nasscom Community

Call for inputs: RBI’s report of the working group on digital lending

8 Mins read

Call for inputs: RBI’s report of the working group on digital lending

  1. Backdrop

In January 2021, the Reserve Bank of India (RBI) had constituted a working group (WG) on digital lending including lending through online platforms and mobile apps. The objective of the WG was to address the concerns raised by digital lending platforms, their systematic implications, and to study the aspects of digital lending activities in the regulated financial sector as well as by unregulated players.

This WG was chaired by Shri Jayant Kumar Dash, Executive Director, RBI along with six other members. The RBI released the WG interim report on November 18, 2021.

  1. The Interim Report by the Working Group on Digital Lending

The recommendations made by the WG are at three levels – regulated entities of the RBI; other regulated/authorised entities; and the unregulated entities. The Report is guided by the following principles – technology neutrality; principle backed regulation; and addressing regulatory arbitrage.

  1. Technology neutralityThe regulatory approach should be neutral towards technological differentials or business models. It should instead encourage competition.
  2. Principle backed regulationsThere should be graded approach to regulation i.e. from minimum to strong precautionary regulation.
  3. Addressing regulatory arbitrage – A level playing field is necessary for consumer protection and fair competition. Therefore, same regulatory conditions should apply on both BigTech and FinTech start-ups.

To achieve this, the WG has suggested a near to medium term measure which includes legal and regulatory recommendations, enhancing statutory framework, and to reinforcing digital lending oversight. While the recommendations made by the RBI may largely address the challenges – regulatory and operational, in the digital lending space, there are certain areas of concern which require more discussion. These areas include:

  1. Digital India Trust Agency (DIGITA) and its sweeping scope: The Report envisages that DIGITA shall be made responsible for flagging any FinTech app with servers located outside India to the RBI or any other appropriate agency. However, no reason has been provided for this by the Report.
  2. Multiple entities for regulation: In addition to DIGITA, the Report recommends setting up Self-regulatory organisations for Digital Lending Apps (DLAs) and Lending Service Providers (LSPs). These shall co-exist with the proposed National Financial Consumer Protection Regulation Forum, and the RBI for regulated entities, and Government law for unregulated entities. There may be challenges arising from other intersection with other sectoral regulators.
  1. Key Recommendations
  1. Legal and regulatory recommendations
  • Calibrating existing regulations
  1. Balance sheet lending through Digital Lending Apps (DLAs) should be restricted to entities regulated and authorised by the RBI or entities registered under any other law specifically undertaking lending business. The WG has suggested for this, a separate notification may be issued by the appropriate authority.
  2. Partnership between Lending Service Provider and Balance Sheet Lender to be encouraged with appropriate transparency in the interest of consumers.
  • New digital lending products which involve short term/unsecured or secured credit going under the guise of deferred payments, such as BNPL should be treated as a part of balance sheet lending. These products do not meet requirements of traditional credit facilities, therefore, it has been suggested that a separate notification maybe issued by the Government of India in this regard.
  • The Lending Service Provider (LSP) agreement for balance sheet lender needs to be per a uniform model to be brought out by the proposed Self-Regulatory Organisation (SRO).
  • Avoidance of operational grey areas- All loan servicing, repayment etc. to be executed directly in a bank account of the balance sheet lenders without any pass through account of any third party.
  1. To crowd out fringe lenders, the report suggests expanding the reach of established digital channels for digital lending. In addition to this, the Report suggests that other entities like web aggregators of loan products should be considered as LSPs. They maybe subject to code of conduct (CoC) by the REs.
  2. Broadening the credit reporting systems –
  • Mandatory submission of information to Credit Information Companies (CICs) : This shall break the perpetuation of data marginalization of certain vulnerable groups, and less dependence on alternate data for financial consumers. Lending through DLAs has to be mandatorily reported to the CIC.
  • The WG has suggested regulatory changes to prevent loan targeting by digital lenders based on credit reports obtained from Credit Institutions under CIC (Regulation) Act. This would ensure that only entities regulated by financial sector regulator act as an agent on behalf of the borrower.
  • Enhancing statutory/regulatory framework
  1. Setting up Digital India Trust Agency (DIGITA) : To ensure that only authorised DLAs are used by consumers, the WG Report has recommended setting up an independent body “Digital India Trust Agency (DIGITA). It would be responsible for verifying digital lending apps before their distribution through app stores. The apps which shall not bear verification mark by DIGITA shall be considered as unverified apps for digital lending purposes.
  2. Defining Short Term Consumer Credit (STCC) to include digital lending, and to frame appropriate regulations akin to regulations on Micro Finance Institutions (MFI). Alternatively, the extant framework regulating MFIs could be amended to include STCCs to have a single framework governing short term lending.

