Beyond Compliance: How RBI’s New Responsible Business Conduct Framework Will Reshape NBFC Growth

Beyond Compliance: How RBI’s New Responsible Business Conduct Framework Will Reshape NBFC Growth 

On 15 June 2026, the Reserve Bank of India introduced the Reserve Bank of India (Non-Banking Financial Companies – Responsible Business Conduct) Second Amendment Directions, 2026. While it may appear to be another compliance update, the circular signals a much broader shift in regulatory expectations. 

At its core, RBI is asking NBFCs to move from a sales-first approach to a customer-first approach. 

The framework covers advertising, marketing, product suitability, customer consent, third-party product distribution, mis-selling, and even the design of digital customer journeys. Together, these measures could significantly reshape how NBFCs acquire, engage, and retain customers. 

A Shift from Product Sales to Customer Outcomes 

Traditionally, regulatory compliance focused on whether disclosures were provided. The new framework goes a step further by emphasizing whether customers truly understand the products they are purchasing. 

Before selling certain financial products, NBFCs will now be expected to assess customer suitability based on factors such as age, income, financial literacy, risk tolerance, and product complexity. 

This is a significant shift. A product sold with customer consent may still be considered mis-sold if it was unsuitable for that customer. 

Mis-selling Is Now a Boardroom Issue 

One of the most important aspects of the amendment is RBI’s expanded definition of mis-selling. 

Mis-selling now includes: 

• Selling unsuitable products 

• Providing incomplete or misleading information 

• Selling without explicit consent 

• Compulsory bundling of products 

• Other regulator-defined mis-selling practices 

The consequences are equally significant. Where mis-selling is established, NBFCs may be required to refund customer payments, cancel the sale where applicable, and compensate customers for losses suffered. 

This transforms mis-selling from a compliance concern into a business and reputational risk. 

The End of Forced Bundling 

Cross-selling has long been an important revenue stream for financial institutions. However, RBI has drawn a clear distinction between customer choice and customer compulsion. 

NBFCs can no longer make the purchase of one product conditional on buying another third-party product. Even where an insurance policy or similar product is required as a risk mitigant, customers must be free to choose the provider. 

Institutions relying heavily on bundled sales models may need to rethink their distribution strategies. 

RBI’s Message to Digital Lenders: Eliminate Dark Patterns 

Perhaps the most forward-looking element of the circular is the explicit prohibition of dark patterns. 

The framework identifies practices such as: 

• False urgency 

• Basket sneaking 

• Confirm shaming 

• Subscription traps 

• Drip pricing 

• Trick wording 

• Interface interference 

This means compliance is no longer limited to legal and risk teams. Product managers, UX designers, marketing teams, and digital platform owners now have a direct role in regulatory compliance. 

For many NBFCs, digital onboarding journeys and mobile applications may require a comprehensive review before the framework becomes effective. 

Consent Must Be Real, Not Assumed 

The circular also raises the standard for customer consent. 

Consent must be explicit, informed, specific, and unambiguous. Customers should be able to choose products individually rather than being pushed through bundled consent journeys. 

One of the most notable requirements is that the default option for consent should be “No” or “I Do Not Agree.” 

For digital lenders and fintech partnerships, this could require substantial redesign of onboarding and cross-selling workflows. 

Greater Accountability for DSAs and Sales Partners 

The framework places significant responsibility on NBFCs for the conduct of Direct Selling Agents (DSAs), Direct Marketing Agents (DMAs), and their sub-agents. 

Institutions must establish governance mechanisms covering: 

• Due diligence 

• Training 

• Monitoring 

• Audits 

• Performance standards 

• Disciplinary actions 

The message is straightforward: outsourcing sales does not mean outsourcing responsibility. 

What Should NBFCs Do Next? 

With the framework becoming effective from 1 January 2027, NBFCs have a limited window to prepare. 

Priority areas should include: 

• Reviewing responsible business conduct policies 

• Assessing product suitability frameworks 

• Strengthening DSA governance 

• Redesigning consent mechanisms 

• Identifying and removing dark patterns 

• Enhancing customer feedback and grievance processes 

• Aligning incentives with customer outcomes rather than product volumes