Alerts & Updates 4th Oct 2022
[This paper discusses the existing and the proposed Digital Lending Framework in India and the conditions, policies, technological parameters and standards and the Mechanism that need to be put in place by Commercial Banks, Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks, and Non-Banking Financial Companies (including Housing Finance Companies) for Digital Lending.
Compliance of these RBI guidelines need to be adhered to by November 30, 2022]
The Hon’ble Finance Minister in her budget speech of 2022-23, ushered in a new era for Indian banking and set up 75 Digital Banking Units (DBUs) in 75 districts of the country by Scheduled Commercial Banks.
Prior to this, in November 2021, the Reserve Bank of India (RBI) released the Report[1] of the Working Group on Digital Lending including lending through Online Platforms and Mobile Apps. Post announcement in the Union Budget 2022-23, the RBI has been working on guidelines for operationalizing the structure for digital lending. Many initiatives and reports followed each other on close heels. In June 2022, RBI released a document on Payments Vision 2025 – a road map to elevate payments to achieve less-cash and less-card society.
In July 2022, India’s NITI Ayog [“National Institution for Transforming India” policy-making institution of India] released its report titled “DIGITAL BANKS A Proposal for Licensing & Regulatory Regime for India”. [2] Earlier in 2017, the RBI issued Master Directions – Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017.
Building on the above, the RBI, on September 2, 2022 issued guidelines for digital lending applicable to all Commercial Banks, Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks; and Non-Banking Financial Companies (including Housing Finance Companies). With this, the stage is now set for an ‘open banking’ system. This follows tremendous success on the payments front (where the Unified Payments Interface (UPI) recorded over 4.2 billion transactions worth INR 7.7 trillion in October 2021). Additionally, the digital lending framework will also extend the reach of Indian banking to micro and small businesses.
World over technology is playing a significant role in transforming lending system. Blockchain technology is increasing being deployed in international remittances. Artificial Intelligence and cloud computing is also in for a big boost in the near future[3]. In the lending sphere too, various models such as Person-to-Person (P2P), Person-to-Business (P2B), Business-to-Person (B2P), Business-to-Business (B2B) models are bring increasingly used by credit or intermediary platforms.
An RBI report[4] notes that the total global alternative credit (i.e., credit through FinTechs and BigTechs) in 2019 stood at USD 795 billion in which share of FinTechs and BigTechs is around USD 223 billion and USD 572 billion respectively. As regards the Indian market, the RBI report observed that lending through digital mode relative to physical mode is still at a nascent stage in case of banks as lending of (INR 1.12 lakh crore via digital mode vis-à-vis INR 53.08 lakh crore via physical mode was transacted. On the other hand, on the NBFC front a higher proportion of lending i.e. (INR 0.23 lakh crore via digital mode vis-à-vis INR 1.93 lakh crore via physical mode was noticed. Overall volume of disbursement through the digital mode for the sampled entities has exhibited a growth of more than twelvefold between 2017 and 2020 (from INR 11.6 thousand crore to INR 1.4 lakh crore). As per some market estimates[5], digital lending in India is expected to become a USD 1.3 trillion market opportunity by 2030. The digital lending market size is set to grow from USD 270 billion in 2022 at a CAGR of 22% between 2022 and 2030.
There is no single universally accepted definition available for this – the obvious reason is that the field is still evolving, and newer methods are being deployed in light of new technological advancements. However, based on its features, ‘digital lending’ can be defined as a platform-based seamless lending process which uses digital technologies for the entire process of credit dispensation including credit assessment, loan approval, documentation, disbursement, loan repayment, and customer service. Majorly, DL takes two forms – (i) Balance Sheet Lending (BSL) and(ii)Market Place Lending (MPL).
RBI guidelines define Balance Sheet Lending (BSL) as “Financial service involving extension of monetary loans, where the lender retains the loan and associated credit risk of the loan on its own balance sheet” and “Balance Sheet Lenders” as ‘Lenders who undertake balance sheet lending’.
On the other hand, Market Place Lending (MPL) is a platform which connects lenders with borrowers/customers and investors who may buy or invest in such loans/ lend to such borrowers. These MPL are also known as Market Place Aggregators (MPAs) and is P2P.
There are other similar systems like Prepaid Payment Instruments (PPIs) which are basically payment wallets. These PPIs are used to facilitate buying of goods and services, including the transfer of funds, financial services and remittances, against the value stored in the instrument. PPIs are also regulated by RBI under the Payment and Settlement Act, 2005. The framework governing “Issuance and Operation of PPIs” are issued and updated by RBI in the form of Master Direction[6]. No entity can set up and operate payment systems for issuance of PPIs without prior approval / authorization of RBI. These guidelines lay down the eligibility criteria and the conditions of operation for payment system.
