Tirth Purani* and Ananya Sinha**
INTRODUCTION
Over the last few years, multiple unauthorised digital loan service providers have emerged. These providers have threatened consumers' interests and escaped the regulatory wall of the authorities. A Fintech Association for Consumer Empowerment report on consumer awareness and its impact on financial security revealed that one-third of high-confidence customers have limited knowledge of their digital loans and lack understanding of detecting illegal lending apps, jeopardising their privacy and financial security.
Amidst such a situation, in 2022, the RBI came out with regulatory guidelines (“the Guidelines”) for registered entities (“REs”) such as banks and other non-banking financial institutions that provide loans through lending service providers (“LSPs”). The LSPs provide loans through Digital Lending Apps (“DLA”) that facilitate the provision and availing of lending services. The RBI then raised concerns regarding the neutrality and transparency of the web aggregators of loan products and announced a plan in 2023 to regulate them. In April 2024, the RBI released the draft Guidelines on digital lending to protect customers’ interests and ensure transparency in the borrowing procedure.
This article explores the challenges faced by the digital lending system and analyses whether RBI Guidelines would positively impact it. It also addresses certain challenges and proposes possible recommendations.
CHALLENGES IN THE DIGITAL LENDING SYSTEM PRE-GUIDELINES
With the growing FinTech industry, multiple digital lending sources lead to prominent cyber fraud. Complaints against such apps have doubled to 1062 in 2023, indicating a serious threat to consumer protection. These statistics show that although digitisation has made the credit facility more accessible to consumers, it is more damaging than helpful. An entity collecting sensitive information to analyse consumer behaviour will make it more prone to security breaches. Several instances have involved a large chunk of consumer data being uploaded to the dark web. Unlike traditional financial institutions, there was no formal regulatory body for DLAs. This motivated these predatory apps to target people with low-income backgrounds and lesser financial and digital awareness.
In the entire digital lending process, there is a high possibility that consumers may provide false or misleading information, causing a major risk of default in repayment of the loan and suspicion of the user's authenticity. For any RE to give credit facility to the consumer, the income-to-debt ratio of the consumers must be realised with authenticated information. Unauthenticated information makes assessing a consumer's creditworthiness difficult, demanding a stronger mechanism to assess the information that consumers provide.
ANALYSIS OF THE GUIDELINES
The Guidelines focus on streamlining the lending procedure, ensuring data protection, and eliminating illegitimate digital lending tools. Under the Guidelines, loan disbursal and repayment cannot occur through the account of any third party, such as a pass-through account or pool account, which includes the accounts of LSPs and DLAs (ClauseA.3.). This will maintain the privacy between the lending parties. It is being further ensured that their LSPs have a nodal grievance officer to address issues faced in digital lending (Clause 6.1). The Guidelines also mandate REs to provide a Key Fact Statement (“KFS”) in a standard format that includes the all-inclusive cost of the digital loan in the form of an annual percentage rate, recovery mechanism, and details of the grievance redressal officer assigned to deal with issues of digital lending (Clause 5.2).
The REs are mandated to publish the list of LSPs and DLAs and a detailed aggregation of their activities on the RE’s website.
DLAs must provide clear information about loan products during the onboarding stage to ensure borrower awareness (Clause 5.7). This disclosure requirement enhances compliance, allows customers to be fully informed of all associated charges, and helps them identify the recovery agents of the RE. By implementing this process, unethical practices are minimised, and accountability is increased.
The RE also has a responsibility to ensure that all DLAs and LSPs engaged by it have a comprehensive privacy policy (Clause 12.1). This policy should include the details of third parties that can be allowed to collect personal information through the DLAs and the type of data that can be stored. The RE's DLAs and LSPs should prominently disclose this on their platform.
The data collected in the process must be localised and stored on servers located within India (Clause 11.4).
The REs have been entrusted with the responsibility of ensuring the privacy and security of the customer's personal information (Clause 11.1). The RBI has previously included data protection and localisation-related provisions in its Guidelines, which have been incorporated into the Guidelines.
