Insurance Mis-Selling in Indian Banks: What RBI and IRDAI Now Require
Written by
Shalini

Indian banks are facing a hard compliance deadline: RBI's new mis-selling rules kick in from January 1, 2027, banning compulsory bundling and mandating full refunds for mis-sold products. IRDAI has its own suitability and disclosure requirements running in parallel, backed by real enforcement like the ₹5 crore Policybazaar penalty. This guide breaks down what counts as mis-selling, what both regulators now require, and how banks can rebuild their distribution systems to comply before the deadline. It covers RBI's 2026 directions and IRDAI's Protection of Policyholders' Interests framework side by side. The goal is a practical roadmap, not just a summary of the rules.
Insurance mis-selling happens when a bank or its agent sells a policy that doesn't fit the customer's actual needs, hides key costs or risks, or forces the purchase as a condition for getting a loan. Both RBI and IRDAI have now moved from advisory guidance to enforceable rules with real financial penalties, and banks have a hard deadline of January 1, 2027 to fix their distribution systems.
If you've ever taken a home loan and been quietly told you "need" a life insurance policy from the bank's own insurance arm to get it approved, you've seen mis-selling in action. It's been a quiet, tolerated part of Indian retail banking for years. That tolerance is ending fast. In my decade auditing distribution practices across banks and NBFCs, I've watched enforcement shift from occasional warning letters to structural rule changes that touch consent, compensation, and compensation architecture all at once. This piece breaks down exactly what changed, what RBI and IRDAI each require now, and what a genuinely compliant distribution platform needs to look like going forward.
What Is Mis-Selling in Insurance and Banking?
Mis-selling is the practice of selling a financial product to a customer without properly assessing whether it suits their needs, income, or risk appetite, or by using deceptive, coercive, or incomplete disclosure to get the sale. In banking specifically, it most often shows up as bundling insurance with loans, exaggerating returns, or hiding embedded costs.
A useful way to think about it: mis-selling isn't one single act, it's a category of related failures. According to a compliance breakdown from Mihup's 2026 guide on RBI's mis-selling framework, the pattern includes describing a structured product as offering "guaranteed returns" without disclosing embedded risk, activating linked insurance or advisory add-ons without documented consent, and making factually false claims about regulatory backing or historical performance. All three share the same root cause: the customer didn't get an honest, complete picture before saying yes.
Compulsory Bundling: The Most Common Form in Indian Banks
Compulsory bundling is when a bank makes access to one product (usually a loan) conditional on buying another, usually an insurance policy from its own subsidiary or joint venture partner. RBI's June 2026 directions define it precisely as making the availment of one product conditional on availing another, whether the bank's own or a third party's. This is the single most common mis-selling pattern flagged in India's retail banking sector, and it's exactly what the new rules target first.
Why Is Mis-Selling Such a Big Problem in Indian Banks?
Mis-selling in Indian banks is a big problem because banks act as trusted advisors for products they don't actually underwrite, and sales incentives have historically rewarded volume over suitability. IRDAI recorded 26,667 mis-selling complaints in FY25 alone, a 14% year-on-year jump, showing the problem is accelerating rather than stabilizing.
Part of the issue is structural. A bank's relationship manager is measured on cross-sell targets, not on whether the third-party product they sold actually fit the customer's situation. When a home loan officer's incentive is tied to attaching a term policy to every disbursal, suitability naturally takes a back seat. IRDAI's own enforcement record makes this concrete: Policybazaar was fined ₹5 crore in 2025 after IRDAI identified 11 separate violations, including inadequate suitability assessments and misleading product positioning, based on regulatory action details compiled in Mihup's compliance guide.
The average time to resolve a mis-selling complaint currently sits at 87 days, which tells you something about how deep these cases usually run once a customer escalates. That's not a quick refund conversation; it's often a documentation and evidence exercise across multiple departments.
What Are the RBI Mis-Selling Rules 2026 for Banks?
The RBI Mis-selling Rules 2026, formally the Reserve Bank of India (Commercial Banks - Responsible Business Conduct) Second Amendment Directions, 2026, ban compulsory bundling of third-party products, require explicit customer consent for every sale, and mandate full refunds plus compensation wherever mis-selling is established. Banks must comply from January 1, 2027.
