– Richa Saraf (email@example.com)
The Department of Economic Affairs has recently shared the report of the Steering Committee which discusses the various issues faced by fintech companies. This write up tries to focus on the issues in relation to online lending, and the recommendations given by the Steering Committee on the same.
Verifying the Authenticity of User:
RBI already provides for guidelines pertaining to Know Your Customer (KYC), specifying Originally Seen and Verified (OSV) norms, laying down conditions for non-face to face KYC, and in fact the e- KYC process was simplified with the advent of Aadhaar. However, the Aadhaar verdict by the Apex Court has adversely affected the fintech industry, and the Steering Committee has observed that there is need to explore alternatives for physical KYC. The following are the key recommendations in this regard:
- Offline Authentication Process: These days smartphones are equipped with biometric enabled multi-factor authentication, therefore, technology may be put to use for the purpose of KYC and authentication of the user. Some fintech companies have already come up with various unconventional mode of KYC, such as video based KYC, obtaining validated electronic versions of KYC related documents through DigiLocker, etc., as an additional layer of protection, authentication of the user can also be done by sending an OTP at the registered mobile number of the user, or by using geo location, which indicates the IP address of the user. The Committee has also recognised some of these options in its Discussion Paper, provided the same is subject to prior customer consent.
- Central Data Registry: In the light of representations made by various stakeholders, the Committee has expressed that e-KYC has the potential to reduce customer on-boarding and servicing costs significantly, and has, therefore, recommended that all financial sector regulators fix deadlines for on boarding existing KYC data to the Central KYC registry, making KYC a complete digital and paperless process.
- Other non- traditional way of data exchange: The Discussion Paper also mentions about the usage of the Application Programme Interface (API), for facilitating real time information sharing; India Stack being one such API, where digital records move with an individual’s digital identity, eliminating the need for massive amount of paper collection and storage.
Determination of Borrower’s creditworthiness:
The Steering Committee has noted how the poor and the unbanked are often unable to access credit due to the lack of formal credit history and/ or non-availability of significant information/ document. The following are the key recommendations in this regard:
- Data sharing in the finance industry: The Committee believes that APIs must be used for cloud storing of data, and the same should be open, to ensure equal access to all those who wish to build on or rely on this data. For instance, an India Agri Stack can be built, such that lenders can evaluate the creditworthiness of agricultural borrowers. This stack can include a farmer’s borrowing history, land ownership data, income data, among other information. Additional APIs to facilitate research and the creation of applications may include: Government departments and local government bodies unified stack; land registry and state land records; ownership/fitness/loan/mortgage/enforcement records to provide transparency to transactions; and so on. Further, India MSME Stack may be built for MSME financing related data.
- Digitisation of land records: The Digital India- Land Records Modernisation Program is aimed at national integration of all land related data across the country in order to provide conclusive titles, including details such as characteristics of the land, mortgages, encumbrances, ownership and other rights, etc., enabling financial services companies to make informed decisions about lending.
- Reliance on Informal Modes: Fintech companies are using a variety of sources for collecting customer information and advanced data analytics to access customer credibility, for instance obtaining data from social media usage, web browser history, financial transaction behaviour, product purchase behaviour, etc. from the mobile phones of prospective borrowers. Some companies are also resorting to psychometric tests to build the customer’s profile.
For agri- loans specifically, to access the credit score of a borrower, it is suggested that companies use permutation and combination of the alternate data which may be available, such as weather forecasts and records, agronomic surveys, accessing the demographic, geographic, financial and social information of the customer, farmer progressiveness and such like. Referring to a Chinese agricultural fintech company Nongfenqi, which generates credit scores on the basis of interaction with customers’ business partners, fellow customers and villagers, the Committee has observed that the default rate in such model is merely 0.1%. In order to increase access to credit and to stabilise the growth of such practices, the Committee has recommended that Ministry of Economics and Information Technology (MEITY) and TRAI to formulate a policy to enable such practices through a formal, consent-based mechanism.
- Usage of Artificial Intelligence (AI): AIs afford an opportunity to gain insight into customer behaviour pattern, thereby aiding in determination of their creditworthiness. Equifax is one credit information agency, which gives potential lenders an overall insight on the borrower’s credit health through Neuro Decision Technology. It claims to predict the likelihood of a business incurring severe delinquency, charge-off or bankruptcy on financial accounts within the next 12 months. Vantage Score Solution, which claims to predict the likelihood of the borrower repaying the borrowed money, also used AI to develop a model for people with thinner credit profiles.
