According to the regulations,
1. Concerning Payments & Collections: When a loan is to be disbursed or the loan amount is collected, the transactions must happen between lenders and borrowers directly. No third parties can be involved.
2. Concerning Key Fact Statements: Annual Percentage Rate (APR) should be a part of the Key Fact Statements (KFS).
3. Concerning Data Privacy: Factors like what data to store, what data cannot be stored, what data needs to be disclosed, when to take permissions from users, etc., must be mentioned.
4. Concerning Process Transparency: Queries such as which regulatory bodies need to be involved specifically for the lending cycle, who the provider of the digital lending apps are, who the recovery agent is going to be, what the roles of various people at what time period are, etc., are to be shared with customers and also updated in the websites.
5. Concerning Grievance Redressal: Customers’ complaints should be addressed to a specific person. The contact details of that specific person should be available to the public.
6. Concerning Reporting to Credit Bureaus: All loans, regardless of tenure, should be reported to the credit bureaus.
When it comes to Google PlayStore, the RBI report in 2021 on Digital Lending Apps (DLA) matrix says that there are approximately 1100 Indian loan apps on the platform, primarily focusing on keywords like “loan”, “instant loan”, “quick loan”, etc. Among that, 600 seem to be illegal. The number of complaints against the DLAs from January 2020 to March 2021 is 2562. And, according to the latest news, in 2022, 2000 illegal apps were delisted.
Because of these statistics, we have seen securities issues such as fraud, fake apps and data theft also happenings a lot more. Hence, the new regulations focus on monitoring and safeguarding the end consumers. RBI will also prepare a whitelist of all legal apps, and the Ministry of Electronics and Information Technology (MeitY) will help enforce them on PlayStore.
The new guidelines on Consumer Protection say that:
1. KFS – APR has to be included. Penal charges should be upfront on annualised, which was not there before. Information about minimum and maximum value for interest rate, tenure and principal should be there. There is to be a cooling-off period, which gives the time to exit a loan within a number of days without penalty.
2. Authorised Recovery Mechanism – Information about the kind of recovery mechanism the lenders will use, who the recovery agent will be, and many more to be mentioned. The exact data of the recovery agent is to be provided in the policy document.
3. Complete grievance officer details should be on the Regulated Entities (RE) websites, Loan Service Providers (LSP) websites, and DLA descriptions for any complaint. RE should have the sole responsibility for any grievance. A customer complaint should be addressed within 30 days. If not, the customer can file a complaint with the RBI about the RE.
5. For RE website/LSP website, the information that should be available are
- Loan Product,
- Lender details,
- Customer Care,
- Link for Complaints,
- List of all DLAs, LSPs engaged with, DLAs of LSPs,
- DLAs and LSPs should have links to the RE website for reference.
Regulations regarding Technology & Data Requirements:
- DLA should not access phone resources like files, media, contact lists, call logs, and telephony functions without prior permission to ensure customer protection and avoid the wrong usage of the information.
- When it comes to SMS, though, it is considered a grey area since it is used as alternate data when credit data is not available with credit bureaus for underwriting a borrower.
- Only one-time access is allowed to the camera, microphone, locations or any other facility with explicit consent and only when required.
- Talking about consent, a person can deny permission to use any specific data to third parties. They can also revoke earlier consents.
- LSPs and DLAs should store only minimal information. The rest of the data should be with the RE.
- For Data Retention Policy, the type of data stored, the length of the storage, the protocols for removing the data from the system, and the standards to handle security breaches should be mentioned in the policy.
- No biometric data can be stored.
- The cloud server should be in India.
Importance is given to
- Handling users’ sensitive and other data
- The target audience of the DLAs
- Access parts of the apps by the borrowers
- Usage of sensitive device permissions and information from the apps’ perspective
- Third-party disclosure and data sharing
- Grievance details
Regulations of PlayStore:
Being the marketplace of the DLAs and a pseudo-regulatory body, Google Play Store has its own set of norms.
- The details of the RE should be defined.
- Every data policy (usage, storage, processing policies) should be defined in the platform, similar to the DLAs’ websites. The information should also be exposed to the borrowers.
- Data sharing is also defined.
- RE can’t list a DLA in Play Store if the full loan repayment period is less than 60 days.
- An appeal process can also be made if an app is rejected with only general information being described.
Overall, when you look at all the regulations I have mentioned so far, they mainly pertain to consumer protection and data privacy. Concluding the session, the best practices I can say for Play Store to adhere to the regulations on digital lending are
- Providing the right information on app store details & data policy.
- Get explicit permission and define the required permission for data usage.
- Thoroughly go through the RBI regulations and adhere to their norms.
With innovations taking place, people jump to grab every opportunity they can to make lives easier. Every industry has innovations. Every sector sees changes over time. So, why will the financial industry leave behind, especially with technological inclusion in it? Thus, the rise in the digital lending industry. But, there should also be a body to regularly monitor and maintain control. Hence, regulatory bodies like the RBI and pseudo regulators like Google Play Store come into play. Recent situations have shown us how important it is to have a constant watch to ensure customer protection and safeguard their interest when dealing with their finances. That is what our session dealt with.
We hope the webinar on this hot topic has left you with a lot of exposure and knowledge on the digital lending industry. Our webinar video is uploaded; refer to it for more information. We hold monthly webinars and hope you participate in the upcoming sessions for more knowledgeable ventures. Please share any suggestions with us, and don’t forget to stay tuned for upcoming blogs!