RBI Bans Dark Patterns: A Confession Dressed as a Circular

Confessions of a Smiling Desk: How the RBI's New Rulebook Quietly Catalogues Every Dark Pattern Played on the Indian Bank Customer

There is a useful rule of thumb for reading any regulator's circular: a watchdog only bothers to ban what is already flourishing. Nobody legislates against a problem that does not exist. So when the Reserve Bank of India, in a formal directive, finds it necessary to forbid something called "confirm shaming," we may take it as settled that confirm shaming has been alive and well across the screens of Indian banking, doing quiet damage to ordinary savers.

The columnist Dhirendra Kumar put the point with surgical precision: read the new rules as confessions, and the picture of what has been normal practice becomes uncomfortably clear. That is the lens worth keeping as we walk through what the RBI has actually done.

The temptation is to treat the headline — eleven RBI dark patterns banned — as the whole story. It is not. The annexure listing those eleven tricks is the most quotable page and the least important. The real document is the body of the directive, where every clause has been written to fit an abuse already in progress.

Also Read:  Inside the HDFC Bank Scandal That Triggered a Market Crash

When the Watchdog Finally Names the Game

The directive did not arrive out of a clear sky. It is the final, hardened version of draft amendments the RBI floated on 11 February 2026, opened to public comment, and then notified on 15 June 2026 as the Responsible Business Conduct (Second Amendment) Directions, 2026, to take effect from 1 January 2027. It amends the parent Responsible Business Conduct Directions of 2025 and applies, in mirror-image versions, to commercial banks and to NBFCs.

The political weather had already turned. Finance Minister Nirmala Sitharaman had publicly lashed banks for mis-selling, asking the obvious and awkward question: if a home loan is already secured by the house itself, why is a fresh insurance policy being pressed on the borrower as though it were part of the paperwork?

Beneath the rhetoric sat a number that explains everything. Over a decade, the State Bank of India's bancassurance income — the fee it earns for selling insurers' products across its counters — multiplied roughly sixfold to around Rs 2,766 crore, even as its interest income, the thing a bank is actually supposed to do, merely doubled. For some insurers, bancassurance now supplies close to four-fifths of premiums. The branch had, in part, quietly become a commission shop with a banking licence.

A LocalCircles survey gave the rot a face: 57 per cent of respondents reported "basket sneaking" on banking platforms, 51 per cent ran into "forced action," and 46 per cent were worn down by "nagging." The RBI was not inventing villains. It was catching up to them.

Eleven RBI Dark Patterns — Read as an Itemised Confession

The directive defines a dark pattern, in language borrowed from consumer-protection law, as any interface or design choice engineered to mislead or trick a user into doing what they did not intend, by subverting their autonomy and choice. What makes these patterns dark is that the deceit lives inside the design itself — the easy, obvious, default path is reliably the seller's path, and the trap springs shut on the careful and careless alike.

Consider the list, and hear the admission in each.

False urgency — the countdown timer and the "offer ends soon" banner — exists for one purpose: to stop us comparing and make us click. Basket sneaking slips an extra charge or donation into the cart at checkout, hoping we will not notice the swollen total. Confirm shaming needles us with guilt for declining — "No, I don't want to protect my family." Forced action makes us surrender unrelated data or sign up for a service we never wanted, just to finish the task we came for. The subscription trap makes leaving harder than joining — the cancel button buried, or a branch visit demanded to undo what a single tap created.

Interface interference dresses the bank's preferred option in bold and bright while greying out the alternative, quietly defaulting our consent to "Yes." Bait and switch serves us something other than what was advertised. Drip pricing shows the seductive headline rate and reveals the processing fees only after we have waded through five screens. Disguised advertisement masquerades as news or honest user content. Nagging pings us again and again to enable a service we have already refused. And trick wording leans on vague phrasing and double negatives in consent boxes, so that we cannot tell what we have just agreed to.

Every one of these RBI dark patterns is now prohibited on banks' apps and websites. Every one of them, by the logic of the ban, was until now somebody's quarterly target.

The Structural Bans That Cut Deeper

Behind the eleven photogenic RBI dark patterns sit the structural clauses, and these are where the directive truly bites.

Compulsory bundling is dead — in principle. A bank may no longer make the sale of one product conditional on the purchase of another. Where a product genuinely is needed as a risk mitigant — say, insurance behind a home loan — the customer must be free to buy it from any provider they choose, not herded into the bank's captive partner. The implication is liberating and overdue: the policy "folded quietly into the loan you came in for" was, the rule concedes, routine.

A bank cannot fund a purchase out of your own loan without your knowledge. The directive forbids a bank from using a sanctioned loan facility to bankroll a customer's purchase of a product — its own or a third party's — without explicit consent. Read that twice. It exists because banks were, in effect, lending people money and spending it for them on products they had not knowingly chosen.

