The Reserve Bank of India (RBI) recently issued guidelines aimed at strengthening the regulatory framework to allay concerns about credit delivery via digital lending methods. The banking regulator has categorically reiterated that lending can only be done by entities that are regulated by it or those that are permitted to do so under any other law.
RBI is statutorily authorised to operate the country’s credit system to its advantage. The central bank has encouraged various innovations in the financial system, product, and credit delivery method while ensuring orderly growth, maintaining financing stability, and protecting depositors’ and customers’ interests.
However, some issues have arisen that, if not resolved, may adversely affect public confidence in the digital lending ecosystem.
These concerns primarily include unbridled engagement of third parties, unlawful & misleading selling, data privacy violations, unfair business practices, charging outrageous interest rates, and unethical recovery practices.
Formation of the Working Group on Digital Lending
The Reserve Bank of India (RBI) has established a regulatory framework for digital lending. Its new regulations are derived from recommendations from a working group on ‘Digital lending, including lending via online platforms and mobile apps,’ which was formed in January 2021. (WGDL).
This WGDL sought formal and informal inputs from academicians, regulated entities, Fintech advocacy groups, consumer interest groups, industry bodies, Fintechs, app stores, Law Enforcement Agencies (LEAs), and central and state governments. The WG received input from 36 such stakeholders, and their feedback covered a wide range of topics, including legal, regulatory, technological, code of conduct, fair practices, grievance redressal, and so on.
The WGDL’s report was posted on the RBI website, inviting stakeholders and the general public to comment. Taking the feedback from a diverse set of stakeholders into account, a regulatory framework has been developed to support the orderly growth of credit delivery via digital lending methods while limiting regulatory concerns.
RBI’s categorisation of digital lenders
Digital lending entails giving and recovering loans by use of seamless digital technologies in customer acquisition, credit assessments, loan approvals, disbursements, recoveries, and associated customer service. It allows for faster disbursement and helps to reduce costs.
Lending Service Providers (LSPs) can collaborate with REs to offer credit to customers via the latter’s platform. These platforms may be exposed to situations of engaging in unsafe lending practices.
What are the new regulatory guidelines?
These guidelines apply to the first category (REs) of entities listed in the above section and the LSPs engaged by them to extend various permissible credit facilitation services. Regarding other entities in the second and third categories, the RBI has asked the respective regulator/controlling authority/central government to develop guidelines based on the suggestions of the working group formed on this subject in January 2021.
These guidelines are bifurcated into three categories and need to be followed immediately by the Regulated Entities (REs), their Lending Service Providers (LSPs), Digital Lending Apps (DLAs) of REs, and DLAs of LSPs engaged by REs:
Issues related to customer protection and conduct
- All loan disbursements and repayments must be made only between the borrower’s and the RE’s bank accounts, with no pass-through/pool account of the LSP or any third party. Some exceptions include:
- Disbursal under statutory/ regulatory mandate.
- Money transfer between REs for co-lending transactions.
- Loan with specific end-use as regulatory guidelines of RBI or other regulators.
- Any fees, charges, or other amounts payable to LSPs during the credit intermediation process must be paid directly by RE rather than the borrower.
- A KFS must be provided to the borrower before signing the loan contract.
- Borrowers must be notified of the overall cost of digital loans in the form of an Annual Percentage Rate (APR). KFS will also include APR.
- Increases in credit limit automatically are prohibited unless the borrower gives explicit consent.
- The loan contract must contain a cooling-off/look-up period in which borrowers can exit digital loans without penalty simply by repaying the principal and the proportionate APR.
- REs must ensure that they have an appropriate nodal grievance redressal officer to manage and solve Fintech/digital lending-related complaints, as do the LSPs they engage.
Such a grievance redressal officer must also resolve customer issues against their respective DLAs. The Grievance Redressal Officer’s contact information must be displayed prominently on the RE’s website, as well as its LSPs and DLAs, as applicable.
- If a borrower’s complaint is not resolved by the RE within the given period (currently 30 days), he or she can lodge a complaint with the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).
- The list of LSPs to be published on the website of RE.
- DLAs and/or LSPs to display information about a loan product, credit limit, cost, etc., at the time of onboarding the borrowers.
- No storage of personal information of the borrower except minimal details for carrying out the operations.
- RE to intimate the borrower about the appointment of LSP as recovery agent at the time of sanctioning of loan and at the time of passing recovery responsibility to LSP. RE to review the conduct of LSP while conducting recovery.
- Data collection from the borrower should be need based and only with his explicit consent. One-time access to mobile phone at the time of onboarding for KYC purposes and with the explicit consent of the borrower.
- Borrowers are given the right to give or deny the consent for using data, restrict the disclosure to third parties, data retention, revoke the given consent, and also, to delete/forget the data on the app.
- Privacy Policy of DLAs to be compliant with applicable laws. Privacy Policy should be publicly available. Borrower consent to be disclosed at each stage of interface with Borrowers.
- Third parties allowed to collect data through DLA should be disclosed in the privacy policy. Explicit consent for sharing data with third parties except in case of a statutory or regulatory requirement.
- Policy for storage of personal data to be published on DLA. No storage of biometrics unless allowed under extant statutory guidelines.
- DLA should publish a link to the REs website where detailed information about a loan product, lender, LSP, particular customer care, link to Sachet Portal, and the privacy policy can be accessed by the Borrower.
- Compliance with various technology standards/ requirements on cybersecurity stipulated by RBI or other agencies.
- The data should be stored in servers located in India.
- Lending that is done through RE should be reported to CICs.
- New products such as short-term, secured/unsecured credit, or deferred payments are to be reported to CICs.
- LSPs offering deferred payment credit products should abide by outsourcing guidelines issued by RBI.
Some key definitions to look at:
Who are Regulated Entities (REs)?Regulated Entities simply mean entities that are regulated by the RBI. These include:
|
Definition of a Lending Service Provider (LSP)A Lending Service Provider (LSP), in exchange for compensation from the RE, performs one or more of the lender’s functions in customer acquisition, pricing support, underwriting support, servicing, disbursement, collection, monitoring, and recovery of a specific loan or loan portfolio. |
What are Digital Lending Apps (DLAs)?DLAs are mobile and web-based applications with user interfaces that enable a customer to borrow from a digital lender. |
Requirements for technology and data
- Data collected by DLAs should be need-based, have clear audit trails, and be collected only with the borrower’s prior explicit consent.
- Borrowers may be given the option to accept or deny the consent for the use of specific data, as well as the option to cancel previously granted consent and delete data collected from borrowers by DLAs/ LSPs.
Regulatory framework
- REs are required to report to Credit Information Companies (CICs) any lending sourced through DLAs (either of the RE or the LSP engaged by the RE), regardless of its nature or tenor.
- All new digital lending products extended by REs through merchant platforms that involve short-term credit or deferred payments must be reported to CICs.
On a concluding note
While the industry is readying to comply with the new requirements as mandated by the RBI, the establishment of such a regulatory framework became necessary following numerous complaints by borrowers against various digital lending businesses and the potential of common customers being exploited if it was left unregulated.
According to Statista, India’s digital lending market, which was valued at $110 billion in 2019, is expected to reach $350 billion by 2023. The Covid-19 pandemic boosted the segment even more. Among these, the central bank is considering tightening regulations for Fintechs.
In June 2022, the RBI also issued guidelines for non-bank PPIs, prohibiting them from loading money into users’ e-wallets from credit lines or preset borrowing limits, causing fintech startups to halt such customer transactions on their prepaid instruments.