The Steering Committee has also recognised AI for modernising the credit scoring methodology and approach.
Execution of agreements online:
Fintech entities have been vigorously using e- mode for entering into transactions; for instance, providing app- based loan, on a click. While one may contend that click- wrap agreements are prone to fraud, since the user is not known, and thus, cannot be relied upon, such may the case in any mode of execution. Most of the time in litigations, it is not uncommon for parties to challenge the authenticity of agreement, claiming that the acceptance by mail was not sent by him, that the signature is forged, etc. While physical signatures may be examined by way of forensic, it is difficult to verify whether a click- wrap agreement was actually entered into by the parties or was a mere mistake on the part of either of the parties.
While e-agreements are generally held as valid and enforceable in the courts, for high stake transactions, parties have apprehensions on the enforceability in case of default of loan or non- compliance of any of the terms, and therefore, they still insist on wet signatures on physical agreements. The Steering Committee has discussed about re-engineering of legal processes for the digital world. The Committee suggests that insistence on wet signatures on physical loan agreements be replaced by paperless legal alternatives, as these can enable cutting costs and time in access to finance, repayment, recovery, etc., for businesses and financial service companies. To achieve the goal of paperless economy also the requirement of physical loan agreements are unwanted. The Committee has, therefore, recommended that the Department of Legal Affairs should review all such legal processes that have a bearing on financial services and consider amendments permitting digital alternatives in cases such as power-of-attorney, trust deeds, wills, negotiable instrument, other than a cheque, any other testamentary disposition, any contract for the sale or conveyance of immovable property or any interest in such property, etc., (where IT Act is not applicable), compatible with electronic service delivery by financial service providers.
Other recommendations w.r.t. lending industry:
(a) Enhancing competition by way of referral pool:
The Committee recommends that all financial sector regulators may study the potential of open data access among their respective regulated entities, for enabling competition in the provision of financial services; RBI may encourage banks to make available databases of rejected credit applications available on a consent-basis to a neutral marketplace of alternate lenders. In line with the Open Data Regulations in the UK banking sector, the Committee further recommends that RBI may consider making available bank data (such as transaction and account history data) to fintech firms through APIs.
(b) Data privacy risks:
The Committee notes that the data sharing between entities is also subject to privacy laws, and while the Ministry of Science and Technology has already formulated the National Data Sharing and Accessibility Policy, and MEITY is the nodal Ministry to implement the policy, the same needs wider acceptance and implementation. The Committee has further recommended that a taskforce in the Ministry of Finance may be set up with the participation of the regulators and suitable recommendations may be made to safeguard the interests of consumers.
The Committee has expressed that the provisions of the Data Protection Bill, 2018 may have far-reaching implications on the growth of fintech sector, and has therefore, recommended that regulators should urgently review the existing regulatory framework with respect to data protection and privacy concerns, in keeping with emerging data privacy legislation in India.
Our related write-ups can be viewed here:
Please find below the link for other write-ups relating to Fintechs.
Among the disruptive Fintech practices, app-based lending is certainly notable. The scenario of an app-based lending is somewhat like this – a prospective borrower goes to an app platform, fills up some information. At the background, the app collects and collates the information including credit scores of the individual, may be the individual’s contact bases in social networks, etc. Finally, the loan is sanctioned in a jiffy, mostly within minutes.
The borrower interacts with the platform, but does the borrower know that the loan is actually not coming from the platform but from some NBFC? Whether the borrower knows or cares for who the lender is, the fact is that mostly, the technology provider (platform) and the funding provider (lender) are not the same. It may be two entities within the same group, but more often than not, the lender is an NBFC which is simply originating the loan based on the credit comfort provided by the platform.
The relation between the platform and the lender may take one of the following forms: (a) platform simply is procuring or referring the credit; the platform has no credit exposure at all; (b) the platform is acting as a sourcing agent, and is also providing a credit support, say in form of a first-loss guarantee for a certain proportion of the pool of loans originated through the platform; (c ) the platform provides full credit support for all the loans originated through the platform, and in return, the lender allows the platform to retain all the actual returns realised through the pool of loans, over an and above a certain “portfolio IRR”.
