Under draft amendments to the RBI’s Responsible Business Conduct Directions, banks would be permitted to deploy technology-based mechanisms to restrict functionalities of a borrower’s mobile device, but only under tightly regulated conditions. The proposal seeks to formalise and regulate a practice increasingly adopted by some digital lenders and fintech firms in smartphone financing. The draft directions will come into effect from October 1, 2026.
The RBI has clarified that such restrictions can be imposed only where the loan was specifically used to finance the purchase of that device. The loan agreement must explicitly permit such action and clearly disclose the circumstances under which restrictions may be imposed, the graduated approach that would be followed, timelines for curing defaults, and grievance redress mechanisms available to borrowers.
The draft norms specify that lenders can initiate restrictions only after the account becomes 90 days past due and after issuing multiple notices to the borrower. Banks would first have to issue a notice once the loan becomes 60 days overdue, giving borrowers at least 21 days to cure the default. A second notice providing another seven days would also be mandatory before any restriction is imposed.
Importantly, the central bank has barred lenders from completely blocking critical phone functionalities. Essential services such as internet access, incoming calls, emergency SOS features and receipt of government or public safety notifications cannot be disabled. The RBI has also directed lenders to adopt a “graduated approach” instead of completely disabling devices immediately.
The draft directions further mandate that lenders reverse restrictions within one hour once the borrower clears the dues. In cases of wrongful blocking or delays in restoring functionalities, lenders would have to compensate borrowers at the rate of Rs 250 per hour until the issue is resolved. The technology used to restrict device functions must also be uninstalled immediately after the loan is fully repaid. Borrowers would additionally retain the right to prepay the loan at any stage.
The RBI has also proposed a complete prohibition on lenders accessing, storing or using any data present on the borrower’s mobile phone under any circumstances.Alongside the device-locking framework, the draft guidelines introduce a wider code of conduct for loan recovery. The RBI has, for the first time, formally defined “recovery agencies” and “recovery agents”, explicitly bringing business correspondents involved in recovery activities under the regulatory framework. Recovery agents would be required to undergo certification through the Indian Institute of Banking and Finance (IIBF) or affiliated institutes before deployment.
Banks would also be required to publicly disclose empanelled recovery agencies on their websites, apps and branches, including details such as addresses, assigned geographies and period of engagement. Borrowers would need to be informed before any recovery visit is made and immediately notified if a recovery agency is changed or terminated.
The draft norms further prohibit banks from assigning recovery cases while a borrower grievance related to the loan dues or recovery process remains unresolved. Banks would also have to maintain records of recovery calls, including timing, frequency and recordings of conversations, for at least six months.
The RBI has proposed strict conduct standards for recovery staff, including restrictions on contacting borrowers outside 8 am to 7 pm, using abusive language, threatening borrowers, harassing family members or using social media to shame defaulters. The regulator has also proposed mandatory grievance redress mechanisms and compensation provisions where borrowers suffer losses due to wrongful recovery actions.