The Reserve Bank of India has published guidelines that it intends to enforce for digital lending firms, recommending more transparency and control to customers as the South Asian nation’s central bank moves to take further steps to crack down on sketchy practices and creditors.
The guidelines, released Wednesday (PDF), spell out who all can lend to borrowers in India, what all data they can glean from them, and mandates expanding the disclosure requirements in a move that can rattle many fintech startups in the world’s second largest internet market.
Lenders will not be permitted to increase a customer’s credit limit without obtaining their consent and will be required to disclose the annual loan rate in explicit terms. Digital lending apps will also be required to take prior explicit consent from customers before collecting any data and all such requests should be “need-based,” the guidelines added.
“In any case, DLAs should desist from accessing mobile phone resources such as file and media, contact list, call logs, telephony functions, etc. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements only with the explicit consent of the borrower,” the guidelines added.
The guidelines, some of which have received in-principle approval, were first proposed last year, follow scores of sketchy lending apps and non-banking financial institutions charging exorbitant amounts from customers in India in recent years. Some of these firms have been raided by the Indian agencies and found to have links with China, the authorities have said.
The prevalence of sketchy practices prompted Google to pull some personal loan apps from Play Store in India last year and enforce stronger measures to prevent abuse.
“The Reserve Bank is statutorily mandated to operate the credit system of the country to its advantage. In this endeavour, the Reserve Bank has encouraged innovation in the financial system, products and credit delivery methods while ensuring their orderly growth, preserving financing stability and ensuring protection of depositors’ and customers’ interest,” the central bank said in a statement.
“Recently, innovative methods of designing and delivery of credit products and their servicing through Digital Lending route have acquired prominence. However, certain concerns have also emerged which, if not mitigated, may erode the confidence of members of public in the digital lending ecosystem. The concerns primarily relate to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices.”
The central bank also suggested that consumers should be provided with an option to accept or deny consent for use of any specific data and also the ability to revoke any previously granted consent and delete historic collected data. Regulated entities will also be required to ensure that loan service providers they engage with have appointed a nodal grievance redressal officer to address complaints lodged against fintech startups or other digital lending firms, the guidelines add.
Any lending sourced through digital lending apps must be reported to credit information companies by regulated entities irrespective of its nature or tenure, the guidelines say.
Key recommendations below:
Customer Protection and Conduct Issues
- All loan disbursals and repayments are required to be executed only between the bank accounts of borrower and the RE without any pass- through/ pool account of the LSP or any third party.
- Any fees, charges, etc., payable to LSPs in the credit intermediation process shall be paid directly by RE and not by the borrower.
- A standardized Key Fact Statement (KFS) must be provided to the borrower before executing the loan contract.
- All-inclusive cost of digital loans in the form of Annual Percentage Rate (APR)6 is required to be disclosed to the borrowers. APR shall also form part of KFS.
- Automatic increase in credit limit without explicit consent of borrower is prohibited.
- A cooling-off/ look-up period during which the borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty shall be provided as part of the loan contract.
- REs shall ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer to deal with FinTech/ digital lending related complaints. Such grievance redressal officer shall also deal with complaints against their respective DLAs. The details of the Grievance redressal officer shall be prominently indicated on the website of the RE, its LSPs and on DLAs, as applicable.
- As per extant RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated period (currently 30 days), he/she can lodge a complaint under the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).
Technology and Data Requirements
- Data collected by DLAs should be need based, should have clear audit trails and should be only done with prior explicit consent of the borrower.
- Option may be provided for borrowers to accept or deny consent for use of specific data, including option to revoke previously granted consent, besides option to delete the data collected from borrowers by the DLAs/ LSPs.
Regulatory Framework
1. Any lending sourced through DLAs (either of the RE or of the LSP engaged by RE) is required to be reported to Credit Information Companies (CICs) by REs irrespective of its nature or tenor.
2. All new digital lending products extended by REs over merchant platforms involving short term credit or deferred payments are required to be reported to CICs by the REs.