In the final guidelines RBI has also removed the requirement for banks to take prior central bank approval before launching any new digital channel a change from the draft when banks had to take RBI consent for any new banking channel.
In the draft digital banking channel authorisation guidelines released in July, RBI had said third-party products and services including those of promoter or bank group entities should not be displayed on banks’ digital banking channels. Banks had requested that they may be allowed to display or advertise various products including those approved by the respective sectoral regulators, flagship government schemes or offered in partnership with FinTechs on their respective digital properties.
RBI said after extensive discussions with regulated entities their suggestions were partially accepted. “…it has been decided that post customer login, the banks shall display only those products which are specifically permitted for a bank to deal in. It may be clarified here that only those products and services which are allowed to be offered to a customer through a branch customer interface (viz. banking products, flagship Government Schemes, financial third- party products for which a bank has distribution arrangement, etc.) may be available for a customer to view post login,” RBI said.
RBI however has accepted banks’ suggestion to not seek its approval every time a bank introduces a new digital channel. “Prior approval requirement (has been) removed for any additional channels as the bank providing one digital channel is expected to have appropriate wherewithal including the cyber security framework for extending another channel with similar risks,” RBI said.
The digital banking channel authorisation norms also require banks to comply with a minimum regulatory capital adequacy requirement & net worth or Rs 50 crore, whichever is higher, as on March 31st of the immediately preceding financial year. Banks had sought either removal or reduction in the minimum net worth requirement of Rs 50 crore as well as lowering of capital adequacy requirement, which the RBI has disallowed.”Digital banking channels expose banks to significant additional operational risks, especially the cyber security risks, and mitigation of the same would require continued upgradation of security systems as also adequate financial bandwidth to bear losses, if any, arising out of security breach/es. Therefore, retaining a threshold capital/financial strength is considered indispensable,” RBI said in the final guidelines.RBI has also removed the paragraph in the draft guidelines asking banks to put in place risk-based transaction monitoring and surveillance mechanism, study of customer transaction behaviour pattern and monitoring unusual transactions or obtaining prior confirmation from customers for outlier transactions.
In their feedback to the RBI banks had expressed difficulty in implementing prior customer confirmation or outlier transactions. “The point has been deleted as the issues emanating from the outlier transactions are governed by the master direction on fraud risk management,” RBI said.