RBI released the final directions on June 15, 2026, following a draft consultation period that closed in early March. The rules apply directly to how banks sell insurance, mutual funds, and other third-party products through their branches, apps, and agents.
Key Provisions Banks Need to Act On
No compulsory bundling. A bank cannot make a loan or account conditional on buying insurance or any other third-party product, unless that product genuinely serves as a risk mitigant, and even then the customer must be free to buy it from any provider of their choice.
Refund and compensation for established mis-selling. Where mis-selling is confirmed, the bank must refund the full amount paid and additionally compensate the customer for any resulting loss, according to its own approved policy.
Mandatory post-sale feedback. Banks must collect customer feedback within 30 days of any financial product sale to confirm the customer actually understood the features and risks involved.
Explicit, affirmative consent. Products, whether the bank's own or third-party, can only be sold with clear, unambiguous consent, not consent buried in fine print or pre-selected checkboxes.
Ban on dark patterns. RBI explicitly prohibits manipulative interface design, including countdown timers that create false urgency, pre-ticked add-ons, hidden cancellation paths, and confusing consent language, and requires periodic digital platform audits to catch these.
No loan-funded product purchases without consent. Banks cannot use a sanctioned loan to fund the purchase of another product, their own or third-party, without the customer explicitly agreeing to that specific use of funds.
Disclosure of sales agents. Banks must publicly disclose which direct selling agents (DSAs) and direct marketing agents (DMAs) they work with, and those agents can't misrepresent themselves as bank employees.
RBI has also proposed banning direct or indirect incentives paid by third parties, like insurers, straight to bank staff for selling their products, specifically to stop commission-driven, volume-first selling behavior.
What Do IRDAI's Insurance Mis-Selling Guidelines Require From Insurers and Distributors?
IRDAI's insurance mis-selling guidelines require insurers and every distribution channel, including corporate agents and brokers, to run proper suitability assessments, disclose all material product features honestly, and resolve grievances through a standardized, time-bound process. The current framework consolidates eight older regulations and 41 circulars into a single set of Protection of Policyholders' Interests (PPI) Regulations, notified April 1, 2024.
Unlike RBI's newer directions, IRDAI has been building toward this for over a decade. It started with the IRDA (Protection of Policyholders' Interests) Regulations, 2002, and has layered on rules for corporate agents, brokers, advertisements, and grievance redressal ever since. The 2024 PPI Regulations pulled all of that into one coherent framework, with policyholder-centric governance as the stated goal.
Key IRDAI requirements distribution channels now need to satisfy:
Financial underwriting requirements must be clearly explained upfront, so a customer's actual capacity to keep paying premiums gets assessed honestly, not glossed over to close the sale.
Insurers must maintain a technology-based grievance redressal system integrated with the Bima Bharosa portal, giving policyholders a way to register and track complaints digitally.
Advertisements for unit-linked or index-linked products cannot present them as pure "investment products," and risk factors must be disclosed clearly.
Punitive action, including blacklisting, applies to salespeople who engage in unhealthy solicitation or market misconduct.
The Insurance Bill 2025 (Sabka Bima Sabki Raksha) goes further, giving IRDAI explicit authority to cap commissions and cancel licenses for repeated mis-selling violations. That's a meaningful escalation from the earlier era of warning letters and modest fines.
RBI vs. IRDAI Mis-Selling Rules: How Do They Compare?
Factor | RBI Mis-selling Rules 2026 | IRDAI Insurance Mis-selling Guidelines |
|---|---|---|
Applies to | Banks and NBFCs selling any third-party product | Insurers and insurance distribution channels specifically |
Core focus | Consent, bundling, dark patterns, agent disclosure | Suitability, disclosure, grievance redressal |
Compensation requirement | Full refund plus loss compensation, mandatory | Refunds and remediation via Policyholder Protection Committees |
Enforcement tool | Directions under RBI's Master Directions framework | Penalties, license suspension or cancellation under Insurance Bill 2025 |
Effective date | January 1, 2027 | PPI Regulations effective since April 1, 2024, evolving further under the 2025 Bill |
Applies to bancassurance | Yes, directly, since banks distribute insurance as a TPPS | Yes, since banks act as corporate agents under IRDAI rules too |
For any bank running a bancassurance program, both frameworks apply at the same time, which is exactly why distribution technology needs to satisfy both sets of requirements rather than treating them as separate compliance tracks.
