Sheena Ogra , Himanshu Ojha
September 21, 2022
Recently, the Reserve Bank of India (“RBI”) issued Guidelines on Digital Lending (“Guidelines”). The Guidelines have come amidst concerns of data privacy breaches, unethical business practices, and mis-selling to vulnerable customers by digital lenders. The Guidelines apply from the date of the circular to existing customers who wish to take fresh loans and to new customers.
Digital lending has benefited greatly from technological developments. Digital lenders provide cash injections to individuals. The demand for online loans has increased massively in recent years. However, a wide range of issues has arisen because of increased reliance on third-party lending service providers. The digital lending space is not big enough to threaten financial stability, but its rapid expansion raises serious concerns.
Against this backdrop, the RBI constituted a Working Group on Digital Lending (“Working Group”) on January 13, 2021. After receiving the recommendations of the Working Group, RBI issued these Guidelines.
The Working Group had recommended the classification of digital lenders into three categories:
The Guidelines apply to the first category, Regulated Entities (“REs”). The outsourcing arrangements made by REs in no way diminish their obligations. The REs must ensure that Lending Service Providers (“LSPs”), Digital Lending Apps (“DLAs”), and DLAs of LSPs comply with the Guidelines. Lending Service Providers are agents of REs who carry out one or more of their lending functions. The lending functions include pricing support, customer acquisition, monitoring, servicing, recovery of loans, among other things. DLAs facilitate digital lending transactions with mobile and web-based applications. They include apps of the REs as well as of LSPs.
The REs are given until November 30, 2022, to ensure that all existing digital loans as on the date of the Guidelines are in compliance with these Guidelines.
In a bid to increase transparency and prevent operational grey areas, REs have to ensure that loan disbursals are made directly to the borrower’s bank account. Exceptions are provided in cases where the disbursal is made because of (a) a co-lending transaction which is an arrangement with the joint contribution of a credit facility along with risk and reward sharing; a statutory or regulatory mandate; and loan disbursals that are for specific end-use. The exemption for specific end-use help in facilitating Buy Now Pay Later (“BNPL”) models as they allow REs/LSPs/DLAs to disburse the loan amount directly to the merchant.
All loan servicing, repayments, etc. must be done through the REs bank account without any pool or pass-through account of a third party.
REs must prepare a Key Fact Statement (“KFS”) and provide it to the borrower before execution of the loan contract. The KFS must have all the necessary information including details of the Annual Percentage Rate (“APR”) which is the Effective Annualized Rate that is charged to the borrower; the recovery mechanism; details of the grievance redressal officer; and the cooling-off period.
REs have to provide a cooling period which is an exit window provided to the borrower by which they can repay the digital loan along with the proportionate APR without penalty. For digital loan tenures of seven days or more, the cooling off period shall be a minimum of three days and for digital loans with tenure of fewer than seven days, the cooling off period shall not be less than one day. Even after this period, the pre-payment option should be allowed.
REs must ensure that the fees, charges, etc. paid to the LSPs are paid by them and not charged to the borrower. Furthermore, any charges or penal interest shall be levied based on the outstanding loan amount. The KFS must contain the rate of annualised penalty charges.
All documents signed using a digital signature including loan product summary, KFS, sanction letter, privacy policies, etc. must be provided to the borrower via SMS/email. In addition to this, REs have to ensure that they publish a list of their DLAs, LSPs, and the DLAs of LSPs on their website.
To increase transparency and safeguard borrowers’ interests, REs along with their LSPs, DLAs, or DLAs of LSPs, must provide all details of the product such as APR, product features, etc. at the time of sign-up and onboarding. Furthermore, REs have to ensure that DLAs have links to REs websites where borrowers can access detailed information about loan products, privacy policies, the link to RBI’s complaint portal (Sachet), etc.
RBI has mandated the requirement of a nodal grievance redressal officer that deals specifically with complaints and issues related to digital lending. The details of the officer shall be displayed on the website of the REs, LSPs, and DLAs, and in the KFS. If a complaint to the grievance redressal officer is not resolved within 30 days (thirty), the complaint can be registered on the Complaint Management System (CMS) portal of RBI. Furthermore, on the websites of REs, LSPs, and DLAs, the facility for lodging complaints must be there.
The report of the Working Group noted that there have been many complaints where high-risk data is collected by the DLAs and used to harass the borrowers as well as their contacts. To address the issue, the RBI has directed that data collection by REs, LSPs, and DLAs must be need-based and with explicit consent before such data collection. Mobile phone data such as contacts, files, media, etc. must not be accessed. For KYC purposes, one-time permission for the microphone, camera, location, etc. can be taken. When obtaining consent, the borrower shall be disclosed the reasons for which it is being taken.
The borrower must be given the option to deny the use of specific data, revoke consent, and restrict the disclosure of data to third parties. Not only that, but the borrowers must be given the option of deleting the data that the DLAs have. In case personal data needs to be shared with third parties, explicit consent shall be taken.
Any lending done through LSPs, DLA, or DLAs of LSPs must reported to the CIC. Furthermore, the extension of digital lending products must be reported to the CIC.
The report of the Working Group discussed the risk posed by synthetic structures such as First Loss Default Guarantees (“FLDG”). It is an arrangement wherein the LSPs provide guarantees of up to a percentage on loans whereas an NBFC would advance the loan through the LSP. In this way, loans would stay on the balance sheet of the LSPs and it could inflate its books without maintaining regulatory capital. So, effectively, the LSPs were engaging in balance sheet lending while remaining outside regulation.
RBI has advised adherence to the Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021. The Master Direction prohibits synthetic securitisation. If the RBI makes the advisory mandatory, this will have the effect of not permitting REs to engage in synthetic securitisation like FLDG and transfer the risk on a pool of exposures, in part or in whole.
Digital lending is set to grow exponentially in the future. As such, it became imperative for the RBI to issue Guidelines to safeguard consumer interests, prevent unethical business practices, and regularise the sector. However, the major concern about digital lending remains. As per RBI, there are 600 (six hundred) illegal digital lending apps operating in India. RBI’s complaint portal – Sachet received 2562 (two thousand five hundred sixty-two) complaints between January 2020 to March 2021, most of them against illegal digital lending apps. RBI has not found a way to curb the rise of illegal digital lenders that prey on the vulnerabilities of borrowers by charging exorbitant rates and harassing borrowers on their failure to repay.
 available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12382&Mode=0
 Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps, issued on November 18, 2021 available at: https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/DIGITALLENDINGF6A90CA76A9B4B3E84AA0EBD24B307F1.PDF
 available at: https://sachet.rbi.org.in/
 Circular DOR.ORG.REC.65/21.04.158/2022-23, issued on August 12, 2022, available at: https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT1085404663A577943BBB344A37057621C17.PDF
 available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12165
 n 1, pg. 27
Your email address will not be published *
As per Section 2(41) of the Companies Act, 2013 (“Act”), financial year, in relation to anyView More
Delhi (Head Office)
Plot No. 66, LGF, #TheHub, Okhla Phase III, Okhla Industrial Estate, New Delhi 110020, India.