– Richa Saraf (firstname.lastname@example.org)
The Department of Economic Affairs has recently shared the report of the Steering Committee which discusses the various issues faced by fintech companies. This write up tries to focus on the issues in relation to online lending, and the recommendations given by the Steering Committee on the same.
Verifying the Authenticity of User:
RBI already provides for guidelines pertaining to Know Your Customer (KYC), specifying Originally Seen and Verified (OSV) norms, laying down conditions for non-face to face KYC, and in fact the e- KYC process was simplified with the advent of Aadhaar. However, the Aadhaar verdict by the Apex Court has adversely affected the fintech industry, and the Steering Committee has observed that there is need to explore alternatives for physical KYC. The following are the key recommendations in this regard:
- Offline Authentication Process: These days smartphones are equipped with biometric enabled multi-factor authentication, therefore, technology may be put to use for the purpose of KYC and authentication of the user. Some fintech companies have already come up with various unconventional mode of KYC, such as video based KYC, obtaining validated electronic versions of KYC related documents through DigiLocker, etc., as an additional layer of protection, authentication of the user can also be done by sending an OTP at the registered mobile number of the user, or by using geo location, which indicates the IP address of the user. The Committee has also recognised some of these options in its Discussion Paper, provided the same is subject to prior customer consent.
- Central Data Registry: In the light of representations made by various stakeholders, the Committee has expressed that e-KYC has the potential to reduce customer on-boarding and servicing costs significantly, and has, therefore, recommended that all financial sector regulators fix deadlines for on boarding existing KYC data to the Central KYC registry, making KYC a complete digital and paperless process.
- Other non- traditional way of data exchange: The Discussion Paper also mentions about the usage of the Application Programme Interface (API), for facilitating real time information sharing; India Stack being one such API, where digital records move with an individual’s digital identity, eliminating the need for massive amount of paper collection and storage.
Determination of Borrower’s creditworthiness:
The Steering Committee has noted how the poor and the unbanked are often unable to access credit due to the lack of formal credit history and/ or non-availability of significant information/ document. The following are the key recommendations in this regard:
- Data sharing in the finance industry: The Committee believes that APIs must be used for cloud storing of data, and the same should be open, to ensure equal access to all those who wish to build on or rely on this data. For instance, an India Agri Stack can be built, such that lenders can evaluate the creditworthiness of agricultural borrowers. This stack can include a farmer’s borrowing history, land ownership data, income data, among other information. Additional APIs to facilitate research and the creation of applications may include: Government departments and local government bodies unified stack; land registry and state land records; ownership/fitness/loan/mortgage/enforcement records to provide transparency to transactions; and so on. Further, India MSME Stack may be built for MSME financing related data.
- Digitisation of land records: The Digital India- Land Records Modernisation Program is aimed at national integration of all land related data across the country in order to provide conclusive titles, including details such as characteristics of the land, mortgages, encumbrances, ownership and other rights, etc., enabling financial services companies to make informed decisions about lending.
- Reliance on Informal Modes: Fintech companies are using a variety of sources for collecting customer information and advanced data analytics to access customer credibility, for instance obtaining data from social media usage, web browser history, financial transaction behaviour, product purchase behaviour, etc. from the mobile phones of prospective borrowers. Some companies are also resorting to psychometric tests to build the customer’s profile.
For agri- loans specifically, to access the credit score of a borrower, it is suggested that companies use permutation and combination of the alternate data which may be available, such as weather forecasts and records, agronomic surveys, accessing the demographic, geographic, financial and social information of the customer, farmer progressiveness and such like. Referring to a Chinese agricultural fintech company Nongfenqi, which generates credit scores on the basis of interaction with customers’ business partners, fellow customers and villagers, the Committee has observed that the default rate in such model is merely 0.1%. In order to increase access to credit and to stabilise the growth of such practices, the Committee has recommended that Ministry of Economics and Information Technology (MEITY) and TRAI to formulate a policy to enable such practices through a formal, consent-based mechanism.
- Usage of Artificial Intelligence (AI): AIs afford an opportunity to gain insight into customer behaviour pattern, thereby aiding in determination of their creditworthiness. Equifax is one credit information agency, which gives potential lenders an overall insight on the borrower’s credit health through Neuro Decision Technology. It claims to predict the likelihood of a business incurring severe delinquency, charge-off or bankruptcy on financial accounts within the next 12 months. Vantage Score Solution, which claims to predict the likelihood of the borrower repaying the borrowed money, also used AI to develop a model for people with thinner credit profiles.
