The Panoramic – Banking Regulation has been published by Lexology and can be accessed here.

Regulatory framework

Key policies

What are the principal governmental and regulatory policies that govern the banking sector?

India’s banking sector sits within a layered framework of primary legislation, subordinate regulations and supervisory policies. The Reserve Bank of India Act 1934 constitutes the Reserve Bank of India (RBI) as the central bank and empowers it to regulate the issue of banknotes, manage currency and credit, and supervise banks. The Banking Regulation Act, 1949 (Banking Regulation Act) governs licensing, business conduct, prudential requirements and powers of supervision. The Foreign Exchange Management Act 1999 (FEMA) facilitates external trade and payments and promotes orderly development of the foreign‐exchange market. The Payment and Settlement Systems Act 2007 designates the RBI as the authority to regulate and supervise payment systems. The Insolvency and Bankruptcy Code 2016 (IBC) provides a time‑bound process for insolvency resolution and maximisation of asset value. Other key statutes include the Deposit Insurance and Credit Guarantee Corporation Act 1961 (deposit insurance), the Prevention of Money‑Laundering Act 2002 (anti‑money‑laundering obligations) and the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act 2002 (SARFAESI), which allows secured creditors to enforce security interests without court intervention. RBI directions and circulars, such as the prudential norms on capital adequacy, master directions on digital lending and the emerging framework for expected credit loss provisioning, supplement these statutes.

In a monumental effort to optimise the regulatory burden and significantly enhance the ease of doing business, the RBI recently executed a fundamental reorganisation of its regulatory communications, effectively consolidating over 9,000 historical circulars and disparate guidelines into 238 function-wise Master Directions applicable across eleven distinct categories of regulated entities. Furthermore, the legislative landscape was profoundly modernised by the Banking Laws (Amendment) Act, 2025, which introduced pivotal changes to institutional governance, improved the operational efficiency of statutory reporting, and bolstered depositor safeguards.

Regulated institutions

What are the defining characteristics of a bank to be caught by the banking laws and regulations? Is non-bank fintech regulated differently?

Section 5(b) of the Banking Regulation Act defines “banking” as accepting money deposits from the public, repayable on demand or otherwise and withdrawable by cheque, draft or other means. A bank is therefore characterised by deposit‑taking from the public, the obligation to repay those deposits on demand or at maturity, and the ability to let customers withdraw funds by cheque or similar instruments. Entities that undertake deposit‑taking are required to be licensed as banks and are subject to the full spectrum of prudential regulation and supervision.

The non-banking financial company (NBFC) sector is governed by the Scale-Based Regulatory Framework, which stratifies entities into four regulatory layers: Base, Middle, Upper and Top. The Base Layer covers non-deposit-taking NBFCs with assets below 10 billion rupees, subject to foundational prudential norms. The Middle Layer covers all deposit-taking NBFCs and larger non-deposit-taking entities, with enhanced capital and governance standards. The Upper Layer comprises the most systemically significant NBFCs, subject to intensive, bank-like supervision including capital buffers and group-level oversight. The Top Layer remains ideally unpopulated but is reserved for entities whose risk profiles warrant the highest degree of supervisory intervention.

Payment aggregators and wallet providers operate under the Payment and Settlement Systems Act, while account aggregators are regulated under a separate NBFC–Account Aggregator framework.

Do the rules vary depending on the size or complexity of the banking institution?

Yes. India’s regulatory architecture applies differentiated requirements based on the type, size and systemic importance of an institution. Universal commercial banks licensed under the on‑tap licensing guidelines must have minimum paid‑up equity capital of 5 billion rupees and maintain net worth of at least the same amount at all times. Small finance banks are required to maintain minimum net worth of 5 billion rupees but must increase this to 1 billion rupees to transition to a universal bank. Payments banks cannot lend and are restricted to accepting deposits of up to 200,000 rupees per customer.

The NBFC sector has been placed under a scale‑based regulatory framework with four layers. The Base Layer covers non‑deposit‑taking NBFCs below 10 billion rupees in assets; the middle layer covers deposit‑taking NBFCs and large non‑deposit‑taking NBFCs; the upper layer comprises the top NBFCs identified as systemically significant; and the top layer remains ideally empty but may be populated if a particular NBFC’s risk profile warrants enhanced supervision. Regulatory requirements – such as capital buffers, governance, concentration limits and group‑level supervision – become progressively more stringent for larger and more complex entities.