Entities engaged in DL are presently outsourcing many functions to private agencies and this raises concerns about data privacy, unfair practices, exorbitant interest rates, and unethical recovery practices. As per reports[7] RBI identified a whopping 600 illegal lending apps operating in India in the last year. This Report also mentions that, “Sachet”, a portal established by RBI against unregistered entities, has received approximately 2,562 complaints against digital lending apps between the start of January 2020 to end of March 2021. There are other issues relating to money laundering and data privacy and data storage which are sensitive not only from the point of view of lending but also from the point of view of internal security systems.
There were other practices as ‘Rent a NBFC’. This arrangement used “First Loss Default Guarantee (FLDG)” to share credit risk without having to maintain any regulatory capital.
Now RBI has on September 2, 2022 issued Comprehensive Guidelines which would govern Digital Lending by the Regulated Entities (REs) in India. These Guidelines address a wide range of issues ranging from engagement of services of Service providers, credit appraisal, data privacy, maintenance of transparent process and systems, reporting and a grievance redressal mechanism.
These guidelines will also apply to the ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’ from September 2, 2022 onwards. However, lenders have been provided time till November 30, 2022, to put adequate systems and processes in place to ensure that ‘existing digital loans’ are also in compliance with these guidelines in both letter and spirit.
All Commercial Banks, Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks; and Non-Banking Financial Companies (including Housing Finance Companies).
The Guidelines covers three specific areas of:
These guidelines allow outsourcing arrangements by Regulated Entities (REs) with a Lending Service Provider (LSP)/ Digital Lending App (DLA) but the onus of compliance with RBI guidelines will remain with the REs. Both the REs and LSP need to be regulated entities.
The Guidelines basically allow only Balance Sheet type of lending and all loan servicing, repayment etc. need to be in the RE’s bank account without any pass-through account/ pool account of any third party.
Disbursements would need to be made into the bank account of the borrower except for disbursals covered exclusively under statutory or regulatory requirements for specific end use, or into the bank account of the end-beneficiary. No third- third-party account disbursal is allowed, including the accounts of LSPs and their DLAs.
Co-lending arrangements are allowed as per the RBI guidelines in Circular dated November 05, 2020[8]
Outsourcing of various functions such as customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio is allowed. REs are required to comply with RBI guidelines on outsourcing of various functions. As per “Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks” dated November 3, 2006, banks are required to have a comprehensive Board approved outsourcing policy. Offshore outsourcing is permitted subject to strict compliance of the regulatory requirements and only in jurisdictions upholding confidentiality clauses and agreements. However, the banks are prohibited from outsourcing core management functions including Internal Audit, Compliance function and decision-making functions like determining compliance with KYC norms for opening deposit accounts, sanction for loans (including retail loans) and management of investment portfolio. Agreement with such an LSP should cover all requirements as specified by RBI in the above-mentioned circular.
Before engaging services of an LSP/DLA, REs need to conduct enhanced due diligence covering its technical abilities, data privacy policies and storage systems, fairness in conduct with borrowers and ability to comply with regulations and statutes etc. Periodic reviews are also required.
First Loss Default Guarantee (FLDG) is allowed. “First loss facility” means the first level of financial support provided by the originator or a third party to improve the creditworthiness under which the provider of the facility bears part or all of the risks associated with the assets.
FLDG is permitted subject to adherence to the provisions of the Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021, especially, synthetic securitization contained in Para (6)(c). As per the said guidelines lenders, including overseas branches of Indian banks, cannot undertake synthetic securitization “where credit risk of an underlying pool of exposures is transferred”, in whole or in part, using credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender.
FLDG provider should ensure that the following conditions are fulfilled failing which the credit enhancement provider will be required to hold capital equal to the full value of the securitized assets:
RBI guidelines also define some of the major terms as follow:
Digital Lending: A remote and automated lending process, largely by use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.
Digital Lending Apps/Platforms (DLAs): Mobile and web-based applications with user interface that facilitate digital lending services. DLAs will include apps of the REs as well as those operated by LSPsengaged by REs for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the Reserve Bank.
Lending Service Provider (LSP): An agent of a Regulated Entity who carries out one or more of lender’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of REs in conformity with extant outsourcing guidelines issued by the Reserve Bank.