The Government can notify similar rules for entities which are not regulated by the RBI.

  1. Framework for customer-facing, outsourced activities of REs – Noting the increasing trend of businesses leveraging the use of agents, the RBI may develop a separate framework styled as Agency Financial Service Regulation (AFSR) for customer-facing, fully outsourced activities of REs.
  2. Self-regulatory Organisations (SROs) : The WG suggests setting up an SRO covering DLAs and LSPs. The general guidance on this shall be provided by the RBI. It is suggested that the Government of India may undertake a similar exercise action for entities not regulated by the RBI.
  3. Central law to ban unregulated lending activities : The WG has suggested that analogous to “The Banning of Unregulated Deposit Scheme Act, 2019”, the Central Government may consider banning lending entities not regulated by the RBI or under any other law.
  4. Constituting National Financial Consumer Protection Regulation : The Report suggests that to provide adequate recourse to financial consumers, a separate forum maybe developed within the ambit of Consumer Protection Act, 2019. This framework to have specific provisions for digital contracts and delivery of financial services.
  •  Reinforcing digital lending oversight
  1. The SLCC mechanism should cover issues within the digital financial space and should :
  •  cover reports on unauthorized apps in the market involved in digital lending or illegal recovery.
  • Creating a centralised and fully digitalized data repository to provide a country-wide view of market intelligence (MI) in real time, accessible to relevant agencies.
  • Inducting Telecom Regulatory Authority of India (TRAI) to be inducted as a member of need-based invitee to SLCC.
  • Enhancing the use of technology and data sources to identify shell finance companies etc.
  • Concept of National Finance Crime Record Bureau (NFCRD) with a data registry akin to Crime and Criminal Tracking Network and Systems (CCTNS) accessible to REs to be considered. Alternatively, the channel of FINNET by FIU-IND can be explored.
  • Safeguarding financial stability
  1. Converting regulatory instructions for digital lending to machine readable format for direct interface with RegTech systems of the REs.
  2. Exploring and advancing the blueprint on forward looking framework to identify and manage risks arising from BigTech and decentralized finance, in a graded manner.
  1. Recommendations related to technology
  • Institutional mechanism
  1. Operations of neo-banks to be covered under Reserve Bank’s regulations: It is commendable that the WG has suggested encouraging opening digital only banks. It has suggested that RBI Sandbox may also have a category for innovating with digital lending.
  2. DIGITA verification: Lenders should only deploy applications verified by DIGITA. DIGITA has been held responsible for ensuring updates and patches along with publisher certificate forgery.
  3. Baseline digital hygiene guidelines in consultation with the RBI :
  • There must be compliance with RBI Formulated basic technology standards including on digital security. These pre-conditions to work as a pre-condition to offer digital lending by REs and LSPs.
  • DLAs to provide information about loans, lender, customer care etc. on their website or on their app.
  • Digitally signed documents supporting important transactions through DLAs of the REs should automatically flow to verified email of the borrower upon execution of the transactions.
  • DLA owners including LSPs to appoint a nodal officer dealing with FinTech related issues with various stakeholders including customers, regulators, law enforcement, SRO etc.
  1. Comprehensive data protection framework for organizational and technical measures for data processing, fixing accountability, and remedies.
  • Technology infrastructure and standards
  1. Defining baseline technology standards for DLAs of REs.
  • REs to ensure that DLAs on cloud infrastructure comply with relevant regulatory standards etc. The apps should have technological safeguards to prevent frauds.
  • Every FinTech app must be signed or verified in a secure way to deliver data to the app.
