Banker Customer Relationship: A Comprehensive 2025 Guide

About the Author Prashant is a Risk Data Engineer with 10+ years in Indian banking spanning branch management, MSME credit underwriting, KYC/AML operations, and risk technology. Currently working at a global bank with expertise in Basel III compliance and regulatory frameworks. Credentials: Executive Diploma in Applied Financial Risk Management – IIM Kashipur | FRM Candidate (GARP) | KYC/AML Certified | Credit Professional Views expressed are personal and do not represent any employer or institution.

1. Introduction

📌 From the Field In my decade of banking — across branch operations, MSME credit underwriting, and KYC/AML — I have witnessed how every customer interaction, from opening a savings account to sanctioning a crore-plus business loan, flows from one foundational principle: the banker customer relationship. Understanding the banker customer relationship is crucial for successful banking experiences.
When this relationship is well understood by both sides, disputes are rare, recoveries are smooth, and trust compounds over time. When it isn’t — I have seen accounts frozen unnecessarily, lockers disputed in court, and fraud liabilities argued for years. This guide is written so you never face that ambiguity.

The banker–customer relationship is the legal and operational backbone of every banking transaction in India. It is not a single, fixed relationship — it is a bundle of overlapping legal relationships that shifts dynamically based on the nature of each transaction.

Rooted in the Indian Contract Act, 1872, the Banking Regulation Act, 1949, and governed today by a comprehensive framework of RBI Master Directions and Digital India regulations, this relationship has evolved from a simple “I deposit money, you safeguard it” equation to a multi-dimensional digital trust ecosystem.

What makes the 2025 context distinctive:

The banker customer relationship is a vital aspect in the banking ecosystem. Strong banker customer relationships foster trust and create a positive banking experience. In every transaction, the banker customer relationship must be managed carefully to avoid disputes.

It is essential to understand that the banker customer relationship is not simply transactional; it embodies a deeper connection built on trust and mutual benefit. The banker customer relationship involves various roles and responsibilities, making it imperative to maintain clear communication.

In today’s digital age, the banker customer relationship has evolved significantly. Banks must leverage technology to enhance the banker customer relationship and ensure customers feel valued and secure.

The Digital Personal Data Protection Act, 2023 has elevated customer privacy to a legal right — banks must now obtain explicit consent for data use.
RBI’s 2024 KYC Master Direction overhauled onboarding, introducing video-KYC, periodic due diligence, and beneficial ownership norms.
Fintech collaboration, Account Aggregators, and UPI dispute frameworks have created new parties in the banker–customer equation.
Landmark case law — including rulings in 2024–25 — has redefined liability boundaries in digital banking fraud.

2. Types of Banker Customer Relationships

The Supreme Court in Foley v. Hill (1848) — still cited in Indian courts — established that the primary relationship between a bank and a depositing customer is that of debtor and creditor. But in practice, a single customer can simultaneously engage multiple relationship types with the same bank.

Relationship Type	Bank’s Role	Customer’s Role	Legal Basis	Practical Trigger
Debtor–Creditor	Holds deposits; repays on demand	Creditor — can demand repayment	Indian Contract Act, 1872	Savings / Current / FD accounts
Creditor–Debtor	Provides loans; earns interest	Debtor — obligated to repay	Loan / Credit Agreement	Home loan, personal loan, OD
Bailor–Bailee	Safeguards securities / documents	Retains ownership of assets	Sec. 148, Contract Act 1872	Pledged securities, documents
Agent–Principal	Executes mandates and transactions	Issues instructions to bank	Power of Attorney / Mandate	Cheque collection, NEFT, RTGS
Trustee–Beneficiary	Manages trust assets prudently	Holds equitable interest	Indian Trusts Act, 1882	Trust accounts, estate management
Lessor–Lessee	Provides locker; retains master key access	Rents locker space	RBI Locker Circular, Jan 2024	Safe Deposit Locker (SDL)

The complexity of the banker customer relationship requires continual adaptation. The expectations of customers are high, and banks must prioritize the banker customer relationship to thrive in the competitive market.

