India’s fintech economy is a $1.3 trillion opportunity. On such a large scale, inefficiency and rogue elements are a growing risk. Recently, the fintech ecosystem in India has been under government scrutiny, with digital lending facing special scrutiny. To curb unethical practices and regulate the industry, the Reserve Bank of India (RBI) has issued detailed guidelines that will be effective from December 2022.
Within the guidelines are indicators that the central bank previously said it would publish. Among them are some basic technology standards for lenders and companies that partner with these digital loan applications.
The guidelines are for registered entities (REs) which include all commercial banks, primary (city) cooperative banks, state cooperative banks, district central cooperative banks and non-banking finance companies (NBFCs), including housing finance companies.
These entities have outsourcing agreements with Lending Service Providers (LSPs) and Digital Lending Applications (DLAs). According to the guidelines, outsourcing digital lending requirements will not reduce RE responsibilities, especially in the age of data concerns and digitization.
The standards also prohibit any automatic increase in credit limits without the express consent of borrowers. RBI has also directed that any fees or charges payable to LSP service providers in the loan brokerage process shall be paid directly by the RE and not by the borrower. Several reports mentioned “harassment” by digital lenders to repay loans.
These agents/institutions are known to resort to extreme measures, including monitoring borrowers’ contacts, physical harassment and public shaming.
In order for the central bank to prevent such increasing cases of unethical collection practices used by digital lenders, RE to put in place appropriate systems and processes. These will ensure that payments are not made to a third-party account, including LSP accounts and their DLA.
The RBI said that REs will only have to ensure the collection of data on a need basis with the express consent of the borrower. Not only that, but the central bank has also asked these entities to give up access to mobile phone resources such as file and media managers, contact lists, call logs and other phone functions.
Exceptions include one-time access to a camera, microphone, location or any other device necessary only for boarding / KYC requirements (with borrowers’ express consent).
Several apps today don’t allow users to use apps unless they give consent to access specific data. RBI has also asked REs to provide an option to the borrower to consent to data sharing.
Under the new guidelines, the borrower can at any time limit data retention, revoke access to data to third parties and any other consent already granted, and even make the app delete existing data.
To improve data transparency, the guidelines state that every time a digital lending app asks for permission to access anything, the borrower will have to be provided with a purpose for obtaining such consent.
Furthermore, as already mentioned in the instructions, lenders and RE partners will not be able to store borrowers’ data. Exceptions include some minimum information (such as name, address, customer contact information, etc.) that may be required to perform their operations.
REs will need to ensure that their lending partners have links to their websites when talking about loan products.
REs will further be required to provide borrowers with a complaint handling officer for complaints related to fintech or digital lending. His/her contact details will also be displayed on the RE, their LSP and DLA websites.
Anurag Reddy, vice president of product and head of human resources at Dinero, said, “The regulations are a welcome step to encourage innovation in the customer-centric ecosystem – whether it’s protecting privacy, addressing customer complaints or reducing information asymmetry.”
However, Joginder Rana, vice-chairman and MD at CASHe, said customers are at the center of how the fintech company designs its products and services. “With data access restricted to regulated entities, measuring customer expectations and creating tailored offers will be a challenge.”
The standards will force lenders to disclose how they use this data, credit scoring and underwriting techniques, and offer borrowers full control over their data.
Further, when partnering with any digital lending application or lending service provider, the onus of due diligence will be on the RE to ensure the former’s fair dealings with borrowers, particularly in debt collection.
Registered entities have until November 30 to comply with digital lending guidelines. The aim is to encourage innovation in the digital lending ecosystem while ensuring that there is no room for harassment and exploitation of borrowers.