The Reserve Bank of India (RBI) in its new guidelines said that all digital loans must be disbursed and repaid through bank accounts of regulated entities only, without pass-through of loan service providers (LSPs) or other third parties.
The guidelines, aimed at curbing rising malpractices in the digital lending ecosystem, follow the recommendations of a working group for digital lending, whose report was made public in November 2021. “The concerns primarily relate to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices,” the RBI said in the final guidelines.
The central bank classified digital lenders into three categories – entities regulated by the RBI and permitted to carry out lending business, entities authorised to carry out lending as per other statutory or regulatory provisions but not regulated by the RBI, and entities lending outside the purview of any statutory or regulatory provisions. The latest regulatory framework is focused on the digital lending ecosystem of RBI’s regulated entities (REs) and the LSPs engaged by them to extend credit facilitation services.
As for entities falling in the second category, the respective regulator may consider formulating rules on digital lending, based on the recommendations of the working group, the RBI said. For entities in the third category, the working group has suggested specific legislative and institutional interventions for consideration by the central government to curb illegitimate lending.
Apart from direct disbursals and repayments of digital loans, the norms mandate that any fees or charges payable to LSPs in the credit intermediation process shall be paid directly by the RE and not by the borrower.
The Digital Lenders’ Association of India (DLAI) said the guidelines are a nuanced blueprint that will help the digital lending ecosystem to continue to grow in a responsible and sustainable manner. “At the same time the RBI has clearly addressed the need to stamp out incipient trends that are antithetical to the best practices related to customer protection and data security,” DLAI said in a statement, adding, “We also look forward to engaging with the RBI in the coming months as the industry moves towards forming an SRO (self regulatory organisation) to promote adherence to these recommendations.”
As per existing RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated 30-day period, they can lodge a complaint under the central bank’s integrated ombudsman scheme. Data collected by DLAs should be need-based, should have clear audit trails and should be only done with prior explicit consent of the borrower, the RBI said.
“Option may be provided for borrowers to accept or deny consent for use of specific data, including option to revoke previously granted consent, besides (the) option to delete the data collected from borrowers by the DLAs/ LSPs,” the guidelines said.
Any lending sourced through DLAs will have to be reported to credit bureaus by REs irrespective of its nature or tenor, the RBI said. All new digital lending products extended by REs over merchant platforms involving short term credit or deferred payments must also be reported to credit bureaus by the REs.