Consent must now mean consent. Approval has to be captured deliberately — via signature, OTP, a recorded confirmation, or a clearly marked consent block. Where a form carries several products, each must be explained and separately agreed. The default box must read "No" or "I do not agree." The pre-ticked box, that small masterpiece of inertia, is finished. But the deeper move is this: even valid consent no longer protects the bank. A product can still be ruled mis-sold if it was unsuitable for the customer in the first place. The legal question shifts from "Did you sign?" to "Why was this ever sold to you?"

Also Read:  GST Invoice Fraud: Why ₹58,772 Crore Slipped Through Audits

Suitability becomes a legal duty. Before selling, a bank must assess whether the product fits the person — weighing age, income, financial literacy and risk tolerance against the product's complexity, fee structure, risk-return profile and time horizon. This is the most quietly damning clause in the document, because to mandate that a bank check suitability is to admit that, until now, checking suitability was nobody's job.

The kickback is cut at the root. Bank staff selling third-party products may no longer accept any incentive, direct or indirect, from the provider whose products they push. The commission was the engine of the entire arrangement. Whether this clause holds is the open question of the whole reform.

Accountability outlives the sale. Within thirty days of any sale, the bank must seek feedback to confirm the customer actually understood what they bought and the risks attached. And if mis-selling is established, the remedy is not a token gesture: the bank must refund the entire amount paid, cancel the sale where applicable, and compensate the customer for losses. A standing refund mechanism is the kind of permanent cure one builds only for a chronic, recurring disease.

The salesman steps into the daylight. Promotional calls and visits are limited to a 9 a.m.–5 p.m. window; marketing may go only to those who opted in; unsubscribing must be as easy as subscribing; agents on bank premises must be visibly distinguishable from bank staff; and — crucially — the bank carries the liability whether the mis-sale was committed by a relationship manager, a call-centre voice, or an outsourced agent. The bank can no longer hide behind the intermediary it hired to do its selling.

Also Read:  Exclusive: Government's Own Documents Call Passport Citizenship Proof

What Changes for the Customer — and What Does Not

For the customer, the gains are real and concrete. Fewer ambush add-ons at checkout. A genuine right to take the insurance elsewhere. A default that no longer quietly says yes on your behalf. A thirty-day window in which the bank itself must ask whether you understood what it sold you. And, where it all goes wrong, a refund rather than a runaround.

But it is worth being clear-eyed. The earnings at stake are enormous — bancassurance is too lucrative to surrender quietly — and history is not encouraging. The insurance regulator and the markets regulator have each issued earnest instructions against mis-selling before, and the practice carried on more or less undisturbed. A ban on staff commissions does not abolish sales targets, appraisal pressure, or the thousand soft coercions that never appear in a circular. And the whole edifice rests on enforcement: on the RBI actually establishing mis-selling, actually compelling refunds, actually penalising the bank rather than the branch clerk. A right that is expensive and exhausting to claim is, for most people, no right at all.

What Banks and Customers Must Now Do Differently

The honest lesson for banks is that the regulatory frame has shifted from disclosure to design and suitability. It is no longer enough to bury a fact in a footnote and call the customer informed. The bank must now show that its digital journeys do not steer, that its products fit, and that its consent is real. The smart institutions will treat this as a chance to rebuild trust. The foolish ones will re-engineer the same coercion in subtler clothing and wait for the next circular to catch up.

The harder lesson is for customers. The RBI has handed them an authorised list of the dark patterns played at the desk — avoiding them remains their own work. The single most reliable defence has not changed and will not change: a firm reluctance to buy anything offered unasked, and the instinct to treat every unsolicited pitch as a sales pitch until proven otherwise. Ask who earns what when you sign. Insist on buying the bundled insurance elsewhere. Read the box that defaults to "No," and leave it there until you are sure.

Also Read:  The CAG Cannot Audit Ram Mandir. Its Officer Is on the Trust.

RBI Dark Patterns: The Test Is in the Teeth

The test of this directive will not be its drafting, which is genuinely good, but its enforcement. Three things will decide whether 1 January 2027 marks a turning point or another well-meaning footnote.

First, penalties large enough that mis-selling costs the bank more than it earns, applied to the institution rather than the foot soldier.

Second, closing the incentive gap: as long as the commission survives somewhere in the chain, pressure will find a new channel, so the RBI, IRDAI and SEBI will have to move in concert. 

Third, transparency the public can actually see — the half-yearly suitability reviews, the dark-pattern audits, the mis-selling refunds made visible, so that the customer can judge the bank by its record rather than its brochure.

Until then, the wisest reading of this document is the one offered at the start. The RBI has, in the language of prohibition, confessed on the industry's behalf. The confession is welcome. The penance is yet to be seen.