Infographic Wheel Diagram Showing Six Types Of Banker Customer Relationships —Debtor–Creditor, Creditor–Debtor, Bailor–Bailee, Agent–Principal, Trustee–Beneficiary, And Lessor–Lessee—Around A Central “Banker–Customer Relationship” Hub In Navy And Gold (Bankopedia.co.in). — Banker Customer Relationship: A Comprehensive 2025 Guide 3

Understanding the nuances of the banker customer relationship can be the differentiator between a successful transaction and a potential dispute. It’s critical for both parties to be aware of their rights and obligations within the banker customer relationship.

As we delve into the types of banker customer relationships, it’s important to recognize the significance of each type in building trust and reliability. Every banker customer relationship has its own characteristics that must be acknowledged.

Moreover, the banker customer relationship extends beyond transactions. It encompasses the overall experience a customer has while banking. Therefore, managing the banker customer relationship effectively is key to retention and satisfaction.

💡 Practitioner Insight: When Relationships Overlap Consider a business owner with a current account (Debtor–Creditor), a term loan (Creditor–Debtor), securities pledged against the loan (Bailor–Bailee), and a locker for original property documents (Lessor–Lessee). All four relationships co-exist under one customer ID.
In branch banking, I regularly encountered disputes arising from banks conflating these relationships — for example, attempting to exercise general lien on locker contents (impermissible) instead of only on the customer’s deposit balance. Understanding the boundaries between relationship types is not academic — it is operationally critical.

In conclusion, the banker customer relationship is crucial for the sustainability of banking institutions. Nurturing this relationship should be a priority for all banks to provide outstanding service and maintain customer loyalty.

2.1 Debtor–Creditor Relationship (Primary Relationship)

When you deposit money in a bank — savings, current, fixed deposit, or recurring — the bank legally becomes your debtor and you become the creditor. The bank does not hold your money in safekeeping; it uses it and undertakes to repay an equivalent sum on demand.

The bank is not a trustee of your deposit — it is a borrower of it.
This is why bank deposits are covered under DICGC insurance (up to ₹5 lakhs per depositor per bank) — because the bank could technically fail to repay.
The bank must repay the deposit at the branch where it was maintained, unless the agreement provides otherwise (Joachimson v. Swiss Bank Corporation, 1921 — applied in Indian courts).

2.2 Creditor–Debtor Relationship (Lending)

The dynamics of a banker customer relationship can change based on the services being utilized. Each engagement within the banker customer relationship is an opportunity to build a stronger bond.

When the bank extends a loan, the roles reverse. The bank becomes creditor and the customer becomes debtor. Key legal implications:

The loan agreement governs repayment terms, interest rate, and default consequences.
Under SARFAESI Act, 2002, banks can take possession of secured assets without court intervention on NPA classification.
From my credit experience: the Creditor–Debtor relationship becomes most contentious at the time of NPA declaration — customers dispute classification while banks move to enforce security interest. Proper documentation at sanction stage prevents most of these disputes.

2.3 Bailor–Bailee Relationship

When a customer pledges securities, title deeds, or documents for safekeeping or as collateral, a bailment arises under Section 148 of the Indian Contract Act, 1872. The bank (bailee) must take reasonable care of the goods and return them on demand.

Bank has no right to use pledged securities for its own benefit.
Loss of pledged documents due to bank negligence creates liability — I have seen this arise from inadequate fire safety at document storage facilities.
RBI requires banks to maintain a register of pledged securities with complete chain of custody.

2.4 Lessor–Lessee Relationship (Safe Deposit Lockers)

⚖️ Key Regulatory Update: RBI Locker Circular (January 2024) Following the Supreme Court’s direction in Amitabh Dasgupta v. United Bank of India (2022), RBI issued a revised circular in January 2024 mandating:
Banks cannot disclaim liability for locker contents if loss is due to their negligence, fraud, or building damage.
Compensation ceiling: 100 times the annual locker rent.
Banks must execute a Memorandum of Agreement (MoA) with each locker customer.
Customers must declare contents optionally — non-declaration does not absolve the bank of its duty of care.
Practical implication: If your branch’s locker was accessible to an outsider due to a security lapse, the bank is liable — even if you never declared the contents.

