Business Current Account Rules 2026: PAN & RBI Compliance
AuthorJayant Surana
Reviewed ByCA Ajay Savani

Summary:
The 2026 business banking landscape demands immediate adaptation. The RBI now enforces strict Chapter XIA credit exposure rules for current accounts. Further, cash transactions face a ₹20 lakh annual PAN-quoting threshold. Lenders now report borrower behaviour to CIBIL on a fortnightly basis. This frequent reporting makes strict RBI compliance mandatory.
Navigating business banking in 2026 requires strict RBI compliance. The Reserve Bank of India has updated several rules governing current accounts. These recent changes affect daily and large corporate transactions.
The 2026 Banking Landscape for Businesses
New RBI regulation and compliance framework have reshaped the Indian banking sector. Every digital payment and current account needs strict compliance with RBI guidelines. Companies should follow these financial mandates for their everyday operations.
Why the April 2026 RBI and Income Tax Updates Matter
The April 2026 updates introduce vital security features. They aim to reduce digital fraud across the nation by safeguarding access to your finances. Tax reporting also becomes much more transparent under the new Income Tax Rules 2026.
Key Impacts of Non-Compliance:
- Sudden financial penalties for business owners.
- Immediate freezing of non-compliant current accounts.
- Increased risk of unexpected tax notices.
Who Needs to Comply With RBI Norms?
These new financial rules apply to a broad audience. No modern business entity is fully exempt from RBI compliance requirements. Everyone must strictly follow the new digital protocols.
| Business Type | Key Compliance Focus |
| SMEs | Active updates to daily banking operations. |
| Large Corporates | Stricter scrutiny on high-value cash limits. |
| Freelancers | Careful tracking of annual banking transactions. |
Simplify Your Business Operations
Designed to give you speed, control, and accuracy in daily accounting tasks.
Save time with automated accounting workflows
Get 35+ detailed business reports easily
Access your business anytime, anywhere
RBI Current Account Opening Guidelines (Chapter XIA)
Opening a current account requires meeting specific new criteria. Under the new Chapter XIA guidelines, banks assess credit exposure to ensure compliance with the updated norms. These strict measures prevent corporate funds from ongoing misuse.
Borrowing Exposure Rules (The ₹10 Crore Threshold)
Chapter XIA rules directly impact your current account eligibility. This updated threshold greatly simplifies daily banking for many.
- Below ₹10 Crore: Borrowers face much fewer restrictions here.
- Above ₹10 Crore: Banks need a minimum 10% exposure share.
This strict RBI policy ensures careful oversight of funds in India.
Collection Accounts vs. Current Accounts
If your exposure exceeds ₹10 crore, restrictions apply immediately. Banks holding less than a 10% share face limits and cannot open standard current accounts for your business.
Instead, these non-lending banks can only open collection accounts. These restricted accounts must handle inward cash receipts. You cannot use them to freely route money to third parties.
Escrow Managing Banks for High-Exposure Businesses
High-exposure businesses often need specialised banking accounts. Escrow managing banks step in to monitor funds. They ensure money flows only for authorised purposes.
Benefits of Escrow Management:
- Handles complex corporate transactions with higher security.
- Prevents unauthorised routing of money to third parties.
- Creates a safer environment for massive corporate investments.
Worked Example of Chapter XIA Escrow Alignment:
Consider a corporate borrower with a total banking credit exposure of ₹15 Crore. If Bank A holds a minor 5% lending share, it is legally barred from opening a standard current account.
To ensure seamless fund routing, the business must utilise an escrow mechanism. It should be overseen by a primary lender holding at least 10% of the total exposure to monitor capital utilisation strictly.
Managing Existing Cash Credit (CC) and Overdraft (OD) Facilities
Under Chapter XIA, cash credit accounts face fewer operational restrictions. However, overdraft facilities remain highly regulated across all major banks to safeguard customers. You must regularly review your working capital accounts.
Official Resource: Review the exact RBI Notification on Opening of Current Accounts for complete Chapter XIA details.
Key Overdraft Rules:
- Non-lending banks cannot open new OD facilities.
- Strict exposure share requirements must be met carefully.
- Business owners should review existing credit lines immediately.
The Fortnightly Credit Reporting Cycle (CIBIL, Experian)
The RBI has drastically accelerated how borrower data is tracked in India. Older monthly credit reporting cycles are gone. Lenders now submit your financial data every single fortnight.
How the Fortnightly Cycle Impacts Your Business
Banks and NBFCs are mandated to report data twice every month. They submit updates on the fifteenth and the last calendar day. This mandate ensures credit bureaus reflect current borrower behaviour accurately.
This means your business credit score updates much faster. Paying off a large corporate loan boosts your score. Conversely, a single missed EMI triggers quick negative credit reporting.
New PAN-Quoting Thresholds (Income Tax Rule 114BA)
The government is restructuring how corporate cash is tracked. Updated income tax rules enforce strict PAN-quoting thresholds for everyone. These updates heavily monitor high-value daily cash movements.
