RBI Bans Dark Patterns in Banking Apps: What It Means for Consumers and Fintechs
India’s RBI is cracking down on dark patterns in digital banking. From hidden fees to manipulative consent flows, the new 2026 regulations force banks and NBFCs to prioritize transparency, fairness, and user trust over conversion-driven design.
This article has been contributed by Hitesh Agrawal, Founder & Managing Director, Them Consulting
India’s digital banking boom has transformed how millions access financial services, but it has also exposed users to manipulative interface practices hidden behind sleek app designs. The scale of the issue is hard to ignore.
A 2026 LocalCircles survey of 141,000 respondents across 386 districts found that 63% of banking users faced drip pricing, 61% experienced basket sneaking, 68% were trapped in difficult subscription cancellation flows, and 82% encountered interface interference nudging them toward unwanted financial products.
At the same time, India’s digital payments ecosystem continues to grow at breakneck speed, with UPI processing over 228 billion transactions in 2025, while 45% of transaction volume now comes from Tier 2 and Tier 3 cities.
Against this backdrop, the Reserve Bank of India’s July 2026 dark pattern regulations represent a defining shift in how digital financial products will be designed, distributed, and governed.
Why RBI Has Stepped In to Regulate Dark Patterns
The Reserve Bank of India has had enough.
For years, India's digital banking ecosystem chased one thing: growth. Fast onboarding. More conversion. More engagement. Underneath that race, a quiet layer of design was growing too: interfaces that did not just direct behavior but manipulated it.
In February 2026, the RBI issued draft directions that, from July 1, will require every commercial bank to strip those patterns from its digital products. This is not a design guideline. It is a regulatory intervention.
The Growing Scale of Manipulative Design in Indian Banking
The scale of what has been built is significant. A LocalCircles survey (April 2026, 141,000 respondents across 386 districts) found that 63% of banking users have been subjected to drip pricing: fees that only become apparent after a transaction is agreed. A further 61% experienced basket sneaking, where additional products were added to their transaction without clear consent. The same survey found 68% trapped in subscription flows that were easy to enter and difficult to exit, and 82% subjected to interface interference that nudged them toward unsolicited products. These patterns did not emerge from malice.
They emerged from the relentless pressure of conversion metrics, growth targets, and product roadmaps optimized for short-term revenue. Having worked at the intersection of design and financial services for years, I have seen how quickly a well-intentioned UX decision, a default setting here, a recommended label there, can tip into something that works against the customer. The RBI has now drawn a clear line.
RBI’s 2026 Draft Directions: What the Regulation Says
In February 2026, the Reserve Bank of India issued the Draft (Commercial Banks – Responsible Business Conduct) Amendment Directions, 2026, under Section 35A of the Banking Regulation Act. The message is clear: by July 1, 2026, remove dark patterns from your apps and websites, or risk regulatory consequences. Parallel draft directions with identical obligations have been issued to NBFCs simultaneously, applying the same consent architecture across the full ecosystem of digital financial product distribution.
The RBI had already issued a third amendment to the framework by March, reflecting the regulator’s sustained focus on digital consumer protection across multiple fronts.
This is not a design rule. This is a structural intervention in the distribution of financial products in India.
What Exactly Is Being Banned
The RBI's list reads like a feature audit of every banking app most of us have used. Pre-ticked boxes for insurance add-ons on loan applications: prohibited.
Bundling of credit shields, health covers, or subscription products without individual, documented consent: prohibited.
Fake urgency prompts like "pre-approved loan at 10.5%…offer expires today", designed to push a decision before the user has thought it through, are prohibited.
Roach motel flows, where signing up takes three taps but canceling takes a phone call, a written request, and three business days: prohibited.
The RBI also specifically targets basket sneaking, the practice of pre-selecting insurance or fee-bearing add-ons along with a loan disbursement, and nagging, the persistent pop-ups that badger users into accepting services they have already declined.
The list of prohibited practices includes trick questions, confusing opt-in language, and misleading “recommended” labels on higher-cost products.
Why This Matters for India’s Digital Finance Users
Each one of these may seem like a small inconvenience. At scale, these practices compound into something far more damaging: systematically misinformed financial behavior among the 500 million active UPI users, millions of first-time credit applicants, and a growing digital banking base with a double-digit growth rate.
Regulators around the world have rarely had to deal with an ecosystem for digital finance scaling at the speed that India’s has. In 2025, UPI processed over 228 billion transactions, which is about 625 million payments a day. But that growth has revealed an uncomfortable truth: the fastest-growing user group is also the most vulnerable.
