File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Laws Governing Digital Lending In India

In recent years, the Indian financial system has seen a large rise in the proportion of digital lending, which provides both consumers and enterprises easy access to credit. The absence of rules and consumer protection measures has given rise to various concerns surrounding the digital lending space.

In order to regulate the same, the Reserve Bank of India ("RBI") has taken various actions to tighten the regulatory framework for digital lending. In order to do so, RBI first set up a Working Group on Digital Lending (the "Working Group") and published a list of recommendations for regulating the digital lending framework for the feedback of several stakeholders.

On August 10, 2022 RBI also published a paper titled "Recommendation of the Working Group on Digital Lending � Implementation", setting out the implementation methods for the recommendations provided by the Working Group (Implementation Paper).

Finally on September 02, 2022, RBI issued its final Digital Lending Guidelines which aim at protecting the users of the digital lending applications and set forth the disclosure, operational and grievance redressal compliances. Recently on February 14, 2023 RBI issued its first set of FAQs on the Digital Lending Guidelines.

This note aims to provide a broad overview of the legal framework governing digital lending.

Digital Lending: Meaning
Digital Lending is a remote and automated lending process, largely by use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service. The main characteristics that are essential to distinguish digital lending from conventional lending are:

Use of digital technologies;
Seamlessness;
Credit assessment and loan approval;
Loan disbursement;
Loan repayment;
Customer service.

The digital lending landscape in India is still developing and offers a patchy picture. As of now Non-Banking Financial Companies ("NBFCs") have been at the forefront of partnering digital lending while banks have been implementing more and more innovative techniques in digital operations. From the standpoint of digital lending, these loans come in two varieties: (i) platform lending, also known as Market Place Lending ("MPL"), and (ii) Balance Sheet Lending ("BSL").

Recommendations Of The Working Group
RBI with the broad approach has established the Working Group for the purpose of formulating digital lending laws in India. The paper issued by RBI in this context has covered the aspect of digital lending through websites and mobile applications. The paper aims to improve customer safety, secure the digital lending ecosystem, and promote innovation.

In furtherance to this, RBI set out certain recommendations related to digital lending applications having to comply with some minimum technical standards should be created, and compliance with those standards should be a must before providing digital lending solutions. The group suggests that every activity a user takes on the application should be recorded in auditable logs, and that each financial application should be securely signed and authenticated.
Implementation Paper - An Overview
Consequent to the Working Group, the RBI issued its Implementation Paper focusing on innovative methods of designing and delivery of credit products and their servicing through digital lending route. This Implementation Paper aimed at mitigating concerns relating to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices. The RBI's Regulated Entities ("REs") and the Lending Service Providers ("LSPs") contract to extend various permitted credit facilitation services are the focus of the regulatory framework of the RBI.

