RBI has come out with additional guidelines on digital lending.
This is much needed. All of us have read news of unsuspecting borrowers being threatened for loan repayment. All kinds of methods were used to embarrass and harass borrowers. A few borrowers even ended their lives in the face of this continuous intimidation. Access to loans was easy through various digital channels or apps. The interest rates were exorbitant and penalties for non-repayment even more so. There were several reports of extortion and data misuse.
The RBI has tried to address some of these issues through the new guidelines on digital lending. The guidelines put the onus on the lenders (NBFCs and the banks). Let’s find out about the new guidelines in detail.
What Are the Key Points in New RBI Guidelines about Digital Lending?
Reproducing a few abbreviations that have been used in the RBI circular.
- Regulated Entities (REs): NBFCs/banks etc.
- Lending Service Providers (LSPs): An agent of a Regulated Entity who carries out for a fee from the RE, one or more of lender’s functions in customer acquisition, underwriting support, pricing support, disbursement, servicing, monitoring, collection, recovery of specific loan or loan portfolio.
- Digital Lending Apps (DLAs): Mobile and web-based applications that help borrowers apply for loans from a digital lender. DLAs will include apps of the REs and the LSPs.
#1 All loan disbursals and repayments shall happen only between the bank accounts of borrower and the lender (regulated entity) without any pass-through / pool account of the LSP or any third party.
#2 Any fees, charges, etc., payable to LSPs (agents of the lenders) in the credit intermediation process shall be paid directly by banks and NBFCs (Registered entities) and not by the borrower.
#3 A standardized Key Fact Statement (KFS) must be provided to the borrower before executing the loan contract. Among other things, KFS must also disclose the all-inclusive cost of the digital loan in the form of APR (Annualized Percentage Rate).
To remove any convenient interpretation, the Reserve Bank has also shared the definition of APR.
APR shall be based on an all-inclusive cost and margin including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., except contingent charges like penal charges, late payment charges, etc. APR must be disclosed to the borrower upfront as part of the Key Fact Statement (KFS).
While this is good, a major pain for borrowers from digital lending apps was exorbitant penal charges. A few investors ended up paying many times over. I understand such charges are contingent and can’t be included in APR calculation. However, a requirement about crisp disclosure of late payment charges and a few illustrations about how late payments will balloon your repayment liability would have helped.
Without such illustrations, 99% of the borrowers would underestimate the impact of late payments. We already know that about credit cards.
#4 Automatic increase in credit limit without explicit consent of the borrower is prohibited.
This is a good safeguard but what constitutes explicit consent? In any case, a person in desperate need of money may not think much before sharing such consent in whatever form required.
#5 A cooling-off/ look-up period during which the borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty shall be provided as part of the loan contract.
While this is good, there are no minimums defined and the entire flow can be gamed. Plus, this information should be part of the Key Information sheet (KFS). Not many people read the contract.
#6 REs shall ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer to deal with FinTech/ digital lending related complaints. Such grievance redressal officer shall also deal with complaints against their respective DLAs. The details of the Grievance redressal officer shall be prominently indicated on the website of the RE, its LSPs and on DLAs, as applicable.
#7 As per extant RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated period (currently 30 days), he/she can lodge a complaint under the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).
Points 6 and 7 are important. RBI puts the entire onus on lenders. Even if the DLA is not responding, you can escalate to the grievance cell of the lender which understands the repercussions of non-compliance much better.
#8 Data collected by DLAs should be need-based, should have clear audit trails and should be only done with prior explicit consent of the borrower.
#9 Option may be provided for borrowers to accept or deny consent for use of specific data, including option to revoke previously granted consent, besides option to delete the data collected from borrowers by the DLAs/ LSPs.
These are important aspects. Many borrowers of digital lending apps have complained that the apps had access to their contacts and photo gallery. In case of late payments, their friends/relatives were approached. The borrowers were shamed and subject to mental harassment. Their photos were morphed are shared with their closed ones.
There is no reason why a lender (RE) or its agents (LSP or DLA) needs access to the photo gallery or the contacts list of the borrower. Access to such information should be explicitly disallowed. And punitive costs imposed in case of any violation. The RBI circular makes no mention of that.
Explicit consent has value only in case of informed borrowers or in case of those borrowers who are not desperate for money. A person who is struggling has no other option but to share consent. However, such a person also needs protection against data misuse.
Explicit consent/revocation of consent/option to delete data offers only a limited protection against crooks. Such information was sought so that you could be harassed into repaying the loan. And the lenders could work with lax loan underwriting practices since they were sure that they could intimidate. The employee could transfer the information on his/her device and continue to harass the borrower.
As a lender or its agent, you worry about getting your money back. Access to such sensitive data about the borrower makes up for the lax underwriting policies. The agent and the DLA can work with the belief that they can intimidate borrowers in repaying the loans.
#10 The details for loans sourced through DLAs (or RE or LSP) shall be reported to Credit Bureaus.
A Note of Caution
Charlatans are charlatans. They don’t care much about the rules. They will ride their luck as long as they can. However, as a borrower, you must know you have rights too. You have a right to a dignified life. When you are unable to pay back your loan, you will face the heat. And not all modes will be exactly legal. With the understanding of the regulations, you can stand your ground and escalate problems to the right people.
The RBI guidelines put the onus on the lenders to keep their agents and their recovery practices under check.
At the same time, as a borrower, you need to be responsible too. That you have rights as borrowers does not mean that you can get away without repaying. The RBI does not want (and rightly so) that borrowers are unnecessarily harassed but it still wants that you repay the loan. The lenders have all the legal means available. Remember the issue is not the lender is asking for repayment. That’s the right of the lender. The issue is that a few lenders (or their agents) are using wrong means to recover money. Therefore, don’t borrow what you can’t repay.