  1. Data localisation norms: The DIGITA to flag FinTech apps with servers outside India. These apps must have servers located in India like P2P and AA companies.
  2. Algorithmic explainability : The REs to document the rationale for algorithmic features. This shall ensure algorithmic explainability. The WG suggests algorithm audit to ensure data used is extensive, accurate and diverse. The Report has encouraged the DLAs to use Glass-box models of AI to enhance transparency and acceptability of algorithms. The report also encourages adoption of ethical AI.
  • Data governance
  1. It is necessary to have a regulatory framework aimed at privacy policy of mobile apps to safeguard consumer rights and address information collected by apps from the device.
  2. It suggests that regulatory governance may cover – clarity on issues like type of data which can be held, data retention, use of data, data destruction; comprehensive privacy policies; data sharing disclosures; consent; adequate notification of privacy breaches; permissions to use resources accessible through operating systems etc.
  1. Recommendations related to financial consumer protection
  • Loan product design and distribution
  1. Responsible advertising and marketing standards – This has to be included in the CoC proposed by SROs. The WG suggests that loan products should be advertised without making misleading claims. Therefore, it has suggested that DLAs must have opt-in and opt-out options for consumer marketing messages.
  2. Minimising cases of repayment stress:
  • To discourage perpetuation of payday loans, fixed sum or non-installment unsecured short term consumer credit (STCC) must be regulated.
  • The DLAs catering to low credit penetrated markets must design simple products with appropriate mobile interface. This should help consumers in easily understanding the product and make informed decisions.
  • The DLAs must have mandatory user education at customer on-boarding sign-up stage about the product and its features and loan computation.
  • There must be a cooling-off period for consumers to provide them with an exiting option by paying proportionate annual percentage rate without penalties.
  • The disclosures about proposed credit facility should be available to the borrower in an easily understandable manner.
  • Preventing over-indebtedness (anti-predatory lending)
  1. The DLAs should refrain from predatory lending practices. For this, the SROs can propose guiding principles.
  2. An Anti-Predatory Lending Policy has to be developed by the lender and displayed publicly. It is mandatory for STCC customers to be mandatorily taken to a financial education website page in vernacular languages to inform them of associated risks.
  • Responsible pricing (anti-usurious lending)
  1. The RBI shall lay down standard definitions for the cost of digital STCC as Annual Percent Rate (APR).  This has been suggested to ensure disclosure of costs in a clear and understandable way.
  2. Specific lending norms tailored for STCC lenders – This includes affordability rules, number of loans a consumer can hold at a point of time etc.
  3. Certain operational practices to be loaded against financial consumers such as charging interest amount in arrears, and providing a key fact statement to all customers.
  • Fair and respectful treatment of borrowers
  1. Educating consumers about their data trails and credit histories. This has to be taken up both by regulators and the industry.
  2. Treating borrowers in financial difficulty fairly. The SRO must define customer harassment.
  3. RE partnership with a consumer facing LSP must consider the following:
  • Conducting enhanced due diligence before entering into a partnership with an LSP.
  • It is responsibility of REs that LSPs do not deploy abusive debt-collection practices. There must be standardized CoC for recovery to be framed by the SRO.
  • REs to communicate with borrowers the details of LSPs which may approach them for recovery.
  • Training and accreditation of recovery agents – on-site and off-site.
  • Periodic review of LSPs engaged in recovery and scan for their name in “negative list” if there is a significant breach of any code.

If you have any feedback/ recommendations/suggestions on the Report, please write to by December 10, 2021.