Primary and secondary legislation

Summarise the primary statutes and regulations that govern the banking industry.

The key statutes are the Reserve Bank of India Act 1934 (establishing the RBI and empowering it to regulate monetary policy and bank supervision), the Banking Regulation Act (licensing, capital adequacy, governance, restrictions on connected lending and powers of moratorium and amalgamation), and FEMA 1999 (foreign exchange and investment control). The SARFAESI Act 2002 permits banks to enforce security interests without court intervention upon default; the Recovery of Debts and Bankruptcy Act, 1993 (formerly the Recovery of Debts Due to Banks and Financial Institutions Act) establishes debt recovery tribunals. The Payment and Settlement Systems Act 2007 authorises the RBI to regulate payment systems and grant licences to payment system operators. The Insolvency and Bankruptcy Code, 2016 provides a consolidated framework for insolvency of corporate debtors and personal guarantors. The Deposit Insurance and Credit Guarantee Corporation Act 1961 establishes deposit insurance up to 500,000 rupees per depositor. Subordinate legislation comprises RBI master directions on prudential norms, digital banking channels, outsourcing of IT services and the like, which are periodically updated.

Regulatory authorities

Which regulatory authorities are primarily responsible for overseeing banks?

The Reserve Bank of India is the apex regulator and supervisor for banks. It exercises licensing powers under the Banking Regulation Act, sets prudential norms, conducts on‑site and off‑site supervision and issues directions on capital, liquidity, governance and market conduct. The Department of Financial Services within the Ministry of Finance oversees public sector banks and coordinates banking policy. Listed banks are subject to securities‑law oversight by the Securities and Exchange Board of India (SEBI) for disclosures and corporate governance. Bancassurance activities fall under the Insurance Regulatory and Development Authority of India, while housing finance companies are supervised by the National Housing Bank. The Insolvency and Bankruptcy Board of India administers resolution professionals and insolvency processes involving bank borrowers. Cooperative banks are subject to dual regulation by the RBI and state cooperative departments, though recent amendments have sought to harmonise prudential norms.

Government deposit insurance

Describe the extent to which deposits are insured by the government. Describe the extent to which the government has taken an ownership interest in the banking sector and intends to maintain, increase or decrease that interest.

Deposit insurance is provided by the Deposit Insurance and Credit Guarantee Corporation (DICGC), a wholly owned subsidiary of the RBI. All commercial banks, regional rural banks and cooperative banks participate in the scheme. Each depositor’s aggregate deposits in a bank-including savings, current, fixed and recurring deposits-are insured up to 500,000 rupees for both principal and interest. Government and inter‑bank deposits are excluded. The insurance premium is paid by banks and cannot be passed to depositors. Following amendments in 2021, when a bank is placed under all‑inclusive directions, the DICGC must pay insured deposits within 90 days. As at March 2025, 97.6% of deposit accounts were fully protected by insurance, covering roughly 41.5% of the total value of deposits. India is transitioning to risk‑based deposit insurance premiums from 1 April 2026, under which banks’ premiums will vary according to indicators such as capital adequacy, asset quality, earnings and liquidity.

Government ownership remains significant: a majority stake is held in 12 public sector banks under the Banking Companies (Acquisition and Transfer of Undertakings) Acts. The state continues to infuse capital when required but has signalled an intent to reduce holdings and encourage private investment; however, full privatisation proposals remain politically sensitive. Public sector banks are subject to performance‑linked recapitalisation and are required to meet the same prudential norms as private banks.

Transactions between affiliates

Which legal and regulatory limitations apply to transactions between a bank and its affiliates? What constitutes an ‘affiliate’ for this purpose? Briefly describe the range of permissible and prohibited activities for financial institutions and whether there have been any changes to how those activities are classified.

Section 20 of the Banking Regulation Act prohibits banks from granting loans or advances on the security of their own shares and from lending to certain related persons and entities. Specifically, a bank cannot lend to any of its directors; to firms in which a director is a partner, manager, employee or guarantor; to companies (other than subsidiaries or not‑for‑profit companies) in which a director holds substantial interest or is a director, manager or guarantor; or to individuals for whom a director is a partner or guarantor. The RBI’s Master Circular on Loans and Advances – Statutory and Other Restrictions requires board approval and arm’s‑length pricing for any permitted related‑party transactions and extends the restrictions to relatives of directors, senior officers and entities with cross‑linkages.

