There are no items in your cart
Add More
Add More
| Item Details | Price | ||
|---|---|---|---|
June 29, 2026
The Reserve Bank of India finalised a sweeping overhaul of how banks and NBFCs sell financial products, formally notified as the Commercial Banks (Responsible Business Conduct) Second Amendment Directions, 2026. The framework comes into force on 1 January 2027, and it changes the compliance conversation for every institution that distributes products through direct selling agents, relationship managers or third-party channels.
Three provisions matter most for L&D and compliance teams:
Consent can no longer be bundled. Every product now needs its own specific, informed and unambiguous consent, captured through a clear affirmative action and properly recorded. A bank can no longer get a customer to agree to five things with a single tick box.
Forced bundling is banned. A loan can no longer be made conditional on buying insurance, an investment product or any other add-on, whether it's the bank's own product or a partner's. Voluntary, no-extra-cost packages are still allowed, but the customer's "no" has to be a real option.
Banks own the conduct of their agents. RBI has been explicit that institutions cannot escape responsibility by blaming an outsourced DSA, a marketing partner or a digital channel. The directions follow a principle-based, channel-agnostic approach, so the same standard applies whether the sale happened in a branch, over a call, through an app or via a tele-calling partner.
If mis-selling is established, the institution must refund the full amount the customer paid and compensate for any resulting loss. That single clause turns mis-selling from a reputational issue into a direct, quantifiable financial liability sitting with the bank or NBFC, not the agent who made the sale.
While RBI was finalising its rules, IRDAI moved on the insurance side of the same problem. Bancassurance, insurance sold through bank branches, has long been one of the most mis-selling-prone channels in BFSI, largely because customers who walk in for a fixed deposit or a loan tend to trust whatever the bank's staff recommends.
IRDAI's recent directions prohibit bundling insurance with loans and hold insurers accountable for mis-selling committed by their distribution partners, including bank-led bancassurance channels. A parallel consultation paper goes further, proposing that insurance intermediaries earning more than ₹10 crore in annual commissions must publicly disclose those earnings, and that every policy be tagged to the specific individual who sold it.
The numbers explain the urgency. Life insurers paid out roughly ₹60,800 crore in commissions in FY25, an 18% jump year-on-year, while premium growth lagged far behind at under 7%. On the non-life side, commission expenses crossed ₹47,000 crore, and IRDAI has already flagged over 20 insurers for exceeding their permitted expense limits. For a large bank with a sizeable insurance premium book, bancassurance commissions can run into hundreds of crores of fee income a year, which is exactly why regulators are tightening the channel rather than ignoring it.
Put simply: RBI is closing the loophole from the lending side, IRDAI is closing it from the insurance side, and bancassurance sits squarely in the middle of both.
Two roles carry the most direct exposure under the new framework.
Direct Selling Agents (DSAs) are the front line for personal loans, credit cards and many retail lending products. They are typically paid on volume, work outside the bank's direct supervision, and have historically had the least formal compliance training of any customer-facing role in BFSI. Under the new rules, every DSA conversation now needs to produce documentable, product-specific consent and a suitability rationale, not just a signed form.
Bancassurance staff and Specified Persons sit at the exact intersection RBI and IRDAI are both targeting. They are bank employees selling insurance products, often under pressure to hit cross-sell targets tied to deposits, FDs or loan disbursements. Suitability, disclosure of the bank's role as a corporate agent rather than the insurer, and avoiding pressure-based pitches are no longer best practice, they are the regulatory baseline.
If either of these teams is operating on outdated scripts, informal on-the-job training or "learn by shadowing a senior colleague," the institution is carrying risk it cannot see until a complaint or an audit surfaces it.
If a DSA, relationship manager or bancassurance Specified Person cannot demonstrate all seven of these in a single customer interaction, that interaction is a compliance gap under the new framework, regardless of whether the sale itself was well-intentioned. |
|||||||||||||||||
The deadline is not a soft one. From 1 January 2027, three things change immediately for every institution covered by the directions:
Compliance training for this deadline needs to do three things: cover the regulatory detail correctly, reach distributed and high-turnover teams like DSAs at scale, and leave an auditable training record your compliance team can produce on demand.
Smart Online Course, the eLearning platform of the Risk Management Association of India, offers a set of courses purpose-built for exactly this requirement, each backed by dual RMAI and BFSI Sector Skill Council of India certification, an AI mentor trained on the course content, and implementation toolkits your team can put to use immediately.
Bancassurance: Business Models, Sales Strategy and Compliance (7 hours) is the most direct fit, covering how bancassurance is structured, where mis-selling risk concentrates, and what compliant sales conduct looks like under the current regulatory environment.
Fraud Risk Management in Banking (7 hours) and KYC, AML & Customer Due Diligence in Financial Services (5 hours) round out the compliance foundation for any team that sells regulated financial products, whether through a branch or a third-party channel.
Third Party Vendor Risk Management (6 hours) is the natural complement for institutions that need to extend this same standard to DSAs, outsourced telecalling partners and other third-party sales channels now squarely within RBI's accountability net.
For organisations managing the broader governance side of this shift, Risk & Governance in NBFCs (10 hours) and Governance, Risk and Compliance (12 hours) build the institutional capability to design compensation structures, escalation processes and audit documentation that hold up under regulatory review.
Every course includes MCQ assessments after each lecture, module-level progress tracking and team-wide dashboards, so L&D and compliance leaders can show, not just claim, that DSA and bancassurance teams were trained ahead of the deadline.
What is RBI's mis-selling deadline for 2027?
RBI's Commercial Banks (Responsible Business Conduct) Second Amendment Directions, 2026 come into force on 1 January 2027. From that date, banks and NBFCs are fully accountable for mis-selling committed through any channel, including DSAs and bancassurance staff, and must refund customers where mis-selling is established.
Who do the new RBI rules apply to?
The directions apply to commercial banks and NBFCs, with corresponding requirements extended to small finance banks, payments banks, regional rural banks and local area banks. Any institution that sells financial products through DSAs, telecalling partners or bancassurance channels is covered.
Does this affect insurance sold through banks?
Yes. IRDAI has issued its own directions prohibiting the bundling of insurance with loans and holding insurers accountable for mis-selling by their distribution partners, including bancassurance channels run through bank branches. The two regulators are tightening the same practice from opposite sides.
What counts as mis-selling under the new framework?
RBI's definition covers selling a product that doesn't match the customer's needs, income or risk appetite, giving incomplete or misleading information, selling without clear recorded consent, and pressuring a customer to buy one product as a condition of getting another.
What happens if a DSA mis-sells a product after the deadline?
The bank or NBFC, not the DSA, carries the liability. The institution must refund the customer in full and compensate for any resulting loss. The new rules explicitly prevent institutions from shifting blame to outsourced agents or marketing partners.
Can banks still pay DSAs and employees performance-based incentives?
Yes, RBI has clarified that incentive payments to employees can continue. What changes is that incentive structures cannot be designed in a way that rewards volume at the expense of suitability, and institutions are expected to review their compensation programmes accordingly.
Is online training sufficient for RBI and IRDAI compliance documentation?
Structured online training with assessments, certification and a documented completion record is widely used across BFSI institutions to demonstrate training compliance during regulatory reviews. The key requirement is that the training is verifiable and specific to the roles being regulated, such as DSAs and bancassurance Specified Persons, rather than generic onboarding content.
How long does compliance training for a DSA or bancassurance team typically take?
Focused, role-specific courses on bancassurance compliance, fraud risk and KYC/AML typically run between 5 and 7 hours, making them practical to roll out across large or distributed DSA and bancassurance networks well before a regulatory deadline.