1600 Recovery Agent Compliance India: What Lenders Must Know About Outsourcing

Key Facts at a Glance

Item	Detail
Primary regulation	TCCCPR, 2018 (Second Amendment, 12 Feb 2025)
Governing bodies	TRAI / DoT / RBI
Number series for collections	1600 series (1601xxxxxxx for RBI-regulated entities)
Outsourced agents must use lender’s 1600 number?	Yes. Agencies cannot use their own number pool
IIBF DRA certification required?	Yes. Mandatory under RBI guidelines for all recovery agents
First-violation penalty	Rs 2,00,000 per instance under TCCCPR
RBI collection call hours	08:00 to 19:00 IST only
Blacklist trigger	5 valid complaints in any rolling 10-day period

• Banks and NBFCs bear full legal responsibility for every call an outsourced recovery agency makes on their behalf, including 1600 recovery agent compliance violations.
• Every collection call must route through the lender’s allocated 1600 series number. The agency cannot use its own number pool.
• Each recovery agent must hold a valid IIBF DRA certificate. The lender must verify the agency’s certified roster before engagement and periodically thereafter.
• Non-compliant calls from 10-digit numbers trigger TCCCPR penalties of Rs 2,00,000 per violation and, ultimately, a one-year telecom blacklist.
• FreJun routes all outsourced agent calls through the lender’s 1600 number and provides real-time CDR access for compliance audits.

In This Article

1. Why Outsourced Collections Is the Highest-Risk Area for 1600 Recovery Agent Compliance
2. Who Owns the 1600 Number: The Lender or the Agency?
3. IIBF Certification Requirements for Recovery Agents
4. Vicarious Liability: How Lenders Pay for Agent Non-Compliance
5. Technical Routing for 1600 Recovery Agent Compliance
6. RBI Collection Rules That Apply on Top of the 1600 Mandate
7. Record-Keeping and Audit Trail Obligations for Outsourced Calls
8. How FreJun Supports Compliant Outsourced Collections
9. Frequently Asked Questions
10. Key Takeaways

1600 recovery agent compliance India is the most operationally complex part of the TRAI mandate for banks and NBFCs. The TRAI Direction dated 19 November 2025 (PRID 2191647) did not just mandate a number change. It restructured the entire outbound calling chain. The lender is now accountable for every call an outsourced recovery agent places on its behalf. Compliance does not transfer to the agency when you sign an outsourcing contract.

In my practice advising telecom-industry clients, one question arrives constantly from collections heads: “Do our recovery agents need to use our 1600 number, or can they call from their own pool?” The answer is unequivocal. Every collection call must route from the lender’s 1600 number. Every collection call must originate from the lender’s allocated 1600 series number. No exceptions apply under the TCCCPR, 2018, as amended 12 February 2025.

Why Outsourced Collections Is the Highest-Risk Area for 1600 Recovery Agent Compliance

Outsourced collections consistently creates the most 1600 recovery agent compliance failures. Most lenders assume the obligation transfers to the agency after signing a contract. That assumption is legally incorrect.

Moreover, the scale of the outsourcing challenge is significant. As of July 2024, the total outsourced BFSI workforce stood at 77,000, including 6,000 recovery agents. By December 2024, that figure had grown by nearly 50 per cent (Business Standard, January 2025). Each of those agents placing outbound calls for a lender must now do so exclusively from the lender’s 1600 number.

Three Compliance Gaps That Trigger 1600 Recovery Agent Compliance Failures

First, the agency calls from its own number pool. This typically means 10-digit mobile numbers or shared virtual numbers, rather than the lender’s 1600 series number. Second, the agency uses its own DLT templates instead of the lender’s registered content templates. Third, the lender has no real-time visibility into whether agent calls are compliant.

Notably, each of these gaps independently violates the TCCCPR, 2018, regardless of what the outsourcing contract says. A well-drafted contract does not insulate the lender from regulatory action. Only verified, technically enforced routing through the lender’s 1600 number provides genuine protection.

FreJun routes every outsourced agent call through your allocated 1600 number automatically. DLT template enforcement, CDR logging, and consent verification run in the background. Your collections team focuses on recovery, not compliance plumbing.

Talk to FreJun’s Legal Team

Who Owns the 1600 Number: The Lender or the Agency?

The 1600 series number belongs to the Principal Entity. That is the regulated lender. A recovery agency or BPO cannot independently obtain a 1600 series number. It cannot place calls on the lender’s behalf using its own number pool.

The 1600 Recovery Agent Compliance Allocation Chain Explained

The DoT allocates 1600 series numbering resources to Telecom Service Providers (TSPs). The TSP then assigns a specific 1600 number to the Principal Entity after verifying the entity’s regulated status. The entity signs a written undertaking to use the number strictly for service and transactional calls under the TCCCPR, 2018. This undertaking is a condition of allocation itself. Source: DoT Press Release, 30 May 2024 (PRID 2022249).

