New Delhi: The Reserve Bank of India (RBI) issued new guidelines on 17 January aimed at preventing financial fraud carried out through voice calls and SMS. The proliferation of digital transactions has led to a simultaneous rise in fraudulent activities, prompting the RBI to introduce a series of regulatory prescriptions and institutional safeguards to mitigate such risks.
The core issue addressed in the guidelines is the misuse of mobile numbers, which have become essential for account authentication, payment communications, and customer verification. Fraudsters have found ways to exploit these numbers to execute online scams, putting the financial ecosystem at risk. To combat this, the RBI has set out a detailed framework for regulated entities (REs) to follow.
Key Measures for Regulated Entities (REs)
The guidelines focus on a multi-pronged approach to address this growing concern. Regulated Entities include commercial banks (including Regional Rural Banks, Small Finance Banks, Payment Banks, and Local Area Banks), Primary Co-operative Banks, Non-Banking Financial Companies (NBFCs), Payment Aggregators, Credit Information Companies, and others involved in financial transactions.
Utilizing Mobile Number Revocation List (MNRL)
One of the central provisions in the guidelines is the use of the Mobile Number Revocation List (MNRL), a resource developed by the Department of Telecommunications (DoT) and made available through the Digital Intelligence Platform (DIP). REs are now required to use this list to track and clean their customer data by revoking access linked to invalid or revoked mobile numbers.
To prevent further misuse, REs are instructed to develop Standard Operating Procedures (SOPs) that incorporate actions such as:
- Updating registered mobile numbers (RMN) after due verification.
- Monitoring accounts linked to revoked numbers to prevent them from being used as money mules or being involved in other cyber frauds.
Collaboration with DoT’s Sanchar Saathi Portal
Regulated Entities must share verified details of their customer care numbers with the DoT to be published on the Sanchar Saathi portal. This platform aims to provide customers with easy access to information on fraudulent numbers and help authorities track scam activities effectively. REs are encouraged to send information to the DoT via the email address: diu-dot@gov.in.
Voice Calls Using Designated Number Series
The RBI has aligned with the Telecom Regulatory Authority of India (TRAI) guidelines, which mandate that REs make service and transactional calls using the ‘1600xx’ numbering series. Promotional calls, on the other hand, must be made using the ‘140xx’ series. This numbering system will help differentiate between different types of communications and curb the practice of fraudsters using unregulated numbers to execute fraudulent activities.
Further, the guidelines stress that REs should not engage in unsolicited commercial communications outside of the specified number ranges. They must also comply with the broader Telecom Commercial Communications Customer Preference Regulations (TCCCPR-2018), which are designed to manage the transmission of transactional and promotional messages.
Awareness and Customer Communication
A key aspect of the RBI’s initiative is raising awareness among customers. REs are advised to communicate the new guidelines and measures to their customer base through emails, SMS, and other forms of communication, including in regional languages. The aim is to ensure that customers are well-informed and vigilant about potential fraud risks.
TRAI Guidelines
In conjunction with the RBI’s regulatory measures, TRAI has also issued additional guidelines under the TCCCPR-2018 to manage unsolicited commercial communication (UCC). These include:
- Registration on the Distributed Ledger Technology (DLT) Platform: All entities involved in commercial communication (such as banks, insurance companies, and other financial institutions) must register with telecom service providers (TSPs) through the DLT platform before they can send any commercial communications via voice calls or SMS.
- Use of ‘140’ and ‘160’ Numbering Series: Entities are required to use the ‘140’ series for promotional voice calls and the ‘160’ series exclusively for transactional and service calls. This strict segregation is designed to eliminate the possibility of fraudsters disguising fraudulent calls as legitimate service calls.
- Content Templates and Headers: The guidelines require entities to register specific content templates and headers used for sending SMS messages or making voice calls. These templates will include both fixed and variable components, ensuring that the content sent is clear, verified, and traceable.
- Digital Consent Acquisition (DCA): The DCA system, which allows entities to obtain explicit consent from customers to receive promotional messages or calls, is also a crucial part of the framework. This system will be integrated into the DLT platform and will help entities ensure compliance with the new guidelines.
Security and Data Confidentiality
An integral part of the new guidelines is the emphasis on data security and confidentiality. Entities are responsible for safeguarding their customers’ data and preventing misuse or leakage. The guidelines provide specific instructions on maintaining the confidentiality of customer information, particularly regarding registered telemarketers (RTMs) and other intermediaries involved in sending commercial communications.
Entities must ensure that any unauthorized or unregistered telemarketers are not used in the communication process, as this can lead to potential fraud. In case of data leakage, entities are mandated to report the issue to law enforcement agencies and take immediate action to prevent further misuse.
Implementation Timeline
The RBI has set a deadline for compliance with these new guidelines. All regulated entities are required to implement the prescribed measures by 31 March. This gives them sufficient time to update their systems, register with the DLT platform, and integrate the new compliance protocols into their operations.
The new RBI guidelines, in partnership with TRAI’s regulations, represent a major step toward curbing financial frauds perpetrated via voice calls and SMS. By leveraging technology like the MNRL and DLT platforms, the RBI aims to tighten the security of digital transactions and enhance the overall safety of the banking ecosystem.
The mandate for entities to adopt these measures expeditiously reflects the urgency of the situation, and compliance will be critical in mitigating the growing threat of digital fraud.
As the deadline approaches, financial institutions, telecom operators, and service providers must take proactive steps to align with the RBI’s prescriptions. Failure to comply not only puts their customers at risk but also exposes them to potential regulatory action. Ultimately, the success of these guidelines will depend on collective efforts from all stakeholders to secure the digital financial landscape.
Also Read –
Discussion about this post