decision to launch the facility with the approval of bank board. A copy of the intimation to the Reserve Bank shall also be forwarded to National Bank for Agriculture and Rural Development (NABARD). The process shall be subject to scrutiny as deemed fit by the supervisors. 7. Eligibility Criteria for providing transactional banking facility 7.1 Banks shall require prior approval of the Reserve Bank for launching transactional banking facility. Subject to fulfilment of the eligibility criteria as enumerated below, banks may apply to the Department of Regulation, Reserve Bank of India (through the PRAVAAH portal) for launch of transactional banking facility, along with the approval of bank board and other necessary supporting documents. a) Implementation of CBS and public facing IT infrastructure being enabled to handle IPv6 traffic. b) Compliance with minimum regulatory CRAR requirement. c) Minimum paid up capital/Net worth as prescribed by RBI (as amended from time to time) or ₹50 crores, whichever is higher, as on March 31st of the immediately preceding financial year. d) Availability of adequate financial and technical capabilities for this facility. The applicant bank shall submit detailed report indicating the expected expenditure (on set up, maintenance, and upgradation) along with availability of funds for offering the proposed facility on an ongoing basis. Further, the report shall also include the details of cost-benefit analysis, third-party technology service providers (if any), technology proposed to be adopted, and availability of skilled personnel to manage the operations / oversee the outsourcing partners' operations. e) A satisfactory track record of regulatory compliance including with cyber security guidelines and a sound internal control system. This shall be assessed through the following: -
GAICA Report with respect to the technological controls prescribed in para 8 of these Directions. The report shall be certified by (third party) CERT-In empaneled auditor(s). -
Absence of any major adverse observations in the Information Security (IS) Audit reports for the last two financial years. -
Supervisory inputs. 7.2 Once an approval is granted under these Directions, the bank can provide all types of digital banking channels. If a bank had received approval for a particular digital banking channel (like mobile banking) before the date of applicability of these Directions, it shall ensure compliance to the eligibility criteria as detailed in para 7.1(a) to (d) above before launching any other digital banking channel. Further, the GAICA Report, certified by (third party) CERT-In empanelled auditor(s), addressing the specific requirement for the new proposed channels shall be sent to the Department of Regulation, Reserve Bank of India (through the PRAVAAH portal) with the approval of bank board within thirty days from the decision to launch the facility. A copy of the submission to the Reserve Bank shall also be forwarded to NABARD. The process shall be subject to scrutiny as deemed fit by the supervisors. Chapter III – Guidelines on Technological Issues in Digital Banking 8. The following instructions shall be applicable for banks offering digital banking services. The banks shall also ensure compliance with reporting requirements as prescribed by NABARD. (1) DoS.CO.CSITE.SEC.No.1852/31.01.015/2020-21 dated February 18, 2021 – Master Direction on Digital Payment Security Controls, as amended from time to time (Chapters II, III and IV of the MD are now extended to RCBs). (2) Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds- Implementation of recommendations. (As specified in para (ii) of the Annex to Master Direction on Information Technology, Governance, Risks, Controls and Assurance Practices dated November 07, 2023, as amended from time to time). (3) UBD.No.Admn.46b/17:36:00/97-98 dated March 30, 1998 – Risks and Control in Computer and Telecommunication Systems, as amended from time to time. (4) DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19 dated October 19, 2018 – Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs), as amended from time to time. (5) DoS.CO/CSITE/BC.4083/31.01.052/2019-20 dated December 31, 2019 – Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach, as amended from time to time. (6) DOS.CO.FMG.SEC.No.6/23.04.001/2024-25 dated July 15, 2024 – Master Direction on Fraud Risk Management in Urban Cooperative Banks (UCBs) /State Cooperative Banks (StCBs) / Central Cooperative Banks (CCBs), as amended from time to time. Chapter IV – General Guidelines All banks offering digital banking services, regardless of type of facility, shall comply with the directions contained in this chapter on a continuous basis. 9. Compliance Banks shall ensure continuous adherence to the following in conduct of their digital banking operations: -
The provisions (as amended from time to time) of the Information Technology Act, 2000, Digital Personal Data Protection Act, 2023, and other legal requirements. The jurisdiction of legal settlement would be within India. -
For transfer of funds from the accounts of customers using digital banking for delivery in cash to the recipients, conditions stipulated in the circulars on 'Domestic Money Transfer – Review of Framework' dated July 24, 2024 and 'Domestic Money Transfer- Relaxations' dated October 05, 2011 as issued and amended from time to time by the Department of Payment and Settlement Systems (DPSS), Reserve Bank. -
Instructions issued by the Reserve Bank of India (Rural Co-operative Banks – Responsible Business Conduct) Directions, 2025 and other authorities on provision of banking facilities to persons with disabilities including 'Accessibility Standards and Guidelines for Banking Sector' as notified by the Ministry of Finance, Government of India on February 02, 2024. -
FEMA 1999 and applicable instructions issued by the Reserve Bank. -
Relevant instructions issued by DPSS under the Payment and Settlement Systems (PSS) Act, 2007. -
