RBI Unveils New Compensation Framework for Digital Frauds with Strict Ceilings
The Reserve Bank of India (RBI) has introduced a draft proposal establishing a compensation mechanism for victims of digital fraud, setting a significant ceiling on eligible losses. According to the framework, customers who suffer losses exceeding Rs 50,000 in a single cyber fraud incident will not qualify for compensation under this scheme.
Compensation Structure and Financial Burden Sharing
The proposal, which will apply to transactions occurring after July 1, 2026, outlines a detailed three-way split for sharing the financial burden between the RBI, the customer's bank, and the bank that received the fraudulent funds. This structured approach aims to provide relief while maintaining accountability.
For losses below Rs 29,412, victims will receive 85% of the lost amount, capped at Rs 25,000. In these cases, the RBI will bear 65% of the total loss, with the customer's bank and the beneficiary bank each contributing 10%. For losses ranging from Rs 29,412 to Rs 50,000, the compensation reaches the maximum cap of Rs 25,000. Here, the RBI will contribute Rs 19,118, while the customer's bank and the beneficiary bank will each pay Rs 2,941.
Bank Responsibilities and Customer Protections
Banks are mandated to credit the compensation to the victim's account within five calendar days after receiving a completed claim application. They will then seek reimbursement from the RBI on a quarterly basis. Additionally, the draft directions prohibit banks from charging customers for mandatory regulatory SMS alerts or for promotional and marketing messages sent to them.
The framework extends coverage to customers who have shared credentials such as OTPs, a notable departure from existing rules that generally do not protect customers if they lose money after sharing credentials and before informing the bank. The new norms include losses where the customer is tricked into sending money through an authorised electronic banking transaction carried out via deception, coercion, or misuse of credentials.
Eligibility Conditions and Lifetime Claim Limit
The central bank has imposed strict eligibility conditions to ensure the scheme functions as a limited safety net rather than a recurring insurance cover. Individuals will be allowed to claim compensation only once in their lifetime. In joint accounts, only one account holder may file a claim, and once a claim is made, that individual's lifetime eligibility is exhausted, including for any personal accounts held later.
Victims must report the fraud to the National Cyber Crime Reporting Portal or the 1930 helpline and inform their bank within five calendar days of the incident to qualify. The standard application form for compensation will also require applicants to submit their Aadhaar number for verification purposes.
Recovery of Stolen Funds and Scheme Rationale
If law enforcement agencies or banks later recover the stolen funds, the settlement will be recalculated based on net loss. Recovered amounts will first be used to make up any remaining gap between the compensation paid and the customer's actual loss. Any surplus will be returned to the RBI and the banks involved.
While the RBI did not explicitly explain the additional ceiling on gross loss despite the absolute cap of Rs 25,000, bankers suggest the limit could be intended to restrict compensation to small depositors or to ensure that customers with higher balances exercise greater caution. This proposal was announced in the RBI's February 2026 monetary policy, marking a significant step in enhancing consumer protection in the digital banking landscape.