3. Digital Banking Relationships (2025 Context)

The shift to digital banking has not replaced traditional relationship types — it has layered new obligations, liabilities, and third parties on top of them. The banker of 2025 is not just a credit officer or teller — they are a data custodian, a cybersecurity participant, and a consent manager.

3.1 e-KYC and Paperless Onboarding

The RBI Master Direction on KYC (March 2024) fundamentally altered how the banker–customer relationship begins:

Aadhaar-based e-KYC is now the primary onboarding route for most retail customers, allowing fully remote account opening.
Video-KYC (V-CIP) enables identity verification via live video — reducing branch visits while maintaining PMLA compliance.
Beneficial Ownership (BO) norms strengthened: for companies and trusts, banks must identify and verify any individual owning or controlling more than 10–25% (depending on entity type).
Periodic re-KYC is now risk-categorised: High-risk customers every 2 years, Medium every 8, Low every 10 years.

⚠️ Field Observation: KYC Failures I’ve Witnessed In my KYC/AML operations experience, the most common compliance failures were not fraudulent accounts — they were genuine customers whose periodic re-KYC was missed due to system gaps, resulting in account freezes that caused significant customer hardship and branch-level escalations.
The 2024 direction’s automated re-KYC triggers are designed to prevent exactly this. Ensure your bank’s CBS is configured to flag due-for-review accounts at 90/60/30-day intervals.

3.2 Online Banking and Cyber Liability

With mobile and internet banking, the duty of care in the banker–customer relationship now includes a cybersecurity dimension for both parties.

Bank obligations (RBI Cybersecurity Framework, 2024):

Mandatory two-factor authentication (2FA) for all internet banking transactions.
Real-time fraud monitoring with ML-based anomaly detection.
24×7 cyber incident response capability with escalation to CERT-In within 6 hours of a major breach.
Cooling period for beneficiary addition and large first-time transactions.

Customer obligations:

Protect login credentials — sharing OTPs constitutes contributory negligence.
Report unauthorized transactions within 3 working days for full reversal entitlement (RBI framework).
Use only official apps downloaded from verified sources (Play Store / App Store).

⚖️ Case Law: State Bank of India v. Prathima Traders (2024) The court held that where a bank failed to implement two-factor authentication for high-value transactions despite RBI mandates, the bank remained liable for losses from phishing fraud — even though the customer had initially responded to the phishing email. The ruling reinforces that banks cannot shift 100% of liability to customers when their own security architecture was non-compliant.

3.3 Fintech Collaboration and Account Aggregators

Modern banking has introduced a third actor into the traditionally bilateral banker–customer relationship: the fintech partner or Account Aggregator (AA).

Under the RBI Outsourcing of IT Services Direction, 2023, banks remain fully accountable for third-party conduct. Fintech failures are treated as bank failures from a regulatory standpoint.
The AA framework (NBFC-AA) enables consent-based financial data sharing — customers grant explicit, time-bound, purpose-limited consent for their data to flow between financial institutions.
Critical: Consent can be revoked at any time. Once revoked, data flow must cease immediately — any retention violates DPDPA, 2023.
Banks using lending fintech partners for co-lending must ensure the fintech’s KYC meets RBI standards — ICICI Bank v. RBI (2024) held banks liable for fintech KYC lapses.

3.4 Data Privacy Obligations Under DPDPA, 2023

The Digital Personal Data Protection Act, 2023 marks the most significant expansion of customer rights in the digital banking era:

Explicit, informed consent is mandatory for any new data processing activity — pre-ticked boxes or implied consent is insufficient.
Right to information: Customers can ask what data is held and how it is processed.
Right to correction and erasure: Banks must correct inaccurate data and, in limited cases, erase it on request.
Data breach notification: Banks must notify RBI and affected customers within prescribed timelines of any breach.
Data Fiduciary obligations: Banks are classified as Significant Data Fiduciaries — subject to Data Protection Board oversight and periodic audits.

