Trai's whitelisting norms: Majority of banks, insurers in compliance

Mandatory registration of URLs, APKs, OTT links in SMS traffic starts

All national-level banks, insurers, and other financial players in both public and private sectors have complied with new whitelisting regulations, which came into effect on Tuesday. 

According to officials at the Telecom Regulatory Authority of India (Trai), most of the links commonly used by these institutions to communicate with customers have been registered, ensuring minimal disruption to services.
 

The telecom regulator had mandated the whitelisting, or registration, of uniform resource locators (URLs), Android package kits (APKs), and over-the-top (OTT) links sent through commercial text messages. 
 

URLs are links to websites or addresses of unique resources on the internet, while APKs are executable files for installing and running Android applications.
 

“All national banks, insurers, and financial players have registered most of the relevant links, though the process is ongoing,” said a Trai official. “There may be minimal disruption, but we expect the pace of registrations to pick up in the coming days.” 
 

Initially scheduled for a September 1 deadline, the requirement was extended by a month to give businesses more time to comply.

The move is expected to have a significant impact on reducing spam and potential fraud, as many users unknowingly click on malicious links that serve as phishing tools for hackers. 
 

However, concerns remain that customers of banks, financial institutions, and e-commerce platforms may experience interruptions in receiving service messages, transactional alerts, and one-time passwords (OTPs).
 

Trai has said it will regularly seek updates from telecom operators on the implementation of whitelisting measures. Until now, telcos only verified message headers and templates sent by businesses. Now, they are barred from transmitting messages containing non-whitelisted links.
 

Several banks and insurers confirmed their compliance but admitted confusion regarding certain aspects of the mandate. 

“We are compliant with Trai’s norms, and all our messages are whitelisted, so we do not expect any disruptions,” said a private sector banker. “However, there is uncertainty around how dynamic messages will be handled. We are adopting a wait-and-watch approach.”
 

K V Dipu, senior president & head of operations & customer service at Bajaj Allianz General Insurance, stated that despite challenges, his company had taken swift action to comply with the new regulations. 
 

“We have ensured that all customer communications via SMS adhere to whitelisting norms. Any additional activities requiring whitelisting are prioritised to ensure smooth operations,” he said.
 

Dipu acknowledged that certain complexities, such as the lack of formal operating procedures from telecom operators and the absence of a testing platform before the rollout, posed initial challenges.
 

A private sector insurance executive echoed these concerns, highlighting the logistical hurdles of registering numerous URLs and maintaining compliance in a constantly evolving regulatory environment. 
 

“We are actively working to ensure compliance and are collaborating with stakeholders to address the broader challenges,” the executive added.

Key challenges 
 

 Businesses cite logistical challenge of registering numerous links

 Others have pointed to lack of formal SOPs by telecom operators

 Lack of testing platform before rollout

 Trai has not allowed short URLs to be allowed in content templates