The Reserve Bank of India (RBI) issued a landmark press release on 20 May 2026, releasing revised draft Amendment Directions on the 'Conduct of Regulated Entities in Recovery of Loans and Engagement of Recovery Agents' — for a second round of public consultation. The revised draft marks a significant upgrade from the February 2026 version, incorporating substantial stakeholder feedback and introducing a path-breaking new provision: a technology-based mechanism that allows lenders to restrict or disable functionalities of a mobile phone or tablet financed through a loan — in cases of default. Nine sets of revised draft directions covering all types of regulated entities are now open for comments until 31 May 2026, with the final framework proposed to take effect from 01 October 2026.
🔴 Quick Summary — What You Need to Know
The Big New Addition
Lenders can now restrict certain functionalities of financed mobile devices (phones/tablets) in cases of loan default — under strictly defined conditions and with essential services preserved.
Core Framework
Comprehensive overhaul of loan recovery rules — mandatory IIBF certification for agents, public disclosure of agencies, call recording, strict borrower protection norms.
Who Is Covered
All RBI-regulated entities: Commercial Banks, SFBs, LABs, RRBs, UCBs, RCBs, AIFIs, NBFCs, and HFCs — 9 separate sets of draft directions.
| Detail | Information |
|---|---|
| Press Release Number | 2026-2027/298 |
| Subject | RBI Issues Revised Draft Amendment Directions on 'Conduct of Regulated Entities in Recovery of Loans and Engagement of Recovery Agents' |
| Date of Issue | May 20, 2026 |
| Comment Deadline | May 31, 2026 |
| Proposed Effective Date | October 1, 2026 |
| Prior Announcement | Statement on Developmental and Regulatory Policies — February 6, 2026 |
| First Draft Issued | February 12, 2026 (first public consultation round) |
| Number of Draft Directions Sets | 9 (one for each type of Regulated Entity) |
| Signed By | Brij Raj — Chief General Manager, RBI |
| Submit Comments At | 'Connect 2 Regulate' portal on rbi.org.in or email: [email protected] |
Announced
06 Feb
2026
1st Draft
12 Feb
2026
Comment Deadline
31 May
2026
Effective Date
01 Oct
2026
🏛️ Section 1 — Background: Why Is RBI Overhauling Loan Recovery Rules?
1A. The Problem: Harassment, Coercion and Opacity in Loan Recovery
India's loan recovery ecosystem has long been plagued by documented abuses — recovery agents calling at odd hours, threatening borrowers and their families, visiting homes without authorisation, sharing personal data without consent, and using intimidation tactics against financially vulnerable individuals. These practices have been the subject of repeated RBI notices, consumer complaints, and even judicial interventions.
At the same time, the regulatory framework governing recovery agents was fragmented — different rules for banks, NBFCs, and HFCs, with no unified standard. The emergence of new-age fintech lenders and digital lending apps — many employing aggressive recovery tactics including unauthorized access to contacts, threats to family members, and public shaming — made a comprehensive overhaul urgent.
1B. The Reform Journey — A Two-Stage Consultation
📢
Stage 0 — Announcement
February 6, 2026: RBI Governor's Statement on Developmental and Regulatory Policies announced comprehensive review of recovery agent framework
📝
Stage 1 — First Draft
February 12, 2026: Draft Amendment Directions issued. Substantial feedback received — many key provisions changed. Stakeholders also requested mobile device restriction mechanism
🔄
Stage 2 — Revised Draft ★ This
May 20, 2026: Revised draft with accepted feedback incorporated. New mobile device restriction provision added. Comments due May 31, 2026
ℹ️ Why a Second Consultation Round? RBI received such substantial feedback on the February 2026 draft that many key provisions were changed. Rather than finalising without giving stakeholders a chance to review the revised provisions — and particularly the entirely new mobile device restriction mechanism — RBI decided to issue the revised draft for another public comment round. This reflects RBI's commitment to transparent, consultative rule-making.
