Paying heed to concerns raised by borrowers on digital loans, like the rampant engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates and unethical recovery practices, the Reserve Bank of India (RBI) has asked all regulated entities (REs) and lending service-providers (LSPs) to follow its new guidelines. While offering more protection, the new framework allows borrowers to exit from the digital loan during a cool-off period by paying the principal and loan costs. It also prohibits digital lenders from accessing files and media, contact list, call logs and telephony functions from the borrower's mobile phone.
RBI's regulatory framework for digital lending is based on the principle that lending business can be carried out only by entities regulated by the central bank or entities permitted to do so under any other law.
This new framework basically touches upon three issues—customer protection and conduct, technology and data requirements and regulations.
Customer Protection and Conduct Issues
i. All loan disbursals and repayments are required to be executed only between the bank accounts of borrower and the RE without any passthrough/ pool account of the LSP or any third party.
ii. Any fees and charges payable to LSPs in the credit intermediation process shall be paid directly by RE and not by the borrower.
iii. A standardised key fact statement (KFS) must be provided to the borrower before executing the loan contract.
iv. All-inclusive cost of digital loans in the form of annual percentage rate (APR) is required to be disclosed to the borrowers. APR shall also form part of KFS.
v. Automatic increase in credit limit without explicit consent of borrower is prohibited.
vi. A cooling-off/ look-up period, during which the borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty, shall be provided as part of the loan contract.
vii. REs shall ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer to deal with fintech/digital lending-related complaints. Such grievance redressal officer shall also deal with complaints against their respective digital lending apps (DLAs). The details of the grievance redressal officer shall be prominently indicated on the website of the RE, its LSPs and on DLAs, as applicable.
viii. As per extant RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated period (currently 30 days), he/she can lodge a complaint under the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).
Technology and Data Requirements
i. Data collected by DLAs should be need-based, should have clear audit trails and should be only done with prior explicit consent of the borrower.
ii. Option may be provided for borrowers to accept or deny consent for use of specific data, including option to revoke previously granted consent, besides option to delete the data collected from borrowers by the DLAs/LSPs.
i. Any lending sourced through DLAs (either of the RE or of the LSP engaged by RE) is required to be reported to credit information companies (CICs) by REs irrespective of its nature or tenor.
ii. All new digital lending products extended by REs over merchant platforms involving short-term credit or deferred payments are required to be reported to CICs by the REs.
Last year in January, RBI set up a working group on 'digital lending including lending through online platforms and mobile apps' (WGDL). The working group submitted its recommendation, which was published on RBI's website for comments.
Taking into account the inputs received from a diverse set of stakeholders, RBI says a regulatory framework to support orderly growth of credit delivery through digital lending methods while mitigating the regulatory concerns has been firmed up.
RBI has categorised digital lenders into three groups: entities regulated and permitted to carry out lending business by the central bank and entities not regulated by RBI but authorised to do lending business per statutory or regulatory provisions. The third group is for entities lending outside the purview of any statutory and regulatory provisions.
The central bank says its regulatory framework is focused on the digital lending ecosystem of RBI's REs and the (LSPs) engaged by them to extend various permissible credit facilitation services.
"As regards entities falling in the second category, the respective regulator or controlling authority may consider formulating or enacting appropriate rules and regulations on digital lending based on the recommendations of WGDL. For the entities in the third category, the WGDL has suggested specific legislative and institutional interventions for consideration by the Union government to curb the illegitimate lending activity being carried out by such entities," RBI says.