The Reserve Bank of India (“RBI”) recently introduced Master Directions on Digital Lending[1], (“DL Guidelines”), thereby consolidating the regulatory regime applicable to digital lending in India. DL Guidelines supersede the following framework:

  • Loans Sourced by Banks and NBFCs over Digital Lending Platforms: Adherence to Fair Practices Code and Outsourcing Guidelines, 2020;
  • Guidelines on Digital Lending, 2022; and
  • Guidelines on Default Loss Guarantee in Digital Lending, 2023.

The DL Guidelines apply to all regulated entities. Per the DL Guidelines, Regulated entities consist of banks, non-bank financial companies and all India financial institutions (collectively “Regulated Entities” and individually as “Regulated Entity”). The term ‘Digital Lending’ under the DL Guidelines is defined as a remote and automated lending process, largely by use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.

Digital Lending in terms of the DL Guidelines can be performed through mobile and/or web-based applications, on a standalone basis or as a part of suite of functions of an application with user interface that facilitate digital lending services.

Digital Lending can be undertaken by a Regulated Entity through a lending service provider. A lending service provider (“LSP”) has been defined under the DL Gudilines as an agent of a Regulated Entity (including another Regulated Entity) who carries out one or more of Regulated Entity’s digital lending functions, or part thereof, in customer acquisition, services incidental to underwriting and pricing, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of Regulated Entity in conformity with extant outsourcing guidelines issued by the Reserve Bank.

Digital Lending Framework

Following is the broad digital lending framework as mandated by the DL Guidelines:

  • Due Diligence – Regulated Entities are required to conduct enhanced due diligence before they enter into an agreement with an LSP for digital lending, taking into account, inter alia, the LSP’s technical capabilities, robustness of data privacy policies and storage systems, fairness in conduct with borrowers and ability to comply with all applicable regulations and statutes.

  • Lending Framework – DL Guidelines mandate that the Regulated Entities are required to disburse funds in borrowers’ bank account, unless otherwise permitted under the DL Guidelines. All loan servicing and repayment is required to be made by the borrower directly in the Regulated Entity’s bank account without any pass-through account. The flow of funds between the borrower and the Regulated Entity is required to be direct and is not controlled either directly or indirectly by any third party, including the LSP.  Having said this, delinquent loans are exempted from this requirement, where physical interface is permitted, in accordance with the DL Guidelines.  

  • Exit Option – Regulated Entities are required to provide an explicit exit option to the borrower subject to the borrower paying the principal amount of the digital loan and the proportionate annual percentage rate[2]. Such exit option will be without any penalty during an initial “cooling-off period”. The cooling off period is required to be determined by a board approved loan policy of the Regulated Entity, provided such period not being less than 1 (one) day.

  • Default Loss Guarantee – RE may enter into default loss guarantee (“DLG”) arrangements only with a LSP or any other Regulated Entity engaged as a LSP. Regulated Entities cannot enter into a DLG arrangement through credit cards and/or loans which fall under the purview of credit guarantee schemes administered by trust funds. Additionally, non-banking financial institutions (P2P) are not permitted to enter into DLG arrangement for loans advanced through their platform.

DLG is required to be backed by an explicit and legally enforceable contract between the Regulated Entity and the DLG provider, which contract is required to cover, inter alia, the extent of DLG cover, the duration and disclosures as mandated under the DL Guidelines. Per the DL Guidelines, DLG can be provided in any of the following manner: (a) cash deposited with Regulated Entities; (b) fixed deposit with scheduled commercial bank with a lien marked in favour of a Registered Entity; (c) bank guarantee in favour of a Regulated Entity. Regulated Entities are required to ensure that the total amount of DLG cover on any outstanding portfolio (which is specified upfront) does not exceed 5% (five) per cent of the total amount disbursed out of that loan portfolio, at any instance.  

  • Disclosures – Regulated Entities are required to share key fact statement with the borrower consisting of, inter alia, synopsis of the loan product, sanction letter, account statements, privacy policies of the Regulated Entities and the LSP with respect to storage and usage of borrowers’ data once the transaction documents are executed. The requirements of a key fact statement has been standardized by RBI[3].

  • Penal Charges – The penal charges to be applied by Regulated Entities will have to be per the circular on fair lending practices[4] of RBI.

  • Details of Product – Regulated Entities are required to maintain a website of their own in public domain, which is needed to be kept up to date, inter-alia, with the following details at a prominent single place on the website for ease of accessibility (a) Details of all of its digital lending products and its digital lending applications (“DLAs”); (b) Details of LSPs and the DLAs of the LSPs along with the details of the activities for which LSP has been engaged for; (c) Particulars of RE’s customer care and internal grievance redressal mechanism.

  • Recognition of NPAs: Recognition of individual loan assets in the portfolio as ‘non-performing asset’ and consequent provisioning is the responsibility of the Regulated Entity (per the extant asset classification and provisioning norms of RBI), irrespective of any DLG cover available at the portfolio level.

  • Grievance Redressal - Regulated Entities and the LSP having an interface with the borrower, are required to designate nodal grievance redressal officers to deal with complaints related to digital lending or any issues raised by the borrower. Facility of lodging complaint is required to be made available on the DLA and at the website of the Regulated Entities. The responsibility of grievance redressal has been assigned to the Regulated Entities.

  • Data Protection - Regulated Entities are required to ensure that any collection of data by their DLA and DLA of their LSP is need-based and with prior and explicit consent of the borrower having audit trail. Regulated Entities are required to ensure that DLA of Regulated Entities /LSP desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions. DL Guidelines provide exception for accessing camera, microphone, location or any other facility with explicit consent of the borrower for undertaking only the KYC process.

Conclusion

Introduction of the DL Guidelines by RBI are set to reform the entire digital lending platform in India. A unification of the previous regulatory regime and more detailed framework will result in better organization of the digital lending business. More transparent approach on the role of the Regulated Entities and LSP, especially in the context of data protection and recovery will result in streamlining the digital lending process. DL Guidelines also provide clear accountability of the Regulated Entities and LSP in terms of the entire digital lending process, which is set to inculcate reliability and faith of borrowers in digital lending as a product. Having said the above, implementation of these DL Guidelines remains to be seen especially when the major accountability and implementation of the framework rests with the Regulated Entities.

Disclaimer: The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors:

Madhur Verma, Partner

[1] Reserve Bank of India (Digital Lending) Directions, 2025 RBI/2025-26/36 DOR.STR.REC.19/21.07.001/2025-26

[2]     As defined under Circular No. DOR.STR.REC.13/13.03.00/2024-25 on ‘Key Facts Statement (KFS) for Loans &   Advances’ dated April 15, 2024

[3]     Circular No. DOR.STR.REC.13/13.03.00/2024-25 on ‘Key Facts Statement (KFS) for Loans & Advances’ dated April 15, 2024

[4]  Circular no. DoR.MCS.REC.28/01.01.001/2023-24 on ‘Fair Lending Practice - Penal Charges in Loan  Accounts’ dated August 18, 2023.