Option (a) is pure sourcing arrangement; however, it is quite unlikely that the lender will be willing to trust the platform’s credit scoring, unless there is significant skin-in-the-game on the part of the platform.
If it is a case of option (c ) [which, incidentally, seems quite common, the loan is actually put on the books of the lender, but the credit exposure is on the platform. The lender’s exposure is, in fact, on the platform, and not the borrower. The situation seems to be quite close to a “total rate of return swap”, a form of a credit derivative, whereby parties synthetically replace the exposure and the actual rate of return in a portfolio of loans by a pre-agreed “total rate of return”.
Our objective in this article is to examine whether there are any regulatory concerns on the practice as in case of option (c ) . Option c is an exaggeration; there may be a case such as option (b). But since option (b) is also a first loss guarantee with a substantial thickness, it is almost akin to the platform absorbing virtually all the risks of the credit pool originated through the platform.
Before we get into the regulatory concerns, it is important to understand what are the motivations of each of the parties in this bargain.
The motivation on the part of the platform is clear – the platform makes the spreads between the agreed portfolio IRR with the lender, and the actual rate of return on the loan pool, after absorbing all the risk of defaults. Assume, the small-ticket personal loan is being given at an interest rate of 30%, and the agreed portfolio IRR with the lender is 14%, the platform is entitled to the spread of 16%. If some of the loans go bad, as they indeed do, the platform is still left with enough of juice to be a compensation for the risks taken by it.
The readiness on the part of the platform is also explained by the fact that the credibility of the platform’s scoring is best evidenced by the platform agreeing to take the risk – it is like walking the talk.
The lender’s motivations are also easy to understand – the lender is able to disburse fast, and at a decent rate of return for itself, while taking the risk in the platform. In fact, several NBFCs and banks have been motivated by the attractiveness of this structure.
Are there any regulatory concerns?
The potential regulatory concerns may be as follows:
- De-facto, synthetic lending by an entity that is not a regulated NBFC
- Undercapitalised entity taking credit risk
- Skin-in-the-game issue
- A CDS, but not regulated as a CDS
- Financial reporting issues
- Any issues of conflict of interest or misalignment of incentives
- Good borrowers pay for bad borrowers
- KYC or outsourcing related issues.
Each of these issues are examined below.
Synthetic lending by an unregulated entity
It is common knowledge that NBFCs in India require registration. The platform in the instant case is not giving a loan. The platform is facilitating a loan – right from origination to credit risk absorption. Correspondingly, the platform is earning a spread, but the activity is technically not a “financial activity”, and the spread not a “financial income”; hence, the platform does not require regulatory registration.
Per contra, it could be argued that the platform is essentially doing a synthetic lending. The position of the platform is economically similar to an entity that is lending money at 30% rate of interest, and refinancing itself at 14%. There will be a regulatory arbitrage being exploited, if such synthetic lending is not treated at par with formal lending.
But then, there are whole lot of equity-linked or property-linked swaps, where the returns of an investment in equities, properties or commodities, are swapped through a total rate of return swaps, and in regulatory parlance, the floating income recipient is not regarded as investor in equities, properties or commodities. Derivatives do transform one asset into another by using synthetic technology – in fact, insurance-linked securities allow capital market investors to participate in insurance risk, but it cannot be argued that such investors become insurance companies.
Undercapitalised entities taking credit risk
It may be argued that the platform is not a regulated entity; yet, that is where the actual credit risk is residing. Unlike NBFCs, the platform does not require any minimum capitalisation norms or risk-weighted capital asset requirements. Therefore, there is a strong potential for risk accumulation at the platform’s level, with no relevant capital requirements. This may lead to a systemic stability issue, if the platforms become large.
There is a merit in the issue. If fintech-based lending becomes big, the exposure taken by fintech entities on the loans originated through them, on which they have exposure, may be treated at par with loans actually held on the balance sheet of the fintech. As in case of financial entities, there are norms for converting off-balance sheet assets into their on-balance sheet equivalents, the same system may be adopted in this case.
Skin-in-the game issue
Post the Global Financial Crisis, one of the regulatory concerns was skin-in-the-game. In light of this, the RBI has imposed minimum holding period, and minimum risk retention requirements in case of direct assignments as well as securitisation.
