Only entities regulated by RBI or other bodies permitted by law can carry out digital lending, says RBI
In its effort to mitigate the concerns arising from credit delivery through digital lending methods, the Reserve Bank of India (RBI) on Wednesday came out with guidelines aimed at firming up the regulatory framework for such activities. The banking regulator has categorically specified that the lending business can only be carried out by entities regulated by it or those permitted under the law.
-
The central bank has divided the universe of digital lenders into three groups — entities regulated by the RBI and permitted to carry out lending business; entities authorised to carry out lending according to other statutory/ regulatory provisions but not regulated by the RBI, and entities lending outside the purview of any statutory/ regulatory provision.
-
These guidelines are for the first category, or entities regulated by the RBI. As for other entities which are part of the second and the third categories, the RBI has asked respective regulator/ controlling authority/ the central government to formulate guidelines based on the recommendations of the working group on this subject it had formed back in January 2021.
-
For RBI-regulated entities (REs), their lending service providers (LSPs), and digital lending apps (DLAs) of REs, the central bank has mandated that all loan disbursals and repayments are required to be executed only between the bank account of the borrower and the RE, without any pass-through/ pool account of the LSP or any third party.
-
REs have to ensure that fees for LSPs are paid directly by them and are not charged by LSP to the borrower.
-
Second, the all-inclusive cost of digital loans in the form of annual percentage rate (APR) is required to be disclosed to the borrower by REs. Also, REs have to provide a key fact statement (KFS) to the borrower before the execution of the contract in standardised format for all digital lending products.
-
“Any fees, charge, etc., which is not mentioned in the KFS cannot be charged by REs to the borrower at any stage during the term of the loan,” said the RBI. The KFS must have details of APR, terms and conditions of recovery mechanism, details of grievance redressal officer designated specifically to deal with digital lending/fintech-related matters, and cooling-off/look-up period, stated the guidelines.
-
Further, the regulator has specified that there cannot be automatic increase in credit limits without the borrower’s on-record explicit consent. These regulated entities also have to publish the list of LSPs and DLAs engaged by them, besides details of the activities for which they have been engaged, on their website.
-
REs have been asked to do due diligence on the borrower’s economic profile to assess his/her creditworthiness before extending any loan over DLAs.
-
They also need to conduct an enhanced due diligence process before entering into a partnership with an LSP for digital lending, taking into account its technical abilities, data privacy policies and storage systems, among other things.
-
“REs to ensure that LSPs engaged by them do not store personal information of borrowers except for some basic minimal data (such as name, address, contact details of the customer, etc.) that may be required to carry out their operations,” the RBI said.
-
On the data privacy front, the banking regulator said data collected by DLAs has to be need-based, with the customer’s prior consent, and can be audited, if required. The central bank mandated that DLAs should not access mobile phone resources, such as files and media, contact list, call logs, and telephony functions. However, one-time access can be taken to camera, microphone, location, or any other facility necessary for onboarding/ KYC requirements only with the explicit consent of the borrower.
-
Further, these apps have to provide an option to borrowers to accept or deny consent for the use of specific data, including the option to revoke previously granted consent, besides the option to delete the data collected from borrowers by DLAs/LSPs.
-
The guidelines also stated that REs are required to ensure that any lending done through DLAs has to be reported to Credit Information Companies (CICs), irrespective of its nature or tenor. Lending through the Buy Now Pay Later (BNPL) mode also needs to be reported to CICs.
A few recommendations of the working group, such as the first loss default guarantee (FLDG), have received in-principle approval from the RBI but require further examination. Meanwhile, REs have to ensure that financial products involving contractual agreement, in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, adhere to the RBI’s guidelines on securitisation of standard assets.
Source : Business Standard
