2022 RBI Regulations on Digital Lending

Overview

There has been exponential growth in the digital lending industry, with many innovations driving the sector to produce many new financial products and services into the market. And with these products and services gaining popularity, regulatory bodies such as the RBI and Google Play Store are constantly monitoring them to ensure they are efficient and in the best interests of consumers. Hence, recent regulations have been introduced in the digital lending sector. We had industry experts from Habile Technologies give us a glimpse of how the guidelines impacted the overall industry in our recent September 2022 webinar.

Introduction

Mani Parthasarathy

The recent regulations have drastically changed the digital lending landscape. In the last two months, fintechs have seen a change in their business model, with their revenue coming down and their companies’ funding reduced.

When the new guidelines came into being, we encountered queries from our clients asking us questions such as why the digital lending apps are getting delisted from Google PlayStore, what compliances can be followed to adhere to the new regulations, and more. Henceforth, we wanted to share expertise and knowledge with our industry veterans on the trending topic to know how the digital lending industry has been impacted.

Panel Presentation

Rajeshware Srinivasan

In the global landscape, the digital lending market is about $5.8 billion in 2021 and is expected to increase by 25.9% in 2030. In India, about $2.2 billion worth of loans were disbursed between 2021 and 2022.

The factors that are contributing to the financial institutions to shift from traditional lending to digital lending are

  1. With more and more people entering into structured pay schedules, making them eligible to take more loans, there has been a rise in the opening of EPFO accounts recently. In May 2022, 1.8 million new EPFO accounts were opened compared to May 2021. It has seen an about 83% rise since last year. The people aged 22-25 are the highest to open accounts.
  2. There has also been a rise in the penetration of smartphones into the market. 54% of the population are using smartphones in 2020. And the number is seemingly going to increase by 90% in 2026.
  3. The UPI transactions as of August 2022 are Rs. 657 Crore.

The BNPL service and credit card scenario usage has increased dramatically from 2021 to 2022. In 2021, the number of credit card users was 47.1 million, with a 6 trillion transaction value. In 2022, the number of users became 57.7 million with a 9 trillion transaction value. For BNPL, 2.3 million transactions were done for 12 million users in 2021, and the value increased to 2.8 billion transactions with 23 million users in 2022. In both scenarios, 14% were for eCommerce transactions.

In the global trend, now developed countries have regulated BNPL, making it easier for the population to rely on another mode of credit for their purchases. India is among the countries that have seen the highest usage of BNPL. 30% monthly spending increased by customers. When only the technologically advanced Tier 1 and Tier 2 cities had the penetration of digital lending, less developed Tier 3 and Tier 4 cities are also seeing similar trends now.

With all the innovations and advancements, it is necessary to have regular checks and constant watch to ensure that the digital lending industry is functioning well. The regulatory body, RBI, protects customer interest and maintains control over the sector. It ensures that the new digital lending products coming into the market are resilient, efficient, customer-centric and adhere to business norms. So, naturally, when there is growth in this landscape, RBI has come up with new guidelines in 2022.

According to the regulations,

1. Concerning Payments & Collections: When a loan is to be disbursed or the loan amount is collected, the transactions must happen between lenders and borrowers directly. No third parties can be involved.

2. Concerning Key Fact StatementsAnnual Percentage Rate (APR) should be a part of the Key Fact Statements (KFS).

3. Concerning Data Privacy: Factors like what data to store, what data cannot be stored, what data needs to be disclosed, when to take permissions from users, etc., must be mentioned.

4. Concerning Process Transparency: Queries such as which regulatory bodies need to be involved specifically for the lending cycle, who the provider of the digital lending apps are, who the recovery agent is going to be, what the roles of various people at what time period are, etc., are to be shared with customers and also updated in the websites.

5. Concerning Grievance Redressal: Customers’ complaints should be addressed to a specific person. The contact details of that specific person should be available to the public.

6. Concerning Reporting to Credit Bureaus: All loans, regardless of tenure, should be reported to the credit bureaus.

Alex Lawrence

When it comes to Google PlayStore, the RBI report in 2021 on Digital Lending Apps (DLA) matrix says that there are approximately 1100 Indian loan apps on the platform, primarily focusing on keywords like “loan”, “instant loan”, “quick loan”, etc. Among that, 600 seem to be illegal. The number of complaints against the DLAs from January 2020 to March 2021 is 2562. And, according to the latest news, in 2022, 2000 illegal apps were delisted.

Because of these statistics, we have seen securities issues such as fraud, fake apps and data theft also happenings a lot more. Hence, the new regulations focus on monitoring and safeguarding the end consumers. RBI will also prepare a whitelist of all legal apps, and the Ministry of Electronics and Information Technology (MeitY) will help enforce them on PlayStore.

