Digital Lending Guidelines (RBI 2022 Framework)

Digital lending – lending through web or mobile platforms – grew rapidly in India, raising concerns about customer protection and unregulated apps. In response, the Reserve Bank of India (RBI) issued a Digital Lending Guidelines framework in 2022 to regulate this sector.

These guidelines followed a Working Group’s findings of malpractices by some digital lenders, especially unregulated apps engaging in predatory lending. The RBI’s rules clearly distinguish the roles of Lending Service Providers (LSPs) and Regulated Entities (REs), among other protections.

Key definitions

In digital lending, an RE is a regulated lender (banks, NBFCs, etc. under RBI supervision), while an LSP is a fintech or agent acting on behalf of an RE to provide digital lending services (customer acquisition, underwriting assistance, recovery, etc.). The RBI clarified that outsourcing to LSPs does not diminish the RE’s responsibility – the regulated lender remains fully accountable for compliance. Many fintech apps function as LSPs, but loans must be originated by an RE or under an RE’s oversight.

Major provisions of the RBI’s 2022 digital lending framework:

Direct fund flow

Loan disbursals and repayments must be executed only between the borrower’s bank account and the RE’s account. No third-party “pool” or pass-through accounts of LSPs are allowed for handling customer funds. This prevents LSPs or sham apps from intercepting money flows.

Fees and charges transparency

Any fees or commissions payable to the LSP (fintech platform) must be paid by the lender (RE) and cannot be charged to the borrower directly. Borrowers should only deal with the RE for payments. This ensures fintech intermediaries do not add hidden charges.

Key Fact Statement (KFS)

Before loan execution, borrowers must receive a standardized summary of loan terms. The KFS includes the Annual Percentage Rate (APR), all fees, repayment schedule, cooling-off period (grace period to cancel the loan), and customer grievance info. This disclosure improves transparency of digital loans.

Consent and data protection

Lenders and apps can only collect borrower data with explicit consent, and solely data necessary for the loan (primarily KYC and underwriting data). Borrowers must have the option to deny or revoke data sharing consent, and unnecessary phone/contact data access by apps is prohibited. All customer data should have audit trails and be stored securely, addressing privacy concerns in fintech lending.

Loan changes and cancellation

Any increase in credit limit requires the borrower’s explicit consent (no automatic line increases). Additionally, borrowers are allowed a cooling-off period after availing a digital loan, during which they can exit the loan by repaying the principal and proportionate APR without penalty. This gives customers a window to reconsider if they feel misled or uncomfortable.

Grievance redressal

LSPs interfacing with borrowers must appoint grievance officers, but ultimately the RE is responsible for resolving customer complaints. Complaints must be resolved within 30 days, failing which they can be escalated to the RBI’s Ombudsman. This ensures accountability for customer service issues, even when lending is via a third-party app.

Credit bureau reporting

All loans facilitated through digital platforms (DLAs – Digital Lending Apps) must be reported by the RE to credit bureaus (Credit Information Companies), just like any other loans. This brings digital loans into the formal reporting system, preventing off-the-books lending that could lead borrowers to excessive undisclosed debt.

First Loss Default Guarantee (FLDG)

Many fintech-LSP models involve an FLDG arrangement – the LSP provides a partial guarantee to the RE against loan defaults (for example, covering the first 10% of losses). The 2022 guidelines did not outright ban FLDG but stipulated that any such risk-sharing must comply with RBI’s securitization norms. Essentially, if a third party compensates a lender for loan losses, it should be within prescribed limits. (Subsequently, in June 2023, RBI issued specific guidelines capping these Default Loss Guarantees to not exceed 5% of the loan portfolio exposure, to curb excessive risk transfer.)

Rationale

These digital lending regulations were introduced due to concerns over rampant online lending apps, some charging usurious rates or engaging in harassment. RBI noted that many “fringe lenders” had operated outside any oversight. The new rules aim to protect borrowers from unscrupulous practices by requiring transparency, data privacy, and direct regulatory oversight via the RE. Regulated lenders had until November 30, 2022 to comply with these norms. Overall, the framework balances innovation in credit delivery with safeguards to ensure responsible lending in the digital era.