RBI's new guidelines on digital lending

source: https://timesofindia.indiatimes.com/business/in...

In a bid to protect the interests of borrowers and increase consumer confidence in the digital lending ecosystem, the Reserve Bank of India has mandated that the lending business can only be carried out by entities regulated by it or those permitted under the law.
With the advent of technological innovation, there has been immense development in the digital lending ecosystem, which has resulted in several fintech firms extending credit services. However, this growth has led to misselling to unsuspecting customers, unethical business conduct by digital lenders and excessive engagement of third parties, and concerns over data privacy of the borrower. There have been also been several complaints by consumers that digital lending apps are charging exorbitant interest rates or they were committing fraud, among others.
In order to tackle this issue, the Reserve Bank of India has now released a detailed set of guidelines for digital lending and it has mandated that digital loans must be credited directly in the bank accounts of borrowers and not through any third party.
Here are key facts that borrowers must know:
1. The central bank said that for RBI-regulated entities ( RE), their lending service providers (LSPs), and digital lending apps (DLAs) of REs, all loan disbursals and repayments are required to be executed only between the bank account of the borrower and the RE, without any pass-through/ pool account of the LSP or any third party.
2. It also specified that digital lending entities and not the borrowers should pay fees or charges payable to Lending Service Providers (LSPs) in the credit intermediation process.
3. All-inclusive cost of digital loans in the form of annual percentage rate (APR) is required to be disclosed to the borrower by REs. REs must also provide a key fact statement (KFS) to the borrower before the execution of the contract in standardised format for all digital lending products. Any fees, charge, etc., which is not mentioned in the KFS cannot be charged by the REs to the borrower at any stage during the term of the loan.
4. There cannot be automatic increase in credit limits without the borrower’s on-record explicit consent. These regulated entities also have to publish the list of LSPs and DLAs engaged by them, besides details of the activities for which they have been engaged, on their website.
5. A cooling-off period shall be provided within the loan contract during which the borrower shall have the option to exit the digital loans by paying the principal and proportionate APR without any penalty.
6. Grievance Redressal Mechanism: The RBI said that the REs should ensure that they and the LSPs engaged “shall have a suitable nodal grievance redressal officer to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers. Such grievance redressal officers shall also deal with complaints against their respective DLAs.”
7. The borrower can also lodge a complaint under the Reserve Bank – Integrated Ombudsman Scheme if any of its complaint is not resolved by the regulated entity within the stipulated time period of 30 (thirty) days.
8. In order to ensure data protection/ privacy of the borrower, the Framework provides that the DLAs shall be allowed to collect only need based data with the prior explicit consent of the borrower. In addition to this, the borrower shall also have the option to either accept, deny or revoke its consent for use of any specific data along with the option to delete any data collected by the DLAs/ LSPs.
“REs to ensure that LSPs engaged by them do not store personal information of borrowers except for some basic minimal data (such as name, address, contact details of the customer, etc.) that may be required to carry out their operations,” the RBI said.
9. The central bank has also mandated that DLAs should not access mobile phone resources, such as files and media, contact list, call logs, and telephony functions. However, one-time access can be taken to camera, microphone, location, or any other facility necessary for onboarding/ KYC requirements only with the explicit consent of the borrower.
10. REs are required to ensure that any lending done through DLAs has to be reported to Credit Information Companies (CICs), irrespective of its nature or tenor. More importantly, lending through the Buy Now Pay Later (BNPL) model also needs to be reported to CICs.
But how do these safeguards protect the borrower?
" Such safeguards provided under the Framework will ensure that the interests of borrowers are protected and will increase consumer confidence in the digital lending ecosystem. The specification related to the cooling off period will also provide greater comfort to the borrowers. The provision for appointing a nodal grievance redressal officer will further result in protection of the borrower and help identify consumer grievances on an ongoing basis. KFS will provide greater transparency in relation to the costs and charges payable in relation to a loan," said Avinash Kumar Kard, Partner DSK Legal.
The third party apps which were lending monies to the individuals will not be able to charge fees/commissions as they were doing earlier
"These rules pertain to the use of credit facilities which are availed by individuals. The third party apps which were lending monies to the individuals will not be able to charge fees/commissions as they were doing earlier. The rules will also ensure that the data being collected by the third party apps is on a need basis only and the data so collected will need an express consent of the individual," said Aditya Chopra, Managing Partner, Victoriam Legalis - Advocates & Solicitors.
The new norms ensure data protection/ privacy of the borrower
" The framework provides that the Digital Lending Apps (‘DLAs’) shall be allowed to collect only need based data with the prior explicit consent of the borrower. In addition to this, the borrower shall also have the option to either accept, deny or revoke its consent for use of any specific data along with the option to delete any data collected by the DLAs. This is critical as it comes at a point where the government has withdrawn the Personal Data Protection Bill, 2019, which also aimed at regulating/protecting such sensitive and critical personal data," said -Jayashree Parihar, Counsel, PSL Advocates & Solicitors.
To ensure that unregulated DLAs does not engage in illegal digital lending business in India, the RBI has provided the following recommendations for consideration of the Government of India:
"Balance sheet lending using DLAs to be restricted to REs of RBI and to entities registered under any other law for specifically undertaking lending business; and Government may consider framing a legislation for Banning of Unregulated Lending Activities (BULA) which would cover all entities not authorized by RBI and not registered under any other law for specifically undertaking public lending," said Avinash Kumar Khard, Partner, DSK Legal.
The RBI’s new guidelines address two critical areas of transparency and control
"These guidelines put the onus of customer and credit diligence squarely on the lending institution, while enhancing the borrowing experience and combating malpractices such as privacy breaches, mis-selling, and excessive interest rates. Guidelines such as mandatory disclosure of the Annual Percentage Rate (APR), prohibition of automatic increases in credit limits without prior borrower consent will help build higher customer trust in the digital credit system," said Harish Prasad, MD, Banking Solutions India, FIS.
"The issuance of RBI's new norms is a crucial development in improving the digital lending regulation bid and is a welcome step towards ensuring fairness and transparency in the entire digital lending ecosystem. Some of the key changes proposed by RBI include tightened consumer data privacy with the lenders getting access to only some mobile applications as a one-time access in order to facilitate KYC process while mandating them to have distinctive mention of privacy policies on their website," said Madhusudan Ekambaram, CEO & Co-Founder, KreditBee, a finTech platform for instant personal loans.
RBI directive will make it easier for borrowers to understand all that a loan entails
"Most of the RBI directives have a direct customer impact and do much to secure customer interests. For instance, all lending sourced through digital means is required to be reported to the CICs regardless of the nature or tenor. This will benefit all prudent consumers paying back their loans, including short term consumer loans, by giving them a clear insight into their overall credit burden. The standardised Key Fact Sheet for borrowers will increase the transparency and make it easier for borrowers to understand what the loan entails," said Adhil Shetty, CEO, BankBazaar.com.

End of money rotation/earnings via wallets/3rd party upi payment for paying bills of BNPLs & more mess in cibil report for such users?

@abhishek012