The Steering Committee has also recognised AI for modernising the credit scoring methodology and approach.
Execution of agreements online:
Fintech entities have been vigorously using e- mode for entering into transactions; for instance, providing app- based loan, on a click. While one may contend that click- wrap agreements are prone to fraud, since the user is not known, and thus, cannot be relied upon, such may the case in any mode of execution. Most of the time in litigations, it is not uncommon for parties to challenge the authenticity of agreement, claiming that the acceptance by mail was not sent by him, that the signature is forged, etc. While physical signatures may be examined by way of forensic, it is difficult to verify whether a click- wrap agreement was actually entered into by the parties or was a mere mistake on the part of either of the parties.
While e-agreements are generally held as valid and enforceable in the courts, for high stake transactions, parties have apprehensions on the enforceability in case of default of loan or non- compliance of any of the terms, and therefore, they still insist on wet signatures on physical agreements. The Steering Committee has discussed about re-engineering of legal processes for the digital world. The Committee suggests that insistence on wet signatures on physical loan agreements be replaced by paperless legal alternatives, as these can enable cutting costs and time in access to finance, repayment, recovery, etc., for businesses and financial service companies. To achieve the goal of paperless economy also the requirement of physical loan agreements are unwanted. The Committee has, therefore, recommended that the Department of Legal Affairs should review all such legal processes that have a bearing on financial services and consider amendments permitting digital alternatives in cases such as power-of-attorney, trust deeds, wills, negotiable instrument, other than a cheque, any other testamentary disposition, any contract for the sale or conveyance of immovable property or any interest in such property, etc., (where IT Act is not applicable), compatible with electronic service delivery by financial service providers.
Other recommendations w.r.t. lending industry:
(a) Enhancing competition by way of referral pool:
The Committee recommends that all financial sector regulators may study the potential of open data access among their respective regulated entities, for enabling competition in the provision of financial services; RBI may encourage banks to make available databases of rejected credit applications available on a consent-basis to a neutral marketplace of alternate lenders. In line with the Open Data Regulations in the UK banking sector, the Committee further recommends that RBI may consider making available bank data (such as transaction and account history data) to fintech firms through APIs.
(b) Data privacy risks:
The Committee notes that the data sharing between entities is also subject to privacy laws, and while the Ministry of Science and Technology has already formulated the National Data Sharing and Accessibility Policy, and MEITY is the nodal Ministry to implement the policy, the same needs wider acceptance and implementation. The Committee has further recommended that a taskforce in the Ministry of Finance may be set up with the participation of the regulators and suitable recommendations may be made to safeguard the interests of consumers.
The Committee has expressed that the provisions of the Data Protection Bill, 2018 may have far-reaching implications on the growth of fintech sector, and has therefore, recommended that regulators should urgently review the existing regulatory framework with respect to data protection and privacy concerns, in keeping with emerging data privacy legislation in India.
Our related write-ups can be viewed here:
Please find below the link for other write-ups relating to Fintechs.
Among the disruptive Fintech practices, app-based lending is certainly notable. The scenario of an app-based lending is somewhat like this – a prospective borrower goes to an app platform, fills up some information. At the background, the app collects and collates the information including credit scores of the individual, may be the individual’s contact bases in social networks, etc. Finally, the loan is sanctioned in a jiffy, mostly within minutes.
The borrower interacts with the platform, but does the borrower know that the loan is actually not coming from the platform but from some NBFC? Whether the borrower knows or cares for who the lender is, the fact is that mostly, the technology provider (platform) and the funding provider (lender) are not the same. It may be two entities within the same group, but more often than not, the lender is an NBFC which is simply originating the loan based on the credit comfort provided by the platform.
The relation between the platform and the lender may take one of the following forms: (a) platform simply is procuring or referring the credit; the platform has no credit exposure at all; (b) the platform is acting as a sourcing agent, and is also providing a credit support, say in form of a first-loss guarantee for a certain proportion of the pool of loans originated through the platform; (c ) the platform provides full credit support for all the loans originated through the platform, and in return, the lender allows the platform to retain all the actual returns realised through the pool of loans, over an and above a certain “portfolio IRR”.
Option (a) is pure sourcing arrangement; however, it is quite unlikely that the lender will be willing to trust the platform’s credit scoring, unless there is significant skin-in-the-game on the part of the platform.
