RBI’s first digital lending guidelines hit high marks on borrower protection


The Reserve Bank of India’s first set of guidelines for digital lending, released on Wednesday, largely addresses consumer concerns about digital lending platforms.

While one industry expert called the guidelines “a culmination of months of listening to consumer complaints and input on digital lending industry operations,” others said they impact all good places to define industry best practices.

Overall, the notification focuses on three main elements:

  1. Regulate the entire credit chain
  2. Provide transparency to borrowers
  3. Define data privacy best practices

Credit chain regulation

To ensure that the central bank has visibility into the movement of money through the lending chain, RBI has stipulated that all loan disbursements must always be made to the borrower’s bank account and that repayments must be executed directly to the bank accounts of regulated entities (banks/NBFCs/microfinance institutions). No money should flow or pass through third-party pool accounts, RBI says.

This is primarily to establish a clear audit trail, to prevent money laundering and for the central bank to have clear visibility into how the money flowed in case the consumer raises issues over the life of a loan.

In the whole digital lending equation, RBI doesn’t want money circulating in dark accounts where it can’t see how the funds have been moved; he wants to be able to track the movement of each rupee so that he can protect the consumer in case something goes wrong.

Provide transparency to borrowers

The framework requires regulated entities to disclose, in easy-to-understand language, everything about the loan a borrower is taking out, including:

  • Annual Percentage Rate (APR), which includes the total interest rate on a loan, fees, origination fees, agency fees, and all other charges related to servicing the loan
  • The Statement of Key Facts (KFS)
  • Regulated Entity (RE), Lending Service Provider (LSP) and Digital Lending Application (DLA) Grievance Agent Details
  • All fees and service charges
  • Terms and conditions of the loan collection mechanism, including details of the loan service provider who will act as collection agent

RBI Governor Shaktikanta Das

The central bank stresses that the key factual statement must disclose everything about the loan to the borrower, including details of the APR, names and contact details of grievance officers and the cooling-off period. This follows a recent study by policy research institute Dvara Research which showed that BNPL, or ‘buy now, pay later’ players did not always disclose facts such as prices, obligations of customers and penalties in their KFS.

These disclosures to borrowers are also important so that they can make an informed decision before signing a loan agreement.

“With the guidelines, it’s clear that RBI is trying to balance regulation and governance,” said Kunal Varma, CEO and co-founder of neobanking platform Freo. Your story. “There is nothing stopping fintechs from innovating as long as it stays within regulatory safeguards. This notification focuses on all the good things and practices that the industry needs to adopt, as a whole.”

The need for these guardrails has become even greater since the proliferation of predatory and unregulated loan apps that charge extremely high interest rates and use frowned upon means including harassment, death threats and force. gross to recover the loans.

RBI also said regulated entities must disclose to borrowers all lending service providers and digital lending platforms they work with, along with details of the activities for which they have been engaged.

Digital lending platforms should prominently display information about product features, including lending limit, costs, etc., as well as explain how data captured in the lending process will be used.

Privacy practices

In this era of “data is the new oil” where anything put on the internet is “salable” or “monetizable”, RBI has implemented strict data privacy practices that exclude regulated entities, vendors lending services, digital lending apps, and any other platforms involved in the lending equation to use a borrower’s data for anything other than the specific function it was intended for.

These guidelines are as follows:

  • Regulated entities, or ERs, should perform due diligence regarding the privacy and data storage policies of their LSP/DLA partners before entering into a partnership with them.
  • REs should ensure that the entities they engage with do not store borrowers’ personal data except basic information such as name, address, contact details, etc.
  • Any data collection must be needs-based, verifiable, traceable to RBI and with the prior and explicit consent of the borrower.
  • Lenders cannot access borrowers’ mobile phone resources such as files and media, contact lists, call logs, and phone features.
  • A one-time authorization to access a borrower’s camera, microphone, and location, among other necessary facilities, may be obtained, but only for the purpose of onboarding and KYC requirements.
  • Borrowers should have the ability to withhold consent to the use of specific data, revoke previously granted consent and, if necessary, have the application delete or forget their data.
  • The purpose of obtaining and accessing a borrower’s data must be disclosed at every stage to the borrower
  • To share data with third parties, explicit consent must be obtained, unless it is a legal or regulatory requirement.
  • Digital lenders should prominently display on their websites what type of data they will access, how long the data will be retained, how it will be destroyed, and how the platform will handle security breaches.
  • No biometric data should be stored or collected by the DLA
  • All data should be stored on servers located in India
  • All new digital lending products must be reported to credit bureaus by regulated entities

To ensure that RBI has the data of every borrower, it has asked banks, NBFCs and other regulated entities to disclose any loans made through DLAs to credit reporting companies.

The various data privacy checks and balances will go a long way to ensuring that predatory or illegal lending apps don’t have access to anything they can use to open non-consensual lines of credit to customers, which has There have been several times in the past where people have discovered random loans in their name when checking their credit history with CIBIL.

The framework set by the RBI was immediately implemented.

The powerhouse said it is also considering other guidelines currently, such as:

  • Expand the reach of financial literacy centers to include digital lending.
  • Notify borrowers via email or SMS whenever an RE or loan service provider wants to access their credit information
  • Establish basic technology standards for DLAs, including ensuring the app is secure, keeping a log of every action a user performs, device information, etc.
  • Ensure that the algorithms used by REs to underwrite loans are extensively tested on various data sets to rule out any prejudice.
  • Digital lenders should embrace ethical AI that focuses on protecting borrowers’ interests, promotes transparency, inclusion, and eliminates impartiality.

The central bank added that it was also considering a framework for first-to-default guarantees (FLDGs), loan product aggregators and self-regulatory bodies.

“Honestly, the central bank’s end goal is to protect end consumers. The latest guidelines address market conduct practices and are very reassuring to the industry. This solves many customer issues that we’ve seen crop up over the past two or three years. years…all angles have been covered,” said Sugandh Saxena, CEO of the Fintech Association for Consumer Empowerment (FACE). Your story.

RBI Classification of Digital Lenders

The central bank sorts digital lenders into three main groups:

  1. Entities regulated and authorized by the RBI to engage in lending activities
  2. Entities not regulated by the RBI, but authorized by other legal/regulatory provisions to make loans
  3. Entities lending outside the scope of any legal/regulatory provision; i.e. not regulated by the RBI or any other body

For the third category, i.e. entities not subject to any regulator, RBI says it has written the central government a list of specific interventions that will help it curb illegitimate lending activities, including the development legislation prohibiting unregulated lending activities, the creation of an independent body to ensure that only authorized and trusted DLAs are used by consumers, and the establishment of a National Financial Crime Record Bureau, among others.

“In keeping with its reputation as a forward-looking financial regulator that successfully balances the needs for financial innovation with the constraints of ensuring the integrity and stability of the financial system, the RBI has delivered a nuanced plan which will help the digital lending ecosystem continue to grow in a responsible and sustainable way,” the Digital Lending Authority of India said in a statement.

“At the same time, the RBI has clearly addressed the need to weed out emerging trends that run counter to best practices related to customer protection and data security,” he added.

Action on items that are pending or have only been accepted in principle by the central bank should be confirmed in the next 2-3 months, FACE’s Sugandh said.


About Author

Comments are closed.