💡 Practitioner Insight: What This Means in Practice From my experience in risk data engineering, DPDPA compliance is not just a legal team problem — it is a data architecture problem. Every data pipeline, every ETL job, every model training dataset now needs a consent trail.
If you’re building or auditing bank data systems, ask: Can we trace every row of customer data back to its consent record? If not, you have a DPDPA exposure.

4. Legal and Regulatory Developments (2024–25)

4.1 RBI Master Direction on KYC (March 2024)

Key changes and their operational impact:

Digital KYC: Video-based Customer Identification Process (V-CIP) now permitted across all customer categories.
Risk Categorisation: Formalised three-tier system (Low / Medium / High) with differentiated due diligence standards.
Beneficial Ownership: Threshold reduced to 10% for companies — banks must now trace deeper ownership layers.
Central KYC Registry (CKYCR): Banks must upload and download KYC records from CKYCR, reducing duplication for customers.
Non-face-to-face accounts: Stricter transaction limits until full in-person KYC or V-CIP is completed.

4.2 RBI Cybersecurity Framework for Banks (2024)

Applicable to all Scheduled Commercial Banks, Cooperative Banks, and NBFCs above threshold.
Mandates a Cyber Crisis Management Plan (CCMP) reviewed annually.
Third-party vendor risk assessments mandatory before onboarding any IT service provider.
24×7 Security Operations Centre (SOC) mandatory for Tier-1 banks; shared SOC arrangements permitted for smaller banks.

4.3 AML / PMLA Record-Keeping (Amended 2024)

Under the Prevention of Money Laundering (Maintenance of Records) Rules, 2023 (amended 2024):

All transaction records must be maintained for a minimum of 10 years from the date of transaction.
Suspicious Transaction Reports (STRs) must be filed with FIU-IND electronically within 7 days of forming suspicion.
Banks must conduct ongoing transaction monitoring — static, one-time AML checks no longer satisfy regulatory expectations.
Customer Risk Profiles must be reviewed whenever a transaction triggers suspicion, regardless of scheduled review date.

4.4 Case Law Highlights (2024–25)

Case	Key Ruling	Practitioner Impact
ICICI Bank v. RBI (2024)	Banks liable for KYC failures of fintech intermediaries	Due diligence of fintech partners is the bank’s regulatory responsibility — cannot be contractually delegated
Union Bank v. RBI (2025)	Customer’s right to grievance redressal reaffirmed for unauthorized digital transactions	Banks must process reversal requests within RBI timelines — internal delays are non-compliant
SBI v. Prathima Traders (2024)	Bank liable for phishing losses where 2FA was not implemented	Non-compliance with security mandates removes the bank’s defence of customer contributory negligence
Amitabh Dasgupta v. United Bank (2022, enforced 2024)	Bank liable for locker contents lost due to institutional negligence	Compensation ceiling set at 100× annual locker rent; MoA with customers now mandatory

5. Rights and Duties of Banks and Customers

5.1 Rights of the Banker

Right	Explanation	When It Applies
General Lien	Bank can retain customer’s goods/securities until all dues are paid — not just dues related to those goods	All banking dues; does not apply to lockers or items held for a specific purpose
Particular Lien	Right over specific goods for dues arising from that specific transaction only	Bill of exchange collection, specific pledged security
Right of Set-Off	Bank can adjust customer’s credit balance against the customer’s debt to the bank	After proper notice; customer must have legal right to the credit balance
Right of Appropriation	Allocate payments to any lawful debt when customer does not specify	Multiple outstanding loans or dues from the same customer
Right to Charge Interest	Bank can charge interest and compound it per the agreement	All credit facilities; must be disclosed in sanction letter and MITC

5.2 Customer Rights Under RBI’s Customer Service Framework

Right to be heard: Grievances must be acknowledged within 3 working days and resolved within 30 days (Banking Ombudsman Scheme).
Right to fair treatment: Banks cannot discriminate based on gender, religion, caste, or physical disability.
Right to information: All charges, interest rates, and terms must be disclosed upfront in plain language.
Right to reversal: Unauthorized electronic transactions must be reversed within 7–10 working days if reported timely.
Right to privacy: Customer information cannot be shared with third parties without consent (subject to regulatory exceptions).
Right to Banking Ombudsman: Customers can escalate to RBI’s Integrated Ombudsman if internal redressal fails within 30 days.