The Implementation paper largely covers the following concepts:
1. Customer Protection and Conduct Issues;
2. Technology and Data Requirements;
3. Regulatory Framework.
The above-mentioned aspects of the Implementation Paper were discussed in detail in the digital lending guidelines dated September 02, 2022 issued by the RBI immediately after the Implementation Paper.
Guidelines On Digital Lending ("Guidelines"): September 02, 2022
Application:The Guidelines are applicable to digital lending services extended by all:
1. (i) Commercial Banks,
2. (ii) Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks; and
3. (iii) NBFCs (including Housing Finance Companies).
Definitions:
1. Annual Percentage Rate ("APR"): APR is the effective annualised rate charged to the borrower of a digital loan. APR shall be based on an all-inclusive cost and margin including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., and exclude contingent charges like penal charges, late payment charges, etc.
2. Cooling off/look-up period: If a borrower decides not to continue with the loan, they will be given a window of time, as set by the Board of the RE, during which they can quit their digital loan.
3. Digital Lending: An automated and remote lending procedure that heavily relies on seamless digital technology for customer acquisition, credit scoring, loan approval, disbursement, recovery, and related customer support.
4. Digital Lending Apps/Platforms ("DLAs"): User-friendly mobile and online applications that support digital lending services. Applications run by Res as well as LSPs hired by Res for providing any credit facilitation services in accordance with current outsourcing standards outlined by the Central Bank will be included in DLAs.
5. Lending Service Provider ("LSP"): An agent of a Regulated Entity who, in accordance with the RBI's current outsourcing guidelines, performs one or more of the lender's functions�or portions thereof�in customer acquisition, underwriting support, pricing support, servicing, monitoring, and recovery of a particular loan or loan portfolio�on behalf of Res.
3. Key Highlights of the Digital Lending Guidelines:
1. Loan Disbursal, Servicing and Repayment: The borrower must execute all loan servicing, repayment, etc. directly into the RE's bank account without using a pass-through account or pool account of any other party, as required by REs. Except for disbursals covered exclusively by statutory or regulatory mandate (of the RBI or of any other regulator), flow of funds between REs for co-lending transactions, and disbursements for specific end uses, provided the loan is disbursed directly into the bank account of the end-beneficiary, all disbursements must always be made into the borrower's bank account. Except as specified in these guidelines, REs must make sure that no disbursal is ever made to a third-party account, including the accounts of LSPs and their DLAs.
2. Collection of fees, charges, etc:
3. Disclosures to borrowers:
  1. APR: APR, which represents the total cost of digital loans for the borrower, must be disclosed up front by REs and included in the Important Fact Statement.
  2. KFS: Before the contract is signed, REs must give the borrower a KFS in a uniform manner for all digital lending products. In addition to other relevant information, the KFS must include information about the APR, the recovery procedure, the grievance redressal officer assigned particularly to handle issues relating to digital lending and fintech, as well as the cooling-off and look-up periods. The REs is not permitted to charge the borrower any fees, charges, etc. that are not specified in the KFS at any time throughout the loan's term.
  3. Digitally signed documents: As soon as the loan contract or transaction is completed, REs must make sure that digitally signed documents (on the RE's letterhead), such as the KFS, summary of the loan product, sanction letter, terms and conditions, account statements, and privacy policies of the LSPs/DLAs with regard to the data of the borrowers, automatically flow to the borrowers on their registered and verified email or SMS.
  4. List of LSPs: On their websites, REs must prominently disclose a list of their DLAs, the LSPs they have employed, and the DLAs of those LSPs, along with information on the activities for which they have been hired.
  5. Product Information: To ensure that borrowers are aware of the product features, loan limit, cost, etc., REs must make sure that their DLAs or the DLAs of their LSPs prominently display this information at the onboarding/sign-up stage.
  6. Details of recovery agent: When a loan is approved and when recovery duties are transferred to another LSP or when that LSP changes, REs must inform the borrower of the identity of the LSP acting as recovery agent who has permission to contact the borrower for recovery.
  7. Link to website: REs must make sure that DLAs of REs and LSPs link to REs' website so that borrowers can get additional/detailed information about the loan products, the lender, the LSP, details of customer support, a link to Sachet Portal, privacy rules, etc. For ease of access, it must be assured that all such information is placed prominently in one location on the website.
4. Grievance Redressal:
  1. Nodal grievance redressal officer - The REs must make sure that they and the LSPs they have hired have a qualified nodal grievance redressal officer to handle any complaints or difficulties borrowers may have regarding FinTech or digital lending. The complaints against their respective DLAs would also be handled by this grievance redressal officer. On the websites of the RE, its LSPs, and DLAs, as well as in the KFS given to the borrower, contact information for grievance redressal authorities must be prominently displayed. Furthermore, the DLA and the aforementioned website will also have a complaint filing option. It is stated once more that the RE will continue to be in charge of resolving complaints.
  2. The borrower has the right to file a complaint through the Complaint Management System ("CMS") portal under the Reserve Bank-Integrated Ombudsman Scheme if any grievances brought forth by the borrower against the lender or the LSP employed by the lender are not resolved by the lender within the allotted time frame (currently 30 days) (RB-IOS). Complaints may be filed by entities that are currently not covered by RB-IOS in accordance with RBI's prescribed grievance redressal procedure.
5. Assessing the borrower's creditworthiness:
  1. Before extending any loan over their own DLAs and/or through LSPs they have hired, REs shall record the economic profile of the borrowers (age, occupation, income, etc.) in order to assess the borrower's creditworthiness in an auditable manner.
  2. REs must make sure that no credit limit is automatically increased unless the borrower's express approval is obtained and recorded for each such increase.
6. Cooling off/look-up period: A borrower must be provided the option to explicitly cancel a digital loan by paying down the principal and the proportionate APR during this time without incurring any penalties. The Board of the RE will choose the cooling-off period. For loans with a length of seven days or longer, the period cannot be fewer than three days; for loans with a term of less than seven days, it cannot be less than one day. Pre-payment shall still be permitted in accordance with current RBI standards for borrowers who continue making loan payments even beyond the look-up period
7. Due diligence and other requirements with respect to LSPs:
  1. When forming a partnership with an LSP for digital lending, REs must perform expanded due diligence, taking into account the LSP's technical prowess, data protection policies and storage systems, fairness in dealing with borrowers, and capacity to adhere to laws and regulations.
  2. REs shall perform routine reviews of the behaviour of the LSPs they have employed. REs shall provide the required direction to LSPs serving as recovery agents to ensure that they carry out their responsibilities responsibly and in accordance with the applicable instructions.
8. Collection, usage and sharing of data with third parties:
  1. REs must make sure that any data collection by their DLAs and the DLAs of their LSPs is based on a legitimate purpose and has an audit trail with the borrower's prior and unambiguous consent. In any scenario, REs must make sure DLAs stop using their mobile devices to access data and media, contact lists, call records, telephony features, etc. With the explicit permission of the borrower, a one-time access may be granted for the camera, microphone, location, or any other facility required for on-boarding/KYC needs only.
  2. The borrower will have the choice of granting or denying consent for the use of specified data, restricting disclosure to third parties, limiting data retention, revoking previously granted consent to collect personal data, and, if necessary, requesting that the app erase or forget the data.
  3. At each level of the borrower interaction, the reason for seeking their approval must be made clear.
  4. Personal information about borrowers will not be shared with any other party without their express authorization, unless a legislative or regulatory requirement calls for it.
    1. Storage of data
      REs must make sure that the LSPs/DLAs they hire do not retain any borrower personal information above the very minimum needed to conduct business, such as name, address, and customer contact information. The RE shall be responsible for data privacy and security of the customer's personal information.
    2. REs must make sure that there are clear policy guidelines regarding the storage of customer data, including the kind of data that can be stored, how long it can be stored, restrictions on its use, data destruction protocol, standards for handling security breaches, etc. These guidelines must also be disclosed by the DLAs of the REs and of the LSP the RE has contracted with prominently on their websites and application at all times.
    3. REs must make sure that no biometric data is retained or collected in the systems connected to their DLAs or their LSPs unless specifically permitted by the law as it stands.
    4. REs must make sure that all data is kept on servers only in India and that all legal and regulatory requirements are followed.
9. Comprehensive privacy policy
  REs are required to make sure that the DLAs and LSPs they hire have a detailed privacy policy that complies with all applicable laws, related regulations, and RBI guidelines. DLAs of REs/LSPs should make their detailed privacy policies publicly accessible for borrowers' access and collecting of personal information. The privacy policy must also include information on third parties (if appropriate) who are permitted to acquire personal information through the DLA.
10. Technology Standards
  When engaging in digital lending, REs must make sure that both they and the LSPs they have hired abide by the different technical standards and cybersecurity criteria outlined by the RBI and other agencies, as well as any other requirements that may be periodically established.
11. Reporting to Credit Information Companies (CICs):
  1. REs must make sure that all lending conducted through their DLAs and/or the DLAs of LSPs is reported to CICs, regardless of its nature or tenor, in accordance with the provisions of the Credit Information Companies (CIC) (Regulation) Act, 2005, CIC Rules, 2006, CIC Regulations, 2006, and related guidelines issued by RBI from time to time.
  2. REs must report to CICs any extensions of structured digital lending products by REs and/or LSPs they have worked with over a merchant platform that involve short-term, unsecured/secured credits or deferred payments. RBI has released current outsourcing guidelines, and REs must make sure that LSPs, if any, connected to such delayed payment credit products follow these requirements.
12. Loss sharing arrangement in case of default:
  As regards the industry practice of offering financial products involving contractual agreements such as First Loss Default Guarantee ("FLDG") in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, it is advised that REs shall adhere to the provisions of the Master Direction - Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021.

