Jan 2027 Deadline: Is Your DSA & Bancassurance Team Mis Selling Compliant?

June 29, 2026

From 1 January 2027, RBI's Responsible Business Conduct Directions, 2026 and IRDAI's parallel bancassurance rules hold banks, NBFCs and insurers directly accountable for mis-selling by DSAs, relationship managers and bancassurance staff, including full customer refunds where mis-selling is proven. Being compliant means every DSA and bancassurance team member must be able to show documented customer consent, a recorded suitability check and zero forced bundling, well before the deadline, not after the first complaint lands.

Table of Contents

  1. What's Changing: RBI's Responsible Business Conduct Directions, 2026
  2. IRDAI Is Moving in Lockstep on Bancassurance
  3. Why DSAs and Bancassurance Staff Are Ground Zero
  4. What "Mis-Selling Compliant" Actually Means: A Working Checklist
  5. What Happens If Your Team Isn't Ready by January 1, 2027
  6. How to Get Your DSA and Bancassurance Team Compliant Before the Deadline
  7. Frequently Asked Questions

What's Changing: RBI's Responsible Business Conduct Directions, 2026

The Reserve Bank of India finalised a sweeping overhaul of how banks and NBFCs sell financial products, formally notified as the Commercial Banks (Responsible Business Conduct) Second Amendment Directions, 2026. The framework comes into force on 1 January 2027, and it changes the compliance conversation for every institution that distributes products through direct selling agents, relationship managers or third-party channels.

Three provisions matter most for L&D and compliance teams:

Consent can no longer be bundled. Every product now needs its own specific, informed and unambiguous consent, captured through a clear affirmative action and properly recorded. A bank can no longer get a customer to agree to five things with a single tick box.

Forced bundling is banned. A loan can no longer be made conditional on buying insurance, an investment product or any other add-on, whether it's the bank's own product or a partner's. Voluntary, no-extra-cost packages are still allowed, but the customer's "no" has to be a real option.

Banks own the conduct of their agents. RBI has been explicit that institutions cannot escape responsibility by blaming an outsourced DSA, a marketing partner or a digital channel. The directions follow a principle-based, channel-agnostic approach, so the same standard applies whether the sale happened in a branch, over a call, through an app or via a tele-calling partner.

If mis-selling is established, the institution must refund the full amount the customer paid and compensate for any resulting loss. That single clause turns mis-selling from a reputational issue into a direct, quantifiable financial liability sitting with the bank or NBFC, not the agent who made the sale.

IRDAI Is Moving in Lockstep on Bancassurance

While RBI was finalising its rules, IRDAI moved on the insurance side of the same problem. Bancassurance, insurance sold through bank branches, has long been one of the most mis-selling-prone channels in BFSI, largely because customers who walk in for a fixed deposit or a loan tend to trust whatever the bank's staff recommends.

IRDAI's recent directions prohibit bundling insurance with loans and hold insurers accountable for mis-selling committed by their distribution partners, including bank-led bancassurance channels. A parallel consultation paper goes further, proposing that insurance intermediaries earning more than ₹10 crore in annual commissions must publicly disclose those earnings, and that every policy be tagged to the specific individual who sold it.

The numbers explain the urgency. Life insurers paid out roughly ₹60,800 crore in commissions in FY25, an 18% jump year-on-year, while premium growth lagged far behind at under 7%. On the non-life side, commission expenses crossed ₹47,000 crore, and IRDAI has already flagged over 20 insurers for exceeding their permitted expense limits. For a large bank with a sizeable insurance premium book, bancassurance commissions can run into hundreds of crores of fee income a year, which is exactly why regulators are tightening the channel rather than ignoring it.

Put simply: RBI is closing the loophole from the lending side, IRDAI is closing it from the insurance side, and bancassurance sits squarely in the middle of both.

Why DSAs and Bancassurance Staff Are Ground Zero

Two roles carry the most direct exposure under the new framework.

Direct Selling Agents (DSAs) are the front line for personal loans, credit cards and many retail lending products. They are typically paid on volume, work outside the bank's direct supervision, and have historically had the least formal compliance training of any customer-facing role in BFSI. Under the new rules, every DSA conversation now needs to produce documentable, product-specific consent and a suitability rationale, not just a signed form.

Bancassurance staff and Specified Persons sit at the exact intersection RBI and IRDAI are both targeting. They are bank employees selling insurance products, often under pressure to hit cross-sell targets tied to deposits, FDs or loan disbursements. Suitability, disclosure of the bank's role as a corporate agent rather than the insurer, and avoiding pressure-based pitches are no longer best practice, they are the regulatory baseline.

If either of these teams is operating on outdated scripts, informal on-the-job training or "learn by shadowing a senior colleague," the institution is carrying risk it cannot see until a complaint or an audit surfaces it.