How Should Banks Build a Compliant Insurance Distribution System?
A compliant distribution system needs suitability checks built into the sales flow itself, documented and revocable consent at every step, and automated post-sale feedback collection, rather than relying on manual audits after the fact. Banks that bolt compliance onto an existing sales process after regulators flag a problem are consistently slower and more expensive to fix than banks that design for it upfront.
From reviewing distribution architecture with several banking clients this year, the systems that pass regulatory scrutiny cleanly share a few common traits. They don't just record that a sale happened; they record why it was suitable, what was disclosed, and what the customer explicitly agreed to.
Practical steps that matter most right now:
Build a suitability engine into the sales journey, so product recommendations are matched to a customer's actual profile instead of ranked by commission.
Separate consent per product, so buying a savings account doesn't implicitly authorize a linked insurance sale later.
Automate the 30-day feedback loop RBI now requires, rather than treating it as a manual call center task that gets deprioritized under volume pressure.
Audit digital interfaces for dark patterns on a recurring schedule, not just once before a regulatory inspection.
Restructure incentive design so relationship managers and DSAs aren't rewarded purely on cross-sell volume.
Keep an auditable record of every disclosure, since regulators are now expecting proactive detection, not reactive remediation, according to Mihup's analysis of the 2026 enforcement shift.
This is exactly the kind of governance layer Deployit builds into its platform for banks running bancassurance, with suitability logic in the underwriting layer and transparent, auditable commission structures instead of opaque incentive stacking. Insurers and NBFCs evaluating their own setup can also check Deployit's ISNP and IRDAI compliance guide for a more detailed regulatory breakdown.
What Happens If a Bank Is Found Guilty of Mis-Selling?
Once mis-selling is established, a bank must refund the entire amount the customer paid and separately compensate them for any resulting loss under its own approved policy. Beyond direct compensation, banks face reputational damage, regulatory scrutiny, and, under IRDAI's expanded authority, potential license action against the distribution entity involved.
The financial exposure adds up faster than most compliance teams initially estimate. One rough model from Mihup's guide: a bank processing a million customer interactions a year, even with a conservative 1% mis-selling violation rate, could face ₹50 to ₹200 crore in annual refund and compensation exposure if the issue goes undetected until a regulator finds it. That's a meaningfully larger number than most banks have budgeted for under "compliance risk."
The Insurance Bill 2025 adds another layer specifically for insurance distribution: IRDAI can now cap commissions and cancel or suspend licenses for repeated violations, and it explicitly prohibits structuring fees to pass compliance costs onto customers. Compliance, in other words, is now a fixed cost of doing business, not something a bank can quietly offset elsewhere.
Conclusion
Here's the one-sentence takeaway: mis-selling in Indian banks has moved from a mostly tolerated grey area to a directly enforceable compliance failure, with RBI's rules active from January 1, 2027 and IRDAI's authority to cap commissions and cancel licenses already in place. Banks that wait until the deadline to start rebuilding consent, suitability, and feedback systems are choosing the most expensive possible timeline to do it on.
The realistic next step is an honest internal audit: pull a sample of recent third-party product sales and check whether suitability was documented, whether consent was specific to that product, and whether a customer could clearly explain what they bought if asked today. If those checks come back shaky, that's the gap to close first, well before the 2027 deadline arrives. Deployit's insurance distribution platform is built with suitability and consent architecture as core features, not bolted-on compliance modules, for banks, NBFCs, and insurers alike. You can see how it holds up against real distribution scenarios in the case studies section, or talk to the Deployit team directly about your bank's specific setup.
- Mis-selling is selling a product without suitability checks or with deceptive, incomplete disclosure.
- RBI's Mis-selling Rules 2026 take effect January 1, 2027, for all commercial banks.
- Compulsory bundling of loans with third-party insurance products is now explicitly banned.
- Established mis-selling requires full refund plus separate loss compensation to the customer.
- Banks must collect customer feedback within 30 days of any financial product sale.
- Dark patterns like false urgency timers and pre-ticked add-ons are now prohibited.
- IRDAI recorded 26,667 mis-selling complaints in FY25, up 14% year on year.