The transaction of guarantee discussed above may seem like the exposure being shifted by the platform to the NBFC. However, the transaction is not at all comparable with an assignment of a loan. Here, the lending itself is originated on the books of the NBFC/lender. The lender has the ultimate discretion to agree to lend or not. The credit decision is that of the lender; hence, the loan is originated by the lender, and not acquired. The lender is mitigating the risk by backing it up with the guarantee of the platform – but this is not a case of an assignment.
There is a skin-in-the-game on either side. For the platform, the guarantee is the skin-in-the-game; for the NBFC, the exposure in the platform becomes its stake.
A CDS, but not regulated as a CDS
The transaction has an elusive similarity to a credit default swap (CDS) contract. It may be argued that the guarantee construct is actually a way to execute a derivative contract, without following CDS guidelines provided by the RBI.
In response, it may be noted that a derivative is a synthetic trading in an exposure, and is not linked with an actual exposure. For example, a protection buyer in a CDS may not be having the exposure for which he is buying protection, in the same way as a person acquiring a put option on 100 gms of gold at a certain strike price may not be having 100 gms of gold at all. Both the persons above are trying to create a synthetic position on the underlying.
Unlike derivatives, in the example of the guarantee above, the platform is giving guarantee against an actual exposure. The losses of the guarantor are limited to actual losses suffered by the lender. Hence, the contract is one of indemnity (see discussion below), and cannot be construed or compared to a derivative contract. There is no intent of synthetic trading in credit exposure in the present case.
Financial reporting issues:
It may be argued that the platform is taking same exposure as that of an actual lender; whereas the exposure is not appearing on the balance sheet of the platform. On the other hand, the actual exposure of the lender is on the platform, whereas what is appearing on the balance sheet of the lender is the loan book.
The issue is one of financial reporting. IFRSs clearly address the issue, as a financial guarantee is an on-balance sheet item, at its fair value. If the platform is not covered by IFRSs/IndASes, then the platform will be reflecting the guarantee as a contingent liability on its balance sheet.
Conflicts of interest or misalignment of incentives:
During the prelude to the Global Financial Crisis, a commonly-noted regulatory concern was misalignment of incentives – for instance, a subprime mortgage lender might find it rewarding to lend to a weak credit and capture more excess spread, while keeping its exposure limited.
While that risk may, to some extent, remain in the present guarantee structure as well, but there are at least 2 important mitigants. First, the ultimate credit decision is that of the NBFC. Secondly, if the platform is taking full credit recourse, then there cannot be a misalignment of incentives.
Good borrowers pay for bad borrowers
It may be argued that eventually, the platform is compensating itself for the risk of expected losses by adding to the cost of the lending. Therefore, the good borrowers pay for the bad borrowers.
This is invariably the case in any form of unsecured lending. The mark-up earned by the lender is a compensation for risk of expected losses. The losses arise for the loans that don’t pay, and are compensated by those that do.
KYC or outsourcing related issues
Regulators may also be concerned with KYC or outsourcing related issues. As per RBI norms “NBFCs which choose to outsource financial services shall, however, not outsource core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening deposit accounts, according sanction for loans (including retail loans) and management of investment portfolio.”
Usually the power to take credit decisions vests with the lender. However, in case the arrangement between the lender and the platform is such that the platform performs the decision-making function, the same shall amount to outsourcing of core management function of the NBFC, which is expressly disallowed by the RBI. The relevant extract from the KYC Master Directions is as follows:
“REs shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced.”
Is it actually a guarantee?
Before closing, it may be relevant to raise a legal issue – is the so-called guarantee by the platform actually a guarantee?
In the absence of tripartite agreement between the parties, the arrangement cannot be said to be a contract of guarantee. Here the involvement is of only two parties in the arrangement i.e. the guarantor and the lender.
It was held in the case of K.V. Periyamianna Marakkayar and others vs Banians And Co. that “Section 126 of the Indian Contract Act which defines a contract of guarantee though it does not say expressly that the debtor should be a party to the contract clearly implies, that there should be three parties to it namely the surety, the principal-debtor and the creditor ; otherwise it will only be a contract of indemnity. Section 145 which enacts that in every contract of guarantee there is an implied promise by the principal debtor to indemnify the surety clearly shows that the debtor and the surety are both parties to such a contract ; for it will be strange to imply in a contract a promise between persons who are not parties to it.”
