All you need to know about Credit S...
Credit scores refers to a 3-digit score between 300-900 and is given based on the information p...
Due to concerns over the process of Digital lending in India, the Reserve Bank of India notified the guidelines on 2nd September 2022. The guidelines are issued in reference to the RBI Press release on “Recommendations of the Working group on Digital Lending – Implementation”, dated 10th August 2022. The primary purpose of the RBI is to regulate the financial structure in the Indian market and to protect the interest of the borrowers. Hence to achieve this objective, the RBI has issued current guidelines to regulate the digital lending market more effectively.
Further, the new RBI guidelines make it mandatory for the LSP or DLAs engaged by the RE to comply with the instructions mentioned under the guidelines. This article lays down the essential points from the RBI guidelines.
The instruction outlined in the guidelines shall apply to both existing and new customers seeking digital loans. The guidelines will be in effect as of the date the RBI released them, which is 2nd September 2022. However, Regulated Entities (REs) have been given time until 30th November 2022 to ensure that they can set up proper systems and processes so that the digital loans provided to the existing customers are in accordance with the guidelines. According to Rule 2.6, the Regulated entities (RE) are:
An annual percentage rate is charged to the borrower of a digital loan. It is a rate that is determined on an annual basis. It shall include all cost and margin expenses like:
The APR shall not include contingent charges such as any late payment charges, penal charges etc.
A cooling period is the time limit provided to the consumer for exiting digital loans. The board of Regulated Entities shall determine the time limit for exiting the loan.
Digital lending in India is an automated lending process carried out through the use of digital technologies. It has the following purposes:
Digital lending apps are mobile and web-based applications that provide digital loan facilities. These applications provide a user interface to help avail digital lending services. The DLA’s will include apps made by:
An LSP is an agent of the RE (Registered Entities) who performs the functions of a lender for the purpose of:
REs can execute all loan disbursal, servicing and repayment activities directly in the bank account without involving a third-party pool/pass-through account. Loan disbursals must be made directly into each borrower’s bank account.
However, the framework provides exceptions to the following:
Regulated entities also need to make sure that, in no case the disbursal must be made in a third-party account (including Lending Service providers and Digital Lending Apps) except for the purposes mentioned in the guidelines.
The guidelines protect the borrower by eliminating any extra charges in the digital lending process. The following charges are refrained by the RBI:
The key disclosures made to the borrower of digital loans under the guidelines are:
The regulated entities shall disclose any Annual Percentage Rate to the borrower beforehand, and the same shall be mentioned in the key fact statement.
The RE shall provide a KFS to the borrower before executing any contract for digital lending in India. The Key Fact Statement shall include:
The Registered Entities cannot charge any hidden charges from the borrower. It means that the borrower is not liable to pay any fees or charges not mentioned in the KFS.
On the date of execution of the loan contract, the Registered Entities must send digitally signed documents on their letterhead to the borrowers via registered e-mail or SMS. The following documents are required to be digitally signed:
Note: Digitally signed means a document signed using a digital signature.
The registered entities shall also publish the details of all the LSPs and DLAs of such LSPs engaged by them on their website. The RE shall mention the types of activities performed by each LSP and DLAs of such LSPs
The RE must also ensure that the DLAs shall prominently mention all the details relating to their product features, loan limit, cost etc., at the sign-up stage.
The RE must communicate to the borrower all details of LSP (acting as the recovery agent of the RE) at the time of sanctioning of loan or at the time of passing on recovery responsibilities.
The Re need to make sure that DLA’s and DLA’s of LSP have a link to RE’s website where detailed information about the services offered (such as loan products, the lender, the LSP, particulars of customer care, link to Sachet Portal, privacy policies, etc.) by them are clearly mentioned. It must be mentioned prominently on the website so that it is easily accessible to the borrower.
The Registered Entities shall appoint a nodal grievance officer who shall manage all the FinTech or digital lending complaints in India. The grievance officer shall also manage the complaints received from DLAs. The contact information of the grievance officer must be mentioned on the websites of the RE, DLAs of RE and LSPs and in the KFS.
Additionally, the facility for filing complaints shall be made available on the website and DLA. If the RE does not resolve the complaint within 30 days, the borrower has the right to file a complaint on the Complaint Management System (CMS) of the RBI-Ombudsman scheme.
The RE shall examine the economic background (such as occupation, age, income etc.) of the borrower before granting any loans over their DLAs or through LSPs. The REs cannot increase the credit limit of the borrower without their explicit consent.