5.3 Banker’s Duty of Secrecy and Its Exceptions

The banker’s duty of secrecy — rooted in Tournier v. National Provincial & Union Bank (1924) and adopted in India — is qualified by statute. Banks must disclose in four circumstances:

Compulsion of law — Court order, Income Tax, Enforcement Directorate, CBI requisition.
Duty to the public — Disclosure of planned fraud, terrorist financing, serious crime.
Bank’s own interest — Asserting a claim against the customer in court.
Customer’s express or implied consent — Reference letters, credit bureau reporting (CIBIL).

6. Special Categories of Customers

6.1 Minor Customers

A minor (under 18) cannot enter a valid contract — but banks can open accounts for minors through a guardian.
RBI permits minors above 10 years to independently operate savings accounts up to a prescribed limit.
On attaining majority, the minor must ratify all transactions and provide fresh KYC documents.
Credit cannot be extended to a minor — any such agreement is void ab initio.

6.2 Joint Account Holders

Joint accounts can operate on Either or Survivor, Former or Survivor, or Jointly basis — the mandate governs operation.
In Either or Survivor accounts, either holder can operate independently — mandate survives death of one holder.
Set-off cannot be exercised against a joint account for the individual debt of one holder.
In KYC terms, all joint holders must be individually KYC-verified.

6.3 NRI Customers

Account Type	Nature	Repatriability	Tax in India
NRE	Foreign earnings converted to INR	Fully repatriable	Not taxable
NRO	India-sourced income	Up to USD 1 million/year	Taxable
FCNR(B)	Foreign currency deposit	Fully repatriable	Not taxable

Banks must conduct enhanced due diligence for NRI accounts due to higher money laundering risk.

7. Grievance Redressal: What To Do When Things Go Wrong

📋 Step-by-Step Escalation Path
Step 1 — Internal Complaint File a written complaint at the branch or the bank’s official grievance portal. The bank must acknowledge within 3 working days and resolve within 30 days.
Step 2 — Banking Ombudsman If unresolved or unsatisfied within 30 days, escalate to RBI’s Integrated Ombudsman at cms.rbi.org.in — free, no lawyer needed.
Step 3 — Consumer Court / Civil Court For monetary claims. Note: Consumer Forum and Banking Ombudsman are parallel remedies — choose based on relief sought.
Step 4 — RBI Supervisory Action For systemic issues or regulatory violations, write to RBI’s Department of Regulation. This doesn’t result in personal compensation but triggers supervisory action on the bank.

8. Emerging Trends (2025 and Beyond)

8.1 AI-Driven Risk Assessment

Machine learning models are now embedded in credit underwriting, fraud detection, and AML screening. This introduces a new accountability question: when an AI model rejects a loan application — who is responsible for the decision?

RBI’s draft guidelines on AI in banking (2024) propose mandatory explainability and human oversight for all credit decisions. In my work building risk ML pipelines, I ensure every model output is traceable, explainable, and bias-tested before deployment.

8.2 Open Banking and Interoperability

Open Banking APIs — currently voluntary in India but gaining regulatory momentum — allow customers to share their banking data across providers securely. Combined with the Account Aggregator network, this is dismantling the traditional bank-customer exclusivity and creating a data-sharing ecosystem where the customer’s financial identity transcends any single bank relationship.

8.3 Cybersecurity Insurance

As digital fraud losses mount, both banks and corporate customers are increasingly adopting cyber liability insurance. For large corporates, this is becoming a condition of maintaining high-value banking relationships — banks prefer counterparties with demonstrated cyber resilience.

8.4 Central Bank Digital Currency (CBDC / e-Rupee)

RBI’s e-Rupee pilot (Digital Rupee) is creating an entirely new dimension: a direct liability of the central bank to the holder — bypassing the commercial bank as intermediary for basic transactions. This could fundamentally reshape the debtor–creditor dynamic for small-value daily transactions in the coming years.

9. Frequently Asked Questions

Can a bank refuse to open an account?