The Shift to the ₹20 Lakh Aggregate Threshold
Rule 114B requires PAN quoting for cash deposits exceeding fifty thousand. This is a reporting threshold, not a transaction limit. Now, Rule 114BA introduces a twenty lakh annual aggregate threshold.
| Transaction Type | Per-Transaction Threshold | Annual Aggregate Threshold |
| Cash Deposits | ₹50,000 (PAN-quoting required) | ₹20 Lakh (PAN-quoting required) |
| Cash Withdrawals | ₹50,000 (PAN-quoting required) | ₹20 Lakh (PAN-quoting required) |
Pro Tip for Compliance Tracking: You can easily monitor your financial compliance using the Income Tax India e-Filing Portal. Simply log in to check your Annual Information Statement (AIS) regularly. This dashboard helps you accurately track your twenty lakh annual cash threshold.
- Portal Link: Log in to the Income Tax e-Filing Portal.
How Multiple Bank Accounts Are Tracked Together
You cannot avoid tracking using multiple bank accounts. The limit applies equally across your entire portfolio. Cooperative banks and post offices constantly share data.
Wondering if this applies to smaller savings accounts, too? Read our guide on whether PAN is mandatory for post office savings under the new rules.
How the Tracking Works:
- Splitting deposits into smaller pieces fails.
- The system aggregates transactions under your business PAN.
- Centralised tracking ensures total taxpayer compliance.
High-Value Transaction Reporting
Specific high-value transactions now trigger mandatory STF reporting in India. These strict guidelines prevent unaccounted corporate cash spending.
New Reporting Thresholds:
- Property Deals: Strict ₹20 lakh reporting threshold.
- Business Payments: B2B transactions over ₹2 lakh.
- Hotel/Events: Large payments exceeding ₹1 lakh.
- Official Resource: Refer directly to the Income Tax Rule 114B for the exact financial reporting formats.
Mandatory Two-Factor Authentication (2FA) for Digital Payments
Digital payment security got a massive upgrade with the 2FA rules. The Reserve Bank of India mandates strict authentication rules. These changes protect businesses from cyber fraud.
RBI Authentication Directions at a Glance:
| Feature | RBI Mandate Details |
| Issued Date | September 25, 2025 |
| Compliance Deadline (General) | April 1, 2026 |
| Applies To | Domestic digital payments and specific cross-border card scenarios. |
| Core Requirement | Minimum two-factor authentication (unless officially exempted). |
| Cross-Border CNP Compliance Deadline | October 1, 2026 |
| Cross-Border CNP Compliance Requirement | Card issuers must establish validation mechanisms for non-recurring card-not-present transactions. They must also register relevant BINs with card networks. |
| Additional Rule | Non-card transactions require at least one dynamic authentication factor. |
The April 1, 2026: RBI Security Mandate Explained
Every digital payment provider must comply with the latest RBI guidelines that came into effect starting April 2026. The new rules enforce a strict two-factor authentication process (unless officially exempted). This applies across banks, fintech platforms, and payment gateways.
Key 2FA Requirements:
- Minimum two distinct authentication factors are now mandatory.
- Issuers must verify security mechanisms before actual deployment.
- Non-compliant banks face strict penalties and heavy fines.
Specific Cross-Border Rules (Beyond April 1, 2026)
Specific cross-border rules apply after the general April 1, 2026 deadline. Card issuers must establish validation mechanisms for non-recurring card-not-present transactions and register BINs with card networks by October 1, 2026. These additional measures enhance security for specific digital payments globally.
The Three Acceptable Authentication Factors
The RBI compliance mandates two distinct authentication factors for every customer-initiated digital payment. You must combine elements from three officially recognised security categories. This applies across UPI, net banking, and corporate cards.
Approved Authentication Categories:
- Knowledge: Something you explicitly know, like an MPIN or secure transaction password.
- Possession: Something you physically have, like a hardware token or registered mobile device.
- Being: Something you inherently are, utilising biometric scans like fingerprint or facial recognition.
What is “Dynamic Authentication” for Non-Card-Present Transactions?
Online payments without physical cards need extra layers of protection. At least one authentication factor must be fully dynamic to avoid misuse. This means the verification code changes for every transaction.
Examples of Dynamic Factors:
- Time-sensitive OTPs sent directly to your mobile phone.
- Biometric scan linked to the specific active payment session.
- Cryptographic tokens generated by highly secure banking hardware.
Risk-Based Authentication: How It Balances Security and Speed
Not every single transaction requires the same security friction. The system learns from your usual daily payment behaviour. Small payments from known devices pass through very quickly.
Unusual or large transactions trigger immediate risk-based authentication checks. This smart system greatly improves the overall user experience. It perfectly balances high security with frictionless everyday payments.
Official Resource: Read the complete RBI Master Direction on Authentication Mechanisms to understand every digital payment security control.
Enhanced KYC & Account Management Updates
Knowing your customer is crucial for modern banking security. With the latest RBI compliance norms, video-based verification has become a widely accepted option. Account management protocols are also becoming much more rigorous.
The Push for Video-Based KYC (V-CIP) and Centralised Registries
Physical branch visits for account verification are almost obsolete. Centralised registries now securely store your verified business KYC data. To understand how this unified tracking works, read our guide on What is a CKYC number?.
