- The RBI proposed tighter limits on customer liability for fraudulent electronic transactions at Rural Co-operative Banks.
- Banks must implement mandatory SMS alerts for all electronic transactions exceeding five hundred rupees.
- The draft shifts the burden of proving liability from the customer to the banking institution.
(INDIA) — The Reserve Bank of India issued the Draft RBI (Rural Co-operative Banks – Responsible Business Conduct) Third Amendment Directions, 2026 on March 9, 2026, proposing tighter limits on customer liability for unauthorized and fraudulent electronic transactions at Rural Co-operative Banks.
The proposed directions set an effective date of July 1, 2026, and aim to revise and strengthen how Rural Co-operative Banks (RCBs) prevent fraud, alert customers, and determine who bears losses when digital transactions go wrong.
RBI issued the draft under Sections 35A and 56 of the Banking Regulation Act, 1949. The draft notification reference is DOR.MCS.REC.No. /01-01-038/2025-26.
The directions target RCBs and focus on electronic banking transactions and fraud prevention measures. They sit within RBI’s wider Responsible Business Conduct initiative for modernising these banks and aligning their controls more closely with larger commercial banks.
RBI framed the proposal as a customer-protection measure for rural populations that rely on co-operative banking. The draft links stronger safeguards to building trust in digital banking channels.
Alongside fraud prevention, the draft sets out a liability framework that shifts key evidentiary responsibility onto banks. Under the proposal, the burden of proving customer liability in unauthorized electronic transactions lies with the bank, not the customer.
RCBs would have to implement fraud detection and prevention systems as a mandatory requirement. The draft also requires banks to make transaction monitoring and customer notification more immediate, including through alerts.
A core requirement is mandatory SMS alerts for all electronic transactions exceeding ₹500. RBI also requires banks to provide round-the-clock ways for customers to report fraud.
Those reporting channels must operate 24×7 and include web, phone, SMS, and email. The intent is to let customers flag suspicious activity immediately, without waiting for branch hours.
On liability, the draft introduces a “zero liability” standard in specified circumstances. Customers will have zero liability if the fraud occurs due to bank negligence, or if a third-party breach is reported within five working days.
The five-working-day window links customer protection to prompt reporting, while also tying the bank’s responsibility to the facts of the incident. By placing the burden of proof on the bank, the proposal changes how disputed transactions could be assessed inside RCBs.
RBI also proposes a compensation mechanism for what it calls “small-value frauds.” The draft defines small-value frauds as incidents up to ₹50,000.
Under that mechanism, victims may receive compensation of up to 85% of the loss, capped at ₹25,000. The cost would be shared between RBI and the respective bank.
The compensation proposal adds a second layer of relief beyond the zero-liability framework, depending on the circumstances and value involved. RBI’s draft ties this to improving consumer confidence as more rural customers use electronic channels.
The broader Responsible Business Conduct framing reflects RBI’s effort to update co-operative bank practices as fraud risks rise alongside digital adoption. RBI’s draft describes rural users as more vulnerable to digital fraud, and points to instant alerts as a trust-building measure.
Mandatory alerts and 24×7 reporting also aim to reduce delays in recognising unauthorized activity. That can matter in cases where customers do not regularly check balances, or where transactions occur when branch offices are closed.
The draft’s emphasis on negligence and third-party breaches sets a standard that can determine whether customers pay at all. It also gives banks a defined obligation to demonstrate why a customer should be held liable, rather than requiring customers to prove they were not at fault.
For Rural Co-operative Banks, the directions also imply operational changes. Banks would need to support high-availability reporting channels, maintain alerting systems, and adopt fraud detection and prevention systems that RBI describes as robust.
RBI’s proposal comes as co-operative banks play a central role in many rural districts, where branch networks handle deposits, payments, and remittances. The draft aims to align RCB security standards with larger banks, as digital payments extend deeper into rural markets.
The draft also touches on interface practices, stating that customers gain higher protection against digital scams and “dark patterns” in banking interfaces. The directions connect such protections to prompt reporting and to bank responsibilities for prevention and response.
Non-Resident Indians (NRIs) with RCB accounts, or those who support family members with such accounts, are also covered by the proposal’s mechanisms. RBI’s draft highlights more transparent fraud reporting and the mandatory email/SMS alert system for international monitoring.
By requiring reporting channels that include email, the draft builds in a pathway for customers outside India to flag suspicious activity. The mandatory SMS alerts for transactions above ₹500 would also provide immediate prompts when funds move.
Although the draft focuses on banking regulation, it also intersects with how individuals document finances for cross-border purposes. The draft notes that people applying for U.S. visas such as H-1B or F-1 who use RCB accounts for financial evidence or remittances should ensure banks follow these Responsible Business Conduct standards.
That reference does not make the draft a U.S. immigration policy. No official statements or policy memos from U.S. Citizenship and Immigration Services (USCIS) or the U.S. Department of Homeland Security (DHS) address this specific draft.
The proposal instead sits squarely within RBI’s regulatory mandate. It adds requirements meant to standardise how Rural Co-operative Banks detect fraud, notify customers, and handle disputes about unauthorized electronic transactions.
In practical terms for customers, the draft expands what banks must do before and after fraud occurs. Before fraud, it requires stronger detection and preventive systems and imposes automated messaging for transactions exceeding ₹500.
After fraud, it sets expectations around immediate reporting access and clarifies who must prove liability. It also offers a structured compensation route for small-value incidents up to ₹50,000, with a defined percentage and cap.
The draft’s combination of alerts, reporting access, and a bank-held burden of proof reflects a shift toward institutional accountability. RBI’s text links these measures to modernising RCBs under Responsible Business Conduct and to encouraging safer digital use.
RBI published the official draft notification on its website, rbi.org.in, under the reference DOR.MCS.REC.No. /01-01-038/2025-26. The draft also appears in a regulatory archive entry titled Draft RBI Third Amendment Directions 2026.
With July 1, 2026 set as the proposed start date, the directions outline a timeline for Rural Co-operative Banks and their customers to prepare for new standards. For rural users, RBI’s draft frames the changes as a stronger shield against fraud losses and a clearer path to reporting and redress when unauthorized transfers occur.