Accordingly, the said arrangement maybe termed as a contract of indemnity wherein the platform agrees to indemnify the lender for the losses incurred on account of default by the borrower.
Fintech-based lending is here to stay, and grow. Therefore, risk participation by Fintech does not defeat the system – rather, it promotes lending and adds to the credibility of the Fintech’s risk assessment. Over period of time, the RBI may evolve appropriate guidelines for treating the credit exposure taken by the platforms as a part of their credit-equivalent assets.
-Financial Services Division | Vinod Kothari Consultants Pvt. Ltd.
The RBI recently wrote a letter, dated 16th September, 2019, to banks and NBFCs, censuring them over what seems to have been a prevailing practice – sharing of credit information sourced by NBFCs from Credit Information Companies (CICs), to fintech companies. The RBI reiterated that such sharing of information was not permissible, citing several provisions of the law, and expected the banks/NBFCs to affirm steps taken to ensure compliance within 15 days of the RBI’s letter.
This write-up intends to discuss the provisions of the Credit Information Companies (Regulation) Act, 2005 [CICRA], and related provisions, and the confidentiality of credit information of persons, and the implications of the RBI’s letter referred to above.
Fintech companies’ model
Much of the new-age lending is enabled by automated lending platforms of fintech companies. The typical model works with a partnership between a fintech company and an NBFC. The fintech company is the sourcing partner, and the NBFC is the funding partner. A borrower goes to the platform of the fintech company which provides a user-friendly application process, consisting of some basic steps such as providing the aadhaar card or PAN card details, and a photograph. Now, having got the individual’s basic details, the fintech company may either source the credit score of the individual from one of the CICs, or may use its own algorithm. If the fintech company wants to access the data stored with the CICs, it will have to rely on one of its partner NBFCs, since CIC access is currently allowed to financial sector entities only, who have to mandatorily register themselves as members of all four CICs.
It is here that the RBI sees an issue. If the NBFC allows the credit information sourced from the CIC to be transferred to a fintech company, there is an apparent question as to whether such sharing of information is permissible under the law or not.
We discuss below the provisions of the law relating to use of credit information.
Confidentiality of credit information
By virtue of the very relation between the customer and a banker, a banker gets access to the financial information of its customers. Very often, an individual may not even want to share his financial data even with close family members, but the banker any way has access to the same, all the time. If the banker was to share the financial details of a customer, it would be a clear intrusion into the individual’s privacy, and that too, arising out of a fiduciary relationship.
Therefore, the principle, which has since been reiterated by courts in numerous cases, was developed by UK courts in an old ruling in Tournier v National Provincial and Union Bank of England  1 KB 461. Halsbury’s Laws of England, Vol 1, 2nd edition, says: “It is an implied term of the contract between a banker and his customer that the banker will not divulge to third persons, without the consent of the customer, express or implied, either the state of the customer’s account, or any of his transactions with the bank or any information relating to the customer acquired through the keeping of his account, unless the banker is compelled to do so by order of a Court, or the circumstances give rise to a public duty of disclosure or the protection of the banker’s own interests requires it.”
The above law is followed in India as well.
In Shankarlal Agarwalla v. State Bank of India and Anr. AIR 1987 Cal 29, it was held that compulsion to disclose must be confined to the regular exercise by the proper officer to actual legal power to compel disclosure.
In case any information is disclosed without a legal compulsion to disclose, the same is wrongful on the part of the lender.
