A customer applies for a loan. Along the way, an insurance cover is added. A credit card is sold as free, but the fee waiver depends on minimum spending. A mobile banking app flashes a limited-period loan offer with a countdown timer. An agent says a third-party product is “from the bank”, though the bank is only a distributor. These are familiar situations for many financial consumers. The Reserve Bank of India’s latest amendment directions on advertising, marketing and sale of financial products and services try to address precisely this grey zone between selling and mis-selling.On June 15, 2026, RBI issued final amendment directions covering a wide set of regulated entities. These include commercial banks, small finance banks, payments banks, local area banks, regional rural banks, urban and rural co-operative banks, All India Financial Institutions, housing finance companies, and most NBFCs. However, Core Investment Companies, Account Aggregators, Non-Operative Financial Holding Companies, and NBFCs with no customer interface are excluded from these rules. The directions will come into effect from January 1, 2027. The core message is simple — Financial products cannot be pushed through confusing consent, hidden add-ons, unsuitable recommendations, misleading ads or manipulative digital design.Clear consentOne of the most important changes is the focus on explicit consent (i.e. clear and specific permission). A financial product or service, whether offered by the regulated entity itself or by a third party, can be sold only with the customer’s specific and informed consent. This consent may be through a signed declaration, OTP approval, digitally recorded confirmation, or a clearly separated section in the agreement. They must also keep proof of the customer’s consent for one year after that product or service relationship ends.This matters because many customers do not always realise what they have agreed to. In loan, card or account-opening journeys, multiple products can be placed in the same form. The new rules say each product or service must be clearly listed, and the customer must have the option to choose only what is desired. The default choice for consent on any interface must be “No” or “I do not agree”.To ensure customers fully understand what they are signing, all sale documents and terms for the entity’s own products must be made available in the local regional language or a language understood by the customer. Furthermore, following an application, the entity must send a secure message or email acknowledging receipt, which must contain a phone number the customer can call for any further queries.RBI has defined mis-selling in a wider way. A sale can be treated as mis-selling if the product is unsuitable for the individual customer’s profile evaluated specifically at the time of sale, if correct and complete information was not provided, if consent was not explicit, or if another product was compulsorily bundled with the requested product. Importantly, even explicit consent may not protect the seller if the product was unsuitable for the customer’s profile at the time of the sale. However, basic products determined by the institution’s policy to be suitable for all customers are exempt from this strict suitability profiling.The new rules also target compulsory bundling (forcing one product along with another). A regulated entity cannot make one product conditional on another product, whether its own or from a third party. For example, a customer taking a loan should not be forced to buy insurance only from the lender’s preferred partner. If a product is genuinely needed as a risk mitigant, the customer must be allowed to buy it from any provider. Additionally, lenders are strictly prohibited from funding the purchase of any product or service (whether their own or a third party’s) out of the customer’s sanctioned loan facility without the customer’s explicit consent.Another major area is dark patterns (app or website tricks that push users into choices). RBI has listed several examples relevant to financial services. These include false urgency, basket sneaking (adding paid extras without clear permission), confirm shaming (making users feel guilty for saying no), forced action (making users do something unnecessary to continue), subscription traps, and interface interference (design that hides or highlights choices unfairly). There is also bait-and-switch (promising one thing but giving another), drip pricing (revealing charges only later), disguised advertisements, nagging, and trick wording.The new rules put responsibility on regulated entities for their DSAs (direct selling agents), DMAs (direct marketing agents), sub-agents, and third-party representatives. These agents cannot mislead customers about their identity or falsely present themselves as employees of the bank or NBFC. Furthermore, any outsourced agent or third-party representative selling products inside a branch must be visually distinguishable from regular employees, including wearing clear ‘on-person’ identification.To remove the root motivation for aggressive mis-selling, employees of regulated entities are barred from directly or indirectly receiving any sales incentives or commissions from third-party product providers. Entities must also maintain updated lists of DSAs and DMAs on their websites. Sales calls and visits are restricted to between 09:00 hours and 19:00 hours, and visits to a customer’s premises need explicit consent.What customers should doBefore agreeing to any financial product, customers should ask basic questions: Is this product compulsory or optional? Is it from the bank or a third party? What are the fees, charges, lock-in, exit terms and penalties? Has any add-on been selected by default?If a product appears to have been mis-sold, the customer can complain to the regulated entity within the timeline specified by the regulator. If no timeline is specified, the rules provide a 30-day window from receipt of the signed agreement. If mis-selling is established, the entity must refund the amount paid and compensate the customer for losses.Regulated entities must also build a mechanism to seek feedback within 30 days of a sale, which may involve randomly selecting customers. To ensure a fair and objective review, this feedback must be collected by a separate department that was not associated with selling the product.The takeaway is clear. Saying yes to a financial product should be an informed choice, not the result of pressure, confusion or design manipulation.Published on June 20, 2026