- The Insurance Bill 2025 lets IRDAI cap commissions and cancel licenses for violations.
- RBI and IRDAI rules apply simultaneously to any bank running a bancassurance program.
- Suitability and consent need to be built into the sales system, not audited after the fact.
Have any questions?
What is mis-selling in the context of insurance and banking?
Mis-selling is when a bank or agent sells a financial product without properly checking whether it fits the customer's needs, or by using deceptive, coercive, or incomplete disclosure to close the sale. It commonly includes forcing insurance purchases alongside loans, exaggerating returns, or hiding embedded fees.
What are the RBI mis-selling rules 2026 and when do they take effect?
The RBI Mis-selling Rules 2026 are the Reserve Bank of India (Commercial Banks - Responsible Business Conduct) Second Amendment Directions, 2026, released June 15, 2026. They take effect January 1, 2027, and ban compulsory bundling, mandate explicit consent, and require full refunds plus compensation wherever mis-selling is confirmed.
How are IRDAI's insurance mis-selling guidelines different from RBI's rules?
IRDAI's guidelines focus specifically on insurance suitability, disclosure, and grievance redressal through the Protection of Policyholders' Interests Regulations, while RBI's 2026 rules apply more broadly to how banks sell any third-party product, including insurance, with a stronger focus on consent and digital dark patterns. Banks distributing insurance need to satisfy both.
Can a bank still require insurance when I take out a home loan?
Only if the insurance genuinely serves as a risk mitigant for the loan, and even then, RBI's rules require the bank to let you buy that cover from any provider you choose, not just its own subsidiary. True compulsory bundling, where the loan is conditional on buying the bank's specific policy, is now explicitly prohibited.
What compensation am I entitled to if I was mis-sold an insurance policy by my bank?
If mis-selling is established, the bank must refund the entire amount you paid for the product and separately compensate you for any additional loss, according to its approved policy. You can escalate unresolved complaints to the RBI Banking Ombudsman or IRDAI if the bank doesn't resolve the issue within a reasonable time.
Why do banks struggle to comply with mis-selling guidelines even after training staff?
Training alone doesn't fix incentive structures that still reward cross-sell volume over suitability. Most mis-selling failures trace back to systems that don't document a genuine suitability check at the point of sale, which is a structural gap, not something a training refresh can solve on its own.
Should a bank build its own suitability and consent system or use an existing distribution platform?
Building in-house is workable for very large banks with dedicated compliance engineering budgets, but most banks and NBFCs move faster and cheaper adopting a platform that already has suitability logic, consent tracking, and audit trails built in, especially given the January 2027 deadline. Evaluate any vendor specifically on whether these features are core to the platform or added on afterward.
What happens if a bank ignores the January 2027 RBI mis-selling deadline?
Non-compliance exposes the bank to mandatory refund and compensation obligations once mis-selling is established, alongside regulatory scrutiny and reputational damage. For insurance-specific violations, IRDAI's expanded authority under the Insurance Bill 2025 also allows commission caps and license action against involved distribution entities.
How many mis-selling complaints does IRDAI actually receive each year?
IRDAI recorded 26,667 mis-selling complaints in FY25 (April 2024 to March 2025), a 14% increase over the previous year, with an average resolution time of 87 days. That volume and trend are part of why regulators shifted from advisory guidance to enforceable rules with real penalties.
Are dark patterns illegal for banks selling insurance or investment products now?
Yes. RBI's 2026 directions explicitly ban manipulative digital design, defined as anything meant to mislead or trick users into actions they didn't originally intend, including false urgency countdowns, pre-selected add-ons, and confusing consent flows. Banks must also periodically audit their digital platforms to catch these patterns.
Related insights
Insurance & BankingDPDP Act 2025 and Insurance Distribution in India: What Banks, NBFCs & Brokers Must Do Now
7 July 2026
Insurance & BankingEmbedded Insurance ROI: What Banks and NBFCs Actually See in Attach Rate and Persistency
3 July 2026
Insurance & BankingBancassurance vs Corporate Agency Licence: What Should Indian Banks Choose in 2026
3 July 2026
Ready to distribute health insurance at scale?
Talk to the Deployit team for a 30-minute walkthrough.
