That "Free" Insurance You Never Asked For? The RBI Just Called It Out.

You're applying for a personal loan on your bank's app. You put in your details, add your documents, and just before you're about to confirm, you see it. A box, already checked. Travel insurance, added to your loan by default. ₹3,000 extra. You uncheck it, but you're unable to. You call their customer care, and they tell you it's mandatory. It's not.

This isn't an error or a mistake. This is a design decision. And it's called a dark pattern.

What Is a Dark Pattern?

A dark pattern is when an app or a website is intentionally built to trick you into doing something you didn’t mean to do, or didn’t realize you were agreeing to. It’s not a bug. It’s not an error. It’s a feature. And it’s a feature built to serve the company, not you. When you’re using a financial app, a dark pattern might look like:

• A loan offer that’s perfect except for the processing fee you didn’t see until the very end

• A countdown timer that yells at you: "Offer expires in 12 minutes!" but resets every time you refresh the page

• A subscription that takes 10 seconds to sign up for, but 3 phone calls to cancel

• An app that wants access to your contacts, location, and camera just to check your credit score

The Central Consumer Protection Authority (CCPA) codified this in 2023 by naming and defining 13 types of dark patterns.

But India's financial sector continued to evolve.

Until now.

The RBI Steps In

In February 2026, the Reserve Bank of India issued a set of binding directions in the Draft Responsible Business Conduct Amendment Directions, 2026, which for the first time explicitly prohibited dark patterns in all banks, NBFCs, and All-India Financial Institutions (AIFIs). The RBI Digital Lending Directions, 2025 is already in force from May 8, 2025, which means digital lenders and loan service providers are already legally bound by these Directions. The Responsible Business Conduct Amendment Directions, 2026 is currently in the public comment phase once finalized and notified, these Directions will have the same legal sanctity as above applicable to all banks, NBFCs, and AIFIs with a proposed effective date of July 1, 2026. 

This was no accident. A survey of over 1,61,000 people in 388 districts of India corroborated what most of us already suspected: there is a high incidence of deceptive design in financial apps, and consumers are paying the price. This is part of the global regulatory landscape. In the US, the FTC (Federal Trade Commission) has brought several cases under its Section 5 authority, which prohibits unfair and deceptive acts and practices. It recently brought cases against Amazon and Adobe. In the European Union, the Digital Services Act includes Article 25, which bans deceptive design patterns on all online platforms. It came into effect in February 2024. Even in India, dark patterns were already actionable under Section 2(47) of the Consumer Protection Act, 2019, as 'unfair trade practices,' which is being enforced by the CCPA. It had notified 13 dark patterns in November 2023. Now, the RBI directions impose this obligation on the financial sector.

The directions have proposed a hard deadline of July 1, 2026. Non-compliance may trigger monetary penalties, restrictions on business operations, and supervisory action under the RBI Act, 1934 and Banking Regulation Act, 1949. This can include monetary penalties, imposition of business restrictions, and direct supervisory action, which can even extend to the suspension of operations.

Along with this, the RBI Digital Lending Directions, 2025, which is already in effect from May 8, 2025, had already set a line for digital lenders and loan service providers, banning "bait and switch," "hidden terms," and "false urgency" in the lending space.

Both of these regulations send a clear message: manipulative design in financial services is no longer a gray area.

What Exactly Is Being Banned?

The RBI's directions ban eight different dark patterns in financial apps:

What This Means If You're in Financial Services

If you're a bank, NBFC, digital lender, or fintech, this is what's now required of you:

Non-compliance isn't just a regulatory risk, it means mandatory refunds, forced product cancellations, and direct action from the RBI. Companies will need to maintain auditable logs of user consent, UI versions, and customer journeys to demonstrate compliance during regulatory inspections.” This implies that compliance cannot live solely in legal; it has to be built into  product, engineering, and ops from the very start.

Why This Matters Beyond Compliance

Here’s the larger context. There are over 500 million active internet users in India. A growing percentage of these are managing their loans, insurance, investments, and savings entirely on their phones. Many are first-time users of formal financial services.

In this context, dark patterns are not merely inconvenient. They are also damaging to trust. They are nudging people towards financial products they do not need, at costs they never agreed to, with exit options they cannot find. This is a significant issue for a nation that wants to improve financial inclusion.

The RBI’s move is not merely regulatory. It’s a declaration that digital trust is now a compliance requirement, not a brand attribute you can opt in or out of.

The Takeaway

The odds are good that if you've ever felt duped by a financial app, well, you probably were. And if you're a financial app developer or operator, then guess what?

July 2026 is just around the corner. And what matters most is that your customers have been waiting long enough.

Sources: RBI Draft Responsible Business Conduct Amendment Directions, 2026 | RBI Digital Lending Directions, 2025 | CCPA Guidelines on Dark Patterns, 2023