DIGITAL BANKINGMay 2026 · 8 min read

RBI Digital Banking Authorisation 2026 — What Every Bank Must Now Have in Place

From January 1, 2026, banks can only offer internet banking, mobile banking, USSD, SMS banking, and other electronic channels if they hold explicit authorisation under RBI's new Digital Banking Channels Authorisation system. The previous fragmented standards are replaced by a unified governance framework.

What the New Framework Covers

The Digital Banking Channels Authorisation system covers all electronic delivery channels through which banks interact with customers — internet banking, mobile banking apps, USSD-based banking for feature phones, SMS banking, and any other digital channel. The framework establishes eligibility requirements, governance standards, and ongoing compliance requirements that banks must satisfy to receive and retain authorisation.

Banks that were already operating these channels prior to January 1, 2026 are required to obtain authorisation within a specified transition period. New banks or new channel launches require prior RBI authorisation before going live.

Five Governance Requirements for Authorisation

1
Board-Approved Digital Banking Policy

Banks must have a comprehensive Board-approved policy covering all digital channels — governance structure, risk appetite for digital channels, customer onboarding standards, and escalation protocols for digital incidents.

2
Enhanced Authentication Standards

Upgraded authentication requirements for digital payments and banking transactions. Multi-factor authentication is mandatory across all channels. Biometric-based authentication is encouraged for high-value transactions.

3
Digital Liquidity Risk Management

Enhanced liquidity assumptions for digital deposits — recognising that digital deposits can be withdrawn at scale faster than traditional deposits. Stress testing must model digital deposit flight scenarios.

4
Ring-Fencing of Core Banking

Core banking infrastructure must be ring-fenced from digital channel layers. This has significant implications for banks with monolithic architectures — a separation of concerns that many older core banking systems were not designed for.

5
Board-Approved Restructuring Plan

Banks that do not currently meet all requirements must prepare a Board-approved restructuring plan by March 31, 2026, with a clear roadmap to full alignment by March 31, 2028.

What This Means for NBFCs Running Digital Lending Platforms

While the Digital Banking Authorisation framework applies directly to banks, NBFCs operating as Lending Service Providers (LSPs) for banks, or running their own digital lending apps, face indirect obligations. Banks that partner with NBFCs for digital customer acquisition and loan origination must ensure their LSP arrangements comply with the new channel governance standards.

NBFCs should review their LSP agreements with partner banks to confirm that their digital channel integrations align with the new framework. Banks will increasingly require NBFCs to meet enhanced data security, authentication, and governance standards as a condition of LSP arrangements.

Related Articles
CYBER
RBI Cybersecurity for NBFCs — CERT-In Audit, 6-Hour Incident Reporting
 RBI
Digital Lending Guidelines — Where Most NBFCs Are Still Non-Compliant

Navigating digital banking compliance or LSP governance obligations?

A 30-minute discovery call will identify your specific obligations under the new digital banking framework and your LSP arrangement review priorities.

Book a Discovery Call