Yes, if KYC documents are incomplete, the customer is on a watchlist, or the bank has AML concerns. However, banks cannot refuse on discriminatory grounds. Under PMLA, banks have a right — and duty — to decline relationships that pose unacceptable risk.

What if the bank loses my locker contents?

Post the January 2024 RBI Circular, the bank is liable for losses due to institutional negligence (robbery, fire due to building fault, fraud by a bank employee) up to 100 times the annual locker rent. You cannot claim beyond this without separate locker insurance.

How long can a bank freeze my account?

There is no prescribed maximum for regulatory freezes. Freezes under court order, I-T, or ED direction continue until the authority lifts them. Administrative freezes for KYC non-compliance must be lifted within 30 days of compliance. You can approach the Banking Ombudsman if a freeze appears arbitrary.

Can the bank exercise set-off on my salary account?

Only if you have consented to it in the loan agreement. Courts have held that banks must give prior notice before exercising set-off and cannot recover a disputed amount through set-off without a valid, undisputed claim.

I was defrauded online — who pays?

It depends on where negligence lies. If the bank failed to implement mandated security (2FA, cooling period) — the bank bears full liability. If you shared your OTP or credentials — you are liable. If neither party is negligent — loss is shared as per RBI’s limited liability framework based on how quickly you reported the transaction.

Can a bank share my data with third parties?

Only with your consent, by law, or as otherwise permitted under DPDPA, 2023. Credit bureau reporting (CIBIL) is permitted under your account agreement terms. Sharing for marketing purposes requires a separate, explicit opt-in consent.

What is the Banking Ombudsman and is it free?

The RBI Integrated Ombudsman (launched 2021) is a free, expedited dispute resolution forum for banking complaints. No fees, no lawyer needed. File online at cms.rbi.org.in. Applicable where the bank has not responded within 30 days or the response is unsatisfactory.

10. Conclusion

The banker–customer relationship in 2025 is no longer a simple transactional bond — it is a digitally governed, legally layered, consent-driven trust ecosystem. For banks, this means that compliance, data integrity, and cybersecurity are not back-office functions — they are the relationship itself.

For customers, understanding these relationships is no longer optional literacy — it is financial self-defence. Knowing that your deposit makes you a creditor, not a beneficiary; that your locker contents have a compensation ceiling; that a shared OTP may reduce your fraud recovery — this knowledge protects you.

The One Principle That Ties It All Together
Trust is the original currency of banking — pre-dating paper money, digital wallets, or central bank digital currencies. But in 2025, trust must be backed by technology, codified in regulation, and enforced through transparent accountability on both sides of the relationship.
The banks and customers who thrive in this era are those who understand not just their rights — but their responsibilities.

11. References and Further Reading

RBI Master Directions and Circulars

Master Direction – Know Your Customer (KYC) Direction, 2016 (Last updated August 2025) — rbi.org.in
RBI Circular on Cybersecurity Framework for Banks, 2024 — rbi.org.in
RBI Circular on Safe Deposit Lockers / Safe Custody Agreements, January 2024 — rbi.org.in
RBI Outsourcing of IT Services Direction, 2023 — rbi.org.in

Legislation

Indian Contract Act, 1872 — Sections 148, 172 (Bailment and Pledge)
Banking Regulation Act, 1949
Prevention of Money Laundering Act (PMLA), 2002 — PML (Maintenance of Records) Rules
Digital Personal Data Protection Act, 2023
SARFAESI Act, 2002
Indian Trusts Act, 1882

Key Case Law

Foley v. Hill (1848) — Debtor–Creditor foundation
Tournier v. National Provincial & Union Bank (1924) — Duty of Secrecy
Amitabh Dasgupta v. United Bank of India (2022) — Locker Liability
ICICI Bank v. RBI (2024) — Fintech KYC accountability
Union Bank v. RBI (2025) — Digital transaction grievance rights
State Bank of India v. Prathima Traders (2024) — Cyber fraud liability

⚠️ Disclaimer: This article is published on Bankopedia.co.in for educational and informational purposes only. It does not constitute legal, financial, or regulatory advice. Banking laws and RBI regulations are subject to frequent updates — readers should refer to current RBI circulars and consult a qualified professional for specific situations.