Credit Information Companies and sharing of information
When an RBI Working Group set up in 1999 under the chairmanship of N. H. Siddiqui recommended the formation of CICs in India, the question of confidentiality of credit information was discussed. It was noted by the Working Group that all over the world, there are regulatory controls on sharing of information by credit bureaus:
The Credit Information Bureaus, all over the world, function under a well defined regulatory framework. Where the Bureaus have been set up as part of the Central Bank, the regulatory framework for collection of information, access to that information, privacy of the data, etc., is provided by the Central Bank. Where Bureaus have been set up in the private sector, existence of separate laws ensure protection to the privacy and access to the data collected by the Bureau. In the U.S.A. where Credit Information Bureaus have been set up in the private sector, collection and sharing of information is governed by the provisions of the Fair Credit Reporting Act, 1971 (as amended by the Consumer Credit Reporting Reform Act of 1996). The Fair Credit Reporting Act is enforced by the Federal Trade Commission, a Federal Agency of the U.S. Govt. In the U.K., Credit Bureaus are licensed by the Office of the Fair Trading under the Consumer Credit Act of 1974. The Bureaus are also registered with the Office of the Data Protection Registrar, appointed under the Data Protection Act, 1984 (replaced by the Data Protection Commissioner under the new Act of 1998). In Australia, neither the Reserve Bank of Australia nor the Australian Prudential Regulation Authority (APRA) plays a role in promoting, developing, licensing or supporting Credit Bureaus. APRA holds annual meetings with the major Bureaus in Australia. The sharing of information relating to customers is regulated in Australia by the Privacy Act. This Act is administered by the Privacy Commissioner, who is vested with the responsibility of framing guidelines for protection of privacy principles and to ensure that Bureaus in Australia conform to these guidelines. In New Zealand, a situation similar to that of Australia exists. In Sri Lanka, the Bureau was formed by an Act of Parliament at the initiative of the Central Bank. A Deputy Governor of the Central Bank is the Chairman of the Bureau in Sri Lanka and the Bank is also represented on the Board of the Bureau by a senior officer. In Hong Kong, the Hong Kong Monetary Authority (HKMA), though not being directly involved in the setting up of a credit referencing agency has issued directions to all the authorised institutions recommending their full participation in the sharing and using of credit information through credit referencing agencies within the limits laid down by the Code of Practice on Consumer Credit Data formulated by the Privacy Commissioner. HKMA also monitors the effectiveness of the credit referencing services in Hong Kong, in terms of the amount of credit information disclosed to such agencies, and the level of participating in sharing credit information by authorised institutions.
The inherent safeguards in the CIC Law
CICRA provides the privacy principles which shall guide the CICs, credit institutions and Specified Users in their operations in relation to collection, processing, collating, recording, preservation, secrecy, sharing and usage of credit information. In this regard, the purpose of obtaining information, guidelines for access to credit information of customers, restriction on use of information, procedures and principles for networking of CICs, credit institutions and specified users, etc. must be clearly defined.
Further, no person other than authorised person is allowed to have access to credit information under CICRA. Persons authorised to access credit information are CICs, credit institutions registered with the CICs and other persons as maybe specified by the RBI through regulations.
The Credit Information Companies Regulations provide that other persons who maybe allowed to access credit information are insurance companies, IRDAI, cellular service providers, rating agencies and brokers registered with SEBI, SEBI itself and trading members registered with Commodity Exchange.
Clearly, fintech companies or technology service providers are not authorised to access credit information. Access of information by such companies is a clear violation of CICRA.
Secrecy of customer information: duty of the lender
Paget on the Law of Banking observed that out of the duties of the banker towards the customer among those duties may be reckoned the duty of secrecy. Such duty is a legal one arising out of the contract, not merely a moral one. Breach of it therefore gives a claim for nominal damages or for substantial damages if injury is resulted from the breach.
Further, in case of Kattabomman Transport Corporation Ltd. V. State Bank of India, the Calcutta High Court held that the banker was under a duty to maintain confidentiality. An appeal was filed against this ruling, the outcome of which was the information maybe disclosed by the banks, only when there is a higher duty than the private duty.
NBFCs providing access to the fintech companies is undoubtedly a private duty and thus, is a breach of duty on the part of the lender.
The case of Fintech Companies and NBFC partnership:
The letter of the RBI under discussion, dated 17th September, 2019, has been seen as a challenge to the working of the fintech companies. However, to understand in what way does this affect the working of fintech companies, we need to understand several situations.
Before coming to the same, it must be noted that the RBI’s 17th September circular is not writing a new law. The law on sharing of credit information has always been there, and the inherent protection is very much a part of the CICRA itself. The RBI circular is, at best, a regulatory cognition of an existing issue, and is a note of caution to NBFCs, who, in their enthusiasm to generate business, may not disregard the provisions of the law.
The situations may be as follows:
- Fintech company using its own algorithm: In this case, the fintech company is relying upon its own proprietary algorithm. It is not relying on any credit bureau information. Therefore, there is no question of any credit information being shared. In fact, even if the fintech uses the score developed by it, without relying on CIC data, with other entities, it is a proprietary information, which may be shared.