The borrower shall be given liberty to exit from the digital lending without penalty, provided that they have paid the principal and the proportionate APR. The board of Registered entities shall determine the period. The cooling-off period provided under the guidelines are:
However, the pre-payment facility is allowed under the circular on “Levy of Foreclosure Charges/Pre-payment Penalty on Floating Rate Term Loans” to borrowers who want to continue with the loan even after the cooling-off period.
The RE shall conduct enquires before entering a partnership with LSPs. It shall enquire about its:
In addition, the RE shall make periodic enquiries against the conduct of LSPs and should make sure that the LSPs acting as recovery agents shall discharge their duties accordingly and comply with the circular on “Outsourcing of Financial Services – Responsibilities of regulated entities employing Recovery Agents.”
Any form of data collection activities of the DLAs must be on a need-only basis. For any such collection function, the REs must ensure that their DLAs obtain prior and explicit consent from the borrowers. Such collection function must also have an audit trail. Access to any file or media storage, contact list, call logs or telephony functions cannot be undertaken by any DLA.
Nonetheless, to perform functions for KYC/onboarding requirements, the DLA may obtain one-time access from the borrower. Such access must only be to use the camera, microphone, GPS or any such functions, only after clear consent from the borrower.
The DLA also needs to give the option to the borrowers to provide or deny the consent for using certain specific data, restrict data disclosure to any third parties, retention of data, revoke already-granted consent, and make the DLA forget or delete the data. The RE must also ensure that the DLA provides the reason behind obtaining the borrowers’ consent at all stages of the interface.
The borrower’s consent will also be mandatory to share their personal information with third parties. However, such consent will not be needed when the sharing is necessitated by any statutory/regulatory requirements.
The REs also need to ensure that their DLAs or LSPs do not store any personal details of the borrowers, except for their name, contact details, address, etc., as needed to perform their lending activities. The liability and responsibility regarding the data privacy and security of the borrower’s personal details will remain with the REs.
Comprehensive policy guidelines must be made by REs, who also need to ensure that their DLAs and LSPs disclose the same on their websites and apps. The guidelines must include provisions regarding customer data storage, the kind of data that can be stored, the duration of such storage, data usage restrictions, the protocol for the destruction of such data, the protocol for handling security breaches, etc.
No biometric data can be stored or collected in the systems of DLA of REs or their LSPs unless any extant statutory guidelines permit the same. Such data must also be stored in local servers in India, and REs must comply with the applicable statutory requirements or regulatory guidelines for the same.
The latest RBI guidelines on digital lending in India also make it mandatory for the REs to ensure compliance by them and their LSPs, with different technology requirements and standards related to cybersecurity as laid down by the RBI and other such authorities.
The new RBI guidelines on digital lending in India also make it mandatory for the REs to report any lending via their DLAs to CICs, along with the lending done through the DLA of their LSPs. Such reporting must be done per the provisions of the CIC (Regulation) Act, 2005, Rules of 2006, Regulations of 2006, and any additional guidelines issued by the RBI. Further, the nature or duration of such lending will not affect such reporting requirements.
The REs also need to report to CICs about any extension of the structured digital lending products by them or their LSPs through any merchant platform, which may be involved in providing short-term credit in the form of secured or unsecured loans or deferred payments. These entities must also ensure that their LSPs comply with the new digital lending rules in India and RBI’s extant outsourcing guidelines in connection with deferred payment credit products.
The Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 shall be followed by the REs while offering financial products that involve any contractual agreements, such as the First Loss Default Guarantee (FLDG), where a third-party guarantees the compensation for a certain default percentage in the loan portfolio. This part shall be applicable to synthetic securitisation, which has been defined as the structure where the credit risk of an exposure pool is transferred entirely or in part by using credit derivatives or guarantees, where such credit derivatives/guarantees are used to hedge the portfolio credit risks that are on the lender’s balance sheet.
Digital lending has increased at a rapid rate under the initiative of digitalisation of the lending processes across India. With the new age of technology, the demand for colossal lending has been met by Digital lending Apps. However, the risk of privacy, data security, customer protection, and illegal lending persists. After examining the market structure of the economy and working of the Lending Service Providers, the RBI has formulated the current guidelines. The guidelines will aim at regulating the process of digital lending in India and scrutinising the activities of the registered entities.
Read our Article: All About Digital Lending and Its Business Models