RBI Regulations on Digital Lending:

/0 Comments/in , , , /by

FLDGs come under regulatory ambit

– Team Financial Services | finserv@vinodkothari.com

The RBI had constituted a Working Group on digital lending including lending through online platforms and mobile apps on January 13, 20211. The Working Group (‘WG’) submitted its report and the same was published by the RBI on November 18, 20212 (‘Report’).

On August 10, 2022, the RBI has issued a press release3 dealing with implementation of the recommendations of the working group on digital lending (‘Press Release’). Through the press release, RBI seeks to implement the recommendations and suggestions of the WG on digital lending. The press release contains three annexures, each of which deal with the following –

  1. Annex I4 – Recommendations accepted for immediate implementation and the consequent regulatory stance;
  2. Annex II5 – Recommendations, though accepted in-principle, which require further examination; and
  3. Annex III6 – Recommendations which require wider engagement with the Government of India and other stakeholders in view of the technical complexities, setting up of institutional mechanism and legislative interventions.

A timeline of events of the digital lending regulation process is shown in the diagram below –

Is this the Regulation, or a regulation is to come?

The RBI has released the Press Release for implementation of recommendations accepted for immediate implementation and the consequent regulatory stance have been enclosed as Annex I to the Press Release. Further, Para 7 of the Press Release states that- All the regulated entities of RBI are advised to be guided by the regulatory stance conveyed in this press release. This would mean that the Annex I would be the regulatory framework for digital lending and as such would be mandatorily applicable on Regulated Entities (REs), their Lending Service Providers (LSPs), Digital Lending Apps (DLAs) of REs, DLAs of LSPs engaged by REs. However, it is mentioned that detailed instructions will be issued separately.

The reference in this write-up to the Regulations or the regulatory framework, therefore, refer to the Press Release read with Annex I.

Applicability: Date and scope:

The recommendations under Annex I are already accepted by the RBI for implementation. Hence, the provisions of Annex I shall be applicable immediately, that is from the date of the Press Release, August 10, 2022. 

While Annex II seems to be containing items which are requiring deliberation at the RBI’s end, however, there is a part in Annex II, dealing with the widely prevalent practice of “first loss default guarantee”, where it seems from the language that the intent is to regulate the same immediately. Refer to the heading below.

REs are advised to ensure that the LSPs/DLAs also implement the requirements set out in Annex-I, as applicable and the onus of ensuring implementation of the requirements will rest with the REs.

Para 7 of the Press Release also says – detailed instructions in this regard will be issued separately. This means, further instructions are likely shortly. However, in the meantime, those engaged in digital lending or having LSPs may like to start preparations immediately.

Q. Will those having co-lending arrangements with digital lenders also be covered? 
In our view, a co-lender is essentially a lending partner, and therefore, is clearly covered by the regulatory framework.

Q. Will those taking assignments of digital lending facilities through transfer of loan exposures also be covered?
In our view, an assignee of loan receivables is simply an assignee, and not a lender in respect of the loan. Therefore, our view is that the stance of the regulatory framework is on loan origination, and therefore, assignees of the loans are not covered.

Lending Service Providers:

One of the important measures of the new regime is to give recognition to the agencies engaged by REs for supporting digital lending. These entities are termed as Lending Service Providers (LSPs), which are to be treated as “agent” of the REs. The support may be in one or more of the following ways:

The regulations provide that the fees payable to the LSPs shall be paid by the REs, and not by the borrower.

It is interesting to note that the LSPs may provide “underwriting support”. Apparently, underwriting support may be taken to mean credit underwriting, which is absorption of credit risk.

The on-boarding of LSPs shall be done by REs after “enhanced due diligence process”. This process should take into account, minimally, the following: “(a) technical abilities, (b) data privacy policies and storage systems, (c) fairness in conduct with borrowers and (d) ability to comply with regulations and statutes” [Enumeration by us for clarity].

Further, LSPs are not expected or permitted to “store personal information of borrowers except for some basic minimal data (viz. name, address, contact details of the customer, etc.) that may be required to carry out their operations. Responsibility regarding data privacy and security of the customer’s personal information will be of the RE.”.

REs are also required to carry continuous monitoring of LSPs.

