Besides classifying digital lenders into three categories, the guidelines specify how financial companies should disclose all-inclusive costs of borrowers and take their explicit permission before gathering data
For over a year, the Reserve Bank of India (RBI) was keen that digital lenders should operate within regulatory guidelines, seeking permission from the central body if they wanted to operate beyond defined guardrails. Finally, it has translated these viewpoints into an actionable plan.
The central bank has finalised a regulatory framework to support the orderly growth of credit delivery through digital lending. This was based on the inputs from the 'Working Group on Digital Lending'(WGDL).
RBI constituted this special panel on January 31 2021 to study all the aspects of digital lending activities in the regulated financial sector and by unregulated players. It included digital lending through online platforms, mobile apps, and the traditional medium.
The panel recently submitted its suggestions to the central body to help it build an enforceable framework. The guiding principle was that lending ought to be conducted by entities regulated by the central bank or those permitted by law.
Explaining this stance, RBI governor Shaktikanta Das had earlier stated that the central bank could not allow risk to build up in the system. At Bank of Baroda's annual banking conference last month, he maintained that while it wants to support innovation, it also wants the entire financial ecosystem to grow in an orderly and regulated manner.
"Digital lending firms should operate under the licenses granted to them. If they are doing anything beyond that, then they should seek our permission. Without permission, if they are engaging in activities for which they have no license, then it is not acceptable," he had stated.
RBI's new framework prescribes that "all loan disbursals and repayments are required to be executed only between the bank accounts of the borrower and the regulated entity without any passthrough/ pool account of the loan service provider or any third party." Moreover, all fees payable to the loan service provider will have to be paid by banks and non-banks, not by the borrower.
The RBI has classified digital lenders into three categories. The first are those entities it will regulate and permit to carry out lending business. The second category will have companies authorised to carry out lending as per other statutory or regulatory provisions but are unregulated by RBI. The third group includes entities offering lending instruments outside any statutory or regulatory requirements.
RBI's newly announced guidelines are largely aimed at the first category. "As regards entities falling in the second category, the respective regulator/ controlling authority may consider formulating or enacting appropriate rules/regulations on digital lending based on the recommendations of the working group of digital lenders," the central bank said.
That does not mean it is permitting entities in the third group off the leash. According to RBI, the WGDL has suggested specific legislative and institutional interventions for consideration by the central government to curb the unlawful lending activity carried out by such entities.
During the last financial year, the Central government declared that it had received 7,813 complaints against banks and non-banking finance companies (NBFCs) regarding digital lending applications and recovery agents under RBI's Integrated Ombudsman Scheme. The Minister of State for Finance gave this information in a written reply to a question raised by Lok Sabha member Aparajita Sarangi.
To rid any ambiguity, the new framework on digital lending specifies that financial companies will have to disclose all-inclusive costs of digital loan borrowers. They will also have to provide a cooling-off period during which borrowers can exit digital loans by paying the principal and the proportionate costs without penalty.
Moreover, to enhance customer protection and make the digital lending ecosystem safer, banks and NBFCs have been directed to ensure that their digital lending apps and those onboarded by them conspicuously showcase information relating to a financial product's features, loan limit, liabilities, terms and costs.
Regulated financial companies must provide a borrower with a Key Fact Statement (KFS) in a standardised format for all digital lending products before executing any contract. They cannot charge additional fees not mentioned or included in this KFS during the loan's term.
These entities are also prohibited from increasing the credit limit automatically without a borrower's explicit consent. Moreover, if a consumer complaint is unresolved within the stipulated period of 30 days, borrowers can file a complaint under the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).
On August 7 2022, Ashwini Vaishnaw, Union Minister of Electronics and Information Technology (MeitY) announced that the government was withdrawing the Personal Data Protection (PDP) Bill, 2019. Elaborating on the grounds for the closure, he said that "considering the report of the Joint Parliamentary Committee, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw the PDP Bill, 2019 and present a new Bill that fits into the comprehensive legal framework."
Many were awaiting this Bill and were dismayed by its withdrawal because it aimed at protecting citizens' privacy by identifying the boundaries of personal data, establishing a Data Protection Authority (DPA), and developing a legislative framework for data use. It was pertinent in a digitised environment, where companies were increasingly privy to personal data and could use or abuse it in the absence of robust frameworks and laws.
However, the RBI has tried to bring more transparency into financial transactions and safeguard user privacy with its new guidelines. It clearly stated that data collected by Digital Lending Apps (DLAs) should be need-based and can also be collected after securing a borrower's explicit consent. These should also have clear audit trails to avoid their misuse.
The regulator stated, "Any lending sourced through DLAs is required to be reported to Credit Information Companies (CIC) irrespective of its nature or tenor. All new digital lending products extended by regulated entities over merchant platforms involving short-term credit or deferred payments are required to be reported to CICs."
While some recommendations put forth by the WGDL have been agreed upon and will be implemented immediately, others will need further discussion. Senior officials from the central government and other stakeholders will deliberate on these topics to iron out the technical nuances and legal complexities before presenting it once again.