RBI TIGHTENS THE NOOSE ON DIGITAL LENDING ACTIVITIES
Digital lending is a remote and automated lending process, majorly by use of seamless digital technologies in customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service1. While lending and delivery of credit products via digital lending has gained prominence, especially in the post pandemic era, the Reserve Bank of India (“RBI”) has treated digital lending with caution due to concerns relating to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices. In order to set up a regulatory approach to address these concerns, and to study all aspects of digital lending activities in the regulated financial sector, by regulated as well as unregulated players, the RBI constituted a Working Group on ‘digital lending including lending through online platforms and mobile apps’ (“WGDL”). The WGDL submitted its report (“Report”) to the RBI on November 18, 2021. The RBI invited comments from stakeholders and members of the public on this Report that was placed on the RBI’s website.2
Pursuant to the inputs received from various stakeholders, the RBI formulated a regulatory framework to streamline credit delivery through digital lending methods. While the RBI has reiterated that the lending business can only be carried out by RBI regulated entities (“REs”) or entities permitted to do such lending businesses under other Indian laws, it has accepted certain recommendations of the WGDL, and created a regulatory framework that will include REs, their lending service providers (“LSPs”), Digital Lending Apps (“DLAs”) and the LSP’s DLAs which are engaged by the REs, within its purview.
Some of the key recommendations accepted for immediate implementation (“Recommendations”) by the RBI are as follows:
A. Customer Protection and Conduct Requirements:
1. No disbursement into pass-through/pool accounts:
All loan disbursements and repayments are mandated to be done directly into the bank account of the borrower and RE, without any pass-through account/pool account of any third party. It appears that the spirit behind this recommendation is to establish a clear audit trail and give the regulator clear visibility on the fund flow during the lending process. However, the RBI has carved out certain exceptions for disbursals covered exclusively under statutory or regulatory mandate, flow of money between REs for co-lending transactions, and disbursals where loans are mandated for specified end-use as per regulatory guidelines of the RBI or any other regulator.
In a number of cases, while the RE is the lender, LSPs and DLAs interact with the borrower on the loan process and facilitate disbursal of loans sanctioned by a RE to borrowers through their accounts. Henceforth, LSPs and DLAs will not be able to route the disbursal of loan amounts through their accounts.
Several REs also liaise with LSPs and route the loan repayment through payment aggregators. However, it is unclear whether repayment of loans by borrowers facilitated through the account of a payment aggregator may fall under the first exception, as the RBI has carved out an exception for disbursals covered exclusively under statutory or regulatory mandate.
2. Increased transparency:
The RBI has implemented several Recommendations that increase transparency to borrowers.
Key Fact Statement and documentation:
REs are directed to provide a Key Fact Statement (KFS) in a standardised format to borrowers before the execution of the loan contract for all digital lending products. Further, REs are mandated that digitally signed documents supporting important transactions through DLAs of REs/LSPs, including the privacy policies of the LSPs with respect to borrowers’ data, are required to be shared by the RE automatically to the registered/verified email/phone number (via SMS) of the borrower. Increasing transparency during the time of borrower onboarding and also during the documentation stage would aid the borrowers in making informed choices.
Details of LSPs, DLAs and loan products:
REs are also required to publish the list of LSPs and DLAs engaged by them along with the details of the activities for which they have been engaged, on their website, for the information of the borrowers. In order to make the borrowers aware of the several loan products and their features, REs are required to ensure that their DLAs or DLAs of their LSPs, prominently display information relating to the product features, loan limit and cost, etc. at the time of onboarding or sign up by the borrowers.
Increase of credit limits and cooling off period:
All the costs of digital loans as an Annual Percentage Rate (APR) are mandated to be disclosed upfront by REs, and no charges or fees which are not mentioned in the KFS are allowed to be charged by the REs to the borrower. Further, REs are required to ensure that credit limits of borrowers are not increased automatically without the explicit consent of borrower on record for every increase. The borrowers also need to be made aware of the cooling off/look-up period as determined by the board of directors of the RE, and when a borrower decides not to continue with the loan during that period, he must be able to exit the loan by paying the principal and proportionate APR without any penalty.
Appointment of Recovery Agents:
Due to the increase in the number of recovery agent harassment complaints and related incidents, REs are mandated to clearly communicate to the borrower, the details of the LSP acting as recovery agent, who is authorised to approach the borrower for recovery, at the time of sanctioning of the loan and also at the time of passing on the recovery responsibilities to an LSP (or at the time of change in the LSP responsible for recovery). REs are also required to carry out periodic review of the conduct of the LSPs engaged by them and provide necessary guidance to LSPs acting as recovery agents to discharge their duties responsibly.
Grievance Redressal:
Most importantly, REs are mandated to have a suitable nodal grievance redressal officer and are also required to ensure that the LSPs engaged by them have a suitable nodal grievance redressal officer to deal with FinTech/digital lending related complaints/issues raised by the borrowers.
A. Technology and Data Requirements:
DLAs are required to collect data only on a need-to-know basis and also obtain prior explicit consent of the borrower which is capable of being withdrawn at the option of the borrower. DLAs are restricted from accessing mobile phone resources such as file and media, contact list, call logs and telephony functions. However, a one-time access is permitted to be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/KYC requirements, once the explicit consent of the borrower is attained.
The Recommendations have reiterated the requirement for DLAs to have a privacy policy (in addition to the mandatory requirement of body corporates to formulate a privacy policy for handling of or dealing in personal information including sensitive personal data or information).3Such privacy policy must provide details of third parties that are allowed to collect personal information through the DLA. Predictably, RBI has mandated data localisation i.e., REs would have to ensure that all data must be stored in servers located within India while ensuring compliance with statutory obligations/ regulatory instructions.
B. Reporting to Credit Information Companies (“CICs”):
REs are required to report any lending done through DLAs to CICs irrespective of its nature or tenor (including short term, unsecured/ secured credits or deferred payments). This would mean that all loans offered on e- commerce platforms and merchant platforms including Buy Now Pay Later (BNPL) facilities would have to be reported to CICs registered with the RBI.
Apart from the Recommendations that are approved by the RBI for immediate implementation, RBI has also listed out (i) certain recommendations that have been accepted in principle, but which require further examination; and (ii) certain recommendations that need to be considered by the Government of India.
The frequently talked about First Loss Default Guarantee
(FLDG) construct is still under examination with the RBI, ho4wever,
FLDG constructs would have to adhere to the RBI’s guidelines on securitisation
of standard assets.
The RBI also intends on setting up a self-regulatory organisation (SRO) covering REs and DLAs/LSPs in the digital lending ecosystem which will be responsible for putting together a code of conduct for recovery and responsible advertising and marketing standards to be adopted by all the DLAs, training of recovery agents and maintaining a list of non-compliant LSPs. Further, the RBI has also recommended that the Central Government considers framing a legislation for Banning of Unregulated Lending Activities (BULA) which would cover entities not authorized by RBI and not registered under any other law from undertaking public lending.
CONCLUSION
While the RBI considers these Recommendations as necessary constraints and has addressed the Recommendations mainly to REs, the LSPs and DLAs would also have to adhere to these Recommendations in order to engage in the digital lending ecosystem. From a borrower’s perspective, implementation of the Recommendations provides borrowers more visibility on the parties they are dealing with in the digital lending ecosystem and enables them to make informed choices. While the Recommendations increase the burden on REs, LSPs and DLAs, such regulatory constraints may be necessary in the general interest of the borrowers.
1 Definition of digital lending provided in the “Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps” dated November 18, 2021.