RBI enforcement: tightening NBFC governance, outsourcing, recovery rules
Key Questions
What are the key RBI recovery rules effective from April 2026?
The rules mandate 2FA for digital payments and ban harassment by recovery agents, including calls outside 10am-6pm, contacting relatives, and jail threats for defaults. They address OTP flaws and reinforce respectful treatment of borrowers.
Can loan defaulters be sent to jail under new RBI guidelines?
No, RBI explicitly bans jail for defaults. The guidelines focus on eliminating harassment and abusive recovery practices.
What restrictions apply to calls from loan recovery agents?
Agents cannot call outside 10am-6pm or contact relatives. Harassment via calls, WhatsApp blackmail, or verbal abuse is prohibited, as seen in cases like KreditBee reviews.
Is 2FA mandatory for UPI and digital payments?
Yes, from 1 April 2026, 2FA is mandatory for all digital payments including UPI to enhance security. This combats phishing through better VPA, PIN, and OTP protections.
How do the new rules impact fintechs and NBFCs?
Regulations tighten NBFC governance, outsourcing, digital lending, mis-selling, and fraud guidelines, affecting fintechs like OneCard, Leo1, mPokket, RAKB, TrueBalance, and KreditBee. They shift focus from abusive agents to compliant practices.
What is CredResolve's approach to debt recovery?
CredResolve, an AI debt collector managing $6B in assets, is adapting to RBI compliance by avoiding harassment, unlike traditional abusive agents. It supports ethical recovery amid the regulatory shift.
What settlement options are available for salaried borrowers?
Options like CredSettle's One Time Settlement (OTS) and salaried settlement plans are available, reinforcing RBI's no-harassment rules. Lenders must treat borrowers respectfully during recovery.
How are small finance banks positioned amid these RBI changes?
Small finance banks are advancing in micro revival efforts. The regulations on NBFC-bank ties and UPI limits support their growth while enforcing stricter governance.
Datta case + digital lending/mis-selling/fraud guidelines; recovery/2FA mandate (1 Apr 2026) bans harassment/calls outside 10am-6pm/no relatives/OTP flaws/no jail for defaults; UPI security (VPAs/PIN/OTP) combats phishing; NBFC/bank ties/UPI limits/SFB micro revival. Regs hit fintechs (OneCard/Leo1); CredResolve AI ($6B assets) compliance shift vs abusive agents (mPokket/RAKB/TrueBalance/KreditBee); CredSettle OTS; salaried settlement plans reinforce no-harassment rules; OTP vulnerabilities/Tamil harassment confirmed; KreditBee reviews highlight WhatsApp blackmail.