A data protection law could help, as also formally recognising industry efforts to certify genuine platforms
By Avisha Gupta
The Indian lending landscape has progressively adopted the digital route over the last few years, and an exponential rise is predicted for the coming years. Several factors have acted as impetus, including growing demand for instant credit, innovative lending models, and a conducive regulatory and policy environment. Impetus from the regulatory standpoint has been driven by the underlying policy objectives of financial inclusion and digitisation.
Presently, there are three digital-lending models, seen through the regulatory-approach lens: a) bank/NBFC-owned digital platforms operating under the direct regulatory purview of RBI, b) fintech companies’ proprietary digital platforms, working in partnership with banks/NBFCs, typically under an outsourcing arrangement, to support sourcing of borrowers, assessing creditworthiness using alternative data, and recovering dues; being mere intermediaries, these platforms are not required to seek any registration with RBI, and are only indirectly regulated through RBI’s outsourcing guidelines applicable to Banks/NBFCs, and c) peer-to-peer (P2P) lending platforms, which usually involve the otherwise unregulated retail lenders. RBI has mandated such platforms to seek registration as NBFC-P2P; thus, they are directly regulated by RBI.
Recently, certain issues plaguing this ecosystem have come to the fore, predominantly in the intermediary-platform model. The specific issues are unauthorised lenders, exorbitant rates of interest, use of coercive repayment methods, and non-consensual collection or use of user data. These issues entail serious adverse implications for borrowers and have systemic implications, hampering the rise of legitimate fintech players.
With a view to curb such practices, RBI, in 2020, issued a notification to Banks/NBFCs mandating additional disclosures/compliances, and an advisory to borrowers warning them against such platforms. Following the notification, Google removed several such loan apps from its PlayStore. The Digital Lenders’ Association of India (DLAI) also issued guidelines to help borrowers identify such unscrupulous platforms. In the regulatory pipeline on this front is the report of the working group on digital lending, constituted by RBI in January 2021.
Given the significant contribution of legitimate fintech players, it is important to ensure that any policy solutions to address such issues do not impede the growth of such players. The key to this lies in adoption of light-touch regulation, along with the effective implementation of the already proposed regulatory initiatives. For instance, the primary cause of the rising supply of unauthorised lending platforms is the existing credit information asymmetry that genuine lenders face in respect of small borrowers. Here, operationalising and on-scale implementation of RBI’s proposed ‘Public Credit Registry’ (an extensive credit information database accessible to all stakeholders) and the ‘Open Credit Enablement Network’ (an infrastructure protocol enabling digital low cost lending to small borrowers through access of consented data) would lead to increased participation of legitimate players and curb proliferation of unauthorised lenders.
Another foundation for framing effective policy solutions lies in leveraging the interdependence and impact of each individual constituent of the digital lending ecosystem, on other constituents. Apart from lenders/platforms/borrowers, these constituents also include the digital lending industry associations (such as DLAI or Fintech Association for Consumer Empowerment), consent managers and technology developers. Regulators and industry associations working together can provide the necessary foundations for addressing these issues. For instance, on the issue of unauthorised lenders, in conjunction with RBI’s warnings and public notices, a ‘financial awareness campaign’ with regulators and industry associations collaborating, would help constrain the demand for this unauthorised economy. Other solutions spear-headed by industry associations could be to establish ‘certification system’ based maintenance of a repository of lending platforms for easy identification of genuine players. While industry associations have voluntarily already started many such initiatives, granting formal recognition to such initiatives would provide strength and impetus.
Similarly, on the data protection aspect, a structural solution through coordinated efforts of various digital lending constituents is required. A lot is already underway and on initial trajectory in Indian regulatory context. The central driver of this is the final layer in India-stack, i.e., data empowerment and protection architecture, which empowers people to securely access and share their data with third parties, mediated through consent managers known as Account Aggregators (AAs). AAs are themselves ‘data blind’ and serve as a conduit for encrypted data flows. Just as the UPI transformed India’s digital payments, it is expected that with the active participation of all stakeholders, the AA model, with its low-cost, consent-based data flow, will transform digital lending. The enactment of a data protection law, would also, certainly bring the much-needed statutory protection.
To conclude, for the continued development of the Indian digital lending economy, it is important to implement policy solutions that adequately protect the borrowers from malpractices, while, at the same time, do not dampen innovation in this fast-evolving sector.
The author is Partner at L&L Partners Law Offices
Views are personal