Affiliates include subsidiaries, joint ventures, associates and enterprises where the bank or its directors hold significant influence. Recent Commercial Banks – Credit Risk Management (Amendment) Directions (effective 1 April 2026) aim to harmonise related‑party lending rules with global standards and apply a broader definition of “related party”, covering entities under common ownership, control or significant influence. These directions introduce caps on aggregate exposure to related parties, require board‑approved policies, and mandate public disclosure of material related‑party transactions. Certain activities remain prohibited for banks: they cannot trade directly in goods, own immovable property beyond what is required for their operations, or engage in speculative trading. Conversely, banks may carry out financial services such as insurance broking, mutual fund distribution or portfolio management through separate subsidiaries or with prior RBI approval.

Regulatory challenges

What are the principal regulatory challenges facing the banking industry?

Key challenges include managing asset quality and reducing non‑performing assets while supporting credit growth, particularly in sectors affected by economic cycles. The RBI has been overhauling prudential norms by introducing an expected credit loss framework that will require banks to classify loans based on credit risk and set aside provisions in advance; these rules are proposed to take effect from 1 April 2027 with a transition period. Another challenge is adapting to rapid digitalisation. The Digital Lending Directions require banks and NBFCs to register digital lending apps on the RBI’s portal, obtain customer consent, disclose all fees, ensure data localisation and provide cooling‑off periods. Cybersecurity and operational resilience have become critical as the frequency and sophistication of cyber‑attacks increase. Banks must implement robust IT governance and incident reporting under RBI’s cybersecurity framework.

The industry also faces climate‑related financial risks. The RBI has signalled that banks may need to undertake climate stress testing and publish environmental, social and governance disclosures. Additionally, compliance with the Digital Personal Data Protection Act, 2023 will require privacy‑by‑design frameworks and appointment of data protection officers. Meeting priority sector lending targets, balancing inclusion goals with profitability, and managing capital and liquidity under evolving Basel III norms continue to challenge bank management.

Consumer protection

Are banks subject to consumer protection rules?

Yes. Consumer protection is underpinned by both legislation and RBI directions. The RBI (Interest Rate on Deposits) Directions prescribe transparency in deposit contracts; banks must disclose effective annualised returns, premature withdrawal penalties and service charges. The Fair Practices Code for Lenders obliges banks to provide borrowers with clear information on loan terms, processing fees, interest rate resets and grievance redressal mechanisms. The Reserve Bank – Integrated Ombudsman Scheme 2021 created a one‑stop grievance redress mechanism for customers of banks, NBFCs and payment system operators. Banks are required to appoint internal ombudsmen to review complaints, display contact details for grievance redress and resolve disputes within specified timelines. Regulations such as the Master Direction on Digital Payment Security Controls and the Digital Lending Directions also impose customer protection obligations, including consent‑based data use, cooling‑off periods and prohibition of automatic account debits without explicit authorisation.

Future changes

In what ways do you anticipate the legal and regulatory policy changing over the next few years?

The Indian banking regulatory landscape is anticipated to evolve significantly over the coming years, with several key developments expected across digital banking, prudential standards, resolution frameworks and data protection.

Capital market exposure norms may be recalibrated following the Draft Reserve Bank of India (Commercial Banks – Capital Market Exposure) Directions, currently under consultation, which indicate potential tightening or restructuring of banks’ permissible capital market activities.

Resolution and recovery frameworks are expected to be enhanced, with a comprehensive resolution framework complementing the IBC potentially including mandatory recovery and resolution plans for systemically important institutions. This would bring India’s resolution regime closer to international standards established by the Financial Stability Board.

Climate risk and ESG integration are emerging priorities for the RBI, with potential mandates for climate stress testing and standardised ESG disclosure frameworks. Banks may be required to develop methodologies for assessing physical and transition risks arising from climate change across their lending portfolios.

Data protection compliance will become increasingly significant with the implementation of the Digital Personal Data Protection Act, 2023, requiring banks to adopt privacy-by-design principles, implement enhanced consent management systems and establish robust data governance frameworks.

Regulation is likely to become more risk‑sensitive and technology‑oriented. Implementation of the expected credit loss regime will align loan loss provisioning with forward‑looking credit risk assessment and may require banks to raise additional capital.

The shift to risk‑based deposit insurance premiums from April 2026 will incentivise stronger risk management and internal controls.

The RBI is also harmonising regulations for cooperative banks with commercial bank standards and strengthening group‑wide supervision of financial conglomerates.