The Reserve Bank of India has announced a regulatory framework to support the orderly growth of credit delivery through digital lending methods while mitigating security concerns.
The regulations have been formed based on the recommendations of the Working Group on Digital Lending, constituted by the RBI on January 13, 2021.
This regulatory framework is based on the principle that lending business can be carried out only by entities that are either regulated by the Reserve Bank or entities permitted to do so under any other law.
Certain highlights of the requirements being mandated to be followed by regulatory entities (REs), their lending service providers (LSPs), digital lending apps (DLAs) of REs, DLAs of LSPs engaged by REs, are as follows:
Customer Protection and Conduct Issues
i. All loan disbursals and repayments are required to be executed only between the bank accounts of the borrower and the RE without any passthrough/ pool account of the LSP or any third party.
ii. Any fees, charges, etc., payable to LSPs in the credit intermediation process shall be paid directly by RE and not by the borrower.
iii. A standardized Key Fact Statement (KFS) must be provided to the borrower before executing the loan contract.
iv. All-inclusive cost of digital loans in the form of Annual Percentage Rate (APR) is required to be disclosed to the borrowers. APR shall also form part of KFS.
v. Automatic increase in credit limit without explicit consent of the borrower is prohibited.
vi. A cooling-off/ look-up period during which the borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty shall be provided as part of the loan contract.
vii. REs shall ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer to deal with fintech/ digital lending-related complaints.
Technology and data requirements
i. Data collected by DLAs should be need based, should have clear audit trails and should be only done with prior explicit consent of the borrower.
ii. An option may be provided for borrowers to accept or deny the consent for use of specific data, including the option to revoke previously granted consent, besides the option to delete the data collected from borrowers by the DLAs/ LSPs.
Regulatory Framework
i. Any lending sourced through DLAs (either of the RE or of the LSP engaged by RE) is required to be reported to Credit Information Companies (CICs) by REs irrespective of its nature or tenor.
ii. All new digital lending products extended by REs over merchant platforms involving short-term credit or deferred payments are required to be reported to CICs by the REs.