What "Mis Selling Compliant" Actually Means: A Working Checklist

Requirement

What It Looks Like in Practice

Product-specific consent

Separate, recorded consent for every product, no bundled tick boxes

Suitability assessment

Documented match between the product and the customer's income, risk appetite and stated need

No forced bundling

Loan approval is never conditional on buying insurance or any other add-on

Channel accountability

DSAs, telecallers and bancassurance staff trained to the same standard as in-house employees

Disclosure of role

Bancassurance staff clearly state they are acting as a corporate agent, not the insurer

Incentive design review

Compensation structures reviewed so they don't reward volume over suitability

Escalation and refund readiness

A documented process to identify, refund and report mis-selling when it happens

If a DSA, relationship manager or bancassurance Specified Person cannot demonstrate all seven of these in a single customer interaction, that interaction is a compliance gap under the new framework, regardless of whether the sale itself was well-intentioned.




What Happens If Your Team Isn't Ready by January 1, 2027

The deadline is not a soft one. From 1 January 2027, three things change immediately for every institution covered by the directions:

  • Refund liability becomes automatic once mis-selling is established, regardless of which channel or agent made the sale.
  • "We didn't know" stops being a defence, because the channel-agnostic approach makes the regulated entity responsible for outsourced and digital sales by design.
  • Audit and supervisory exposure increases, since RBI and IRDAI inspections will now be checking for documented consent and suitability records, not just policy documents sitting in a compliance folder.
Nine months sounds like a long runway. For a bank or NBFC with a large DSA network, or an insurer with thousands of bancassurance touchpoints, it is barely enough time to redesign scripts, retrain staff, update consent capture systems and run a verification cycle before the deadline arrives.

How to Get Your DSA and Bancassurance Team Compliant Before the Deadline

Compliance training for this deadline needs to do three things: cover the regulatory detail correctly, reach distributed and high-turnover teams like DSAs at scale, and leave an auditable training record your compliance team can produce on demand.

Smart Online Course, the eLearning platform of the Risk Management Association of India, offers a set of courses purpose-built for exactly this requirement, each backed by dual RMAI and BFSI Sector Skill Council of India certification, an AI mentor trained on the course content, and implementation toolkits your team can put to use immediately.

Bancassurance: Business Models, Sales Strategy and Compliance (7 hours) is the most direct fit, covering how bancassurance is structured, where mis-selling risk concentrates, and what compliant sales conduct looks like under the current regulatory environment.

Fraud Risk Management in Banking (7 hours) and KYC, AML & Customer Due Diligence in Financial Services (5 hours) round out the compliance foundation for any team that sells regulated financial products, whether through a branch or a third-party channel.

Third Party Vendor Risk Management (6 hours) is the natural complement for institutions that need to extend this same standard to DSAs, outsourced telecalling partners and other third-party sales channels now squarely within RBI's accountability net.

For organisations managing the broader governance side of this shift, Risk & Governance in NBFCs (10 hours) and Governance, Risk and Compliance (12 hours) build the institutional capability to design compensation structures, escalation processes and audit documentation that hold up under regulatory review.

Every course includes MCQ assessments after each lecture, module-level progress tracking and team-wide dashboards, so L&D and compliance leaders can show, not just claim, that DSA and bancassurance teams were trained ahead of the deadline.

Frequently Asked Questions

What is RBI's mis-selling deadline for 2027? 

RBI's Commercial Banks (Responsible Business Conduct) Second Amendment Directions, 2026 come into force on 1 January 2027. From that date, banks and NBFCs are fully accountable for mis-selling committed through any channel, including DSAs and bancassurance staff, and must refund customers where mis-selling is established.

Who do the new RBI rules apply to? 

The directions apply to commercial banks and NBFCs, with corresponding requirements extended to small finance banks, payments banks, regional rural banks and local area banks. Any institution that sells financial products through DSAs, telecalling partners or bancassurance channels is covered.

Does this affect insurance sold through banks? 

Yes. IRDAI has issued its own directions prohibiting the bundling of insurance with loans and holding insurers accountable for mis-selling by their distribution partners, including bancassurance channels run through bank branches. The two regulators are tightening the same practice from opposite sides.

What counts as mis-selling under the new framework? 

RBI's definition covers selling a product that doesn't match the customer's needs, income or risk appetite, giving incomplete or misleading information, selling without clear recorded consent, and pressuring a customer to buy one product as a condition of getting another.

What happens if a DSA mis-sells a product after the deadline? 

The bank or NBFC, not the DSA, carries the liability. The institution must refund the customer in full and compensate for any resulting loss. The new rules explicitly prevent institutions from shifting blame to outsourced agents or marketing partners.

Can banks still pay DSAs and employees performance-based incentives? 

Yes, RBI has clarified that incentive payments to employees can continue. What changes is that incentive structures cannot be designed in a way that rewards volume at the expense of suitability, and institutions are expected to review their compensation programmes accordingly.

Is online training sufficient for RBI and IRDAI compliance documentation? 

Structured online training with assessments, certification and a documented completion record is widely used across BFSI institutions to demonstrate training compliance during regulatory reviews. The key requirement is that the training is verifiable and specific to the roles being regulated, such as DSAs and bancassurance Specified Persons, rather than generic onboarding content.

How long does compliance training for a DSA or bancassurance team typically take?

 Focused, role-specific courses on bancassurance compliance, fraud risk and KYC/AML typically run between 5 and 7 hours, making them practical to roll out across large or distributed DSA and bancassurance networks well before a regulatory deadline.