- NBFC sharing credit information with Fintech company, which is sourcing partner for the NBFC: If the NBFC is sharing information with a fintech company, with the intent of using the information for its own lending, can it be argued that there is a breach of the provisions of the CICRA? It may be noted that regulation 9 of the CIC Regulations requires CICs to protect credit information from unauthorised access. As already discussed, access by such fintech companies is unauthorised.
- NBFC sharing credit information with Fintech company, which is not partnering with the NBFC: In case, the NBFC is not partnering with the NBFC and is still sharing credit information, there seems to be no reason for such sharing other than information trading. Several NBFCs have at many instances, been reported to have engaged in information trading for additional income.
- NBFC sharing credit information with another NBFC/bank, which is a co-lender: The NBFC may authorise its co-lender to obtain credit information from CICs and the same shall not be an unauthorised access of information, since the co-lender is also a credit institution and is registered with CICs.
- Bank sharing credit information with another NBFC which is a sourcing partner and not a c0-lender: If the sourcing partner is a member of CICs, it may access the credit information directly from the CICs. If the sourcing partner is not a member of CICs, sharing of credit information is violation of customer privacy, and thus, shall not be allowed.
The credit bureau reports are actually being exchanged in the system without much respect to the privacy of the individual’s data. With the explosion of information over the net, it may even be difficult to establish as to where the information is coming from. Privacy and confidentiality of information is at stake. At the same time, the very claim-to-existence of fintech entities is their ability to process a credit application within no time. Whether there is an effective way to protect the sharing of information stored with CICs is a significant question, and the RBI’s attention to this is timely and significant.
-Rahul Maharshi and Kanakprabha Jethani
“यावज्जीवेत्सुखं जीवेत् ऋणं कृत्वा घृतं पिबेत् |
भस्मीभूतस्य देहस्य पुनरागमनं कुतः ||”
The ancient couplet from the Charvak Darshan, in Indian mythology is popularly known as the philosophy of life. There are various interpretations of the above, in general, the meaning of the above couplet gives us a saying that “One should live luxuriously, as long as he is alive, and to attain the same, one may even live on credit and in debt. Because once you are dead and cremated, it is foolish to think about afterlife and rebirth.”
It is seen today that the financial services industry is taking the above couplet too seriously and making the borrowers flooded with opportunities and facilities to burden them with debt in one click. Even the person who is unwilling to enter into a debt trap is somewhat lured by the “instant loan” facilities given by numerous NBFCs these days.
Whilst the Indian economy facing a slowdown and banks in India showing significant falls in their lending volumes, the NBFCs engaged in e-lending are displaying an inverse relation to the trend. The NBFCs have been showing extravagant growth in their lending volumes. On one hand banks are tightening the lending norms considering the current state of the economy, NBFCs seem to be doing reckless lending and reporting exceptionally high lending volumes. The financial market seems to be showing a transition from secured lending to unsecured lending, from corporate finance to personal finance, from paperwork to digitisation. This transition is the reason behind such a drastic shift of lending volumes.
CURRENT STATE OF LENDING TRANSACTIONS
NBFCs are crossing milestones, making new records everyday. A leading NBFC reported disbursal of Rs. 550 crores in 3,50,000 loan transactions and has been consistently disbursing loans over Rs. 80 crores every month. Another NBFC reported an existing customer base of 1.1 million. An app-based lender NBFC has 100 million downloads of its app and has disbursed around Rs. 700 crores in FY 19 with an expectation of increasing the amount of disbursals to Rs. 2,000 crores in FY 20.
On the contrary, banks are showing a completely opposite picture. Under the 59-minute loan scheme introduced by the Prime Minister for small entities (having turnover upto Rs. 25 crores) to avail loans of amount upto Rs. 5 crores from banks within an hour, only 50,706 loans were given approval in the FY 19. The growth rates in the banking sector are lowering. The growth in retail loans fell down to 15.7% in April 2019 as compared to 19.1% in April 2018. The growth rate in credit card loans has also shown a decline of 8.8%.
UNDERSTANDING THEIR BUSINESS MODEL
NBFCs do unsecured lending of small-ticket size loans, usually personal in nature. The market tends to be more inclined towards obtaining finance from such NBFCs. The basic features of loans provided by NBFCs can be understood through following points:
- Unsecured: The loans provided by NBFCs doing e-lending are generally unsecure loans. The borrower or the customer is not required to provide any security for obtaining such loans. Thus, even if borrowers have no assets at all, they can still obtain loans.
