All Things Newz
Law \ Legal

Guidelines On Digital Lending – First Impressions And Questions – Fin Tech

To print this article, all you need is to be registered or login on

The Reserve Bank of India (RBI) has issued the
Guidelines on Digital Lending on September 02, 2022
(“Guidelines“) laying down the
directions on matters covered in Annex-1 of the press release
titled ‘Recommendations of the Working group on Digital
Lending – Implementation
dated August
10, 2022 (Press Release).

Key highlights

  1. Applicability and timelines

The Guidelines are applicable to regulated lending entities
(RE), such as Commercial Banks, Primary (Urban)
Co-operative Banks, State Co-operative Banks, District Central
Co-operative Banks and Non-Banking Financial Companies (including
Housing Finance Companies). For existing customers availing fresh
loans and new customers getting onboarded with effect from
September 02, 2022; and for existing digital loans REs are given
time till November 30, 2022, to comply with the Guidelines in both
in ‘letter and spirit’.

Comment: By requiring REs to comply with the Guidelines in
both ‘letter and spirit’, the RBI appears to have kept room
open for interpretation to analyse any structure that may
circumvent the legislative intent of the Guidelines, an approach
not typically explicitly expressed by the RBI in its regulations.
This may lead to REs taking conservative calls in supporting new
fintech models.

  1. Disbursement and repayment of loan

All loan disbursals and repayments are required to be executed
only between the bank accounts of borrower and the RE. Any
passthrough/ pool account of the lending service providers
(LSP) or any third party is not permitted. Limited
exceptions are provided for the rule to disbursals covered
exclusively under statutory or regulatory mandate, flow of money
between REs for co-lending transactions; and disbursals for
specific end use, provided the loan is disbursed directly into the
bank account of the end-beneficiary.

Comment: The RBI clarification on exemption for disbursement
with a specific end use will bring relief to some BNPL,
supply-chain financings and other digital lending where the end use
is specified provided that the loan amount is disbursed only in the
bank account of the ‘end-beneficiary’, i.e., the merchant,
supplier or seller, and not routed through any third-party account,
including the bank account of the LSP or any intermediary.

The restriction introduced by RBI may also restrict
disbursement and recollection through payment aggregators. A good
portion of payment aggregators’ business came from managing
payouts and collections for REs/LSPs and the Guidelines may impact
such business offerings from payment aggregators. Interestingly,
the RBI guidelines on outsourcing of financial services by REs
permit REs to appoint collection agents to collect loan repayments
from borrowers on behalf of the REs. One may question, why would
then RBI prohibit regulated payment aggregators, which are entities
licensed by RBI to collect and settle payments on behalf of third
parties, from collecting repayments from borrowers in an escrow

  1. Cooling-off period

A cooling off/ look-up period as determined by the board of RE
is required to be given to borrowers for exiting digital loans, by
paying the principal and proportionate APR without any penalty. The
cooling-off period cannot be less than three days for loans having
tenor of seven days or more, and one day for loans having tenor of
less than seven days. For borrowers continuing with the loan even
after cooling-off period, pre-payment is permitted as per extant
RBI guidelines.

Comment: The requirement of a minimum cooling-off period and
prepayment of loans is an additional clarification from the Press
Release. This will ensure a reasonable cooling-off period and allow
borrowers to prepay loans in accordance with RBI

  1. Data collection, processing and sharing

Collection: Any collection of data by DLAs is permitted on a
need-based and with prior and explicit consent of the borrower
which can be audited, if required. DLAs are not permitted to access
mobile phone resources such as file and media, contact list, call
logs, telephony functions, etc. A one-time access can be taken for
camera, microphone, location or any other facility necessary for
the purpose of on-boarding/ KYC requirements only with the explicit
consent of the borrower.

Consent: The borrower is required to be provided with an option
to give or deny consent for use of specific data, restrict
disclosure to third parties, data retention, revoke consent already
granted to collect his personal data and if required, make the app
delete/ forget the data. Explicit consent of the borrower is
required to be taken before sharing personal information with any
third party, except for cases where such sharing is required as per
statutory or regulatory requirement. The purpose of obtaining
borrowers’ consent is required to be disclosed at each stage of
interface with the borrowers.

Comment: RBI has specifically discouraged DLAs from having
access to mobile phones for accessing media files, contact list,
other resources etc., event with explicit customer consent, and
this may affect the ability of DLA driven credit assessments and
other product offerings that were being made to customers.

  1. Data storing

Storage: LSPs are not permitted to store personal information of
borrowers except for some basic minimal data (viz. name, address,
contact details of the customer, etc.) that may be required to
carry out their operations.

