TL;DR

• Recovery agent disclosure rules changed to individual-level identification
• Grievance freeze obligation requires real-time AI and CRM synchronisation
• RBI’s February 2026 proposals introduce Responsible Business Conduct rules
• NPA classification at 90 days triggers SARFAESI workflow automatically
• Cooling-off period reduced to one day minimum, affecting DPD calculations

Think of a building where the entry rules were rewritten overnight. The people inside still know their jobs. The purpose of the building has not changed. But the rules governing how every visitor must be logged, which floors certain people can access, what must be disclosed at every checkpoint, and how complaints are handled have all been materially revised. Staff who did not read the new protocols are creating compliance incidents without knowing it, on their normal, familiar rounds.

For NBFC collections teams, the RBI Digital Lending Directions 2025 and the subsequent February 2026 Responsible Business Conduct proposals are that rewrite. The fundamental job of debt recovery has not changed. What changed is the protocol for how every recovery interaction must start, proceed, be recorded, and be challenged by the borrower. Teams that have read the new rules carefully are building operational advantage. Teams still working from the 2022 mental model are generating compliance exposure on routine collections activity.

This blog is for collections managers, operations heads, and technology leads who need to understand what specifically changed, what it demands from AI collections infrastructure, and what a compliant NBFC debt recovery operation looks like in 2026.

What the 2025 Directions Changed for Recovery

The RBI Digital Lending Directions 2025, issued on May 8, 2025, replaced the September 2022 Digital Lending Guidelines and the November 2023 DLG Directions. The 2025 framework explicitly extended the regulatory perimeter from loan origination to the full loan lifecycle, including recovery. This is the foundational change from which every other collections implication flows.

The specific changes relevant to debt recovery operations are as follows.

Individual recovery agent disclosure: The 2025 Directions moved away from the earlier requirement to publish a general list of recovery agents on the NBFC’s website. NBFCs must now disclose the name and contact details of the specific agent handling a borrower’s account, to that borrower, before recovery contact begins. For AI collections platforms acting as LSPs, this means the regulated entity’s identity and the relevant contact reference must be surfaced at the start of every automated interaction, not as a post-interaction disclosure.

LSP fees borne by the RE: Any fees or charges due to the LSP for recovery services must be paid by the Regulated Entity directly. The LSP cannot charge these fees to the borrower. For AI collections vendors structured as LSPs, this clarifies the commercial arrangement and removes any ambiguity about who bears the cost of the collections infrastructure.

Same-day fund crediting: Any recovery payment, including cash payments, must be credited to the RE’s bank account on the same day it is received. AI collections platforms must ensure that payment confirmation workflows trigger same-day reconciliation with the NBFC’s core system, with no overnight float in intermediate accounts.

Cooling-off period reduced to one day minimum: The 2025 Directions reduced the mandatory cooling-off period from a minimum of three days (for loans of seven days or more tenor) to a minimum of one day for all loans regardless of tenor. The period is set by the RE’s board and disclosed in the Key Fact Statement. The compliance implication for collections is addressed in detail in a dedicated section below.

CIMS registration for all DLAs: All Digital Lending Apps, including AI collections platforms that qualify as DLAs, must be registered through RBI’s Centralised Information Management System. NBFCs are responsible for the accuracy of this reporting, with a compliance deadline of June 15, 2025.

The Grievance Freeze Obligation

One of the most operationally demanding requirements in the 2025 framework is the obligation to pause recovery activity when a borrower files a grievance or dispute.

Under the Directions, resolving all complaints is the responsibility of the RE. If a complaint is filed, the NBFC must respond within 30 days or the borrower can escalate to RBI’s Complaint Management System. During the period a complaint is open and unresolved, recovery activity on that account must be paused.

For AI collections platforms processing hundreds of thousands of outreach attempts per day, this requirement exposes a critical integration dependency. The grievance status for every account must be a live, pre-outreach check that the AI consults before each contact attempt. It cannot be a batch-updated flag that is refreshed once daily or once per campaign cycle.

An AI system that contacts a borrower at 10 AM whose grievance was filed at 9 AM that morning is in violation. The fact that the AI’s data refresh had not yet captured the new grievance status does not transfer the liability to the technology. The NBFC remains responsible for what the AI does.

The practical infrastructure requirement is a real-time API connection between the grievance management system and the AI collections outreach engine, with the grievance status checked and logged before every single contact attempt is initiated.

The February 2026 Responsible Business Conduct Proposals

In February 2026, RBI released draft proposals on Responsible Business Conduct for regulated entities, with provisions specifically addressing recovery agent conduct. The applicable date for these requirements is July 1, 2026, which means NBFC technology and operations teams have a defined implementation window.

The proposals introduce several requirements that go beyond what the 2025 Directions established:

Data masking for third-party contacts: Recovery agents, including AI agents, must not have access to the contact details of a borrower’s relatives, friends, or associates during the collections workflow. AI platforms must implement field-level data masking that prevents these contact details from being surfaced in the outreach system, regardless of whether they exist in the borrower’s CRM profile.

Strict third-party contact prohibition: Agents may only discuss the debt directly with the borrower or their guarantor. Contact with any other third party without explicit borrower authorisation is prohibited. For AI systems, this means contact list logic must be restricted to verified borrower contacts and documented authorised parties only.

