Reserve Bank had issued the draft Reserve Bank of India (Responsible Business Conduct) Third Amendment Directions, 2026 on March 6, 2026 for seeking feedback from stakeholders. The draft Amendment Directions inter alia proposed to enhance the scope of existing instructions on limiting liability of customers in unauthorised electronic banking transactions to cover other categories of fraudulent electronic banking transactions, reduce the time taken by banks to process complaints related to fraudulent electronic banking transactions, and introduce a compensation mechanism for small value fraudulent electronic banking transactions.
Refer the Press release Dated June 24, 2026, here
These instructions will be effective from January 1, 2027.
This is for general information of Bank customers.
Interested persons are requested to peruse the directions available below.
- Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026
- Reserve Bank of India (Small Finance Banks – Responsible Business Conduct) Third Amendment Directions, 2026
- Reserve Bank of India (Payments Banks – Responsible Business Conduct) Second Amendment Directions, 2026
- Reserve Bank of India (Local Area Banks – Responsible Business Conduct) Third Amendment Directions, 2026
- Reserve Bank of India (Regional Rural Banks – Responsible Business Conduct) Third Amendment Directions, 2026
- Reserve Bank of India (Urban Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026
- Reserve Bank of India (Rural Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Key points to be noted are the insertion of definition of Negligence by Bank and negligence by customer.
Accordingly the following two directions have been inserted.
(20B) Negligence by a bank inter alia includes the following actions by the bank:
(i) not putting in place the mandated systems and procedures to ensure safety and security of EBTs; or
(ii) not sending mandatory alerts for EBTs; or
(iii) not providing 24×7 channels for reporting of fraudulent EBTs or loss of debit / credit card; or
(iv) not acting diligently upon a customer notification regarding unauthorised EBT(s) or loss of debit / credit card; or
(v) system malfunctions / security breaches / internal frauds leading to unauthorised EBTs.
(20C) Negligence by a customer inter alia includes the following actions by the customer:
(i) failing to exercise reasonable care in usage of credentials such as PIN, password, OTP or other details (e.g., providing credentials for carrying out transactions to another person, whether intentionally or otherwise, writing down and storing the PIN with a debit / credit card, etc.); or
(ii) not notifying the bank promptly after finding out about a fraudulent EBT, or loss of a debit / credit card; or
(iii) not paying attention to specific, directed and clear warnings from the bank that a prospective transaction is likely a scam; or
(iv) downloading malicious apps; or
(v) failing to update her / his registered mobile number / email address with the bank in case of change.”.
Third party breach has been defined as under:
26.1A Third-party breach means a situation where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and includes deficiency on the part of an intermediary such as a Third-Party Application Provider (TPAP), Payment Aggregator (PA), Payment Gateway (PG), Telecom Service Provider (TSP), etc
For full details kindly refer to the links provided above in the press release.
Naavi
