Banking & Finance Guide 2025: India

The Reserve Bank of India (RBI) is the primary regulator and key source of banking and finance laws in the country. The RBI was established by, and has been empowered under, the Reserve Bank of India Act, 1934 (the RBI Act) to regulate Indian banks and non-banking financial companies (NBFCs).

The RBI derives its powers from two principal pieces of legislation: the RBI Act and the Banking Regulation Act, 1949 (the BR Act). In consultation with the central government, the RBI prescribes regulations to govern financial institutions in India.

Banking units operating in the International Financial Services Centre in GIFT City, Gujarat, are regulated by the International Financial Services Centres Authority (IFSCA), which is also the primary source of laws for such banking units.

Where the banks or financial institutions are listed, they are also required to comply with the regulations issued by the Indian securities regulator, the Securities and Exchange Board of India (SEBI).

The RBI has implemented the Basel III capital regulations. Banks have to comply with the regulatory limits and requirements prescribed thereunder, on an ongoing basis.

The RBI sets forth a minimum capital adequacy ratio, which is the ratio of capital funds to risk-weighted assets expressed in percentage terms that banks in India are required to maintain. Presently, the minimum capital adequacy ratio for banks is 9%.

Banks in India are required to maintain a daily average balance with the RBI known as the cash reserve ratio (CRR). Banks in India are currently required to maintain a CRR of 4%, which is being transitioned to 3%.

The RBI also requires banks to maintain a statutory liquidity ratio (SLR), which is the amount that banks are required to maintain in cash, gold, or approved securities. The SLR is determined as a percentage of the total demand and time liabilities. At present, banks are required to maintain a minimum SLR of 18%, which may be raised by the RBI to 40%.

In addition to the above, banks are required to maintain a liquidity coverage ratio of 100% and a net stable funding ratio of 100%, in accordance with the RBI guidelines.

Similarly, the RBI has prescribed prudential guidelines for NBFCs under the Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023 (the NBFC Framework). The key parameters include maintaining minimum capital and liquidity coverage ratios, and not exceeding a leverage ratio.

The RBI has issued various guidelines concerning the conduct of banks/financial institutions with their customers. These include regulatory instructions governing customer interactions, guidelines on fair treatment, and service standards.

The RBI’s Fair Practices Code provides for the basic framework pursuant to which banks and financial institutions must lend to their customers. The RBI has also prescribed know-your-customer (KYC) guidelines and data protection norms, which ensure that banks and financial institutions handle customer information confidentially and prevent the misuse of financial services.

Additionally, the RBI’s Integrated Ombudsman Scheme provides a mechanism for consumer grievance redressal and allows customers to escalate complaints where the internal processes of financial institutions fail to adequately address service deficiencies. Furthermore, the Consumer Protection Act, 2019 includes banking and financial services within its ambit, allowing customers to seek remedies for deficiencies or unfair practices.

The RBI is a very dynamic regulator. It regularly updates and supplements the legal framework to adopt best practices for a resilient economy. Some of the key changes are set out below.

The RBI had identified risks in digital lending such as mis-selling, data breaches, high interest rates, and unfair recovery practices, and recently introduced the Reserve Bank of India (Digital Lending) Directions, 2025. These directions consolidate all the applicable guidelines, introduce stricter norms for lending service providers, and mandate a public directory of digital lending applications.

The Reserve Bank of India (Project Finance) Directions, 2025 have also been introduced to establish a harmonised framework for financing infrastructure and non-infrastructure projects, including commercial real estate. The directions also revise the regulatory treatment of changes in the date of commencement of commercial operations, reflecting a review of existing norms and inherent project finance risks.

The RBI has also produced discussion papers on various subjects, including guarantees by persons resident in India on behalf of a person resident outside India, stressed assets securitisation, and foreign trade. An update on the rules governing these topics is expected soon.

To secure a banking licence from the RBI (which is mandatory under the BR Act to conduct banking and financial business), entities and promoters must meet the RBI’s robust conditions, including regarding capital adequacy, governance, promoter credibility, and organisational structure norms.

The key licences that the RBI issues are:

• Universal bank licences for full-service banking;

• Differentiated bank licences (e.g., small finance banks, payment banks, cooperative banks, regional rural banks) tailored to niche or segment-specific operations; and

• A licence to operate as an NBFC.

Entities engaged in foreign exchange or cross-border transactions must additionally obtain an authorised dealer licence under the Foreign Exchange Management Act, 1999 (FEMA).