Borrower protection measures:

The Press Release comes with several norms that focus on borrower protection. These provisions are summarised and highlighted below – 

  • Key Fact Statement is to be provided to the borrower before executing the loan contract. Apart from other necessary information, the KFS must contain –
    • Details of APR (discussed separately),
    • Terms and Conditions of recovery mechanism,
    • Details of grievance redressal officer designated specifically to deal with digital lending/ FinTech related matter,
    • Cooling-off/ look-up period.
      The format for KFS is yet to be prescribed by RBI. However, until the format is prescribed by RBI, the format given in Annex II to the Master Direction – Reserve Bank of India (Regulatory Framework for Microfinance Loans) Directions, 2022 dated March 14, 20227, can be used to the extent applicable. It may also be noted that any fees, charge, etc., which is not mentioned in the KFS cannot be charged by the REs to the borrower at any stage during the term of the loan. 
  • Disclosure of APR – see below
  • Prepayment without penalty : Para 4 a. (vi) of the Press Release provides that “A cooling-off/ look-up period during which the borrowers can exit digital loans by paying the principal and the proportionate APR without any penalty shall be provided as part of the loan contract”. From how it is worded, it seems that the intent is to permit the borrower to prepay the borrowing, without having to be subjected to prepayment penalty. However, how small can this “cooling-off” or “look-up period” be? Can it be impractically small, and therefore, lead the borrower to a non-cancellable loan period coupled with prepayment penalty? In our view, the idea of cooling off period is to allow the borrower the discretion to make a choice, and therefore, a reasonable period, based on the aggregate term of the facility, should be provided.  

    It is further provided in Annexure I that the cooling off period shall be board-determined. This will require a board-approved policy on the cooling off period. 

    We also hold the view that prepayment option is an important right of the borrower. A reasonable prepayment penalty may be charged, but a borrower cannot be forced to pay the entire interest for the facility period, or be slapped with disproportional prepayment penalty.
  • Grievance redressal mechanism: For grievance redressal issues, RBI has specified that the REs must ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer (GRO) to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers. 
    This GRO has a broader scope, in that they will have to deal with the complaints against the respective DLAs as well. The contact details of this GRO must be essentially provided on all platforms, i.e., on the website of the RE and the LSPs, prominently on the DLAs and must also be provided in the KFS provided to the borrower. The details on mode of lodging a complaint must also be displayed on the website of the REs and LSPs, as well as, on the DLAs. The responsibility of grievance redressal remains with the RE8.
  • Automatic increase in credit limit – In line with the recommendation of the WG, an automatic increase in the credit limit is prohibited unless explicit consent of the borrower is taken on record for each such increase. 
    The top-up feature in case of digital lending is very common since the loan size is initially small and based on the performance of the borrower the same is extended further. However, the same would now require the explicit consent from the borrower as well.

Loan logistics

The loan will have to travel from the bank account of the lender to the bank account of the borrower. The same is true for the repayment of the loan as well. The Press Release, read with Annex I, only mentions “bank account”. 

The question that arises is whether disbursement can be done into PPIs? The WG report stated in para 3.4.1.2 that “Borrowers having only PPI account, and no bank account, can be disbursed loan in fully KYC compliant PPIs.”. However, the Press Release does not mention anything in this regard. Annex I only states that “Exceptions would be considered for disbursals covered exclusively under statutory or regulatory mandate, flow of money between REs for co-lending transactions, and disbursals where loans are mandated for specified end-use as per regulatory guidelines of RBI or of any other regulator.”

This would mean that the disbursal of credit in the wallets or prepaid cards would also not be allowed henceforth. The same would necessarily have to be done into a KYC compliant bank account of the customer. The same situation would be applicable for repayments as well.

Digital lending apps and their limitations

As defined appropriately by the WG in its report, digital lending apps are “Mobile and web-based applications with user interface that facilitate borrowing by a financial consumer from a digital lender.”

While the use of DLAs in the lending ecosystem has substantial benefits in terms of time reduction in the loan origination process, greater financial inclusion, wider reach for lenders, etc. it is not without limitations.

The WG highlighted several illegal players acting through DLAs. There were a significantly increasing number of complaints against DLAs9, a majority of which pertained to DLAs promoted by entities not regulated by RBI. Further, a large number of complaints also related to DLAs that partnered with NBFCs.

The RBI had also cautioned the public against such DLAs promoted by unregulated entities through a press release dated December 23, 202210. The press release also referred to reports of excessive rates of interest and hidden charges, adoption of high-handed recovery methods and misuse of agreements to access data on the mobile phones of borrowers. This highlighted the need for a regulatory framework for DLAs.

