On August 10, 2022, the Reserve Bank of India (“RBI”) implemented certain recommendations of the Working Group on “digital lending including lending through online platforms and mobile apps” (“WGDL”). The RBI’s Recommendations of the Working group on Digital Lending – Implementation dated August 10, 2022 (“Guidelines”) apply to all entities regulated by the RBI, i.e., Regulated Entities (“REs”), and fintech platforms that act as outsourced service providers, i.e., Lending Service Providers (“LSPs”). The onus of compliance with the Guidelines is on the REs.
We identify the immediate action items provided in Annex-I of the Guidelines for REs and DLAs below:
Pass through Accounts: All loan disbursements and repayments shall be directly settled between the bank account of the customer and the RE. The transactions cannot be routed through pass-through/pool accounts of any third parties. Similarly, all payments to be made to LSPs shall be done by the REs and not by the borrowers. However, the role of payment aggregators and gateways has not been clarified in this flow.
Collection of Data: Digital Lending Apps (“DLAs”) can collect borrowers’ data only with the borrowers’ explicit consent. Such consent can be withdrawn by the borrowers at any time. DLAs cannot access files, media, contact lists, call logs, and telephone functions on the borrowers’ phones. Camera and microphone access can be gained one time and only for Know Your Customer (“KYC”) or user on boarding. LSPs also cannot store any data but that which is necessary to carry out functions. The data obligations extend to any third parties used by LSPs as well. Borrowers should be informed of any third parties having access to their information.
Due diligence of REs: REs must conduct an enhanced due diligence process before entering into a partnership with a LSP for digital lending, taking into account its technical abilities, data privacy policies and storage systems, fairness in conduct with borrowers and ability to comply with regulations and statutes. REs are to ensure that their LSPs comply with data security norms and fair recovery practices, along with other relevant norms. Further, the REs must carry out comprehensive due diligence on all of its LSPs.
Key Fact Statement: A Key Fact Statement (“KFS”) in a standardized format should be made available to borrowers. It should be simple to understand and clearly outline all charges, interests, and costs in connection to the loan. The format however, has not been prescribed by the RBI.
Reporting of lending: Any lending done by REs through DLAs should be reported to Credit Information Companies (“CICs”). Similarly, any new lending products offered by REs over merchant platforms should be reported to CICs. Lending products involve any short-term, unsecured/ secured credits or deferred payments.
Increase in credit limit: REs shall ensure that automatic increases in credit limits are prohibited unless the borrower has provided explicit consent for each such increase. The consent so provided must be recorded.
Automatic delivery of documents: Upon execution of loan contract/ transactions, digitally signed documents relating to important transactions (sanction letter, account statement, privacy policy, etc.) should be automatically sent to the borrower’s registered email ID/ SMS.
Cooling-off period: Borrowers are allowed to repay the loan without penalty during a cooling-off period if they desire to exit the digital loan. The board of directors of the RE can determine the length of the cooling-off period.
Disclaimer: This post does not purport to be legal advice or recommendations for any persons. You should consult with your own legal counsel to best understand your obligations and rights under the mentioned guidelines.