In exercise of its powers under Sections 35A and Section 56 of the Banking Regulation Act, 1949 and Chapter IIIB of the Reserve Bank of India Act, 1934, the Reserve Bank of India (“RBI”) issued the Credit Card and Debit Card – Issuance and Conduct Directions, 2022 (“Directions”) on April 21, 2022. The Directions shall become effective from July 01, 2022.
- Applicability: The Directions shall apply to Scheduled Banks (excluding Payments Banks, State Co-operative Banks and District Central Co-operative Banks) and all Non-Banking Financial Companies operating in India with respect to credit cards and to every bank operating in India with respect to debit cards.
- Important Definitions: The guidelines provide the following important definitions:-
- Card-issuers are banks which issue debit or credit cards and NBFCs which have been permitted by RBI to issue credit cards in India.
- A Credit Card is a physical or virtual payment instrument containing a means of identification, issued with a pre-approved revolving credit limit, that can be used to purchase goods and services or draw cash advances, subject to prescribed terms and conditions.
- A Debit Card is a physical or virtual payment instrument containing a means of identification, linked to a Saving Bank/Current Account which can be used to withdraw cash, make online payments, do PoS terminal/Quick Response (QR) code transactions, fund transfer, etc. subject to prescribed terms and conditions.
- A Prepaid Card is a Prepaid Payment Instrument as defined in the Master Direction on Prepaid Payment Instruments i.e. Instruments that facilitate purchase of goods and services, financial services, remittance facilities, etc., against the value stored therein. PPIs that require RBI approval / authorisation prior to issuance are classified under two types viz. (i) Small PPIs, and (ii) Full-KYC PPIs.
- Small PPIs : Issued by banks and non-banks after obtaining minimum details of the PPI holder. They shall be used only for purchase of goods and services. Funds transfer or cash withdrawal from such PPIs shall not be permitted. Small PPIs can be used at a group of clearly identified merchant locations / establishments which have a specific contract with the issuer (or contract through a payment aggregator / payment gateway) to accept the PPIs as payment instruments.
- Full-KYC PPIs : Issued by banks and non-banks after completing Know Your Customer (KYC) of the PPI holder. These PPIs shall be used for purchase of goods and services, funds transfer or cash withdrawal.
- Most Important Terms and Conditions (“MITC”) are the standard set of conditions for the issuance and usage of credit cards, thereby defining the responsibilities and liabilities of the card-issuer and the cardholder.
- Conduct of Credit Card Business: In order to comply with the Directions, each card-issuer shall have a well-documented Board approved policy for the issuance and conduct of credit cards. The following key aspects for conduct of credit card business have to be kept in mind by card-issuers:
- Card-issuers shall provide a one-page Key Fact Statement along with the credit card application containing the important aspects of the card such as rate of interest, quantum of charges, among others. In case of rejection of a credit card application, the card-issuer shall convey in writing the specific reason/s which led to the rejection of the application.
- Card-issuers may consider introducing, at the option of the customers, an insurance cover to take care of the liabilities arising out of lost cards, card frauds, etc. In cases where the card-issuers are offering any insurance cover to their cardholders, in tie-up with insurance companies, the card-issuers shall obtain explicit consent in writing or in digital mode from the cardholders along with the details of nominee/s.
- The issue of unsolicited cards/upgradation is strictly prohibited. Any loss arising out of misuse of such unsolicited cards shall be the responsibility of the card-issuer only and the person in whose name the card has been issued shall not be held responsible for the same.
- Card-issuers shall seek One Time Password ("OTP") based consent from the cardholder for activating a credit card, if the same has not been activated by the customer for more than 30 days from the date of issuance. If no consent is received for activating the card, card-issuers shall close the credit card account without any cost to the customer within seven working days from the date of seeking confirmation from the customer.
- Card-issuers shall ensure that the telemarketers they engage, comply with directions/regulations on the subject issued by the Telecom Regulatory Authority of India ("TRAI") from time to time while adhering to guidelines issued on “Unsolicited Commercial Communications – National Customer Preference Register (NCPR)”. The card-issuer’s representatives shall contact the customers only between 10:00 hrs and 19:00 hrs.
- Issue of Debit Cards: Under the Directions, banks shall formulate a comprehensive debit cards issuance policy. Prior approval of the RBI is not necessary for banks desirous of issuing debit cards to their customers. However, debit cards shall only be issued to customers having Savings Bank/Current Account.