The new guidelines on Consumer Protection say that:

1. KFS – APR has to be included. Penal charges should be upfront on annualised, which was not there before. Information about minimum and maximum value for interest rate, tenure and principal should be there. There is to be a cooling-off period, which gives the time to exit a loan within a number of days without penalty.

2. Authorised Recovery Mechanism – Information about the kind of recovery mechanism the lenders will use, who the recovery agent will be, and many more to be mentioned. The exact data of the recovery agent is to be provided in the policy document.

3. Complete grievance officer details should be on the Regulated Entities (RE) websitesLoan Service Providers (LSP) websites, and DLA descriptions for any complaint. RE should have the sole responsibility for any grievance. A customer complaint should be addressed within 30 days. If not, the customer can file a complaint with the RBI about the RE.

4. Concerning digital signatures, we have to get the digitally signed copy before disbursing a loan to a customer. All the documents like KFS, Summary & Loan Product, Sanction Letter, Terms & Conditions and Privacy Policy should be on the “letterhead of the regulated entity”. The customer is also entitled to get copies of the documents via email or SMS.

5. For RE website/LSP website, the information that should be available are

  • Loan Product,
  • Lender details,
  • Customer Care,
  • Link for Complaints,
  • Privacy Policy,
  • List of all DLAs, LSPs engaged with, DLAs of LSPs,
  • DLAs and LSPs should have links to the RE website for reference.

Regulations regarding Technology & Data Requirements:

  1. DLA should not access phone resources like files, media, contact lists, call logs, and telephony functions without prior permission to ensure customer protection and avoid the wrong usage of the information.
  2. When it comes to SMS, though, it is considered a grey area since it is used as alternate data when credit data is not available with credit bureaus for underwriting a borrower.
  3. Only one-time access is allowed to the camera, microphone, locations or any other facility with explicit consent and only when required.
  4. Talking about consent, a person can deny permission to use any specific data to third parties. They can also revoke earlier consents.
  5. LSPs and DLAs should store only minimal information. The rest of the data should be with the RE.
  6. For Data Retention Policy, the type of data stored, the length of the storage, the protocols for removing the data from the system, and the standards to handle security breaches should be mentioned in the policy.
  7. No biometric data can be stored.
  8. The cloud server should be in India.

Regulations on Technology for Privacy Policy:

Importance is given to

  • Handling users’ sensitive and other data
  • The target audience of the DLAs
  • Access parts of the apps by the borrowers
  • Usage of sensitive device permissions and information from the apps’ perspective
  • Third-party disclosure and data sharing
  • Grievance details

Regulations of PlayStore:

Being the marketplace of the DLAs and a pseudo-regulatory body, Google Play Store has its own set of norms.

  • The details of the RE should be defined.
  • Every data policy (usage, storage, processing policies) should be defined in the platform, similar to the DLAs’ websites. The information should also be exposed to the borrowers.
  • Data sharing is also defined.
  • RE can’t list a DLA in Play Store if the full loan repayment period is less than 60 days.
  • An appeal process can also be made if an app is rejected with only general information being described.

Overall, when you look at all the regulations I have mentioned so far, they mainly pertain to consumer protection and data privacy. Concluding the session, the best practices I can say for Play Store to adhere to the regulations on digital lending are

  1. Providing the right information of user privacy policy.
  2. Providing the right information on app store details & data policy.
  3. Get explicit permission and define the required permission for data usage.
  4. Create a checklist before the app or website release for the privacy policy, app store guidelines, data policy and whatever is needed.
  5. Thoroughly go through the RBI regulations and adhere to their norms.

Conclusion

With innovations taking place, people jump to grab every opportunity they can to make lives easier. Every industry has innovations. Every sector sees changes over time. So, why will the financial industry leave behind, especially with technological inclusion in it? Thus, the rise in the digital lending industry. But, there should also be a body to regularly monitor and maintain control. Hence, regulatory bodies like the RBI and pseudo regulators like Google Play Store come into play. Recent situations have shown us how important it is to have a constant watch to ensure customer protection and safeguard their interest when dealing with their finances. That is what our session dealt with.

We hope the webinar on this hot topic has left you with a lot of exposure and knowledge on the digital lending industry. Our webinar video is uploaded; refer to it for more information. We hold monthly webinars and hope you participate in the upcoming sessions for more knowledgeable ventures. Please share any suggestions with us, and don’t forget to stay tuned for upcoming blogs!

Related Post

5 Key Principles of Digital Lending for Banks and NBFCs

5 Key Principles of Digital Lending for Banks and NBFCs

Brief History of Digital Lending: India has become the home

Opportunities for Fintech Startups in Singapore

Opportunities for Fintech Startups in Singapore

The “American Dream” was one of those overused buzzwords until

How the Pandemic changed the Banking Industry

How the Pandemic changed the Banking Industry

At the start of 2020, the world was operating normally

Leave a Comment