The REs must also conduct enhanced due diligence on technical infrastructure, privacy policy, and storage system where the data is stored, along with compliance and breach of rules and guidelines before partnering with an LSP for digital lending. The requirement of due diligence that was missing earlier has been brought to light by several DLAs operating with harsh and predacious recovery and lending practices. The imposition of an obligation on the REs to conduct due diligence on LSP will set the standard for choosing reliable service providers. Due diligence will help REs select only genuine LSPs and operate under necessary compliance.
CHALLENGES IN THE DIGITAL LENDING SYSTEM POST-GUIDELINES
The Guidelines, along with its advantages, lays down certain industry concerns. Digital lending carries risks such as identity theft and others, which result in bad loans. The delinquencies are higher in the digital lending industry; they almost surpass 10-12 %, which is higher than that of traditional lenders. As a result, digital lenders have started prioritising risk management over growing their disbursements. They are strengthening their loan underwriting processes in order to prevent their delinquency risk. There is a lack of an effective fraud management system that could enhance the quality of the loan book.
Due to the challenges in recovering money from defaulting small-ticket retail borrowers, lenders are detesting new-to-credit (“NTC”) customers and relying more on higher credit score customers to boost profitability. A report by TransUnion CIBIL showed that even though the volume of loans to NTC customers has increased over time with the expansion of the portfolio, there is a fall in the share of NTC loan originations to 13% in FY23 from 29% in FY19. Before implementing the Guidelines, the RBI circular on Prepaid Payment Instruments (“PPIs”) and credit lines banned the loading of non-banking PPIs, such as prepaid cards and wallets, on credit lines. The credit lines restriction affected several ‘Buy Now Pay Later’ (“BNPL”) platform providers, as the BNPL platforms offered credit to their users through non-bank-issued PPIs, which used pre-approved credit lines to load the PPIs. The double blow of the credit lines circular and the Guidelines has led to a disruption in the operations of BNPL companies. The Guidelines bring with them a lot of positive affirmations, but at the same time, they come with many industry-level concerns, which require clarification for effective implementation.
RECOMMENDATIONS
The absence of a formal regulatory mechanism has caused immense data and privacy breaches. To combat predatory apps, the RBI is also planning to establish the Digital India Trust Agency, which will govern the functioning of DLAs. The RBI also needs to formulate a regulatory framework for every type of loan, such as consumer loans, instant loans, etc. A monitoring mechanism should also be established to effectively monitor the compliance of REs and the digital portals of the DLAs. The RBI should conduct a thorough investigation of the functioning of these apps. Only entities with a sound and efficient technological infrastructure should be allowed to provide loans.
Further, financial regulators should focus on educating consumers. Before opting for such credit facilities, there should be a mandatory tutoring video and test for consumers. This will help them navigate and understand the lending process and test their competency in availing of credit facilities. The RBI should also ensure that the user interface of these apps is easy to navigate without creating any confusion in the user's mind. Such steps, if taken, will ensure that the lending process is completed effectively without prejudice to either of the parties.
CONCLUSION
The Guidelines have created a new set of compliance and disclosure, ensuring consumer and data protection. There are still a lot of industry-level concerns that persist and require definite clarifications for effective implementation. The role of Payment Aggregators (“PA”) has brought a lot of clarification, and the RBI’s stance on the pass-through of funds for digital lending through PAs and BNPL platforms is not permitted. The exemptions on corporate employers and the physical recovery of loans have been quite limited, which could hinder the productivity of the process. The concern about the Guidelines can be addressed through better clarifications that could devise the right model to operate effectively. Digital lending holds great promise both in terms of business and as a source of short-term liquidity for micro and small businesses and individuals. The Guidelines will provide a positive framework for creating a protected digital lending platform nationwide.
(*) Tirth Purani is a penultimate-year law student at Nirma University. His interests lie in writing and sketching. He can be contacted at tirthdpurani@gmail.com for any discussion related to the article. (**) Ananya Sinha is a penultimate-year law student at KIIT School of Law. Her interests include reading and playing tennis. For any discussion related to the article, she can be contacted at ananyasinha.rkl@gmail.com.
Comentários