The Reserve Bank of India (“RBI”) vide notification dated September 02, 2022 released the Guidelines on Digital Lending (1) (“Guidelines”). The Guidelines have been rolled out based on the report of the working committee (2) and is in furtherance of its earlier Press Release (3)

Digital Lending refers to online and automated lending process, majorly by use of seamless digital technologies in customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.

Recent technological innovations have led to unbridled extension of financial services to retail individuals, especially in the area of digital lending. However, on account of unregulated third-party service providers, there have been instances of mis-selling to the customers, breach of data privacy, unethical business conduct and illegitimate operations. 

To curb such practices, the RBI sewed up these Guidelines, which, in essence, fetter liability on the Regulated Entities (RE) (as defined below) to ensure that third party service providers including digital lending apps (4) (“DLA”)/ lending service providers (5) (“LSP”) adhere to the standard protocol of business conduct. 

The directions set out in the Guidelines have been made applicable to ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’ with immediate effect (i.e., from the date of the Guidelines). However, in order to ensure smooth transition of ‘existing digital loans’ (sanctioned as on the date of the Guidelines), the RBI has allowed regulated entities time until November 30, 2022, to put in place adequate systems and processes to ensure that such existing digital loans are also in compliance with the Guidelines.

This article examines the regulatory standards and measures brought in by the RBI through the Guidelines and emphasizes on the imperative need to address the existing and potential risks in the digital lending eco-system. 

Decoding the Guidelines

1. Applicability

The Guidelines are applicable to digital lending extended by (a) all commercial banks; (b) primary (urban) co-operative banks, state co-operative banks, district central co-operative banks; and (c) NBFCs (including Housing Finance Companies) (“Regulated Entities” or “REs”).

2. Customer Interest and Conduct Requirement

2.1. Simplified Loan Procedure

All the loan shall be advanced and repaid between bank accounts of borrowers and REs, without any involvement of any of pass-through account/pool account of any third party including of DLAs or LPS except as provided for in the Guidelines. Any payment to be paid to LSPs by REs shall be paid by REs directly to LSP, and no amount shall be charged by LSP from borrowers.  Further, borrower have been equipped with an option to exit digital loan by paying the principal and the proportionate annual rate without any penalty during the cooling off period, which shall be determined by the board of REs. However, borrower whose loans are subsisting after this period, pre-payment shall be allowed as per the extant RBI guidelines.

These changes have been effectuated in order to avoid ambiguity / loopholes in the process and for the sake of better transparency. The role of a third party is to act as an intermediary between lenders and borrowers, and to provide inter-face to the end-user. The presence of multiple third parties has led to dilution of responsibility, which translates into unavailability/ ineffectiveness of market norms. Therefore, it is necessary that the link between REs and borrowers remains robust to ensure the financial stability of the financial institutions.

2.2. Concise Key Fact Statement

Details pursuant to the loans including annual percentage rate, penal charges, recovery mechanism, details of grievance redressal officer (designated for digital lending), cooling-off/look up-period shall be furnished in form of Key Fact Statement (“KFS”) (format attached in the Guidelines) by REs to borrowers before executing any loan agreement. This will foster transparency and enable comparability amongst various lenders. Further, REs shall ensure that digital signed documents including KFS, summary of loan product, sanction letter, account statements, privacy policy of LSP/DLAs with respect to borrower data, shall automatically flow to borrowers on their emails/SMS. REs shall publish the list of their respective DLAs or LSPs engaged by along with the relevant details on their website. Besides, REs have been obligated to ensure that DLAs/LSPs at their on-boarding page display information relating to products, loan limit and costs, etc. to allow borrowers to have an informed decision.

2.3. Addressing the Complaints

The Guidelines have called for REs to ensure that they and their DLAs/LSPs to appoint a nodal grievance officer to deal with Fintech/digital lending related complaints raised by the borrowers, and the facility of lodging complaint shall be made available on the DLA and on their website. However, the responsibility of grievance redressal shall continue to remain with REs. If the complaint isn't resolved within 30 days by the RE, a complaint can be filed under the Reserve Bank – Integrated Ombudsman Scheme.