Benefits of Video KYC:
- Instant verification without leaving your active corporate office space.
- Reduced paperwork and faster overall business account activation times.
- Better protection against identity theft and fraudulent corporate accounts.
New Protocols for Dormant and Inactive Business Accounts
Banks are actively freezing unused business accounts. Inactive current accounts pose severe risks for money laundering. You must maintain regular transactions to keep accounts active.
Reactivating a dormant account requires completely fresh KYC documentation. This strict process ensures only legitimate businesses remain operational. Business owners must monitor their secondary accounts very carefully.
The Digital Fraud Compensation & Liability Framework
Digital fraud liability is shifting heavily toward financial institutions. Banks must act swiftly when unauthorised transactions are reported by their customers. It helps build trust among customers and provides stronger financial protections under the 2026 framework.
Revised Dispute Timelines for Failed Transactions
Failed digital payments must be reversed within strict deadlines as per the latest RBI compliance norms. Banks face automatic penalties for delaying these mandatory refunds to customers. This ensures your working capital is not unnecessarily blocked.
New Dispute Resolution Rules:
- Instant refund mandated for technical payment gateway server failures.
- Clear turnaround times established for complex digital fraud investigations.
- Customers receive automatic compensation for delayed bank transaction reversals.
Bank and Payment Service Provider (PSP) Accountability
Payment providers are fully responsible for secure authentication systems. They must compensate customers for losses caused by non-compliance. This strict accountability forces banks to upgrade their technology at the earliest.
Providers must also adhere to the Digital Personal Data Protection Act. They cannot sacrifice your data privacy for transaction security. Your corporate financial data remains highly secure and private.
2026 RBI Compliance Checklist for Business Owners
Preparing for these changes requires immediate action from businesses and startup owners. You must update your internal financial systems without delay, as the April 2026 changes are already in effect. Falling behind could disrupt your daily vendor payment operations.
Follow these immediate steps to ensure complete RBI compliance today. For a broader overview of yearly closures, check our financial year-end checklist for business owners and accountants.
Step-by-Step Guide to Updating Your Treasury Protocols
Start by reviewing your current banking software for compliance with the latest RBI norms. Ensure your systems support the new dynamic authentication methods. Train your finance team on the updated reporting thresholds.
Step 1: Audit Total Exposure
Calculate your exact banking exposure to check if you cross the Chapter XIA ₹10 Crore threshold.
Step 2: Consolidate Accounts
Close inactive current accounts to avoid sudden regulatory flags or banking penalties.
Step 3: Upgrade Payment Gateways
Ensure your digital payment software supports the new dynamic two-factor authentication rules.
Step 4: Monitor CIBIL Fortnightly
Assign a finance team member to review fortnightly credit bureau updates for reporting errors.
Ensuring Uninterrupted Vendor Payments and Software Mandates
Your accounting software must integrate with RBI-compliant payment gateways. Outdated financial systems block large daily vendor payments for non-compliance with updated norms. Upgrade your enterprise resource planning tools for seamless transactions.
Further, verify that your payment partners support risk-based authentication protocols. This helps prevent unnecessary transaction failures during critical business operations. Smooth software integration guarantees your supply chain remains uninterrupted.
Frequently Asked Questions (FAQs)
What are the RBI digital banking rules for 2026?
The RBI mandates strict two-factor authentication for digital payments. Banks must implement dynamic and risk-based security protocols immediately. These rules have officially taken effect on April 1, 2026.
What are the rules for digital payments in 2026?
Since April 1, 2026, every digital payment needs at least two distinct authentication factors. Non-card transactions require at least one dynamic verification element. The updated RBI compliance stops unauthorised remote access to your finances.
What is the new RBI rule for current accounts?
Banks must assess overall credit exposure before opening accounts. Businesses with high exposure face stricter banking oversight procedures. Non-lending banks face restrictions on opening new overdraft facilities.
What is the UPI limit for 2026?
The standard daily UPI transaction limit is set at ₹1 lakh. However, specific categories like healthcare and education allow transactions up to ₹5 lakh daily. Further, verified merchants can accept up to ₹10 lakh daily.
What are the new cash withdrawal limits for business accounts in 2026?
The old daily tracking metrics have been restructured in 2026. Under Income Tax Rule 114BA, business accounts face a ₹20 lakh annual aggregate PAN-quoting threshold for cash deposits and withdrawals.
A similar framework governs savings bank account limits for individuals. Accumulations exceeding this annual threshold require mandatory PAN validation and compliance tracking rather than serving as a transaction cap.
Do the new 2FA rules affect recurring automated payments?
Small-value recurring mandates often qualify for simplified authentication rules. However, the initial setup still requires strong two-factor verification unless officially exempted. Cross-border recurring payments face stricter risk-based authentication checks under the latest RBI compliance norms.
Can a business with an existing OD account open a new current account?
Opening new accounts depends entirely on your credit exposure. If your exposure exceeds ten crore, restrictions strongly apply. You must consult your primary lending bank before proceeding with a new account.
Disclaimer: "This blog post is for informational purposes only. For specific tax advice related to your business, please consult a qualified Chartered Accountant or GST practitioner."