Comment: The RBI has given some leeway to
the LSPs to store ‘basic minimal’ data on a need basis only
with express written consent of the borrowers. However, this data
cannot include biometric data. Till date, LSPs used to access,
collect and store customer data with customer consent pursuant to
provisions of the Information Technology Act, 2000 and Information
Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011. Now, the RBI
has imposed further stringent requirements where customer personal
data, except to the extent permitted, cannot be stored by LSPs even
with explicit customer consent.

Data localisation: All data is required to be stored in servers
located within India while ensuring compliance with statutory
obligations/ regulatory instructions.

Comment: It appears that RBI has gradually shifted towards
localisation of all financial data in India. While the previous
data localisation requirements under the
RBI circular on
Storage of Payment System Data
dated April 6, 2018, were limited to payment system data and
payment system operators, now all REs and LSPs will have to store
all data (both payments and non-payments data) in servers located
in India and this will result in further cost implications for REs
and LSPs.

  1. First loss default guarantees (FLDG)

The Guidelines state that in relation to the contractual
arrangements for FLDGs (in which a third party guarantees to
compensate up to a certain percentage of default in a loan
portfolio of the RE), REs should comply with the provisions of
the Master Direction – Reserve Bank of India
(Securitisation of Standard Assets) Directions, 2021
September 24, 2021 (Securitisation Directions),
especially, directions on synthetic securitisation contained in the
Securitisation Directions.

Comment: The Securitisation Directions define
“synthetic securitisation” as a structure where credit
risk of an underlying pool of exposures is transferred, in whole or
in part, through the use of credit derivatives or credit guarantees
that serve to hedge the credit risk of the portfolio which remains
on the balance sheet of the lender. Pursuant to paragraph 6(c) of
the Securitisation Directions, REs are not permitted to undertake
or have any exposure towards synthetic securitisations.

Since the definition of synthetic securitisation is limited
to hedging credit risk through ‘credit derivatives’ or
‘credit guarantees’, REs and LSPs could potentially argue
that hedging of credit risk through security deposits and
indemnities may not necessarily be restricted pursuant to this
provision. However, paragraph 15 of the Guidelines seems very
widely worded and uses the phrase “contractual arrangements,
such as FLDGs, where a third party guarantees to
compensate….” In the context of restricting FLDG
arrangements, this could be viewed as a non-exhaustive restriction
and could potentially include structures which result in
compensation to the RE for a loss in loan portfolio of the RE-
especially when the guidelines are to be implemented in ‘letter
and spirit’.

Under the Securitisation Directions, non-lender REs are
permitted to provide credit enhancement facilities for
securitisation transactions. Could it mean that third party NBFCs
are permitted to issue credit comforts to the RE lender on behalf
of an LSP for digital lending, subject to such NBFC maintaining
adequate capital required under the Securitisation Directions? The
working group report also recommended that issuance of FLDGs should
be limited to REs. Could it mean that RBI has also accepted this
recommendation from the working group report? If yes, this could
benefit fintech entities housing an NBFC within the group.

If RBI’s intention were to ban FLDGs in toto, why did it
not say in unequivocal terms? Further, synthetic securitisations
structures typically involve issuance of notes embedded with credit
derivatives or backed by guarantees which is not the case in FLDG
contractual arrangements. It appears that by a reference to
Securitisation Directions, RBI seems to be suggesting that such
synthetic structures were never permitted under the regulatory
framework and thereby RBI can retrospectively discontinue FLDGs by
requiring REs to comply with this restriction for existing digital
loans by November 31, 2022.

Concluding remarks

While the RBI’s intentions behind restricting FLDGs is well
founded to protect customers from any imprudent recovery practices
and to prevent RE’s from taking comfort from overleveraged
LSPs, such a blanket ban on FLDGs will likely be a death knell for
the fintech industry which has developed on the footing of such
FLDG arrangements. Limiting the quantum of the FLDGs for such
digital lending arrangements (including prescribing capital
adequacy for such LSPs) would have been better to address such
risks. The fintech industry would expect that the RBI, while
addressing the matters contained in Annex-II of the Press Release,
recognises the key role of FLDG arrangements in digital lending
models and issues detailed instructions on regulation of FLDGs
after taking into account inputs from all stakeholders.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Source link

Related posts

A Review Of Patenting Trends Of Hydrogen Fuel Cells In The Transport Sector – Patent

Lending & Secured Finance Country Comparative Guide 2022 – Insolvency/Bankruptcy

The EUs New Foreign Subsidies Regime Will Soon Be A Reality – Contracts and Commercial Law