1C. Nine Sets of Draft Directions — All Regulated Entities Covered
The RBI has issued separate but parallel sets of revised draft directions for each category of regulated entity (RE). The substantive provisions are substantially similar across all — tailored to the specific legislation governing each entity type:
| # | Type of Regulated Entity | Governing Act / RBI Directions |
|---|---|---|
| 1 | Commercial Banks | Banking Regulation Act, 1949 (Sections 21 & 35A) |
| 2 | Small Finance Banks (SFBs) | Banking Regulation Act, 1949 |
| 3 | Local Area Banks (LABs) | Banking Regulation Act, 1949 (Sections 21 & 35A) |
| 4 | Regional Rural Banks (RRBs) | Banking Regulation Act, 1949 (Sections 21 & 35A) |
| 5 | Urban Co-operative Banks (UCBs) | Banking Regulation Act, 1949 / Co-operative Societies Acts |
| 6 | Rural Co-operative Banks (RCBs) | Banking Regulation Act, 1949 / State Co-operative Acts |
| 7 | All India Financial Institutions (AIFIs) | RBI Act, 1934 — Section 45L; RBI (AIFIs — RBC) Directions, 2025 |
| 8 | Non-Banking Financial Companies (NBFCs) | RBI Act, 1934 — Chapter III B; RBI (NBFCs — RBC) Directions, 2025 |
| 9 | Housing Finance Companies (HFCs) | National Housing Bank Act, 1987 (as applicable); RBI (HFCs — RBC) Directions |
📖 Section 2 — Landmark First: Formal Definitions of Recovery Agency and Recovery Agent
One of the most significant aspects of this framework is that RBI has, for the first time in its regulatory history, formally and legally defined the terms "Recovery Agency" and "Recovery Agent." Previously, these terms were used in various guidelines and instructions but without a precise regulatory definition — creating ambiguity about who exactly was regulated and what activities were covered.
📋 Recovery Agency — Defined
An entity engaged by a Regulated Entity (RE) to:
- Recover loan dues from borrowers in cases of default
- Carry out activities related to taking possession of security offered for loans
- May be a company, LLP, sole proprietorship, or partnership firm
👤 Recovery Agent — Defined
An individual who:
- Works for / on behalf of a Recovery Agency or directly for the RE
- Engages directly with borrowers to recover loan dues
- Includes field agents, telecallers, and door-step recovery personnel
- Business Correspondents engaged in recovery activities are also covered
⚠️ Why This Matters: By formally defining these entities, RBI ensures there is no ambiguity about who falls under these regulations. A fintech lender cannot argue that its "collection partner" or "field visit vendor" is not a "recovery agency" to escape compliance obligations. The explicit inclusion of Business Correspondents engaged in recovery is particularly significant — closing a loophole that some lenders were using to conduct recovery through BCs without treating them as regulated recovery agents.
📋 Section 3 — Key Provisions of the Revised Draft Framework
Provision 1 — Mandatory Board-Approved Recovery Policy
Every Regulated Entity must put in place a board-approved written policy on recovery of loans, engagement of recovery agents, and possession of security. The policy must cover:
- Eligibility and due diligence criteria for engaging recovery agencies (financial soundness, legal standing, track record)
- Code of Conduct for recovery agents — mandatory adherence as a condition of engagement
- Monitoring mechanisms — how the RE will oversee agent conduct on an ongoing basis
- Penal action for non-compliant agents — including blacklisting and termination protocols
- Grievance redressal mechanism for borrower complaints against recovery agents
Provision 2 — Mandatory IIBF Certification for All Recovery Agents
No recovery agent can be deployed without completing a certification training programme from the Indian Institute of Banking and Finance (IIBF) or its affiliated institutes. Key requirements:
Training Must Cover:
- Applicable laws and regulations
- Borrower rights and fair treatment norms
- Code of Conduct requirements
- Communication and grievance protocols
RE's Obligations:
- Verify IIBF certification before deployment
- Maintain records of certifications
- Ensure re-training if certification lapses
- Agents must carry certified authorisation during visits
Provision 3 — Public Disclosure of Empanelled Recovery Agencies
All Regulated Entities must publicly disclose details of all empanelled recovery agencies on their:
- Official website — dedicated section for recovery agency list
- Mobile banking app — accessible to borrowers easily
- Branch premises — displayed in customer area
Disclosure must include: agency name, operating regions, tenure of engagement, and contact details for grievance redress. This enables borrowers to verify that a person claiming to be a recovery agent is genuinely authorised by the lender.
