The New RBI Digital Lending Guidelines: Comply by November 30, 2022

The RBI, had constituted a Working Group on ‘digital lending including lending through online platforms and mobile apps’ (WGDL) on January 13, 2021. The final recommendations of this group along with recommendations that required immediate implementation were released on August 10, 2022. On September 2, 2022, the RBI in its press release also notified that the compliance deadline for recommendations with immediate implementation is November 30, 2022.

We bring to you a gist of some key actionable items, by Regulated Entities (REs) such as NBFCs and Online digital lending platforms/Lending Service Providers (LSPs) as per the recommendations of the Working Group.

RBI Digital Lending Guidelines: Things REs and LSPs should do before November 30, 2022

No pass-through Account

All loan servicing, repayment, etc., shall be executed directly in their bank account without any pass-through account/ pool account of any third party. The disbursements shall always be made into the bank account of the borrower.

Fee to be borne by Lenders

Any fee to be paid to the LSPs needs to be borne by the lenders and not the borrowers.

Nodal Grievance Officer

Both the Regulated Entities and the LSPs need to ensure that they have a nodal grievance officer in place to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers. Complaints to be resolved within 30 days.

Key Fact Statement

REs to provide a Key Fact Statement (KFS) to the borrower before the execution of the contract in standardized format for all digital lending products. Any charge, interest or fee not mentioned in the KFS cannot be charged.

Automatic Increase in Credit Limit Prohibited

Automatic increases in credit limits are prohibited unless explicit consent of borrower is taken on record for each such increase.

Publish List of LSPs

REs shall publish the list of LSPs (and Digital Lending Applications, if any) engaged by them along with the details of the activities for which they have been engaged, on their website.

Process to choose a LSP

• REs should conduct a thorough due diligence of the LSP.

• REs should ensure that the LSP does not store personal information, except minimal data.

• REs should conduct periodic reviews of the LSP.

• REs should impart necessary guidance to LSPs.

Collection of Data through Digital Lending Applications (DLAs)

• Any collection of data by DLAs should be need-based and with prior and explicit consent of the borrower which can be audited, if required.

• The borrower should be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect his personal data and if required, make the app delete/ forget the data.

• REs shall ensure that DLAs have a comprehensive privacy policy compliant with applicable laws, associated regulations and RBI guidelines. For access and collection of personal information of borrowers, DLAs of REs/LSPs should make the comprehensive privacy policy available publicly. The purpose of obtaining borrowers’ consent needs to be disclosed at each stage of interface with the borrowers.

• Details of third parties that are allowed to collect personal information through the DLA shall also be disclosed in the privacy policy. Further, explicit consent of the borrower shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement.

Link to Website

REs to ensure that DLAs of REs/LSPs should have links to REs’ website where further/ detailed information about the loan products, the lender, the LSP

Data to be stored within India

REs to ensure that all data is stored in servers located within India while ensuring compliance with statutory obligations/ regulatory instructions.

Reporting Requirements

• REs to ensure that any lending done through DLAs is reported to CICs irrespective of its nature/ tenor.

• Extension of new digital lending products by REs over a merchant platform involving short term, unsecured/ secured credits or deferred payments need to be reported to credit bureaus by the REs. REs shall ensure that LSPs, if any, associated with such deferred payment credit products shall abide by the extant outsourcing guidelines issued by the Bank.

• These requirements are to be met by REs and the REs are to ensure that their LSPs also meet these requirements. The deadline to meet these requirements is November 30, 2022.

• If you have any queries regarding the RBI guidelines on digital lending, you may contact us by clicking the button below.