Wednesday, October 5, 2022

RBI releases digital lending guidelines

After a long wait, the Reserve Bank of India (RBI) on Wednesday released the digital lending guidelines based on the principle that lending business can be carried out only by entities that are either regulated by the central bank or entities permitted to do so under any other law.
The central bank has classified the universe of digital lenders into three groups – entities regulated by the RBI and permitted to carry out lending business; entities authorised to carry out lending as per other statutory/regulatory provisions but not regulated by RBI; and entities lending outside the purview of any statutory/ regulatory provisions.
The regulatory framework brought in by the RBI is directed at the first category, essentially entities that are regulated by the central bank and the lending service providers (LSPs) engaged by them. “As regards entities falling in the second category, the respective regulator/ controlling authority may consider formulating or enacting appropriate rules/regulations on digital lending based on the recommendations of the working group of digital lenders,” the RBI said.
“For the entities in the third category, the working group has suggested specific legislative and institutional interventions for consideration by the Central Government to curb the illegitimate lending activity being carried out by such entities,” it said.
For the regulated entities, RBI has said all loan disbursals and repayments are required to be executed only between the bank accounts of borrower and the RE without any pass through/ pool account of the LSP or any third party.
Further, any fees, charges, etc., payable to LSPs in the credit intermediation process has to be paid directly by the regulated entity and not by the borrower. Also, the all-inclusive cost of digital loans in the form of Annual Percentage Rate (APR) is required to be disclosed to the borrowers. The central bank has said that there cannot be an automatic increase in the credit limit without explicit consent of the borrower.
On the data privacy front, RBI has said the data collected by digital lending apps (DLAs) has to be need based, they should have clear audit trails and should be only done with prior explicit consent of the borrower. Further, these apps have to provide an option to borrowers to accept or deny consent for use of specific data, including the option to revoke previously granted consent, besides the option to delete the data collected from borrowers by the DLAs/ LSPs.
The central bank has also mandated that any lending sourced through DLAs have to be reported to Credit Information Companies (CICs) by regulated entities irrespective of its nature or tenor. “All new digital lending products extended by regulated entities over merchant platforms involving short term credit or deferred payments are required to be reported to CICs by the regulated entities,” the RBI said.
This is particularly important given a number of ‘buy now, pay later’ players were not reporting the loans they were offering to CICs.