The licensing process is governed by the RBI’s On-Tap Licensing Guidelines (for universal banks, small finance banks, and payment banks). The process overview is set out below:

• Submission of application – applicants should file the prescribed application forms along with supporting documents (including a business plan, promoter details, financial projections, and information on the corporate structure) through the RBI’s PRAVAAH (Platform for Regulatory Application, Validation, and Authorisation) portal, effective May 1 2025.

• Examination of applications:

  • The RBI conducts an initial screening for eligibility, including fit-and-proper criteria for promoters, capital adequacy, and compliance with sector-specific norms; and

  • If the initial scrutiny is cleared, then the RBI evaluates the application in consultation with the Standing External Advisory Committee, which reviews promoter credentials, financial soundness, governance structure, and business viability.

• Grant of approval:

  • The RBI issues an in-principle approval if the requirements to issue the licence are satisfied in its discretion. During the validity of the in-principle approval, the applicant must comply with certain conditions (regarding capital raising, board constitution, IT systems, branch infrastructure, etc.).

  • Upon satisfactory compliance, a final licence is granted.

The licensing requirements for NBFCs, which are less rigorous than those for banks, are set out in the NBFC Framework.

The RBI has not prescribed a timeline within which it will grant licences. Based on past practice, in-principle approvals are generally issued within two to eight months of application, depending on the nature and complexity of the licence.

Foreign investment in Indian banks and financial institutions is governed jointly by the FDI Policy of the government of India (issued by the Department for Promotion of Industry and Internal Trade, Ministry of Commerce & Industry) and the RBI’s licensing/ownership guidelines.

Foreign ownership in Indian private sector banks is permitted up to 74% (with approval required beyond 49%). Foreign direct investment (FDI) in public sector banks is capped at 20%. FDI of 100% is permitted in NBFCs.

Foreign banks can establish operations in India by incorporating a wholly owned subsidiary, or establishing a branch or liaison office. They are required to comply with fit-and-proper criteria and other conditions prescribed by the RBI.

Offshore banks and financial institutions that do not have a presence in India are not permitted to operate in India on a cross-border basis. However, foreign banks can offer specific banking products (such as external commercial borrowing and trade credits) to an Indian company in accordance with the FEMA.

Transactions between a person resident in India and a person resident outside India are regulated under FEMA and the rules and regulations framed thereunder. FEMA regulates inbound and outbound transactions.

The key frameworks are:

• The Foreign Exchange Management (Borrowing and Lending) Regulations, 2018 concern cross-border borrowing and lending by Indian entities;

• The Direction on External Commercial Borrowings regulate financing raised by Indian companies from offshore entities;

• The regulations on overseas investment cover outbound investments by Indian entities in foreign entities and any financial commitment undertaken by Indian entities on behalf of their overseas subsidiary; and

• The Foreign Exchange Management (Non-Debt Instruments) Rules, 2019 regulate investments by offshore entities in Indian companies.

The reporting requirements for cross-border transactions have been consolidated in the RBI’s Master Direction – Reporting under Foreign Exchange Management Act, 1999. Typically, all remittances, foreign and overseas investments, and borrowings are required to be reported in the manner and form prescribed therein.

India has created a number of regulatory frameworks to make international payments and banking easier, the most important of which concern:

• Bilateral currency swap agreements – to settle trade transactions in local currencies, India has signed currency swap agreements with a number of central banks, including those of Russia and Japan.

• Cross-border payments – the RBI and NPCI International Payments Limited, a wholly owned subsidiary of the National Payments Corporation of India, have entered into various bilateral payment system frameworks with certain countries (such as the UAE, Bhutan, Nepal, Sri Lanka, and France). These arrangements allow interconnection of India’s unified payment interface with foreign payment systems.

• The International Financial Services Centre in GIFT City – entities set up in the designated offshore jurisdiction in GIFT City enjoy a liberalised regime for cross-border financial services, including offshore banking, aircraft/ship leasing, capital markets, and fintech.

Foreign banks and financial institutions establishing their business are required to comply with all the applicable RBI requirements. Some noteworthy compliances are:

• Approvals – RBI approval is required under the BR Act to operate in India, as discussed in 2 above;

• FDI restrictions – cross-border ownership of banks is regulated under FEMA, as discussed in 2.3;

• Prudential requirements – foreign banks are required to comply with strict prudential norms, as discussed in 1.2;

• Localisation of data – the RBI requires that all payment system data be stored in India and mandates compliance with IT/cybersecurity norms; and

• Priority sector lending – foreign banks are required to allocate credit to certain vital sectors stipulated by the RBI.

The following is recommended for in-house counsel in terms of managing cross-border operations:

• Guidance on new products and services – any new product or service proposed to be launched by a bank should be thoroughly analysed to ensure compliance with the RBI requirements. In case of any ambiguity in law, these should be discussed with the RBI with support from external counsel.