Provision 4 — Fair Treatment of Borrowers: What Recovery Agents CANNOT Do
Prohibited Practices:
- Calls at odd hours (outside 8 AM to 7 PM)
- Using abusive, threatening, or harassing language
- Visiting workplace without prior consent
- Contacting or threatening family members (unless guarantors)
- Contacting relatives, friends, or neighbours for recovery
- Public humiliation of any form
- Making calls from private/unregistered numbers
Mandatory Requirements:
- Proper identification to be provided to borrower on contact
- Written authorisation from lender to be carried during visits
- Must disclose purpose of contact clearly
- Must provide lender's grievance contact details
- Privacy and dignity of borrower to be maintained at all times
- Comply with telecom communication guidelines
Provision 5 — Mandatory Call Recording and Documentation
All recovery-related communications must be recorded and documented:
- All telephone calls by recovery agents must be recorded and retained
- Records must be available for inspection by RBI on request
- Call records are a key evidence trail for borrower complaints
- Physical visit records — agent must maintain written log of visits including date, time, location, and outcome
- Retention period for records — as specified in the final directions
Provision 6 — Data Privacy: Minimum Necessary Information to Recovery Agents
Regulated entities can only share minimum necessary information with recovery agents — excessive data sharing is prohibited:
✅ Can Share:
- Borrower name and contact details
- Loan outstanding amount
- Overdue amount and payment history
- Address of borrower / security
❌ Cannot Share:
- Borrower's employer details / workplace
- Contact list from mobile (illegal anyway)
- Details of guarantors beyond name/contact
- Any sensitive personal data beyond recovery need
Recovery agents must maintain strict confidentiality of borrower data — using it only for recovery purposes and deleting it upon conclusion of engagement.
Provision 7 — Due Process in Taking Possession of Secured Assets
For secured loans (home loans, vehicle loans, equipment loans), strict due process is mandated before possession is taken:
- Mandatory prior notice to the borrower before initiating possession proceedings
- Adequate time for borrower to respond / make payment
- Possession must follow applicable legal provisions (SARFAESI, DRT, etc.)
- No forcible or illegal repossession without proper legal authority
- Condition and inventory of asset documented at time of taking possession
- Borrower must be provided receipt/acknowledgement of possession
Provision 8 — Non-Delegable Accountability: REs Are Responsible for Agent Conduct
This is one of the most critical accountability provisions: Regulated Entities cannot use outsourcing/agency as a defence for misconduct. The RE remains fully accountable for all actions of its recovery agents, whether employed directly or through an agency. Any violation by a recovery agent is treated as a violation by the RE itself — attracting regulatory action against the lender, not just the agent.
📱 Section 4 — The Big New Provision: Technology-Based Restriction of Financed Mobile Devices
The single most talked-about addition in the revised draft — absent from the February 2026 version — is the provision enabling lenders to restrict or disable functionalities of a mobile device financed through a loan. This was added based on specific stakeholder feedback, and RBI's decision to formally regulate this practice (rather than let it continue informally and often abusively) is a major policy development.
📌 Context: A 2024 study cited in media reports found that over one‑third of consumer electronics, including smartphones, are purchased on credit or EMIs in India. Several fintech lenders and device‑financing companies had already started locking financed phones on default — often without a clear regulatory framework or borrower protections. This circular brings such practices under a formal, rights‑protective framework.
