The Reserve Bank of India (RBI) has introduced a pivotal initiative to bolster the security of digital financial transactions—the Mobile Number Revocation List (MNRL). This mandate requires all regulated entities (REs), including banks, Non-Banking Financial Companies (NBFCs), fintech firms, and payment aggregators, to integrate MNRL checks into their systems by March 31, 2025.

National Stock Exchange of India

Understanding the Mobile Number Revocation List (MNRL)

The MNRL is a real-time database maintained by the Telecom Regulatory Authority of India (TRAI) under the Digital Intelligence Platform (DIP). It catalogs deactivated, fraudulent, and high-risk mobile numbers. Financial institutions are required to cross-reference their customer mobile numbers against this list to prevent unauthorized access and fraudulent activities.

MNRL

The Imperative of MNRL Compliance

Mobile numbers have become integral to customer verification processes, serving as primary channels for One-Time Passwords (OTPs) and transaction alerts. However, when a number is deactivated and reassigned, the new holder could inadvertently receive sensitive information intended for the previous owner. This gap has been exploited by fraudsters to gain unauthorized access to accounts. The RBI's mandate aims to close this loophole by ensuring that financial institutions verify the current status of mobile numbers before associating them with customer accounts.

Scope of MNRL Compliance

The mandate applies to all regulated entities, encompassing:

• Banks: Both public and private sector banks.
• NBFCs: Institutions offering financial services without holding a banking license.
• Fintech Companies: Firms leveraging technology to provide financial services.
• Payment Aggregators: Entities that facilitate payment services for merchants and e-commerce platforms.

These organizations must integrate MNRL checks into their customer onboarding, verification, and transaction processes by the specified deadline.

Accessing the MNRL Database

Financial institutions can access the MNRL through the Digital Intelligence Platform (DIP) managed by TRAI. This platform provides real-time data, enabling institutions to:

• Perform Immediate Checks: Verify newly registered or updated mobile numbers against the MNRL.
• Conduct Regular Database Audits: Identify and flag existing accounts linked to revoked numbers.
• Enhance Verification Protocols: Confirm the legitimacy of mobile number updates during customer interactions.

By leveraging the DIP, institutions can proactively manage and mitigate fraud risks associated with invalid or fraudulent mobile numbers.

MNRL

Consequences of Non-Compliance

Failure to comply with the MNRL mandate by March 31, 2025, may result in regulatory actions from the RBI. Non-compliant institutions could face penalties, reputational damage, and increased vulnerability to fraud, undermining customer trust and operational integrity.

Proactive Measures for Compliance

To ensure adherence to the MNRL mandate, financial institutions should:

1. Integrate MNRL APIs: Utilize Application Programming Interfaces (APIs) to automate real-time checks against the MNRL.
2. Establish Standard Operating Procedures (SOPs): Develop protocols for updating and verifying customer mobile numbers.
3. Conduct Staff Training: Educate employees on the importance of MNRL checks and compliance requirements.
4. Collaborate with Technology Partners: Engage with fintech solution providers to streamline the integration of MNRL checks into existing systems.

By implementing these measures, institutions can enhance their fraud prevention strategies and ensure compliance with regulatory standards.

The RBI's introduction of the Mobile Number Revocation List is a pivotal step toward strengthening the security framework of India's financial ecosystem. By mandating the verification of mobile numbers, the RBI aims to protect consumers and institutions from evolving fraud tactics. Financial entities must act promptly to integrate MNRL checks, not only to comply with regulations but also to foster a safer and more trustworthy environment for digital financial transactions.

Would like to know how we're helping entities to comply with these practices in place, get in touch!