In the light of the RBI Guidelines, REs are required to ensure the following in connection with their digital lending processes:
– DLAs or DLAs of their LSPs at on-boarding/sign-up stage of the borrower should prominently display information relating to the product features, loan limit and cost, etc. Further, there should be links to REs’ website where further detailed information about the loan products, the lender, the LSP, particulars of customer care, link to Sachet Portal, privacy policies, etc. can be accessed by the borrowers.
– It shall be ensured that all such details are available at a prominent single place on the website for ease of accessibility.
– Further, the facility of lodging a complaint shall also be made available on the DLA and on the websites.
– Responsibility of grievance redressal shall continue to remain with the RE. Such complaints should be resolved within 30 days, thereafter the Complaint can be lodged on the Complaint Management System (CMS) portal under the Reserve Bank-Integrated Ombudsman Scheme.
– No access to mobile phone resources like file and media, contact list, call logs, telephony functions, except for the purpose of on-boarding/ KYC requirements with the explicit consent of the borrower.
– Borrower should be provided an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data.
– The purpose of obtaining borrowers’ consent needs to be disclosed at each stage of interface with the borrowers.
– Explicit consent of the borrower need be taken before sharing personal information with any third party, save and except the data required under the statutory or regulatory requirements,
– No personal information of borrowers could be stored save and except some basic minimal data (,name, address, contact details of the customer, etc.) that may be required to carry out their operations.
– Clear Policy guidelines regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc., need to be put in place by REs and also disclosed by DLAs of the REs and of the LSP engaged by the RE prominently on their website and the apps at all times.
– No biometric data be stored/ collected in the systems associated with the DLA of REs/ their LSPs, unless allowed under extant statutory guidelines.
– All data need to be stored only in servers located within India, while ensuring compliance with statutory obligations/ regulatory instructions.
– Comprehensive privacy policy: REs/DLAs/LPS should have a comprehensive privacy policy compliant with applicable laws, associated regulations and RBI guidelines and for accessing and collection of personal information of borrowers, DLAs of REs/LSPs should make the comprehensive privacy policy available publicly.
– Details of third parties (where applicable) allowed to collect personal information through the DLA shall also be disclosed in the privacy policy.
REs needs to ensure the above requirement before embarking on any arrangement for Digital Lending in India.
STEPS FOR LENDERS |
Lenders would need to take following steps to make their DL compliant with the RBI guidelines:
|
We hope you have found this information useful. For any queries/clarifications please write to us at insights@elp-in.com or write to our authors:
Mukesh Chand, Senior Counsel – Email – MukeshChand@elp-in.com
Disclaimer: The information contained in this document is intended for informational purposes only and does not constitute legal opinion or advice. This document is not intended to address the circumstances of any individual or corporate body. Readers should not act on the information provided herein without appropriate professional advice after a thorough examination of the facts and circumstances of a situation. There can be no assurance that the judicial/quasi-judicial authorities may not take a position contrary to the views mentioned herein
[1] https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=1189#ABB
[2] https://www.niti.gov.in/sites/default/files/2022-07/DigitalBanking07202022_compressed.pdf
[3] India banks are projected to spend over US$1 billion by 2025 on public cloud initiatives, indicating the prominence of cloud in driving the technology transformation. Similarly, IT spending for treasury-as-a-service capabilities is projected to cross US$66 million by 2025 at a compound annual growth rate (CAGR) of 20%, reiterating the resolve of the banks in India to get closer to their business clients. [c.com/getdoc.jsp?containerId=AP48732022&utm_source=press-release&utm_medium=website&utm_campaign=idc-india]
[4] https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=1189#ABB
[5] https://inc42.com/reports/state-of-indian-fintech-report-q3-2022/
[6] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142
[7] https://www.indiatoday.in/business/story/rbi-illegal-lending-apps-india-play-store-blocked-high-interest-rates-1930729-2022-03-29
[8]Co-lending arrangements shall be governed by the extant instructions as laid down in the Circular on Co-lending by Banks and NBFCs to Priority Sector dated November 05, 2020.
[9] As per the provisions of the Credit Information Companies (CIC) (Regulation) Act, 2005; CIC Rules, 2006; CIC Regulations, 2006
As per the rules of the Bar Council of India, lawyers and law firms are not permitted to solicit work or advertise. By clicking on the "I Agree" button, you acknowledge and confirm that you are seeking information relating to Economic Laws Practice (ELP) of your own accord and there has been no advertisement, personal communication, solicitation, invitation or any other inducement of any sort whatsoever by or on behalf of ELP or any of its members to solicit any work through this website.