The Reserve Bank of India (RBI) has issued guidelines on digital lending, mandating the banks and financial institutions to put in place systems that would comply with the modified norms by 30 November 2022.
“…in order to ensure a smooth transition, Res (Regulated Entities) shall be given time till November 30, 2022, to put in place adequate systems and processes to ensure that ‘existing digital loans’ (sanctioned as on the date of the circular) are also in compliance with these guidelines in both letter and spirit,” an RBI release said.
Here’s how the RBI guidelines on digital lending aim to protect borrowers:
- The guidelines explicitly state that digital lending apps cannot access mobile phone resources such as files and media, contact lists, call logs, telephone functions, etc. One-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of onboarding/ KYC requirements only, with the explicit consent of the borrower.
- The borrowers must be informed about the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc. The information must be provided on their website and the apps at all times.
- At the time of disbursing the loans using digital apps, a key Fact Statement (KFS) to the borrower before the execution of the contract in a standardized format for all digital lending products.
- The borrower must be informed about the all-inclusive cost of digital loans and should also be a part of the Key Fact Statement.
- The penal interest/charges levied, if any, on the borrowers shall be based on the outstanding amount of the loan. Further, the rate of such penal charges shall be disclosed upfront on an annualized basis to the borrower in the Key Fact Statement.
- Any fees charges etc. payable to lending service providers must be paid by the regulated entities and borrowers must not be charged for this.
- The Key fact statement should contain the details of the annual percentage rate, the recovery mechanism, details of the grievance redressal officers designated specifically to deal with digital lending/FinTech-related matters and the cooling-off/ look-up period. The cooling-off/look-up period is the amount of time given to the borrower for exiting digital loans, in case a borrower decides not to continue with the loan.
- Any charges that are not mentioned in the Key Fact Statement are not chargeable to borrowers at any stage during the loan term.
- The information shall be sent to the borrowers on their verified email/SMS on the successful execution of the loan contract/transaction. The information must be sent on the letterhead of the regulated entity (bank) and must contain a Key Fact statement, a summary of loan product, sanction letter, terms and conditions, account statements, and privacy policies of the LSPs/DLAs with respect to borrowers data, etc.
- At the time of the sign-up/onboarding stage, information related to product features, loan limit and cost, etc., must be informed to the borrowers.
- The banks, and NBFCs must publish the list of their digital lending apps, and lending service providers, engaged by them on their websites.
- Details of nodal grievance redressal officer must be displayed on the websites of banks, NBFCs, lending service providers, digital lending apps and also on the key fact statement.
- Digital lending apps and websites must allow a borrower to lodge their complaint.
- If the complaint lodged by the borrower is not resolved within 30 days, then he/she can lodge a complaint on the Complaint Management System(CMS) portal under the Reserve Bank-Integrated Ombudsman Scheme(RB-IOS). For entities currently not covered under RB-IOS, a complaint may be lodged as per the grievance redressal mechanism prescribed by the Reserve Bank.
- The banks, NBFCs must capture the economic profile of the borrowers covering (age, occupation, income, etc.), before extending any loan over their own Digital Lending Apps and/or through Lending Service Providers engaged by them, with a view to assessing the borrower’s creditworthiness an auditable way.
- There shall be no automatic increase in credit limit unless explicit consent of the borrower is taken on record for each such increase.
- During the cooling-off/look-up period, the borrower shall be given an explicit option to exit the digital loan by paying the principal and the proportionate APR without any penalty during this period. The cooling-off period shall be determined by the Board of the bank, NBFC. The period so determined shall not be less than three days for loans having tenor of seven days or more and one day for loans having a tenor of less than seven days. For borrowers continuing with the loan even after look-up period, pre-payment shall continue to be allowed as per extant RBI guidelines.
- The borrower shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data.
- Explicit consent of the borrower shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirements.
- No biometric data is stored/ collected in the systems associated with the digital Lending Apps of regulated entities / their Lending Service Providers unless allowed under extant statutory guidelines.
- The banks and NBFCs shall ensure that any lending done through their Digital Lending Apps and/or Digital Lending Apps of Lending Service Providers is reported to Credit Information Companies (such as CIBIL)irrespective of its nature/ tenor.
- Any extension of structured digital lending products by banks, NBFC and/or Lending Service Providers engaged by them over a merchant platform involving short-term, unsecured/ secured credits or deferred payments, need to be reported to Credit Information Companies.
- The regulated entities shall ensure that all loan servicing, repayment, etc., shall be executed by the borrower directly in the regulated entities’ bank account without any pass-through account/ pool account of any third party. The disbursements shall always be made into the bank account of the borrower except for disbursals covered exclusively under statutory or regulatory mandate (of RBI or of any other regulator), flow of money between regulated entities for co-lending transactions and disbursals for specific end use, provided the loan is disbursed directly into the bank account of the end-beneficiary. Regulated entities shall ensure that in no case, disbursal is made to a third-party account, including the accounts of Lending Service Providers and their Digital Lending Apps, except as provided for in these guidelines.