The New RBI Digital Lending Guidelines: Comply by November 30, 2022
The RBI, had constituted a Working Group on ‘digital lending including lending through online platforms and mobile apps’ (WGDL) on January 13, 2021. The final recommendations of this group along with recommendations that required immediate implementation were released on August 10, 2022. On September 2, 2022, the RBI in its press release also notified that the compliance deadline for recommendations with immediate implementation is November 30, 2022.
We bring to you a gist of some key actionable items, by Regulated Entities (REs) such as NBFCs and Online digital lending platforms/Lending Service Providers (LSPs) as per the recommendations of the Working Group.
RBI Digital Lending Guidelines: Things REs and LSPs should do before November 30, 2022
No pass-through Account
All loan servicing, repayment, etc., shall be executed directly in their bank account without any pass-through account/ pool account of any third party. The disbursements shall always be made into the bank account of the borrower.
Fee to be borne by Lenders
Any fee to be paid to the LSPs needs to be borne by the lenders and not the borrowers.
Nodal Grievance Officer
Both the Regulated Entities and the LSPs need to ensure that they have a nodal grievance officer in place to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers. Complaints to be resolved within 30 days.
Key Fact Statement
REs to provide a Key Fact Statement (KFS) to the borrower before the execution of the contract in standardized format for all digital lending products. Any charge, interest or fee not mentioned in the KFS cannot be charged.
Automatic Increase in Credit Limit Prohibited
Automatic increases in credit limits are prohibited unless explicit consent of borrower is taken on record for each such increase.
Publish List of LSPs
REs shall publish the list of LSPs (and Digital Lending Applications, if any) engaged by them along with the details of the activities for which they have been engaged, on their website.
Process to choose a LSP
REs should conduct a thorough due diligence of the LSP.
REs should ensure that the LSP does not store personal information, except minimal data.
REs should conduct periodic reviews of the LSP.
REs should impart necessary guidance to LSPs.
Collection of Data through Digital Lending Applications (DLAs)
Any collection of data by DLAs should be need-based and with prior and explicit consent of the borrower which can be audited, if required.
The borrower should be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect his personal data and if required, make the app delete/ forget the data.
Link to Website
REs to ensure that DLAs of REs/LSPs should have links to REs’ website where further/ detailed information about the loan products, the lender, the LSP
Data to be stored within India
REs to ensure that all data is stored in servers located within India while ensuring compliance with statutory obligations/ regulatory instructions.
REs to ensure that any lending done through DLAs is reported to CICs irrespective of its nature/ tenor.
Extension of new digital lending products by REs over a merchant platform involving short term, unsecured/ secured credits or deferred payments need to be reported to credit bureaus by the REs. REs shall ensure that LSPs, if any, associated with such deferred payment credit products shall abide by the extant outsourcing guidelines issued by the Bank.
These requirements are to be met by REs and the REs are to ensure that their LSPs also meet these requirements. The deadline to meet these requirements is November 30, 2022.
If you have any queries regarding the RBI guidelines on digital lending, you may contact us by clicking the button below.