Today, over 45% of UPI transaction volume comes from Tier 2 and Tier 3 cities, a share that has grown sharply over the past three years (NPCI, March 2026). These are people who are new to digital finance, using banking apps in low-bandwidth environments, often in regional languages, relying on visual cues rather than fine print.
A confusing button is not an inconvenience to this user; it is a trap. A pre-ticked box on a ₹2 lakh loan application could mean paying ₹8,000 more in insurance premiums over the loan tenure.
India’s Shift Toward Consent-First Design
Regulators around the world reached this conclusion earlier. Since 2022-23, manipulative interface design has been officially recognized as a consumer protection issue under the EU’s Digital Services Act and the FTC guidelines in the United States. India’s central bank, the Reserve Bank of India, has now adopted that stance, making the philosophical shift explicit: from conversion-first to consent-first design.
These directions are not an exercise in cosmetics. We have to rethink the way products are built and sold through digital channels.
The New Compliance Requirements for Banks and NBFCs
Today, banks need to get explicit, documented consent before offering any product, not some buried clause in a 47-page terms document, but a clear, stand-alone opt-in. They should conduct suitability checks before recommending financial products online. Dark pattern design leading to wrongful sales will be subject to mandatory full refunds and compensation. Importantly, the scope of the framework goes beyond the banks themselves to include direct selling agents and direct marketing agents that operate through banking app surfaces.
These directions are not an exercise in cosmetics. They are a rethink of how digital financial products are built, sold, and governed.
The Real Work Begins for Product and Design Teams
For product and digital teams at banks, this is where the real work begins, and it is more complex than a compliance checklist suggests. Onboarding flows built to maximize completion rates will need to be rebuilt around comprehension.
That is a different design objective entirely. It means fewer steps that rely on inertia, more screens that pause and confirm, and consent language written for a first-time borrower in Tier 3, not a compliance officer in Mumbai. Default settings across lending, insurance, and payments journeys will need to be audited and, in many cases, reset to neutral.
Every pre-selected option that has been quietly driving attach rates will now require an active, documented user choice. Exit flows (cancellation journeys, opt-out paths, subscription termination screens) will need to be as visible and as simple as the entry flows that preceded them. This is not just a design change. It is a product architecture change.
And the scope extends beyond banks to Direct Selling Agents and Direct Marketing Agents operating on their digital surfaces, and to third-party intermediaries whose flows have historically sat outside the design governance of the banks they represent.
The Revenue Question Product Leaders Are Asking
The most common concern I hear from product leaders when this topic comes up is straightforward: “Our attach rates will drop. Our cross-sell numbers will fall. How do we make up the revenue?” It is a fair question. But a conversion you had to manipulate someone into is not a customer you have won.
People who know what they’re signing up for really stay longer, buy more products, and refer more actively. Misaligned expectations destroy growth. When a user realizes three months later that they have been paying for unwanted insurance, it can lead to the worst possible outcomes: a complaint, customer churn, a viral social media post, and a regulatory inquiry. The expense of this cycle will far outweigh any short-term conversion lift you might get from a pre-ticked checkbox.
RBI is not asking banks to grow more slowly. It requires them to be more honest.
Why Trust Is India’s Most Critical Financial Asset
India has developed one of the world’s most sophisticated digital finance infrastructures. The NPCI stack. The UPI interoperability layer. The account aggregator framework. These are real engineering feats that the world is studying and copying.
But infrastructure without accountability will eventually erode trust. And trust, once lost at scale, is extremely difficult to rebuild.
The RBI’s move on dark patterns is an acknowledgment of what should have been obvious all along: in financial systems, the interface is the product. The wording of a consent screen, the disclosure of a fee, and the design of an opt-out are not aesthetic choices. These are decisions with real financial consequences for real people.
July 2026: A Turning Point for Digital Banking
India’s digital finance ecosystem is at a critical juncture. The first phase was about access, i.e., getting hundreds of millions of people onto digital platforms. The next step must be accountability for ensuring these platforms deliver the same level of fairness and transparency to every user, in Gurugram or Gorakhpur.
The July 2026 deadline is more than a compliance milestone. For banks and NBFCs, it is perhaps the clearest signal regulators have sent in years: the era of conversion-first design in financial services is over. The organizations that treat this as a design reset rather than a compliance checklist will build something their competitors cannot easily copy, customer relationships built on transparency rather than inertia.
The Strategic Question for CXOs and Product Leaders
For CXOs, the strategic question is whether this becomes a deadline you meet or an opportunity you use. For product and design leaders, the operational question is where to start. I would like to hear from both: how is your organization approaching July 2026?
Sanvi Barjatya
