All Things Newz
Law \ Legal

RBI Issues Guidelines For Digital Lending Sector – Dodd-Frank, Consumer Protection Act

To print this article, all you need is to be registered or login on


Digital lending has the potential to make financial products and
services accessible to public in a more fair and efficient manner.
However, there are certain inherent risks associated with digital
lending (like any other lending activity) such as unbridled
engagement of third parties, mis-selling, breach of data privacy,
unfair business conduct, charging of exorbitant interest rates, and
unethical recovery practices, which if not addressed may erode the
confidence of the public in the digital lending. Being cognizant of
such risks and to ensure orderly development of digital lending
along with preservation of financing stability and protection of
depositors’ and customers’ interest, the Reserve Bank of
India (“RBI”) on 13 January 2021, issued a press release
confirming the constitution of a working group (“Working
Group”). The Working Group was set up by the RBI to study all
aspects of digital lending activities in the regulated financial
sector as well as by unregulated players, so that an appropriate
regulatory framework could be put in place for digital lending
through online platforms and consumer protection.

On 18 November 2021, the Working Group submitted its report to
the RBI and made various recommendations for addressing the
existing and potential risks (i.e., inter-alia consumer protection
from unethical practices, breach of data privacy, regulation of
unregulated entities, enforcement of fair practices code for
digital lending entities, data governance) in the digital lending
ecosystem without stifling innovation (“Report”). The RBI
on the same date (i.e., 18 November 2021) released the Report
seeking comments of the relevant stakeholders and members of the
public. Further to this, the RBI, on 10 August 2022 issued a press
release laying down the preliminary regulatory framework for the
relevant entities based on the recommendations of the Working Group
(“Press Release”).


As per the Press Release, the Working Group has provided its
recommendations based on the following classification of digital



Recommendation oF THE WORKING GROUP


Entities regulated by the RBI and permitted to carry out lending

The RBI to consider a regulatory framework focused on the
digital lending ecosystem of the entities regulated by it1
(“REs”) and the lending service providers2 (“LSPs”)
engaged by them to extend various permissible credit facilitation


Entities authorized to carry out lending as per other statutory/
regulatory provisions but not regulated by the RBI

The respective regulator/ controlling authority to consider
formulating or enacting appropriate rules/ regulations.


Entities lending outside the purview of any statutory/
regulatory provisions

Specific legislative and institutional interventions be
undertaken by the Central Government to curb illegitimate lending
activity being carried out by such entities. State money lending
statutes may also be applicable.

Based on the above classification, the RBI has considered the
recommendations of the Working Group and laid down a regulatory
framework for REs and LSPs.


Set out below is our analysis of the RBI’s regulatory

  • Recommendations for immediate implementation:
    For certain aspects which needed urgent attention, the RBI has
    carved out specific recommendations of the Working Group for
    immediate implementation, as Annexure I of the
    Press Release. These recommendations inter alia include
    guidelines on consumer protection, conduct issues, technology and
    data requirements amongst other regulatory framework changes. Key
    guidelines are as below:


Consumer protection and conduct issues


Loan disbursals/ repayments should only be executed between the
bank accounts of borrower and the RE without any pass-through/ pool
account of the LSP/ third party;


Fee/ charges payable to LSPs in the credit intermediation
process are required to be paid by RE and not by the borrower;


Prior to execution of a loan contract, the RE must provide a
standardized key fact statement (“KFS”) to the borrower.
The KFS shall inter alia contain (i) details of the
applicable annual percentage rate (“APR”); (ii) terms and
conditions of recovery mechanism; (iii) details of grievance
redressal officer designated specifically to deal with digital
lending/ FinTech related matter; and (iv) cooling-off/ look-up


RE’s must upfront disclose all-inclusive cost of digital
loans (as APR) to the borrowers, and the APR should form part of
the KFS provided to the borrower. For clarity, please note that an
APR is based on all inclusive cost and margin including cost of
funds, credit cost and operating cost, processing fee, verification
charges, maintenance charges, etc., except contingent charges like
penal charges, late payment charges etc;


Any automatic increase in credit limit without the explicit
consent of the borrower is prohibited;


The borrowers are required to be provided provisions of a
cooling-off/ look-up period during which they can exit digital
loans by paying the principal and the proportionate APR without any
penalty. Such provisions are mandatorily required to be
incorporated in the loan contract executed with the borrower;


LSPs engaged by RE’s are required to appoint a nodal
grievance redressal officer to deal with financial technology/
digital lending related complaints. Such officer is also required
to deal with complaints against their respective digital lending
applications3 (“DLAs”).


The details of the officer are required to be indicated on the
website of the RE, its LSPs and on relevant DLAs. Further, RE’s
need to communicate to the Borrower, the details of the LSP acting
a recovery agent both at the time of sanctioning of the loan as
well as subsequent change in LSP.


RE’s are required to ensure that digitally signed documents
supporting important transactions through DLAs of REs/LSPs, such as
KFS shall automatically flow from the lender to the registered/
verified email/ SMS of the borrower upon execution of the loan
contract/ transactions;


All complaints lodged by the borrower are to be resolved within
30 days. If not resolved, the borrower may lodge a complaint under
the RBI’s “Integrated Ombudsman Scheme”.


Technology and data requirements


DLAs are permitted to gather data on a needs-basis only after
obtaining prior explicit consent of the borrower which can be
audited, if required. Further, DLAs are required to have clear
audit trails for such data collected by them.


The borrower shall be provided an option to accept/ deny consent
for use of specific data (including the option to revoke previously
granted consent and deletion of the data collected) by the DLAs/


REs’ are to ensure that DLAs have a comprehensive privacy
policy (to be made available in public) compliant with applicable
laws for access and collection of personal information of


Credit bureau reporting


Lending sourced through DLAs (either of the RE or of the LSP
engaged by RE) is required to be reported to credit information
companies by the REs, irrespective of its nature or tenor.


New digital lending products extended by REs over merchant
platforms involving short term credit/ deferred payments are
required to be reported to credit information companies by the

  • Onus of implementation: The REs are required to
    ensure that the LSPs/ DLAs also implement the requirements set out
    above (recommendations for immediate implementation), as
    applicable. The onus of ensuring implementation of the requirements
    rest with the REs.

  • Recommendations for further examination:
    Certain recommendations of the Working Group on consumer protection
    & regulatory conduct requirements, technology & data
    requirements, first loss default guarantees (“FLDGs”) and
    regulatory framework have been accepted by the RBI in-principle but
    remain subject to further examination. These recommendations have
    been listed down in Annexure II of the Press Release.

Specifically, in context of FLDGs, the RBI has stipulated that
in the interim, banks and NBFCs must ensure that FLDG arrangements
(which involve offering of financial products backed by contractual
agreements to compensate the lender for up to a percentage of the
default in the underlying loan portfolios) adhere to the existing
guidelines issued by the RBI for securitisation of standard assets
both in letter and spirit. The securitisation guidelines prescribe
conditions for issuance of credit enhancement facilities in the
context of securitisation exposures – such conditions include
the requirement that the providers of such credit enhancement to be
regulated by a financial sector regulator, failing which they must
hold capital equivalent to the full value of the underlying
exposure. This may now apply to FLDG arrangements as well in
connection with loan exposures of banks / NBFCs. Directionally, it
appears that the RBI is not inclined to permit regulated entities
to avail FLDGs from DLAs and the matter is under further

  • Recommendations that require wider engagement with the
    Government of India and other stakeholders
    : Lastly, the
    RBI has determined certain recommendations of the Working Group
    that require consideration of the Indian Government prior to their
    implementation. These recommendations inter alia include
    the framing of legislation(s) for banning unregulated lending
    activities, setting up of an independent body to monitor DLAs,
    recommendations for the Registrar of Companies, etc.


The Working Group had identified several issues regarding the
digital lending business and allied-service providers that needed
to be addressed. The guidelines issued by the RBI are a welcome
step towards creating a specific regulatory framework, and
methodological growth of the lending business in the digital era.
While the slew of consumer protection/ conduct measures provides
additional credibility and validation to digital lenders/ FinTech
companies, they also put sectoral players in the regulatory

It remains to be seen how the RBI proceeds with the
recommendations that are yet to be implemented and are being
examined/require further consideration from the Indian


1. Note:
The term “regulated entities” refers to entities in the
digital lending sector that are regulated by the RBI. Some examples
of a regulated entity in this context can include non banking
financial companies and banks.

2. Note:
The term “lending service provider” refers to entities
that are engaged by the regulated entities to undertake the digital
lending business. Typically, a regulated entity such as an NBFC
engages with financial technology companies to set up their digital
presence, provide online contracts to its customers,

3. Note:
“Digital lending applications” refers to technology-based
applications to perform lending services. Regulated entities set up
digital lending applications to perform lending services online.
For instance, banks set up their digital lending applications to
offer online banking services, provide loans, etc.

The content of this document do not necessarily reflect the
views/position of Khaitan & Co but remain solely those of the
author(s). For any further queries or follow up please contact
Khaitan & Co at [email protected]

POPULAR ARTICLES ON: Consumer Protection from India

Consumer Protection Act, 2019: Key Takeaways

VGC Law Firm

The Consumer Protection Act, 1986 is repealed after three decades and replaced by the Consumer Protection Act, 2019. The Consumer Protection Act, 2019 has been enacted with a view…

E-Commerce Rules 2020, A Boon Or A Bane?

Legacy Law Offices

Buying products off of an online marketplace or an e- commerce ecosystem might seem a bit daunting of a task especially after all the recent reports of scams and unfair trade practices that users of such platforms are falling prey to.

Consumer Protection (E-Commerce) Rules, 2020


The E-Commerce Rules provide a framework to regulate the marketing, sale and purchase of goods and services online pursuant to which all e-commerce entities, including B2B

Medical Negligence India

S.S. Rana & Co. Advocates

Medical profession is considered to be a noble profession however, it has been time and again placed under scrutiny and so have all persons working in this profession.

Source link

Related posts

Bermuda Expands Applicability Of Its Investment Business Regime – Financial Services

Horace Hayward

Multiple Agencies Target Cryptocurrency Fraud And Regulatory Violations – Fin Tech

Horace Hayward

The changing landscape of building contracts – Beware of Special Conditions – Construction & Planning

Horace Hayward