The instructions/Directions on KYC/AML/CFT issued and as amended by the Reserve Bank from time to time. 10. Customer Conduct and Other Instructions 10.1 Banks shall obtain explicit consent from the customer for registering/de-registering (in case of existing customers) for digital banking services and the consent shall be duly recorded/documented. It shall also be clearly indicated that SMS/email alerts will be sent to the mobile number/email of the customer registered with the bank for operations, both financial and non-financial, in their account(s). 10.2 Multiple channels for registration of these services may be provided to minimize the need for branch visits and application processing time. 10.3 For registration, banks shall provide the terms and conditions in clear and simple language (preferably in English, Hindi, and the local language) which is easily comprehensible to the customer. These shall provide details of charges (if any) to be levied under specific circumstances, timeframe and process to initiate stop-payment instructions, helpdesk details, grievance redressal, and risks, responsibilities, and liabilities of customers. 10.4 Banks shall comply with the guidelines on customer protection including limiting of liability in unauthorised electronic banking transactions as provided in Reserve Bank of India (Rural Co-operative Banks – Responsible Business Conduct) Directions, 2025 (as amended from time to time), sending of alerts (through SMS, email, etc.), and ensure that the terms and conditions provided to customers are compliant with the instructions. 10.5 Banks shall not make it mandatory for the customer to opt for any digital banking channel to avail any other banking facility like debit cards. Customers can avail, if they so desire, one or more services under digital banking channels, however, there shall be no compulsory bundling of services by the bank. The choice to avail any digital banking facility shall lie solely with the customer. The banks can, however, obtain and record mobile numbers of all customers to send transaction or other alerts. 10.6 Banks offering mobile banking service (other than through mobile applications) must ensure that customers across mobile network operators can avail of the service, i.e., the service shall be network independent. 10.7 Banks shall put in place appropriate risk mitigation measures in accordance with their policies like transaction limit (per transaction, daily, weekly, monthly), transaction velocity limit, fraud checks, etc. depending on their risk perception. It is clarified that wherever specific requirements have been prescribed by the Reserve Bank or respective payment system operators through which the transaction is routed or switched (for example, NPCI, Card networks like VISA, Mastercard, etc.), the requirements that are stricter of the two shall be applicable. Banks shall ensure continuous compliance with instructions issued by the Reserve Bank in this regard as amended from time to time. 10.8 Post customer login, third-party products and services, shall not be displayed on banks' digital banking channels except as specifically permitted by the Reserve Bank from time to time in terms of the applicable instructions contained in Reserve Bank of India (Rural Co-operative Banks - Branch Authorisation) Directions, 2025, and other related instructions, as amended from time to time. Chapter V – Exemptions, Repeal and Other Provisions 11. Exemptions The Reserve Bank may, if it considers necessary for avoiding any hardship or for any other just and sufficient reason, grant extension of time to comply with or exempt any regulated entity, from all or any of the provisions of these Directions either generally or for any specified period, subject to such conditions as the Reserve Bank may impose. 12. Repeal and saving 12.1 With the issue of these Directions, the existing Directions, instructions, and guidelines on the subject as applicable to Rural Co-operative Banks stand repealed as communicated vide circular DOR.RRC.REC.302/33-01-010/2025-26 dated November 28, 2025. The directions, instructions, and guidelines repealed prior to the issuance of these Directions shall continue to remain repealed. 12.2 Notwithstanding such repeal, any action taken or purported to have been taken, or initiated under the repealed Directions, instructions, or guidelines shall continue to be governed by the provisions thereof. All approvals or acknowledgments granted under these repealed lists shall be deemed as governed by these Directions. Further, the repeal of these directions, instructions, or guidelines shall not in any way prejudicially affect: -
any right, obligation or liability acquired, accrued, or incurred thereunder; -
any, penalty, forfeiture, or punishment incurred in respect of any contravention committed thereunder; -
any investigation, legal proceeding, or remedy in respect of any such right, privilege, obligation, liability, penalty, forfeiture, or punishment as aforesaid; and any such investigation, legal proceedings or remedy may be instituted, continued, or enforced and any such penalty, forfeiture or punishment may be imposed as if those directions, instructions, or guidelines had not been repealed. 13. Application of other laws not barred The provisions of these Directions shall be in addition to, and not in derogation of the provisions of any other laws, rules, regulations, or directions, for the time being in force. 14. Interpretations For the purpose of giving effect to the provisions of these Directions or in order to remove any difficulties in the application or interpretation of the provisions of these Directions, the RBI may, if it considers necessary, issue necessary clarifications in respect of any matter covered herein and the interpretation of any provision of these Directions given by the RBI shall be final and binding. (Manoranjan Padhy)
Chief General Manager |