HomeNewsGuidesReadsPodcastsTRANSFIN. EOD
  1. News
  2. Explained

The RBI's New Rules on E-Mandates for Recurring Payments, Explained

Mar 31, 2021 2:34 PM 5 min read

A new fiscal year was not the only thing scheduled to kick in from tomorrow.

Starting April 1st 2021, the RBI's new rules regarding e-mandates for recurring payments from credit and debit cards were supposed to go into effect. But with banks unprepared and customers and merchants wary of imminent disruptions, the Central Bank postponed the deadline to September 30th 2021, post which the new rules will go into effect.

What is an E-Mandate for Recurring Payments?

An e-mandate is basically a bank customer’s approval to automatically debit a certain amount periodically from their accounts to pay for subscription-based services such as OTT streaming, phone recharge, article access on news websites or utility bill payments.

As a digital payments service, e-mandates were initiated by the RBI and the National Payments Corporation of India (NPCI) and they provide the underlying infrastructure for recurring payments between consumers and merchants via banks without human interference.

As such, they are the basis of the subscription economy. This has been blossoming of late thanks to the rise of paywalls on content platforms and consumer-oriented services like Netflix, Amazon Prime, Spotify, Slack etc. Among B2B establishments, however, subscription models have been the norm for some time now. Microsoft Azure, Google, Amazon Web Services, Adobe: these are some services that businesses find imperative - and pay for on an auto-renewal and auto-debit basis.


Pros and Cons of E-Mandates

The lure of recurring billing is obvious. For consumers, it offers a convenient way to make regular payments, which usually come with discounted plans. For merchants, it means a steady flow of income and higher chances of customer acquisition and retention.

But there are also risks involved, mainly for the consumer. Imagine you sign up to an app or platform just to use it for a day, read one article or watch one movie. You buy yourself an auto-renewing subscription by entering your card details and the OTP, and you make a mental note to cancel it before the next payment is due. But it slips your mind, and before you know it you have paid for the service a second time even though you barely used it. 


What are the RBI’s New Rules?

The Central Bank took cognisance of these loopholes and in August 2019 sought to fix them. In a notification, the regulator announced that as “a risk mitigant and customer facilitation measure”:

  • Banks would be required to send a pre-transaction notification (by SMS/email) to the cardholder at least 24 hours prior to the auto-debit transaction. (Presently, amounts are automatically debited with the customer being intimated of the same post-debit.)
  • This notification should have details about the name of the merchant, transaction amount, date/time of debit and reference number of e-mandate.
  • The cardholder should also be provided with the facility to opt-out of that particular e-mandate.
  • The RBI has also stipulated that there needs to be a fixed validity period for an e-mandate i.e. It cannot go on in perpetuity.

Therefore, under the new rules, recurring transactions would no longer be automatic - they would require authentication from customers. Furthermore, for transactions above ₹5,000 ($68.27), banks would have to provide an Additional Factor of Authentication (AFA) such an OTP every time an auto-debit comes up.


Trouble in Regulatory Paradise

On the surface, the changes seem simple. It’s all a matter of a text message intimating customers of an impending transaction, right?

But we’re talking about a massive ₹2,000cr ($273m)/month business. There are a lot of moving pieces involved. For starters, the new regulations would mean banks would have to learn the details of customers’ subscription packages so as to notify them of the same pre-debit. (Some private banks are working on a system called the “Standing Instructions Hub” to enable a common platform for the requisite infrastructure.)

FYI: Banks’ unreadiness could play to the benefit of one company - payments processing company BillDesk. Specifically, its Standing Instruction (SI Hub) platform, which it built last year in association with Visa. As a processing platform for recurring payments, SI Hub could be set for a virtual monopoly for the near-term as no other player has its level of infrastructure or sophistication. Nearly all leading banks, including HDFC Bank, ICICI Bank, Axis Bank and SBI, are in the process of enrolling on BillDesk’s platform.

Many had hoped for an extension by the RBI. The Payments Council of India said a one-month relaxation might be needed for a smooth transition. The Internet and Mobile Association of India (IAMAI) had requested for three-six months more for non-banking entities to comply with the norms. However, given that the Central Bank didn't seem willing to budge and with the new rules slated for imposition tomorrow, some level of disruption for consumers, merchants and banks was widely expected to be in the offing.

Though the rules were first notified in August 2019, banks dragged their feet in preparing for the overhaul. Therefore, you could have expected your periodic auto-debit payments to Hotstar, Airtel or your insurance provider to be affected in the near-term.

Faced with steep  fines of up to ₹5L ($6,827) per instance of lapse, lenders had hastily moved to temporarily suspend the facility of auto-debit of funds from cards altogether. Many banks sent out emails or text messages to customers informing them that any standing instruction for recurring transactions will not be approved beginning tomorrow. That instead, the payments would have to be done manually by the customers for the time being.

But D-Day was postponed by the RBI at the eleventh hour by six months. The regulator was visibly not happy doing this, releasing a statement late evening today saying the "non-compliance is noted with serious concern and will be dealt with separately" and warning "stringent action" if there was more delay.

PS: International regulations on subscription auto-renewals vary by region. In California, businesses are prohibited by law from charging a consumer’s credit or debit card for an automatic renewal or continuous service without obtaining the customer’s prior consent. In the European Economic Area (EEA), while a strict three-tier authentication process is provided for the initial setup, such facilities don't exist for recurring payments of the same amount.

PPS: Banks, merchants and consumers will face another major overhaul later this July. The RBI had earlier issued new rules saying online merchants will no longer be allowed to store card details. This means you will no longer be able to make a payment by just entering your CVV code. Instead, you’d have to enter your name, card number and expiry date every time you make a transaction. The Central Bank says this is necessary to curb fraud and ensure data privacy. But critics worry that it will make digital transactions tedious. Either way, one can only hope that banks are better prepared for this transition in July than they are for what awaits us tomorrow!


The cut-throat world of Business and Finance means that there is fresh News everyday. But don't worry, we got you. Subscribe to TRANSFIN. E-O-D and get commentaries like the one above straight to your inbox.