If it is a case of option (c ) [which, incidentally, seems quite common, the loan is actually put on the books of the lender, but the credit exposure is on the platform. The lender’s exposure is, in fact, on the platform, and not the borrower. The situation seems to be quite close to a “total rate of return swap”, a form of a credit derivative, whereby parties synthetically replace the exposure and the actual rate of return in a portfolio of loans by a pre-agreed “total rate of return”.
Our objective in this article is to examine whether there are any regulatory concerns on the practice as in case of option (c ) . Option c is an exaggeration; there may be a case such as option (b). But since option (b) is also a first loss guarantee with a substantial thickness, it is almost akin to the platform absorbing virtually all the risks of the credit pool originated through the platform.
Before we get into the regulatory concerns, it is important to understand what are the motivations of each of the parties in this bargain.
The motivation on the part of the platform is clear – the platform makes the spreads between the agreed portfolio IRR with the lender, and the actual rate of return on the loan pool, after absorbing all the risk of defaults. Assume, the small-ticket personal loan is being given at an interest rate of 30%, and the agreed portfolio IRR with the lender is 14%, the platform is entitled to the spread of 16%. If some of the loans go bad, as they indeed do, the platform is still left with enough of juice to be a compensation for the risks taken by it.
The readiness on the part of the platform is also explained by the fact that the credibility of the platform’s scoring is best evidenced by the platform agreeing to take the risk – it is like walking the talk.
The lender’s motivations are also easy to understand – the lender is able to disburse fast, and at a decent rate of return for itself, while taking the risk in the platform. In fact, several NBFCs and banks have been motivated by the attractiveness of this structure.
Are there any regulatory concerns?
The potential regulatory concerns may be as follows:
- De-facto, synthetic lending by an entity that is not a regulated NBFC
- Undercapitalised entity taking credit risk
- Skin-in-the-game issue
- A CDS, but not regulated as a CDS
- Financial reporting issues
- Any issues of conflict of interest or misalignment of incentives
- Good borrowers pay for bad borrowers
- KYC or outsourcing related issues.
Each of these issues are examined below.
Synthetic lending by an unregulated entity
It is common knowledge that NBFCs in India require registration. The platform in the instant case is not giving a loan. The platform is facilitating a loan – right from origination to credit risk absorption. Correspondingly, the platform is earning a spread, but the activity is technically not a “financial activity”, and the spread not a “financial income”; hence, the platform does not require regulatory registration.
Per contra, it could be argued that the platform is essentially doing a synthetic lending. The position of the platform is economically similar to an entity that is lending money at 30% rate of interest, and refinancing itself at 14%. There will be a regulatory arbitrage being exploited, if such synthetic lending is not treated at par with formal lending.
But then, there are whole lot of equity-linked or property-linked swaps, where the returns of an investment in equities, properties or commodities, are swapped through a total rate of return swaps, and in regulatory parlance, the floating income recipient is not regarded as investor in equities, properties or commodities. Derivatives do transform one asset into another by using synthetic technology – in fact, insurance-linked securities allow capital market investors to participate in insurance risk, but it cannot be argued that such investors become insurance companies.
Undercapitalised entities taking credit risk
It may be argued that the platform is not a regulated entity; yet, that is where the actual credit risk is residing. Unlike NBFCs, the platform does not require any minimum capitalisation norms or risk-weighted capital asset requirements. Therefore, there is a strong potential for risk accumulation at the platform’s level, with no relevant capital requirements. This may lead to a systemic stability issue, if the platforms become large.
There is a merit in the issue. If fintech-based lending becomes big, the exposure taken by fintech entities on the loans originated through them, on which they have exposure, may be treated at par with loans actually held on the balance sheet of the fintech. As in case of financial entities, there are norms for converting off-balance sheet assets into their on-balance sheet equivalents, the same system may be adopted in this case.
Skin-in-the game issue
Post the Global Financial Crisis, one of the regulatory concerns was skin-in-the-game. In light of this, the RBI has imposed minimum holding period, and minimum risk retention requirements in case of direct assignments as well as securitisation.
The transaction of guarantee discussed above may seem like the exposure being shifted by the platform to the NBFC. However, the transaction is not at all comparable with an assignment of a loan. Here, the lending itself is originated on the books of the NBFC/lender. The lender has the ultimate discretion to agree to lend or not. The credit decision is that of the lender; hence, the loan is originated by the lender, and not acquired. The lender is mitigating the risk by backing it up with the guarantee of the platform – but this is not a case of an assignment.