Therefore, a recovery agency cannot apply for a 1600 number in its own name. Furthermore, the lender cannot transfer or sub-allocate its 1600 number to the agency without formal re-allocation by the TSP. Instead, the lender must configure its calling infrastructure so all agent calls route through the lender’s 1600 number. The lender’s CLI must then present on the customer’s handset.

In practice, this means the lender must own the technical routing stack. Delegating routing control to the agency is a structural compliance error, regardless of what the outsourcing contract specifies.

IIBF Certification Requirements for Recovery Agents Under 1600 Compliance Rules

Beyond routing, every individual recovery agent must hold a valid DRA certification. The Indian Institute of Banking and Finance (IIBF) issues this certification under RBI guidance. RBI mandates this certification for all banks and NBFCs engaging recovery personnel, whether in-house or outsourced.

What the RBI Mandate Requires from Lenders on Agent Certification

RBI stipulates that banks and NBFCs must ensure all recovery agents obtain DRA certification from IIBF. This must happen within one year of engagement. Service providers working for banks and NBFCs must additionally employ only IIBF-certified personnel for recovery functions. This obligation covers every person in the calling chain. That includes the field agent, the call centre agent, and the supervisor authorising the call. Source: IIBF FAQ on DRA Training.

In practice, verification of DRA certification ranks as the most frequently missed step in the outsourcing due-diligence process. Many lenders sign master service agreements without ever requesting an audit of the agency’s certified agent roster. This creates immediate regulatory exposure.

Specifically, the lender must require the recovery agency to submit a roster of all agents assigned to its portfolio. That roster must include IIBF certificate numbers and validity dates. Additionally, the lender must re-verify the roster every time the agency rotates its staff.

Vicarious Liability: How Lenders Pay for Recovery Agent Non-Compliance

Vicarious liability is the most consequential and least understood aspect of 1600 recovery agent compliance. Under Indian law, the Principal Entity bears full legal liability for acts its agents commit. This applies within the scope of the outsourced engagement.

Three Legal Layers That Impose Liability on Lenders

First, the TCCCPR, 2018 holds the Principal Entity accountable for all calls placed under its DLT registration. Second, the RBI Fair Practices Code requires lenders to verify outsourced agents meet ethical, legal, and professional standards. Third, the RBI Outsourcing Directions require board-approved outsourcing policies. These must cover vendor due diligence, ongoing monitoring, and compliance audits.

Furthermore, the RBI draft circular of February 2026 on harmonised recovery norms (effective July 1, 2026) strengthens these obligations considerably. The draft requires every lender to build a due diligence framework for recovery agencies. Lenders must mandate periodic verification of agency employees. They must also document all compliance checks. Source: Vinod Kothari Consultants, February 2026.

Additionally, a consumer receiving a non-compliant call can file through the TRAI DND app, the 1909 helpline, or the Banking Ombudsman. Regulators treat the complaint as filed against the Principal Entity, not the agency. The lender cannot deflect liability by pointing to the outsourcing contract.

Four Specific Agent Acts That Trigger Lender Liability

First, the agent calls from a 10-digit mobile number instead of the lender’s 1600 number. Second, the agent calls outside the RBI collection window of 08:00 to 19:00 IST. Third, the agent uses an unregistered or expired DLT content template. Fourth, the agent contacts a customer within the 90-day opt-out lockout period under the TCCCPR Second Amendment, 2025.

Consequently, contractual indemnification clauses in the outsourcing agreement do not substitute for technical controls. Courts and regulators look at outcomes, not contract language, when they assess the lender’s liability.

Technical Routing for 1600 Recovery Agent Compliance

Technical routing is the most operationally complex element of 1600 recovery agent compliance. The goal is straightforward. Every outsourced agent call must display the lender’s 1600 number as the CLI on the customer’s handset.

The Segregation Requirement for 1600 Recovery Agent Compliance Routing

The TCCCPR also imposes a technical segregation requirement. The same dialer cannot carry both 140 series promotional traffic and 1600 series collection traffic. These two pools must stay technically separate. This segregation must be technical, not merely a written policy. Auditors have been explicit: a written policy without enforced routing logic does not satisfy the regulation.

Therefore, the lender’s cloud telephony platform must enforce routing at the system level. Every outbound call from an agent’s dashboard must exit through the lender’s allocated 1600 SIP trunk or PRI line. The 1600 number must present as the CLI on the customer’s handset. Critically, the agent must have no technical ability to override this routing from their own device.

In short, the telephony vendor selection is also a compliance decision. A platform that cannot enforce 1600 routing for outsourced agents is not a compliant platform, regardless of vendor marketing claims.

RBI Collection Rules That Apply on Top of the 1600 Mandate

The 1600 series mandate governs which number the call originates from. However, RBI rules also govern how and when collection calls occur. These apply regardless of number compliance. Lenders often focus on the number migration and miss these parallel obligations entirely.

Calling Hours, Opt-Out Rules, and the Transactional Window

First, the RBI Fair Practices Code restricts recovery contact to 08:00 to 19:00 IST. Customer-initiated contact outside this window is permitted. However, no outbound collection call from the lender’s side is allowed outside these hours.

Second, the TCCCPR Second Amendment, 2025 tightens consent rules for collection calls. Implicit consent for service calls stays valid only for the duration of the underlying loan contract. Once the borrower repays or the contract terminates, implied consent lapses. Moreover, once a subscriber opts out, the lender cannot contact them again for 90 days on the same purpose.

Third, a call placed within 30 minutes of a customer-initiated event qualifies as transactional. A missed EMI trigger is a common example. Any collection call beyond that 30-minute window requires a registered service call template and corresponding consent. Source: TCCCPR Second Amendment, 12 February 2025, trai.gov.in (PDF).

Auto-Dialer and Robo-Call Disclosure for Outsourced Recovery Calls

The TCCCPR Second Amendment, 2025 also requires disclosure of auto-dialer and robo-call use at the start of every affected call. Recovery agencies using predictive dialers must include this disclosure in their DLT-registered IVR script template. A call connecting a customer to an agent through a predictive dialer is a violation if it lacks upfront disclosure. This applies even when the 1600 number routing is otherwise correct.

Additionally, the RBI draft circular of February 2026 on uniform recovery norms prohibits abusive language and excessive calls. It also prohibits anonymous messaging and harassment of borrowers or their associates. These prohibitions apply equally to outsourced agents acting on the lender’s behalf.

Record-Keeping and Audit Trail Obligations for Outsourced Calls

Record-keeping is the final compliance pillar for lenders running outsourced recovery operations. As the Principal Entity, the lender must maintain auditable records of every call an outsourced agent places on its behalf. In-house staff calls alone are not sufficient.

What CDR, Template, and Consent Records the Lender Must Maintain

The lender must retain full Call Detail Records (CDRs) for all outbound calls. Each CDR entry must map to the DLT Template ID the agent used for that call. Additionally, the lender must retain consent records for every call placed on a consent basis. Call recordings and complaint resolution logs must also form part of the audit trail.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), the lender is a Data Fiduciary. It must demonstrate the lawful basis for processing customer data in recovery calls. A call recording is personal data. An outsourced agent’s access to borrower contact information constitutes personal data processing. Both fall under DPDP Act obligations.

Therefore, the outsourcing contract must require the recovery agency to maintain CDRs in an auditable format. The contract must also mandate CDR data surrender to the lender on request. Customer data must be deleted after the engagement ends. Critically, the lender must verify these provisions through technical enforcement, not just contractual language.

In short, the lender must have direct CDR access for outsourced calls in real time. If the agency controls CDR data exclusively, the lender cannot meet its audit obligations under the TCCCPR or the DPDP Act, 2023.

How FreJun Supports 1600 Recovery Agent Compliance for Outsourced Collections

FreJun is a cloud telephony platform built for regulated BFSI entities in India. FreJun addresses all three core 1600 recovery agent compliance requirements for lenders: number routing, DLT template enforcement, and CDR accessibility.

Specifically, FreJun routes all outbound calls through the lender’s 1600 series number. The agent dials from a FreJun-managed dashboard. The platform automatically presents the lender’s 1600 CLI on the customer’s handset. Importantly, the agent has no ability to override this routing from their own device.

Additionally, FreJun integrates directly with the DLT platform. Every call carries the corresponding DLT Template ID in signalling, and the platform validates the template before the call connects. FreJun also gives the lender’s compliance team real-time CDR access for audit and regulatory review. The platform integrates with HubSpot, Zoho, Salesforce, and Leadsquared.

FreJun is not a telecom operator or law firm. Instead, FreJun operates as the compliance infrastructure layer between your lending entity and your recovery agency. Book a call to see how your collections workflow maps to the 1600 routing framework.

Book a Call

Frequently Asked Questions

1600 recovery agent compliance: does the agency use its own number or the lender’s?

The lender’s 1600 number must be used for every collection call. The agency cannot use its own number pool for calls placed on the lender’s behalf. The lender’s CLI must appear on the customer’s handset. Any call from the agency’s own numbers violates the TCCCPR, 2018. This exposes the lender to penalties starting at Rs 2,00,000 per instance.

What is the penalty for a recovery agent calling from a non-1600 number?

Under the TCCCPR Second Amendment, 2025, the first violation attracts Rs 2,00,000. A second violation costs Rs 5,00,000. Third and subsequent violations each cost Rs 10,00,000. Five complaints in any rolling 10-day period triggers a 15-day outgoing service bar. Repeated violations result in a one-year telecom blacklist across all TSPs.

How does a lender apply for a 1600 number for its collections team?

The lender must approach an authorised Telecom Service Provider holding a valid Unified Licence or UL-VNO authorisation. The TSP verifies the lender’s regulated status under RBI, SEBI, IRDAI, or PFRDA. After verification, the TSP allocates a 1600 series number. The lender then signs an undertaking to use it only for service and transactional calls. Source: DoT Press Release, PRID 2022249.

Is IIBF DRA certification mandatory for recovery agents working for an outsourced agency?

Yes. RBI mandates DRA certification by IIBF for all recovery personnel at banks and NBFCs. This covers both directly employed staff and outsourced agency personnel. IIBF is currently the sole certifying body. The bank or NBFC must confirm certification within one year of engagement and must re-verify the roster periodically thereafter.

Can a recovery agency use its own DLT templates for calls placed on the lender’s behalf?

No. All DLT content templates must be registered under the Principal Entity’s DLT account. The template ID in the call signalling must match the lender’s registration. An agency using its own DLT templates for the lender’s customers violates the TCCCPR. The lender must ensure the agency uses only the lender’s approved templates for every call category.

What calling hours apply to outsourced recovery agents under RBI rules?

RBI’s Fair Practices Code limits all recovery contact to between 08:00 and 19:00 hours IST. This restriction applies equally to in-house and outsourced agents acting for the lender. Customer-initiated calls outside this window are permitted. However, no lender-initiated outbound collection call is allowed outside these hours, even from a compliant 1600 number.

Does the 1600 mandate apply if the recovery agency operates outside India?

Yes. The 1600 series mandate covers all calls to Indian customers by Indian-regulated entities. It applies regardless of where the calling infrastructure sits. Any call to an Indian customer for a service or transactional purpose must originate from the lender’s 1600 CLI. Offshore BPO infrastructure does not exempt the lender from TCCCPR or TRAI compliance obligations.

Key Takeaways

• The 1600 series number belongs to the lender, not the recovery agency. Every outsourced agent call must route through the lender’s 1600 CLI.
• Lenders face vicarious liability under the TCCCPR, the RBI Fair Practices Code, and the RBI Outsourcing Directions for every non-compliant call placed by an outsourced agent.
• IIBF DRA certification is mandatory for all recovery personnel. The lender must verify the agency’s certified roster before engagement and re-verify it periodically.
• Technical segregation is required. The same dialer cannot carry 140 series promotional traffic and 1600 series collection traffic through the same number pool.
• CDR records, DLT Template IDs, and consent logs for all outsourced calls must be accessible to the lender in real time for audit purposes.
• Calling hour restrictions, opt-out lockout periods, auto-dialer disclosure, and the 30-minute transactional window all apply on top of the 1600 number routing requirement.
• A cloud telephony platform with enforced 1600 routing, DLT integration, and real-time CDR access is the only operationally reliable way to run compliant outsourced collections at scale.

For the full regulatory framework governing 1600 series usage, refer to FreJun’s complete BFSI communication compliance guide for 2026. For a detailed walkthrough of the TCCCPR obligations, see the TCCCPR, 2018 compliance guide. Additionally, for a side-by-side comparison of the two series, see 1600 vs 140 series: the complete comparison.

Compliance Disclaimer

Disclaimer: This article is published for informational purposes only and represents FreJun’s understanding of the relevant legal and regulatory position based on its own independent research and interpretation of publicly available materials. It should not be construed as legal advice, legal opinion, or regulatory guidance. Readers are encouraged to seek independent legal counsel or consult the appropriate regulatory authorities before taking any action based on the information contained herein. While reasonable efforts have been made to ensure accuracy and completeness, laws, regulations, interpretations, and enforcement positions may evolve or vary based on specific facts and circumstances. FreJun does not warrant that the contents are free from inaccuracies, omissions, or inadvertent errors and shall not be responsible or liable for any misinformation, inaccuracies, or reliance placed upon the contents of this article, whether published knowingly or unknowingly.

References and Sources

• DoT Press Release, 30 May 2024 (PRID 2022249) – pib.gov.in
• TRAI Direction, 19 Nov 2025 (PRID 2191647) – pib.gov.in
• TRAI Direction, 16 Dec 2025 (PRID 2205350) – pib.gov.in
• TCCCPR Second Amendment, 12 Feb 2025 – trai.gov.in (PDF)
• IIBF DRA Certification FAQs – iibf.org.in
• RBI Uniform Recovery Norms Proposal, Feb 2026 – vinodkothari.com
• Business Standard, Recovery Agent Demand, Jan 2025 – business-standard.com
• Mondaq, TRAI 1600 Series Mandate Analysis – mondaq.com