• Track regulatory changes – in-house counsel should track changes from regulators closely. Changes may impact existing documentation and the products offered.

• Involvement – in-house teams should engage with regulators and industry associations. This will help in clarifying expectations and anticipating policy changes.

The commonly used security interests are as follows:

• Immovable property – security over immovable property is created in the form of a mortgage. The common forms of mortgage are an English mortgage (a registered mortgage) and an equitable mortgage (a mortgage created by depositing the title deeds).

• Shares and other securities – security over shares and other securities is created by way of a pledge. A pledge on dematerialised securities is created electronically in the depository system.

• Movable property – movable property, including receivables, is secured by way of hypothecation, which is a contractual security interest in the nature of a charge.

The following are important public registries:

• Land registries – a mortgage on immovable property (other than equitable mortgages in certain states) is required to be registered with the relevant sub-registrar of assurances;

• Central Registry – Indian banks/financial institutions are required to register certain security interests with CERSAI (the Central Registry of Securitisation Asset Reconstruction and Security Interest);

• The Registrar of Companies (ROC) – any security interest created by a company or a limited liability partnership is required to be filed with the ROC;

• Information utilities (IUs) – in accordance with the Insolvency and Bankruptcy Code, 2016 (IBC), lenders have the option to register their security interest with an IU; and

• Other assets – ships, aircraft, and intellectual property security must be registered with the appropriate government agency that oversees them.

Mostly, particulars of charges are required to be filed electronically. Searches can be conducted with CERSAI, the ROC, and land registries upon the payment of certain fees.

Fintech businesses may be subject to multiple laws, directions, and sector-specific guidelines. The Payment and Settlement Systems Act, 2007 is the primary law regulating fintechs involved with payments.

The various RBI guidelines regulating fintech businesses include directions on prepaid payment instruments, payment aggregators, digital lending, and peer-to-peer lending platforms. Based on the services offered, entities providing fintech services are required to obtain relevant licences. The entities are also required to comply with any applicable data protection laws.

Indian regulators have been proactive in providing an innovation-friendly environment to the fintech sector.

The RBI has introduced the Enabling Framework for Regulatory Sandbox. The framework allows fintechs to test innovative services or business models with regulatory oversight in a controlled environment. The RBI has also set up the Reserve Bank Innovation Hub, which, among others, supports innovation in the financial sector and improving digital infrastructure.

SEBI and IFSCA have also introduced sandboxes for testing innovation in securities market and financial products, respectively.

The RBI has stipulated a robust framework for onboarding digital customers. The RBI’s Master Direction on KYC prescribes norms for digital customer due diligence such as secure applications, live photographs, one-time password authentication, and authorised official oversight. The guidelines also provide provisions for non-face-to-face (digital) onboarding.

Compliance with the applicable data protection, cybersecurity, and money laundering legislation is also required.

Currently, there is no dedicated cryptocurrency regulation in India. Cryptocurrencies, tokens, and stablecoins are not recognised as legal tender.

ESG-related disclosures and compliance are evolving steadily in India. The legal milestones include:

• Corporate social responsibility – the Companies Act, 2013 mandates spending on ESG activity for companies that meet specified thresholds and disclosures of such ESG activities;

• Reporting – SEBI’s Business Responsibility and Sustainability Reporting framework and Listing Obligations and Disclosure Requirements mandate ESG reporting for listed companies; and

• Priority sector lending (PSL) – lending for certain ESG purposes as identified by the RBI is classed as PSL and banks are required to allocate credit to such sectors.

Regulatory guidelines have also been introduced for the issuance of green bonds (both government and corporates) and the acceptance of green deposits by banks. Furthermore, SEBI and IFSCA have recently issued frameworks in relation to ESG debt securities and ESG schemes, respectively.

Banks are expected to implement a robust climate-related financial risk management policy and process to effectively counter the impact of climate-related financial risks. In 2024, the RBI issued a Draft Disclosure Framework on Climate-related Financial Risks. Under this framework, the RBI has proposed that banks must disclose governance, strategy, risk management, and metrics and targets regarding climate-related risks and opportunities in their financial statements. The RBI is yet to implement the framework.

Separately, as mentioned above, SEBI also mandates ESG reporting by listed entities (which would include banks).

Dispute resolution between banks, customers, and regulators differs depending on the parties involved.

Consumers may raise their claims in consumer courts under the Consumer Protection Act, 2019 or under the RBI’s Integrated Ombudsman Scheme.