3. Regulatory Framework

3.1. Reporting to Credit Information Companies ("CIC")

RE have been obliged to ensure that any lending done including extension of structured digital lending products involving short term, unsecured/secured credits or deferred payments, through their DLAs/ or DLAs of LSP must be reported to the CIC irrespective of its nature /tenor. Besides, REs shall ensure that DLAs/LSPs if any associated with deferred payment credit product shall abide by the extant outsourcing guidelines. 

Mandatory submission of credit information to CIC by financial institution will break the perpetuation of data marginalization of certain vulnerable groups and ensure less dependence on alternate data for financial consumers as more and more of them would develop formal credit history for themselves.

3.2. Loss sharing arrangement in case of default

FLDG is a model by which a third party such as LSPs guarantees to compensate up to a certain percentage of default in loan portfolio of the REs.

It is an industry practice in the digital lending eco-system, whereby LSP provides certain credit enhancement by way of FLDG up to a pre-decided percentage of loans generated by it. LSP’s extension of FLDG denotes under-writing skills of the LSPs. From the lender’s perspective, it ensures LSP/DLAs’ skin in the business. In contrast, the loan portfolio backed by FLDG is akin to off-balance sheet portfolio of the LSP wherein the nominal loans sit in the books of the lenders. 

As regards FLDG whereby, RBI has advised that REs shall adhere to the provisions of the Master Direction – Reserve Bank of India (Securitization of Standard Assets) Directions, 2021 dated September 24, 2021 (“Securitization Guidelines”), especially, synthetic securitization. 

Synthetic Securitization”, as defined in the Securitization Guidelines, is a structure where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender”.

Securitization Guidelines provides that Lenders shall not undertake synthetic securitization as part of their securitization activities or assume securitization exposures thereto.

From bare perusal of the Guidelines, it seems that the restrictions regarding on FLDGs appears to be applicable in case where synthetic securitization is undertaken to assume the securitization exposures by the Lenders. In this regard, one may argue that unless there is no securitization of the loan assets by the originator (lenders), there appears to be no explicit restriction imposed by RBI on FLDG arrangements under the Guidelines. 

In view of the foregoing, there appears to be no clear restriction on extension of FLDGs by LSPs to the REs as part of their mutual business arrangement. However, an explicit clarification in this regard from RBI is welcome. 

4. Technology and Data Requirement

FinTech platforms collect a lot of data from customers, including sensitive personal information and financial records. While accepting the consent, customer is unwary of their sensitive data being used by third parties. Therefore, standard security measures have been whipped up by the RBI. Collection of data by DLAs or LPS can only be done on need-based and with the prior and explicit consent of borrowers, which can be revoked any point in time. Further, any sharing of personal information with any third party shall be done only with the consent of the borrower except by the operation of law. These measures bring in more clarity with respect to data collection including credit information collected by third party platforms.

Conclusion

With these Guidelines coming to stream, the digital platforms would need to undertake proper due diligence and follow ethical and fair business conduct. The same will thwart the attempt of all digital platforms which are indulged into unscrupulous activities and mis-selling of products. While these Guidelines have fructified the regulatory surveillance on digital lending platforms, the fintech platforms are wary of business practice of FLDG, and due diligence to be conducted by LSPs, which shall increase the operational cost of the fintech platforms.

Authored by: DSK Legal Senior Associate, Shubham Khandelwal and Associate, Shubham Gupta.

(1) https://rbidocs.rbi.org.in/rdocs/notification/PDFs/GUIDELINESDIGITALLENDINGD5C35A71D8124A0E92AEB940A7D25BB3.PDF

(2) Report on Digital Lending including Lending through Online Platforms and Mobile Apps’ (https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=52589) dated November 18, 2021

(3) Press Release - Recommendations of the Working group on Digital Lending – Implementation dated August 10, 2022 (https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=54187)

(4) Digital Lending Apps/Platforms are mobile and web-based applications that facilitate digital lending services. DLAs will include app of the Regulated Entities (REs) as well as those operated by Lending Service Providers (LSPs) engaged by REs for extending any credit facilitation services. 

(5) Lending Service Provider (LSP) is an agent of a RE who carries out one or more of lender’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of Res.