The Reserve Bank of India has implemented immediate Master Directions regulating non-bank payment system operators, mandating digital-only infrastructure and strict "fit and proper" verification. Simultaneously, the RBI's Responsible Business Conduct Second Amendment protects bank consumers by restricting aggressive debt recovery actions and capping device-locking practices.
MUMBAI — The Reserve Bank of India (RBI) has officially enacted its Master Directions on Authorisation to Operate a Payment System, introducing an immediate compliance mandate for all non-bank payment operators. Parallel to this fintech overhaul, the central bank has issued the Reserve Bank of India (Commercial Banks - Responsible Business Conduct) Second Amendment Directions, 2026.
Together, these structural policies establish a rigid blueprint for corporate oversight in India’s banking and digital ecosystem. The updated payment framework completely restructures how mobile wallets, payment gateways, and prepaid instruments secure operational clearances. Simultaneously, the banking conduct amendment introduces strict liability parameters for outsourced loan recovery practices and consumer data privacy, rewriting the rules of engagement between financial institutions and the public.
Strict Capital Standards Enforced for Payment System Operators
The newly finalized Master Directions on Authorisation to Operate a Payment System mandate that any non-bank corporate entity seeking to issue Prepaid Payment Instruments (PPIs)—such as digital wallets, smart transit cards, or digitized gift vouchers—must clear a rigorous vetting process through the central bank's integrated PRAVAAH online portal.
Under the fresh guidelines, the RBI has established a permanent, multi-tiered framework for evaluating applicants:
Fit and Proper Review: The central bank will independently verify the structural integrity, management background, and ultimate beneficial ownership of all applicant companies, drawing background data from secondary financial regulators and statutory government departments. The RBI notes that its final assessment regarding "fit and proper" standing is legally binding and absolute.
Elimination of Paper Formats: The central bank has prohibited the issuance of paper-based payment vouchers, declaring that all newly authorized instruments must exist solely via secure digital applications, mobile wallets, or magnetic/EMV chip cards.
Foreign National Integration: To streamline cross-border travel retail, the directions formally institutionalize the "UPI One World" sub-category. Foreign travelers and non-resident Indians (NRIs) can secure specialized local wallets up to a monthly debit boundary of ₹5 lakh, strictly contingent upon electronic visa and passport authentication.
New Conduct Directives Clamp Down on Aggressive Loan Recovery
Simultaneously, the central bank has cracked down on third-party commercial bank operations via the Commercial Banks - Responsible Business Conduct Second Amendment Directions, 2026. This regulatory shift targets historical friction points within retail debt collections, placing direct legal liability back onto the boards of commercial banks.
Statutory Prohibition on Unresolved Accounts: Under the updated directions, commercial banks are explicitly prohibited from outsourcing or assigning a recovery case to an external agency if the borrower has an open, unresolved grievance filed with the bank’s internal redressal portal.
Furthermore, the code tightens restrictions on digital device financing, which includes mobile phones and tablets. Lenders are barred from remotely locking or restricting a default borrower's electronic hardware unless the underlying loan account is verified as at least 60 days past due. Such actions require a mandatory 21-day preliminary notice followed by an additional 7-day final warning. If a bank mistakenly restricts a device outside these parameters, it must unlock the device within one hour of rectification or pay a consumer compensation penalty of ₹250 for every hour of wrongful disruption.
Official Sources Section
The operational updates were issued directly via the Reserve Bank of India Department of Payment and Settlement Systems and the Department of Regulation. All regulatory measures align directly with the statutory authority granted to the central bank under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007, and relevant chapters of the Banking Regulation Act, 1949.
Quote Section
"According to officials familiar with the implementation timeline, the dual release marks a deliberate move to transition from standard reactive supervision to absolute proactive conduct enforcement. The objective is to eliminate loopholes where fintech innovators or third-party banking agents operate outside the standard protective perimeter designed for Indian retail consumers."
Why It Matters
For everyday banking consumers and smartphone users, these changes provide immediate structural defense against aggressive debt recovery and unauthorized digital platform activities. The strict timeline rules on device locking mean fintech lenders can no longer use sudden digital lockouts as a primary negotiation tactic for short-term defaults.
For digital finance companies, fintech firms, and payment system aggregators, the immediate activation of the Master Directions means compliance expenses will rise. Startups must adjust their onboarding workflows, revise escrow security, and re-verify their corporate structures to align with the RBI's permanent authorization policies.
Key Facts at a Glance
Immediate Effect: The new Master Directions on Payment System Authorisations are legally active across India, forcing platforms to upgrade compliance channels immediately.
Paper Outlawed: Paper-based prepaid vouchers are formally banned; all future non-bank prepaid tools must rely on digital architecture or chip cards.
Grievance Priority: Banks cannot hand over accounts to third-party recovery agents while a customer's formal dispute is actively undergoing review.
Lockout Penalty: Wrongful remote locking of financed mobile devices carries a strict statutory fine of ₹250 per hour payable directly to the consumer.
FAQ Section
Who is required to apply for authorization under the new RBI Payment System Directions?
Any non-bank corporate entity looking to operate, issue, or manage a public payment network or Prepaid Payment Instrument (such as a digital wallet, transit pass, or closed-loop digital card) within India must secure a Certificate of Authorisation via the RBI’s portal.
Can a recovery agent contact me at any hour of the day under the new 2026 conduct rules?
No. The responsible business conduct framework caps telecommunication and physical outreach by lenders or their authorized partners, limiting permissible customer contact strictly between 09:00 and 18:00 hours, unless a borrower gives clear, explicit consent otherwise.
What happens if my financed smartphone is locked incorrectly by a lender?
Under the new rules, the financing company or bank must restore your device's software access within exactly one hour of identifying the error. A failure to restore access within this window triggers a mandatory penalty of ₹250 per hour for the duration of the wrongful lockout.
Source: Reserve Bank of India Master Notifications, Ministry of Finance Press Information Bureau Releases.
