In a bid to protect consumers from breach of data privacy, unfair business conduct, charging of exorbitant interest rates and unethical recovery practices by fintech players, the Reserve Bank of India (RBI) on Friday tightened norms for digital lending.
The central bank directed banks and non-banking finance companies (NBFCs) to ensure that digital lending apps (DLAs) don’t access borrower’s mobile phone resources and don’t automatically increase the credit limit. In its “Guidelines on Digital Lending” for regulated entities/REs (banks and NBFCs), the RBI said borrowers have to be given a cooling off/ look-up period to exit a digital loan by paying the principal and the proportionate annual percentage rate (APR) without any penalty during this period.
The aforementioned instructions, among others, will be applicable to ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’ with immediate effect.
However, in order to ensure a smooth transition, REs have been given time till November 30 to put in place adequate systems and processes to ensure that ‘existing digital loans’ are also in compliance with these guidelines in both letter and spirit.
The guidelines come at a time when innovative methods of designing and delivery of credit products and their servicing through the digital lending route has gained prominence.
Access to phone data
The guidelines require REs to ensure that any collection of data by their DLAs and of their lending service providers (LSPs) is need-based and with prior and explicit consent of the borrower having audit trail. “In any case, REs shall also ensure that DLAs desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc.
“A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements only, with the explicit consent of the borrower,” said the guidelines.
REs have to provide borrowers with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data.
The purpose of obtaining borrowers’ consent needs to be disclosed at each stage of interface with the borrowers.
REs have been asked to capture the economic profile of the borrowers covering (age, occupation, income, etc.), before extending any loan over their own DLAs and/or through LSPs, with a view to assess the borrower’s creditworthiness in an auditable way.
Besides, REs have to ensure that there is no automatic increase in credit limit unless explicit consent of borrower is taken on record for each such increase.
The RBI asked REs to give borrowers an explicit option to exit digital loan by paying the principal and the proportionate APR without any penalty during this period. This period should not be less than three days for loans having tenor of seven days or more and one day for loans having tenor of less than seven days.
For borrowers continuing with the loan even after the lock-up period, pre-payment will continue to be allowed as per extant RBI guidelines.
RBI emphasised that the responsibility regarding data privacy and security of the customer’s personal information will be that of the REs, which have also been directed to ensure that all data is stored only in servers located within India.
As regards the industry practice of offering financial products involving contractual agreements such as First Loss Default Guarantee (FLDG) in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, RBI advised REs to adhere to the provisions of the Master Direction on Securitisation of Standard Assets, 2021.
‘Correct for consumers’
Srinath Sridharan, corporate advisor and independent markets commentator, said: “Digital finance as a subject will test the speed and coverage of regulations and systemic stability through tech based innovations. In such a scenario, it will be prudent to err on the side of what is correct for the consumers, rather than just for the sake of innovation or product development.”
RBI has asked REs to ensure that all loan servicing, repayment, etc., are executed by the borrower directly in the RE’s bank account without any passthrough account/ pool account of any third party.