DLAs may pose all data and privacy risks that any other mobile app may pose such as access to the phones data including stored images, documents, contact lists, call records, etc. and given administrative access may also take over the functioning of the phone itself.

In terms of digital lending, these apps also collect KYC data (including PAN, Aadhar ID, other forms of address and identity proofs), authorisation to access the borrowers credit records including information from credit information companies, bank statements and salary records. This has the potential to create a pool of information not just ripe for fraudulent endeavors but also intrusive and targeted advertising.

BNPL to require CIC reporting

Para 4 (c) (ii) of the PR says that “All new digital lending products extended by REs over merchant platforms involving short term credit or deferred payments are required to be reported to CICs by the REs”. This clearly goes to include BNPL products. 

In the BNPL model, consumers are enabled to pay for their purchases in interest free (for the interest free period, after which interest is charged), installments over a specified period of time, i.e., either a few weeks or months. According to an article by Reuters11“Buy Now Pay Later (BNPL) firms have created one of the fastest-growing segments in consumer finance, with transaction volumes hitting $120 billion in 2021 up from just $33 billion in 2019, according to GlobalData.”

BNPL is expected to become the fastest growing online payment preference globally over the next 5 years, and by 2023 will have a market share of approximately 52%12. This is attributable to various factors such as lower penetration of credit cards in India, growth in e-commerce etc.

One of the major concerns globally has been that BNPL has an impact on the wider credit market owing to the fact that such loans are not reported to CICs. This leads to a lack of transparency as regulated credit providers such as Banks/ NBFCs, do not get a complete view of the borrower’s financial position while assessing creditworthiness. The above is intended to address this concern. 

Meaning of APR

In case of NBFCs and Banks, there is a requirement to disclose the annualised rate of interest to be charged to the borrower. The intent is to ensure that the borrower is able to compare the rate of interest charged by different lenders. However, the annualised rate to be specific by the lender is just restricted to the interest and does not include the additional charges, such are processing fees etc. 

The RBI has proposed that an all-inclusive cost of digital loans in the form of Annual Percentage Rate (APR) is required to be disclosed to the borrowers. As per the explanation provided the APR would be based on an all-inclusive cost and margin including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., except contingent charges like penal charges, late payment charges, etc. 

As we discuss separately herein, BNPL products are also now covered by the regulatory framework. Mandatory disclosure of the APR is a very important requirement, as most of the digital lending products have steep APRs. Some questions that arise in the context are:

  1. Many loan products have a zero-interest or low-interest period. For example, a typical product may say that the borrower may have no interest if he settles the payment within 30 days, but if he is unable to pay within 30 days, he converts the amount into EMIs, which starts charging APR, say, @ 36%. Will the APR cover the interest free period of 30 days as well?

In our view, the transaction is not a financial facility for the first 30 days. If the customer pays within 30 days, it remains a pure credit payment period, without being converted into a financial facility. Hence, in our view, there is no APR for the first 30 days, and therefore, the question of spreading the APR over the 30 days’ interest free period does not arise.

  1. In many products, APRs are different based on the EMI period that the borrower chooses. Borrowers may be allowed the flexibility of choosing 12 EMIs, 24 EMIs, etc. The APR may also differ based on the drawdown done by the borrower. If the terms of the facility are different over different tenures/amounts, each of these facilities are distinct. Therefore, as and when the borrower makes the choice, a KFS needs to be drawn for what facility is availed by the borrower.

Disclosure Requirements 

  • On RE’s website: 
    • Publishing the list of LSPs (and the DLAs, if any) engaged by REs along with the details of the activities for which they have been engaged.
    • Contact details of grievance redressal officer.
  • On the DLA’s website and application: 
    • Privacy policy to be disclosed at all times.
    • Links to REs’ website where further/ detailed information about the loan products, the lender, the LSP, particulars of customer care, link to Sachet Portal, privacy policies, etc. can be accessed by the borrowers. 
    • At the onboarding/sign-up stage, prominently display information relating to the product features, loan limit and cost, etc. so as to make the borrowers aware about these aspects.
    • Information on the mode of lodging complaint.
  • In the Key Fact Statement: already discussed above.

