On May 8, 2025, the Reserve Bank of India (RBI) issued the Digital Lending Directions, 2025, superseding the 2022 Guidelines on Digital Lending and the 2023 Guidelines on Default Loss Guarantee. These directions aim to bolster transparency, accountability, and consumer protection in India’s digital lending ecosystem.
Applicability
The directions apply to a broad spectrum of Regulated Entities (REs), including:
- Commercial Banks
- All-India Financial Institutions
- Urban, State, and Central Co-operative Banks
- Non-Banking Financial Companies (NBFCs), including Housing Finance Companies
Key Definitions
- Digital Lending Apps/ Platforms (DLAs): Mobile and/or web-based applications, on a standalone basis or as a part of suite of functions of an application with user interface that facilitate digital lending services. DLAs shall include applications of the RE as well as those operated by Lending Service Provider (LSP) engaged by RE for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the Reserve Bank.
- Lending Service Providers (LSPs): An agent of a RE (including another RE) who carries out one or more of RE’s digital lending functions, or part thereof, in customer acquisition, services incidental to underwriting and pricing, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of RE in conformity with extant outsourcing guidelines issued by the Reserve Bank.
- Default Loss Guarantee (DLG): A contractual arrangement, called by whatever name, between the RE and another entity, under which the latter guarantees to compensate the RE, for the loss due to default up to a certain percentage of the loan portfolio of the RE, specified upfront. Any other implicit guarantee of similar nature, linked to the performance of the loan portfolio of the RE and specified upfront, shall also be covered under the definition of DLG.
Core Provisions
- RE-LSP Arrangements and Consumer Protection
- Contractual Agreements: REs must formalize agreements with LSPs, ensuring that LSPs comply with RBI guidelines. REs remain fully accountable for LSP actions.
- Multi-Lender LSPs: LSPs working with multiple REs must display all loan offers matching a borrower’s request, including unmatched lender names. Each offer should clearly present details like RE name, loan amount, tenor, APR, repayment terms, and a link to the Key Fact Statement (KFS).
- Disclosures to Borrowers: Borrowers should receive digitally signed documents via email or SMS post-contract. REs and LSPs must maintain updated websites detailing products, LSPs, grievance mechanisms, and policies. Recovery agent details must be shared with borrowers before contact.
- Loan Disbursal and Repayment: Loans must be disbursed directly into the borrower’s bank account, with repayments credited only to the RE’s account. LSP fees are to be paid by the RE, not the borrower. Cash recoveries are permitted if credited the same day.
- Grievance Redressal: REs must designate Nodal Grievance Redressal Officers to address digital lending complaints. Their contact details should be prominently displayed on RE, LSP, and DLA websites, as well as in the KFS.
- Data Protection and Privacy
- Data Collection: Only necessary borrower data should be collected, with explicit consent and maintained audit trails.
- Access Restrictions: DLAs are prohibited from accessing personal phone resources like contacts or call logs, except for one-time KYC verification with borrower approval.
- Data Rights: Borrowers can restrict data sharing, revoke consent, and request data deletion. All data must be stored within India, and any externally processed data should be deleted within 24 hours.
- Security Measures: REs must implement robust data protection policies, prohibit biometric data storage, and comply with RBI’s cybersecurity standards.
- Default Loss Guarantee (DLG) Arrangements
- Risk Management: REs must ensure that DLG arrangements do not undermine prudent risk management practices. DLGs should not be used to circumvent asset classification and provisioning norms.
- Transparency: All DLG arrangements must be disclosed to the RBI, and REs should not rely solely on DLGs for credit risk mitigation.
- Reporting and Compliance
- REs report to DLAs: REs must report all DLAs to the RBI by June 15, 2025. Third-party DLAs should not misrepresent their inclusion as RBI approval.
- Multi-Lender Arrangements: Provisions related to multi-lender LSP arrangements will come into effect from November 1, 2025.
- Documentation: The KFS must be presented to borrowers before loan acceptance, detailing loan terms, charges, privacy policies, and repayment obligations. Borrowers must digitally sign the loan contract, which should be sent to them via email or SMS post-signing.
These directions aim to create a transparent, accountable, and borrower-friendly digital lending ecosystem. REs must ensure strict compliance, mandatory reporting, and responsible partnerships, while the RBI strengthens oversight to maintain financial stability and market integrity.
Disclaimer: This article provides general information existing at the time of preparation and we take no responsibility to update it with the subsequent changes in the law. The article is intended as a news update and Affluence Advisory neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this article. It is recommended that professional advice be taken based on specific facts and circumstances. This article does not substitute the need to refer to the original pronouncement.
CLICK HERE DOWNLOAD PDF