There is a skin-in-the-game on either side. For the platform, the guarantee is the skin-in-the-game; for the NBFC, the exposure in the platform becomes its stake.
A CDS, but not regulated as a CDS
The transaction has an elusive similarity to a credit default swap (CDS) contract. It may be argued that the guarantee construct is actually a way to execute a derivative contract, without following CDS guidelines provided by the RBI.
In response, it may be noted that a derivative is a synthetic trading in an exposure, and is not linked with an actual exposure. For example, a protection buyer in a CDS may not be having the exposure for which he is buying protection, in the same way as a person acquiring a put option on 100 gms of gold at a certain strike price may not be having 100 gms of gold at all. Both the persons above are trying to create a synthetic position on the underlying.
Unlike derivatives, in the example of the guarantee above, the platform is giving guarantee against an actual exposure. The losses of the guarantor are limited to actual losses suffered by the lender. Hence, the contract is one of indemnity (see discussion below), and cannot be construed or compared to a derivative contract. There is no intent of synthetic trading in credit exposure in the present case.
Financial reporting issues:
It may be argued that the platform is taking same exposure as that of an actual lender; whereas the exposure is not appearing on the balance sheet of the platform. On the other hand, the actual exposure of the lender is on the platform, whereas what is appearing on the balance sheet of the lender is the loan book.
The issue is one of financial reporting. IFRSs clearly address the issue, as a financial guarantee is an on-balance sheet item, at its fair value. If the platform is not covered by IFRSs/IndASes, then the platform will be reflecting the guarantee as a contingent liability on its balance sheet.
Conflicts of interest or misalignment of incentives:
During the prelude to the Global Financial Crisis, a commonly-noted regulatory concern was misalignment of incentives – for instance, a subprime mortgage lender might find it rewarding to lend to a weak credit and capture more excess spread, while keeping its exposure limited.
While that risk may, to some extent, remain in the present guarantee structure as well, but there are at least 2 important mitigants. First, the ultimate credit decision is that of the NBFC. Secondly, if the platform is taking full credit recourse, then there cannot be a misalignment of incentives.
Good borrowers pay for bad borrowers
It may be argued that eventually, the platform is compensating itself for the risk of expected losses by adding to the cost of the lending. Therefore, the good borrowers pay for the bad borrowers.
This is invariably the case in any form of unsecured lending. The mark-up earned by the lender is a compensation for risk of expected losses. The losses arise for the loans that don’t pay, and are compensated by those that do.
KYC or outsourcing related issues
Regulators may also be concerned with KYC or outsourcing related issues. As per RBI norms “NBFCs which choose to outsource financial services shall, however, not outsource core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening deposit accounts, according sanction for loans (including retail loans) and management of investment portfolio.”
Usually the power to take credit decisions vests with the lender. However, in case the arrangement between the lender and the platform is such that the platform performs the decision-making function, the same shall amount to outsourcing of core management function of the NBFC, which is expressly disallowed by the RBI. The relevant extract from the KYC Master Directions is as follows:
“REs shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced.”
Is it actually a guarantee?
Before closing, it may be relevant to raise a legal issue – is the so-called guarantee by the platform actually a guarantee?
In the absence of tripartite agreement between the parties, the arrangement cannot be said to be a contract of guarantee. Here the involvement is of only two parties in the arrangement i.e. the guarantor and the lender.
It was held in the case of K.V. Periyamianna Marakkayar and others vs Banians And Co. that “Section 126 of the Indian Contract Act which defines a contract of guarantee though it does not say expressly that the debtor should be a party to the contract clearly implies, that there should be three parties to it namely the surety, the principal-debtor and the creditor ; otherwise it will only be a contract of indemnity. Section 145 which enacts that in every contract of guarantee there is an implied promise by the principal debtor to indemnify the surety clearly shows that the debtor and the surety are both parties to such a contract ; for it will be strange to imply in a contract a promise between persons who are not parties to it.”
Accordingly, the said arrangement maybe termed as a contract of indemnity wherein the platform agrees to indemnify the lender for the losses incurred on account of default by the borrower.
Fintech-based lending is here to stay, and grow. Therefore, risk participation by Fintech does not defeat the system – rather, it promotes lending and adds to the credibility of the Fintech’s risk assessment. Over period of time, the RBI may evolve appropriate guidelines for treating the credit exposure taken by the platforms as a part of their credit-equivalent assets.