Language and tone standards enforceable at system level: The prohibition on threatening, abusive, or coercive language already exists in the Fair Practices Code. The February 2026 proposals strengthen this by making it a conduct standard that institutions are expected to enforce proactively, not just prohibit. For AI systems, this means conversation script governance, deviation detection, and escalation or termination logic when an interaction moves toward coercive territory.

Documentation for every contestable interaction: Every interaction that a borrower could subsequently challenge must have a complete, timestamped, and tamper-proof record. For AI systems, this means audit trail generation at the interaction level, not just the campaign level.

NPA Classification and the SARFAESI Workflow

Under RBI’s asset classification norms, a loan account where principal or interest repayment is overdue for more than 90 consecutive days must be classified as a Non-Performing Asset. This classification triggers two immediate obligations for the NBFC.

The first is provisioning. Once an account is classified as NPA, the NBFC must provision against it according to RBI’s prescribed rates, which vary based on the NPA subclassification (substandard, doubtful, or loss asset). The provisioning obligation begins at the 90-day mark regardless of whether the NBFC has initiated recovery action.

The second is the option to initiate proceedings under the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interests Act, 2002 (SARFAESI Act). For secured loans above Rs 20 lakh where the borrower account is classified as NPA, the NBFC may enforce the security interest without court intervention. The process requires:

• Serving a Section 13(2) demand notice to the borrower within a defined period of NPA classification, giving the borrower 60 days to discharge their liability
• Logging the borrower’s response or objection if raised within the 60-day window
• Routing objections to the legal team with the required consideration period before enforcement proceeds
• Proceeding to enforcement action under Section 13(4) only after the 60-day window has closed without satisfactory response

AI collections platforms can automate every stage of this workflow. The NPA classification watch runs against the NBFC’s core system in real time. When a loan crosses the 90-day threshold and receives NPA tagging, the platform flags the account, routes it to the appropriate recovery queue, generates a Section 13(2) notice with the correct borrower details and dates, tracks the 60-day response window, and flags any objection received for legal team review.

The integration between the AI collections platform and the core NPA classification system must be real-time for this automation to work correctly. A batch-updated integration creates the risk of notices being generated a day late if the NPA classification occurred after the last batch sync. Given that SARFAESI proceedings can be challenged on procedural grounds, including the date of notice service, the timestamping accuracy matters.

The Cooling-Off Period and DPD Calculation

The 2025 Directions reduced the minimum cooling-off period from three days to one day for all loans. While this is primarily a consumer protection provision governing loan cancellation, it carries a specific technical implication for AI collections infrastructure that many teams have not addressed.

DPD (Days Past Due) counts the number of days since a payment was due but not made. The first payment due date on a digital loan must be calculated from after the cooling-off period ends. If an NBFC’s AI collections system calculates DPD from the disbursement date rather than from the post-cooling-off first due date, DPD counts will be incorrect.

An account in the cooling-off period is not technically in default. A borrower exercising their right to cancel during the cooling-off period is not a delinquent account. An AI system that initiates collections outreach on an account where the cooling-off period has not yet expired is contacting a borrower about a debt they may not legally owe.

The fix is a data pipeline and calendar logic correction. The first due date field used by the AI collections engine must reflect the post-cooling-off contractual start of repayment, not the disbursement date. This requires a clean data feed from the loan origination system that includes the board-approved cooling-off period length for each loan product and computes the first payment due date correctly.

What a Compliant AI Debt Recovery Platform Needs in 2026

For NBFC technology and operations leaders assessing their current AI collections infrastructure against the 2025 and forthcoming 2026 requirements, the following checklist represents the minimum standard:

• Real-time grievance status sync between the grievance management system and the AI outreach engine, checked and logged before every contact attempt
• Data masking controls preventing access to unauthorised third-party contact details in the outreach workflow
• Recovery agent disclosure workflow surfacing the regulated entity’s name and contact reference at the start of every automated interaction
• Hard calling window restrictions enforced at infrastructure level, time-zone-aware, set to 8 AM to 7 PM
• 100% call recording with tamper-proof storage, covering all interaction types including unanswered and dropped calls
• NPA classification integration with the core system in real time, with automated Section 13(2) notice generation and 60-day response window tracking
• DPD calculation from the post-cooling-off first due date, not from disbursement date, drawing from a clean loan origination data feed
• Language and tone monitoring for AI-generated or AI-guided conversations, with escalation logic for coercive interaction patterns
• Immutable audit trail for every recovery interaction at the account and interaction level, not just campaign level, producible for RBI examination without manual reconstruction

How iTuring Approaches This

The governance and operational infrastructure required by the 2025 Directions and the February 2026 proposals maps directly to the architecture iTuring provides.

Every model deployed through iTuring carries immutable audit trails at the individual interaction level, with timestamps for every automated action. The platform’s governance layer supports real-time compliance checks as pre-conditions of outreach actions, rather than as post-run reviews. Maker-checker approval workflows ensure that every model update, including changes to contact logic and segmentation rules, is documented and signed off before deployment.

Continuous monitoring across 60 parameters runs post-deployment, with configurable alerts that flag performance drift, bias signals, and threshold breaches before they become regulatory findings. One-click exam documentation compiles interaction records, model lineage, approval history, and monitoring logs into an examination-ready package.

For NBFCs preparing for the July 2026 Responsible Business Conduct requirements, the compliance infrastructure and the AI operations infrastructure are the same system.

Book a discovery session with iTuring to assess how your current collections infrastructure maps to the 2025 and 2026 requirements for your NBFC tier.