Privacy Policy and its contents

The DLAs are required to have a comprehensive privacy policy available on public domain, compliant with applicable laws, associated regulations and RBI guidelines. The broad contents of the Privacy Policy would include: 

  • Details of third parties that are allowed to collect personal information through the DLA 
  • Extent and process for access and collection of personal information of borrowers, 
  • Policy on customer consent
  • Guidelines regarding the storage of customer data including the type of data that can be held, the length of time data can be held, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc.

First loss default guarantees to be regulated as securitisations

While an apparent impression may be that Annex II consists of “to be implemented” provision, however, form the language of part C of Annex II, it seems that the RBI intends to implement the very sensitive part dealing with FLDGs immediately.

It is notable that FLDGs have been in the news ever since the Working Group Report.14

Part C says: “The recommendation pertaining to First Loss Default Guarantee (FLDG) is under examination with the Reserve Bank. Meanwhile, REs shall ensure that financial products involving contractual agreement, in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, shall adhere to the extant guidelines laid down in Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021. Boards of REs shall ensure that the extant regulatory instructions are complied with in both letter and spirit.” [Emphasis added]

The word “meanwhile” seems to suggest that this particular part is coming for immediate implementation. It is quite apparent that SSA Directions cannot be applied as such to digital lending products, as MHP requirement seems irrelevant in this case.

Assuming that a specific amendment/clarification under the SSA Directsion may be issued separately, in our view, the following will be the way to apply SSA Directions to FLDG arrangement:

  1. While the word FLDG suggests that there is a second loss layer (which means the first loss layer does not cover the whole of the loan), in our view, the regulatory framework cannot be escaped merely by extending the default guarantee to the whole of the loan or loan pool.
  2. The idea of extending SSA Directions to the so-called FLDG is that (a) there is an originator who is not the actual financier; (b) the originator provides credit risk support for the whole or a part  of the loan pool originated by him; (c) the originator also sweeps the excess spread over a hurdle rate. Therefore, the expected loss risk, and the rewards are with the originating entity. If that is the case, effectively, the so called FLDG serves the same economic purpose as a securitisation, and therefore, there is a regulatory case to cover it as such. However, position may be different if the guarantor simply gets a guarantee commission, and the risks and rewards are both shared between the originator and the financier.
  3. If the transaction is indeed treated as securitisation for regulatory purposes, the next question will be – will it be regarded as such for accounting purposes too? In our view, accounting treatment has to be driven by the economic essence of the transaction. If the economic substance of the transaction is origination and transfer of loan receivables, it should be accounted for, using the same de-recognition principles as apply in case of securitisation.

[This is still work-in-progress. We thought of going public immediately, apparently as this is a matter of great concern, not just to the digital lenders, but the whole lot of banks and financial intermediaries, who have stake in various ways. As more regulatory pronouncements are soon expected, please make sure to see revised versions of this page.]

Footnotes:

  1. https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=50961
  2. https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/DIGITALLENDINGF6A90CA76A9B4B3E84AA0EBD24B307F1.PDF
  3. https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=54187
  4. https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN1.pdf
  5. https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN2.pdf
  6. https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN3.pdf
  7. https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12256#AN2
  8. Further, as per extant RBI guidelines, if any complaint lodged by the borrower is not resolved by the RE within the stipulated period (currently 30 days), he/she can lodge a complaint over the Complaint Management System (CMS) portal or other prescribed modes under the Reserve Bank Integrated Ombudsman Scheme (RB-IOS). 
  9. According to the WG report, the Sachet portal of RBI received around 2562 complaints from January 2020 to March 2021.
  10. https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=50846
  11. https://www.reuters.com/technology/buy-now-pay-later-business-model-faces-test-rates-rise-2022-06-10/#:~:text=Buy%20Now%20Pay%20Later%20
  12. 5th Annual Worldpay Global Payments Report. 
  13. In his article on Lenders’ piggybacking: NBFCs lending on Fintech platforms’ guaranteeshttps://vinodkothari.com/2019/10/lenders-piggybacking-nbfcs-lending-on-fintech-platforms-guarantees/ , Mr. Vinod Kothari has explained the regulatory concerns associated with such synthetic structures. Also, refer to another article on this topic ‘Lending without risk and risk without lending’ – https://vinodkothari.com/2022/07/lending-without-risk-and-risk-without-lending/ 

Our write-ups on Digital Lending: https://vinodkothari.com/?s=digital+lending

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *