On 10th of August 2022, the Reserve Bank of India (RBI) released the digital lending guidelines to regulate digital lending and crack down on the growing incidences of fraud and malpractices. The guidelines are based on the principle that lending business can be carried out only by entities that are regulated by the central bank or entities permitted to do so under any other law. The RBI has accepted recommendations by the Working Group on Digital Lending (WGDL), effective immediately.
The RBI's press release mentioned that the recommendations were classified into three categories: (i) those that have been accepted immediately for implementation, (ii) those that have been accepted in principle but require wider examination and (iii) those that have been referred to the Government of India for wider engagement as they necessitate legislative interventions or consultations with other stakeholders.
What led to this?
In recent years, the delivery of credit products and services through the digital lending route has acquired prominence. However, with the rise in fraud and malpractices such as mis-selling, data breaches, exorbitant interest rates, and unethical recovery practices, it became imperative to safeguard the digital lending ecosystem.
Against this background, the Reserve Bank constituted a Working Group last year in January. The report submitted by the WGDL took into account the various inputs received from a diverse set of stakeholders. Post that, a regulatory framework to support orderly growth of credit delivery through digital lending methods while mitigating the regulatory concerns has been put forth.
(I) Recommendations for Immediate Implementation:
This is centred on three key aspects: consumer protection, data privacy and regulatory framework.
a) Customer Protection and Conduct Issues:
The focus of these guidelines hinges on enhancing the transparency of the arrangement between the borrower and the regulated entity who is ultimately responsible for the data privacy, grievance redressal and financial impact. The guideline on assessing a borrower's creditworthiness is expected to result in better due diligence during loan appraisal.
i. All loan disbursals and repayments must be executed only between the borrower's bank accounts and the RE without any passthrough/ pool account of the LSP or any third party.
ii. A standardised Key Fact Statement (KFS) must be provided to the borrower before executing the loan contract. The all-inclusive cost of digital loans in the form of an Annual Percentage Rate (APR) must be disclosed to the borrowers. APR shall also form part of KFS.
iii. Automatic increase in credit limit without the borrower's explicit consent is prohibited.
iv. Strengthening the grievance redressal mechanism by stipulating the appointment of a grievance redressal officer and adherence to the Integrated Ombudsman Scheme.
b) Data privacy
i. The RBI has placed emphasis on securing the borrowers' data and has issued guidelines to prevent its misuse. For example, the Lending Service Providers engaged by the REs should not store personal information, including biometric data of borrowers, except for some basic minimal data.
ii. Data collection by Digital Lending Applications (DLAs) would be need-based and with the prior and explicit consent of the borrower. The DLAs are prohibited from accessing mobile phone resources such as files and media, contact lists, call logs, telephony functions, etc.
c) Regulatory Framework
i. All lending sourced through DLAs would be required to be reported to Credit Information Companies (CICs) by the REs. Similarly, all new digital lending products extended by REs over merchant platforms involving short-term credit or deferred payments are required to be reported to CICs by the REs.
(II) Recommendations accepted in principle but need examination
i. The RBI would set up baseline technology standards for DLAs that would strengthen cyber security, data protection and prevent frauds like loan disbursement on stolen identity, data breaches, etc. Formulating and adhering to these standards is expected to curb cyber and loan application frauds like Dhani.
ii. The RBI has directed the regulated entities to develop their underwriting algorithm fairly based on extensive, accurate and diverse data.
iii. On the all-important First Loss Default Guarantee issue, the RBI stated that it was under examination. In the interim, such arrangements would be bound by the RBI's Master Direction on Securitisation issued in September 2021.
iv. The RBI has envisaged the setting up of a Self- Regulatory Organization (SRO) comprising entities in the digital lending ecosystem to further governance and maintenance of standards and protocols.
(III) Recommendations requiring GoI's engagement and other stakeholders
The RBI has placed certain recommendations for the consideration of the Government of India as they require legislative interventions or engagement with other stakeholders.
i. The RBI believes that balance sheet lending can be undertaken only by regulated entities and has requested the Government of India to formulate a relevant law in this regard.
ii. A Digital India Trust Agency (DIGITA) would be responsible for verifying DLAs before such apps can be publicly distributed through the app store.
iii. The RBI also proposes several initiatives for effective information sharing & curtailing activities of unscrupulous DLAs:
(a) inputs from the proposed Digital Intelligence Unit of Government and other agencies were made available to the respective supervisors of a digital lending segment of FinTech and their REs
(b) Establishment of a National Financial Crime Record Bureau, like National Crime Records Bureau, with a data registry similar to crime and criminal tracking network and systems, which is accessible to REs.
(c) Leveraging the channel of Financial Intelligence Network (FINNET) of Financial Intelligence Unit – India (FIUIND) for supplementing the due diligence of borrowers and LSPs by REs.
Summary
RBI's statement reiterates its concerns about the absence of adequate safeguards, especially for the end consumer in the digital lending process. The RBI's concerns about unregulated entities undertaking balance sheet lending without having sufficient capital have also been reflected in the recommendations.
The accepted guidelines provide a path for enhancing consumer protection, paving the way for greater transparency and also lay out a more robust framework for loan appraisal. While these guidelines are a step in the right direction, subsequent initiatives on technology standards, establishing a financial crime record bureau, etc, are critical in reducing the incidence of fraud.