The Exact Provision — What Is Permitted
RBI's Proposed Direction (Paraphrased)
"A [Regulated Entity] shall not deploy any technology-based mechanism which restricts or disables any of the functionalities of a mobile device of a borrower such as mobile phone, tablet, etc., as a recovery tool, except to recover its loan dues arising out of financing of such a device."
Conditions That Must Be Satisfied Before Device Can Be Restricted
Loan Must Be Specifically for Purchasing the Device
The technology restriction can ONLY be applied if the loan was specifically taken to finance the purchase of that particular device. A lender cannot restrict a borrower's personal phone because that borrower defaulted on a home loan, vehicle loan, or any other credit facility. The loan and the device must be directly linked.
Loan Agreement Must Explicitly Mention the Restriction Possibility
The loan agreement signed by the borrower must explicitly and clearly state that the lender may restrict device functionalities in case of default. This must include: the specific functionalities that may be restricted, the conditions for restriction, timelines for payment before restriction, the escalation stages, and the grievance redress mechanism available to the borrower. Buried fine print does not suffice — the provision must be prominent and understood.
Staged Notice Process Before Restriction — 90-Day Minimum
Restrictions can only be imposed after a graduated, staged notice process — and only when the loan is 90 or more days past due:
Notice 1: Issued at 60 days past due → borrower given 21 days to repay / cure default
Notice 2: Issued after Notice 1 deadline → borrower given at least 7 more days
Restriction: Can only be imposed after 90 days past due and only after both notices have been issued and time given
Graduated Approach — Not Total Lockout
The restriction must follow a graduated approach, not an immediate total lockout of all device functions. Specific functionalities are restricted progressively. Essential services — such as internet access, incoming calls, emergency SOS features and crucial government or public‑safety alerts — must always remain available. The provision does not permit lenders to brick a device entirely; it only permits selective restriction of non‑essential functions.
Immediate Restoration on Payment
Upon repayment of overdue amounts, the lender must immediately restore all restricted functionalities. Delay in restoration after payment would be a regulatory violation. The borrower must also be provided a grievance redress mechanism specifically for wrongful or improper device restriction.
⚠️ Important Limitation — Cannot Restrict Other Loans' Borrowers
The draft explicitly states: "A [Regulated Entity] shall not deploy any technology-based mechanism which restricts or disables any of the functionalities of a mobile device of a borrower... except to recover its loan dues arising out from financing of such a device." This means a bank cannot use device restriction for a personal loan, home loan, auto loan, or any credit product other than the specific device financing loan. This is a critical limitation that prevents device restriction from becoming a general coercive recovery tool.
Visual Summary — Mobile Device Restriction Decision Flow
(home loan, personal loan, etc.)
Use other legal recovery methods
AND loan agreement mentions restriction
🔄 Section 5 — What Changed from the February 2026 Draft?
| Aspect | 🔴 February 2026 Draft | 🟢 May 2026 Revised Draft |
|---|---|---|
| Mobile Device Restriction | Not mentioned — no provision on technology-based device restriction | NEW — Explicitly enabled with strict safeguards (consent, staged notice, 90-day threshold, graduated approach) |
| Proposed Effective Date | July 1, 2026 (for most entities) | October 1, 2026 (deferred — more time for implementation) |
| Many Key Provisions | Original wording — now revised substantially based on feedback | Multiple provisions amended — accepted stakeholder feedback incorporated into revised draft |
| Business Correspondents | Coverage ambiguous for BCs doing recovery | Explicitly included — BCs engaged in recovery activities are covered under framework |
| Formal Definitions | First-time formal definitions proposed for Recovery Agency and Recovery Agent | Definitions retained and clarified based on feedback |
| Consultation Stage | Round 1 — comments by March 2026 | Round 2 — comments by May 31, 2026 |
⚖️ What Does Not Change (Yet)?
These are still draft Amendment Directions. Until the final directions are notified and become effective from 1 October 2026, the existing RBI circulars and responsible business conduct directions on recovery agents continue to apply as they stand today.