- Co-Branding Entities: The Directions have also demarcated liabilities in co-branding arrangements. Card-issuers are responsible for carrying out due diligence in respect of the co-branding partner entity to protect themselves against the reputation risk they are exposed to in such an arrangement. The role of a co-branding partner entity under the tie-up arrangement shall be limited to marketing/distribution of the cards and providing access to the cardholder for the goods/services that are offered. It is not necessary to receive prior approval of the RBI for the issuance of co-branded debit cards/co-branded prepaid cards by banks and co-branded credit cards by card-issuers subject to certain conditions.
- Benefits/Discounts/Loyalty Points: Any discounts, cashbacks, reward points, loyalty points or any other benefits offered by the card-issuer to be provided in a transparent manner including the source of such benefits. The benefits provided shall be verifiable in the books of the card-issuer and detailed information regarding the same shall be displayed on the website of the card-issuer. A copy of the benefits offered shall also be provided to the cardholder.
- Grievance Redressal: A Grievance Redressal Mechanism is to be implemented by card-issuers which shall be largely publicised through electronic and print media. The following aspects shall also be incorporated:
- The name, direct contact number, email-id and postal address of the designated grievance redressal officer of the card-issuer shall be mentioned on the credit card bills and account statements.
- Specific timelines may be stipulated in the Board approved policy for issuance of cards, redressal of grievances and compensation framework. The same is to be displayed on the card-issuers website.
- Card-issuers shall ensure that their call center staff are trained adequately to competently handle and escalate a complaint, if necessary. The Grievance Redressal process shall have a provision for automatic escalation of unresolved complaints from a call center/base level to higher authorities.
- There shall be a system of acknowledging customers' complaints for follow up, such as complaint number/docket number, even if the complaints are received over phone.
- Card-issuers shall be liable to compensate the complainant for the loss of their time, expenses, financial loss as well as for the harassment and mental anguish suffered by them for the fault of the card-issuer and where the grievance has not been redressed in time.
- If a complainant does not get satisfactory response from the card-issuer within a maximum period of one month from the date of lodging the complaint, he/she will have the option to approach the Office of the concerned RBI Ombudsman for redressal of his/her grievance/s.
- Customer Information Confidentiality:
- Card-issuers are not permitted to reveal any information relating to customers obtained at the time of opening the account or issuing the card to any other person or organization without obtaining their explicit consent, with regard to the purpose/s for which the information will be used and the organizations with whom the information will be shared.
- Card-issuers shall ensure strict compliance with the extant legal framework on data protection.
- Where the customers give explicit consent for sharing the information with other agencies, card-issuers shall explicitly state and explain clearly to the customer the full meaning/implications of the disclosure clause.
- The card-issuers shall be solely responsible for the correctness or otherwise of the data provided for the purpose.
- Within a co-branding arrangement, the co-branding entity shall not be permitted to access any details of customer’s accounts that may violate the card-issuer’s secrecy obligations.
- Content: The MITC document provided by card-issuers should contain specific details as provided under the Directions regarding fees and charges, drawal limits, billing, default and circumstances, termination/revocation of card membership, loss/theft/misuse of card and grievance redressal, disclosure and compensation framework from a customer awareness and transparency perspective.
- Disclosure: The Directions also specify guidelines on stages of disclosure of the content forming a part of the MITC document provided to the card holder. The stages are divided inter alia into the following - marketing, at application, welcome kit, on billing to name a few.
- Exemptions by RBI: The RBI may for avoiding any hardship or for any other just and sufficient reason, grant extension of time to comply with or exempt any Regulated Entities, from all or any of the provisions of the Directions.
The Directions formalise, compile and regulate processes that form practices generally undertaken by banks. Not only do the Directions provide clarity on the demarcation of liabilities between card-issuers, holders and co-branding entity’s, but also inculcate the application of guidelines such as the Telecom Commercial Communications Customer Preference Regulations 2018 ("TCCCPR").
The Directions also make card-issuers liable for providing compensation to the complainant for the loss of their time, expenses, financial loss as well as for the harassment and mental anguish suffered by them. While this step is indeed in consumer interest, specifics pertaining to its implementation remain unclear.
Link to the directions:https://m.rbi.org.in//Scripts/BS_ViewMasDirections.aspx?id=12300