Banks can resort to insolvency proceedings before the National Company Law Tribunal under the IBC, enforce security (if any) under the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002 (the SARFAESI Act), or recover debts through Debt Recovery Tribunals under the Recovery of Debts and Bankruptcy Act, 1993 (the RDB Act).

Conflicts with the RBI and banks/customers can be resolved through judicial review before the competent courts and tribunals.

Under the BR Act and the RBI Act, the RBI has wide enforcement authority. This includes issuing directives, carrying out inspections, regulating bank management, levying fines, suspending licences, and implementing corrective measures.

The RBI regularly monitors the governance, compliance, and financial stability standards of banks and financial institutions. In the event of non-compliance, the RBI takes enforcement action.

Earlier this year, the RBI superseded the board of New India Co-operative Bank and restricted lending activities to protect the interests of depositors. The RBI has also imposed penalties on various banks and financial institutions for violations of, among others, regulatory requirements in relation to KYC, asset classification, and cybersecurity lapses.

Banks and NBFCs have different insolvency regimes.

The insolvency regime for banks is not covered under the IBC but is regulated by the BR Act and the RBI Act through procedures such as voluntary mergers, court-ordered windings-up, and RBI-initiated reconstructions or amalgamations.

The IBC regulates the insolvency processes for NBFCs and other financial service providers. However, only the RBI or the relevant financial services regulator is authorised to initiate insolvency proceedings against the NBFC and other financial service providers.

The RBI has stipulated a separate framework to identify banks whose failure could significantly impact the financial system due to their size, cross-jurisdictional activities, complexity, etc. Their resolution regime continues to sit under the BR Act and the RBI Act, as discussed above.

These banks are subject to stricter regulatory measures – including higher capital requirements – to reduce their likelihood of failure.

The following frameworks and avenues for the recovery and restructuring of financial indebtedness are available outside the IBC:

• The SARFAESI Act – this act provides for a framework for enforcement of security without intervention by the courts;

• The RDB Act – under this act, banks and NBFCs can file a claim for debt recovery before the specialised Debt Recovery Tribunals;

• The RBI’s framework for resolution of stressed assets – under the Prudential Framework for Resolution of Stressed Assets Directions, 2019, lenders are required to proactively address stressed accounts and are incentivised to reach a prompt resolution of bad loans; and

• Courts and arbitration – depending on contractual agreements, civil lawsuits or arbitration procedures are also available.

Insolvency law in India, with respect to corporate entities covered under the IBC, provides for a two-step process.

In the first step, creditors are required to resolve the insolvency of the corporate debt by inviting resolution applicants to provide resolution plans through a competitive bid process. During this phase, all financial creditors (whether secured or unsecured) have similar voting rights according to their admitted claims. Any proceeds received under the resolution plan are distributed based on the collective decision of the committee of creditors constituted of the financial creditors. Generally, priority is given to the secured creditors on the basis of their liquidation value.

If the resolution phase fails, then the corporate undergoes a liquidation process. In liquidation, the secured creditors (who have relinquished their security interest to the liquidation estate) are paid in priority over unsecured creditors but after the costs for the corporate insolvency resolution process and liquidation costs in the liquidation waterfall, and their dues are payable on a pari passu basis with the previous two years’ workmen’s (i.e., employees’) dues. However, if a secured creditor opts to enforce its security outside liquidation, then any balance due to them (remaining unpaid after security enforcement) will rank after the unsecured financial creditors but prior to operational creditors.

The RBI has announced repo rate cuts from time to time. However, the net interest margins of banks have reached a three-year low given that the fall in deposit rates has not been commensurate. This is resulting in an imbalance for banks and financial institutions vis-à-vis their lending activities.

Cybersecurity risks and digital fraud have also become major challenges and are increasing rapidly. The RBI has issued guidelines requiring banks to adopt AI-aware defences, zero-trust cybersecurity models, and stronger vendor risk management frameworks to prevent systemic threats.

The RBI, in its constant endeavour to align with best practices, has been continuously working to update the existing regulations to address any new policies that are required.

A committee of the government has been set up to discuss and propose cryptocurrency regulations. The RBI and central government have been cautious on this to minimise any adverse impact on financial stability and monetary policy.

A variety of regulations and policies (including updates) are in the works, including in relation to ESG, counterparty credit risk, digital banking channels authorisation, and the closure of shipping bills in the export data processing and monitoring system.

Also, according to publicly available information, certain banks have urged the RBI to give them permission to fund M&A. If this is allowed, it will be a big shift from the current RBI policy, whereby banks can lend for acquisition financing in very limited situations. It would result in opening new lending avenues for banks.