Don’t miss the latest developments in business and finance.

RBI issues digital lending norms, reserves space for regulated entities

Only entities regulated by RBI or other bodies permitted by law can carry out digital lending, says RBI

Lending, Banks
The central bank said that some of the recommendations of the working group need wider consultation with the government (Photo: Bloomberg)
Subrata Panda Mumbai
5 min read Last Updated : Aug 11 2022 | 1:00 AM IST
In its effort to mitigate the concerns arising from credit delivery through digital lending methods, the Reserve Bank of India (RBI) on Wednesday came out with guidelines aimed at firming up the regulatory framework for such activities. The banking regulator has categorically specified that the lending business can only be carried out by entities regulated by it or those permitted under the law.

The central bank has divided the universe of digital lenders into three groups — entities regulated by the RBI and permitted to carry out lending business; entities authorised to carry out lending according to other statutory/ regulatory provisions but not regulated by the RBI, and entities lending outside the purview of any statutory/ regulatory provision.

These guidelines are for the first category, or entities regulated by the RBI. As for other entities which are part of the second and the third categories, the RBI has asked respective regulator/ controlling authority/ the central government to formulate guidelines based on the recommendations of the working group on this subject it had formed back in January 2021.

For RBI-regulated entities (REs), their lending service providers (LSPs), and digital lending apps (DLAs) of REs, the central bank has mandated that all loan disbursals and repayments are required to be executed only between the bank account of the borrower and the RE, without any pass-through/ pool account of the LSP or any third party.

REs have to ensure that fees for LSPs are paid directly by them and are not charged by LSP to the borrower.

Second, the all-inclusive cost of digital loans in the form of annual percentage rate (APR) is required to be disclosed to the borrower by REs. Also, REs have to provide a key fact statement (KFS) to the borrower before the execution of the contract in standardised format for all digital lending products.

“Any fees, charge, etc., which is not mentioned in the KFS cannot be charged by REs to the borrower at any stage during the term of the loan,” said the RBI. The KFS must have details of APR, terms and conditions of recovery mechanism, details of grievance redressal officer designated specifically to deal with digital lending/fintech-related matters, and cooling-off/look-up period, stated the guidelines.

Further, the regulator has specified that there cannot be automatic increase in credit limits without the borrower’s on-record explicit consent. These regulated entities also have to publish the list of LSPs and DLAs engaged by them, besides details of the activities for which they have been engaged, on their website.

REs have been asked to do due diligence on the borrower’s economic profile to assess his/her creditworthiness before extending any loan over DLAs. They also need to conduct an enhanced due diligence process before entering into a partnership with an LSP for digital lending, taking into account its technical abilities, data privacy policies and storage systems, among other things.

“REs to ensure that LSPs engaged by them do not store personal information of borrowers except for some basic minimal data (such as name, address, contact details of the customer, etc.) that may be required to carry out their operations,” the RBI said.

On the data privacy front, the banking regulator said data collected by DLAs has to be need-based, with the customer’s prior consent, and can be audited, if required. The central bank mandated that DLAs should not access mobile phone resources, such as files and media, contact list, call logs, and telephony functions. However, one-time access can be taken to camera, microphone, location, or any other facility necessary for onboarding/ KYC requirements only with the explicit consent of the borrower.

Further, these apps have to provide an option to borrowers to accept or deny consent for the use of specific data, including the option to revoke previously granted consent, besides the option to delete the data collected from borrowers by DLAs/LSPs.

The guidelines also stated that REs are required to ensure that any lending done through DLAs has to be reported to Credit Information Companies (CICs), irrespective of its nature or tenor. Lending through the Buy Now Pay Later (BNPL) mode also needs to be reported to CICs.

A few recommendations of the working group, such as the first loss default guarantee (FLDG), have received in-principle approval from the RBI but require further examination. Meanwhile, REs have to ensure that financial products involving contractual agreement, in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, adhere to the RBI’s guidelines on securitisation of standard assets.

The central bank said that some of the recommendations of the working group need wider consultation with the government. These are balance sheet lending using DLAs should be restricted to REs of RBI and to entities registered under any other law for specifically undertaking lending business, and framing legislation for banning unregulated lending activities.

“The RBI has provided a nuanced blueprint that shall help the digital lending ecosystem to continue to grow in a responsible and sustainable manner. At the same time, the RBI has clearly addressed the need to stamp out incipient trends that are antithetical to the best practices related to customer protection and data security,” said the Digital Lenders Association of India (DLAI).
The lending rules
  • Disburse­ments and repayments of loans should be executed between bank account of borrower and regulated entity
  • Cost of digital loans in annual percentage rate needs to be disclosed to borrower
  • Automatic increase in credit limit without explicit consent of borrower is prohibited
  • Data collected by digital lending apps should be need-based
  • Any lending sourced through digital lending apps has to be reported to CICs
  • Restrictions on first loss default guarantee under examination

Topics :RBIdigital lending