Especially, synthetic securitisation contained in Para (6)(c). FLDG is a financial product that provides a guarantee to lenders against losses arising from the default of loans extended to borrowers. It is a form of credit risk mitigation that aims to encourage lending to individuals or entities that may have a higher risk of default.

Under the FLDG, a third-party guarantor, such as a bank or an insurance company, guarantees a portion of the losses that the lender may incur in the event of a default. The guarantor typically covers the first loss, up to a certain percentage of the loan amount, while the lender bears the remaining losses.

Conclusion
The guidelines are expected to create a level playing field for both traditional and digital lenders and ensure that customers are not taken advantage of by unscrupulous lenders. With the growth of digital lending in India, it is important to have strong regulations in place to protect the interests of all stakeholders. The success of the guidelines will depend on their effective implementation and enforcement.

It is also important for consumers to be aware of their rights and responsibilities while borrowing from digital lenders. Overall, the digital lending guidelines are a step in the right direction and are expected to have a positive impact on the digital lending industry in India.

One area that the fintech industry is waiting for guidance on is the regulation of peer-to-peer ("P2P") lending platforms. P2P lending platforms, which connect borrowers with lenders directly, have seen rapid growth in India in recent years. However, there is still some ambiguity around their regulatory framework, and many players in the industry are awaiting further guidance from the RBI.

Another area of concern is the use of digital identities and e-KYC (know your customer) for onboarding customers. While the DLG allows for the use of digital identities and e-KYC for customer onboarding, there is still some uncertainty around the specific requirements and processes for this. The fintech industry is waiting for further clarity on this issue to streamline the customer onboarding process and reduce operational costs.

In conclusion, the digital lending guidelines introduced by the RBI's are a welcome step towards regulating the digital lending space in India. The guidelines aim to promote responsible lending practices, protect consumers' rights, and promote fair competition among lenders. The guidelines cover several key areas, including customer data privacy, transparency in pricing and terms, and grievance redressal mechanisms.