The revised draft framework is best read as an upcoming overarching, harmonised replacement for the current scattered instructions (including the long‑standing 2007 recovery agent guidelines and subsequent fair‑practices / responsible‑conduct updates), rather than something that has already overridden them.
📊 Section 6 — Impact Analysis: Who Is Affected and How
🏦 Regulated Entities (Banks, NBFCs, HFCs)
- Must establish board-approved recovery policy by Oct 1, 2026
- Overhaul agent empanelment — verify IIBF certification before deployment
- Update website, app, and branches with recovery agency disclosure
- Review all loan agreements for device financing to include device restriction clause if desired
- Build call recording systems for recovery agent communications
- Establish dedicated borrower grievance mechanism for recovery complaints
- Bear full liability for agent misconduct — cannot outsource accountability
👥 Borrowers / Customers
- Strong protection from harassment — prohibited call timings, no family contact
- Can verify agent identity and authorisation — public disclosure of agencies
- Call recordings — evidentiary protection for borrower complaints
- Clear grievance redress — dedicated mechanism for recovery complaints
- Device restriction — only if specifically agreed in loan contract for financed device
- 90-day notice period and graduated restriction before device lockout
- Immediate restoration of device on payment
🏢 Recovery Agencies and Agents
- Must obtain IIBF certification — significant capacity upgrade required
- Strict Code of Conduct — non-compliance leads to blacklisting
- All calls must be recorded — infrastructure investment needed
- Cannot contact borrower relatives/friends without authorisation
- Must carry and show written authorisation during visits
- Formal industry legitimisation — first time recovery agents get a defined regulatory status
📱 Device Financing Fintechs / NBFCs
- Existing device-locking practices now under regulatory oversight — cannot operate ad hoc
- Must update loan agreements to include explicit device restriction clause
- Must implement staged notice process before restriction
- Cannot use device restriction as first resort — only after 90 days overdue and notices given
- Must provide immediate restoration on payment — build tech capability accordingly
- Regulatory framework creates clarity but also accountability for misuse
⚖️ CS / Compliance Officers of Regulated Entities — Action Points
Before Oct 1, 2026:
- Draft board-approved recovery policy for Board approval
- Audit all existing recovery agency agreements
- Verify IIBF certification status of all empanelled agents
- Update website, app, and branch displays
- Build call recording infrastructure for recovery communications
Also Required:
- File comment with RBI on this revised draft if your institution has specific operational concerns — by May 31, 2026
- Review all device financing loan agreements — add explicit restriction clause if desired
- Build tech capability for graduated device restriction and restoration
- Establish dedicated borrower grievance mechanism for recovery complaints
📝 Conclusion
Bottom Line
RBI's May 2026 revised draft directions on loan recovery represent India's most comprehensive overhaul of loan recovery regulation in decades — and the mobile device restriction provision makes it among the most progressive in the world.
🛡️
Borrower protection is the centrepiece — no harassment, no odd-hour calls, no family contact, mandatory IIBF agents
📱
Device financing recovery is formally regulated — lenders can restrict financed phones only with consent, notice, and graduated approach
⚖️
Accountability is non-delegable — REs are responsible for every action of their recovery agents, period
Submit comments via 'Connect 2 Regulate' at rbi.org.in or email [email protected] before May 31, 2026. The framework takes effect October 1, 2026 — compliance teams across all 9 RE categories must begin preparation immediately.
❓ Frequently Asked Questions
Source: RBI Press Release 2026-2027/298 dated May 20, 2026 — RBI Issues Revised Draft Amendment Directions on 'Conduct of Regulated Entities in Recovery of Loans and Engagement of Recovery Agents'. Available at rbi.org.in. Additional reporting sourced from Inc42 and Deccan Chronicle (May 20, 2026) and TaxGuru analysis of February 2026 draft directions. For more regulatory updates, visit corplawupdates.in. This article is for informational and educational purposes only and does not constitute legal advice.
