All digital loans must be disbursed and repaid through bank accounts of regulated entities only, without pass-through of loan service providers (LSPs) or other third parties, the Reserve Bank of India (RBI) said in its long-awaited guidelines for the segment, released on Wednesday.
The guidelines, aimed at curbing rising malpractices in the digital lending ecosystem, follow the recommendations of a working group for digital lending, whose report was made public in November 2021. “The concerns primarily relate to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices,” the RBI said in the final guidelines.
Also Read| Banks’ non-food credit growth jumps to 15%
The central bank classified digital lenders into three categories – entities regulated by the RBI and permitted to carry out lending business, entities authorised to carry out lending as per other statutory or regulatory provisions but not regulated by the RBI, and entities lending outside the purview of any statutory or regulatory provisions. The latest regulatory framework is focused on the digital lending ecosystem of RBI’s regulated entities (REs) and the LSPs engaged by them to extend credit facilitation services.
As for entities falling in the second category, the respective regulator may consider formulating rules on digital lending, based on the recommendations of the working group, the RBI said. For entities in the third category, the working group has suggested specific legislative and institutional interventions for consideration by the central government to curb illegitimate lending.
Apart from direct disbursals and repayments of digital loans, the norms mandate that any fees or charges payable to LSPs in the credit intermediation process shall be paid directly by the RE and not by the borrower.
The Digital Lenders’ Association of India (DLAI) said the guidelines are a nuanced blueprint that will help the digital lending ecosystem to continue to grow in a responsible and sustainable manner. “At the same time the RBI has clearly addressed the need to stamp out incipient trends that are antithetical to the best practices related to customer protection and data security,” DLAI said in a statement, adding, “We also look forward to engaging with the RBI in the coming months as the industry moves towards forming an SRO (self regulatory organisation) to promote adherence to these recommendations.”
A standardised key fact statement (KFS) must be provided to the borrower before executing the loan contract. The all-inclusive cost of digital loans in the form of annual percentage rate (APR) will have to be disclosed to borrowers. The APR shall also form part of KFS. Automatic increases in credit limit without the explicit consent of borrowers has been prohibited.
Ranvir Singh, founder and managing director, Ring, which runs lending platform Kissht, said that the regulations offer clarity on the stance of the RBI.
“Specifically, the Key Facts Statements (KFS) and explicit consent measures introduced today should ensure required transparency and inspire trust in the system. The clarity on the disbursal of transferring money to the customer’s bank account directly was much needed,” Singh said.
The loan contract must provide for a cooling-off or look-up period during which borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty. REs will have to ensure that they and the LSPs en6gaged by them shall have a suitable nodal grievance redressal officer to deal with complaints related to fintech and digital lending. The grievance redressal officer shall also deal with complaints against their respective digital lending apps (DLAs). Details of the grievance redressal officer must be prominently displayed on the website of the RE, its LSPs and on DLAs.
As per existing RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated 30-day period, they can lodge a complaint under the central bank’s integrated ombudsman scheme.
Data collected by DLAs should be need-based, should have clear audit trails and should be only done with prior explicit consent of the borrower, the RBI said.
“Option may be provided for borrowers to accept or deny consent for use of specific data, including option to revoke previously granted consent, besides (the) option to delete the data collected from borrowers by the DLAs/ LSPs,” the guidelines said.
Any lending sourced through DLAs will have to be reported to credit bureaus by REs irrespective of its nature or tenor, the RBI said.
All new digital lending products extended by REs over merchant platforms involving short term credit or deferred payments must also be reported to credit bureaus by the REs.