Regulating digital lending

Rules are in the right direction

The Reserve Bank of India (RBI) has published the first set of norms to regulate digital lending. This follows up on the recommendations made by a working group set up to examine this space in January 2021. The central bank also said it would release a second set of norms after engagement with the government and other stakeholders. There may also be a need to set up institutional mechanisms and, perhaps, institute legislative changes. The oversight of this nascent segment is vital. It has seen breakneck growth, anecdotal allegations of a large number of frauds, and the hard-selling of such products to digitally unaware customers who don’t understand the implications and fine print. Action must not only be taken to protect citizens; the central bank is also right to be concerned about the possibility of widespread defaults in a fast-growing, bubbly segment. It must ensure defaults don’t occur on a large scale and that there is no cascading.

The regulator has created three buckets for entities in the digital loans market. The first includes those directly regulated by the RBI. The second comprises entities not regulated by the RBI but are authorised to carry out lending in accordance with other provisions. The third category includes entities involved in digital lending while being outside the purview of any regulations. Legislative action may be required to bring the latter set of entities within the regulatory purview. This market works on the basis of digital entities acting as intermediaries to arrange personal loans, which are provided by a regulated entity, such as a bank. In such cases, loan disbursements and repayments must be executed by direct transfers between the account of the borrower and the regulated entity providing the loan, without any pass-through involving the accounts of the lending service provider (LSP) or any other third party. Any charges payable to the LSP in intermediation will be paid by the regulated entity providing the loans, and not by the borrower.

In any digital loan, a standardised key fact statement (KFS) must be provided to the borrower. Entities will also have to disclose the all-inclusive cost of digital loans in the form of an annual percentage rate (APR), which will be part of the KFS. Any data collected from borrowers must be need-based, collected with a clear audit trail, and with explicit prior consent. The borrower must have the “right to forget” where personal data can be deleted. All digital lending products must also be reported to credit information companies. All digital loans must also come with a cooling-off/look-up period during which the borrower can exit the loan by repaying the principal and the proportionate APR without penalty. The regulated entities and the LSPs working with them must also have a nodal grievance redress officer to deal with FinTech and complaints related to digital lending. If any complaint is not resolved within a stipulated period of 30 days, a complaint can be lodged under the RBI’s integrated ombudsman scheme.

Taken together, this set of norms is sensible. The RBI could also ensure greater transparency by mandating all fees and charges be clearly disclosed and it could regularly release aggregated and anonymised data to give a sense of market size and growth rates. It also needs to prioritise engagement with other regulators and the government to rein in unregulated entities.