- Instant: These NBFCs process the loans within a very short period (‘superfast processing’ as they call it) and the disbursement is made within a period ranging from 5 minutes to 3 days depending on the size of the loan. There is no requirement of long procedures as required to be followed in case of bank loans.
- Digital: Usually, these NBFCs have an app-based or website based platform through which they provide such loans. The KYC process is also carried out through the app or website itself.
- High-interest rates: The interest rates on such loans are very high as compared to the interest rates on loans provided by banks. The rates usually range from 15% p.a. to 130% p.a.
- Small-ticket size: The loan size is generally small ranging from Rs. 500 to Rs, 50,000
- Short-term loans: The term of loan is also short. Repayment is required on weekly, fortnightly or monthly basis.
- Credit Score based decisions: The lending decisions made by NBFCS are largely dependent on the credit score of the borrower. A strong network of Credit Information Companies (CICs) stores the credit information of the borrowers and the borrower making default of even a single day would be barred from accessing any other e-lending platform as well. However, for first time borrowers, the only way to check credit standing is their bank statement.
- Source of funds: NBFCs get their funds from banks as well as bigger size NFCs and Private Equity investors.
- Purpose: These loans are provided mostly for personal purposes like marriage ceremonies, buying a car, medical issues, travel etc.
- Innovation: Each of the e-lending platform has a different model. While some involve students in their marketing activities, some have tied-up with sellers and buyers to finance transactions between them and some tying up with different brands to finance their operations.
NBFCs BRUSHING OFF THE REGULATIONS: THEIR OWN SWEET WAYS
The operational structures of such loans are in defiance of many requirements of the RBI Directions. One can see disparity from the RBI Directions in many ways. Following are the areas where most of the NBFCs take their own sweet ways:
- KYC process: As per the KYC Master Directions an authorised representative of the lender NBFC to physically visit and originally see and verify the KYC details of the borrower. There are further requirements of maintaining the KYC records and carrying out Customer Due Diligence (CDD) which the NBFCs fail (refuse) to comply with in the hurry of their “superfast processing”.
- Fair Practice Code (FPC): The FPC requires lender NBFCs to display annualised interest rates in all their communications with the borrowers. However, most of the NBFCs show monthly interest rates in the name of their “marketing strategy”.
- Risk Management: The Directions require the NBFCs to assess the risk before granting loans to borrowers, which is overlooked while providing speedy disbursals.
- Recovery Process: NBFCs do not even have properly defined recovery process. They are just making rapid disbursals ignorant of whether these loans will be repaid.
- Risk to personal information: Many NBFCs obtain access to the personal information such as text messages and social media profile of the borrower by way of incorporating clauses in this regard in the detailed terms and conditions of the loan agreement.
RISKS TO THE BORROWERS
The borrowers face several risks under such loan transactions, ranging from personal to financial such as:
- Many borrowers usually don’t read the entire set of terms and conditions and end up granting the NBFCs access to their personal information. Privacy of the borrower is at stake as information trading is yet another business that the NBFCs may secretly engage into posing a threat to borrowers’ personal information.
- The lucrative advertising strategies of these NBFCs might make a borrower take loans for purposes which otherwise would not have been a necessity or priority for the borrower. Hence, the borrower tends to borrow without any actual requirement because a demand has been created by the lender NBFCs.
- The interest rates are very high on such loans. In case the amount of loan is high, the borrower is unable to pay the huge amount of interest and thus has to take another loan to repay the first.
- The credit score of the borrower may get affected at the slightest delay in repayment, even if the amount of loan is as small as Rs. 500. Thus the credibility of borrower is at a risk of degradation.
THE BUBBLE OF ATTRACTION: PLAYING WITH THE PSYCHOLOGY
Even in existence of such high interest rates, why is a borrower more attracted to loans from NBFCs? The only answer one finds to this is the ease and the fact that they are instant. In an era where everyone wants everything in a jiffy, be it food or health solutions, being attracted to instant loans is a very natural thing.
For example you meet an accident and don’t have money for treatment to be done, take a loan. You are shopping and suddenly realise you forgot your purse, take a loan.
The most crucial thing is that these NBFCs do not monitor the end use of the loan amounts disbursed. So a borrower may specify any purpose for the loan, which he might not actually use the loan for. Moreover, the high interest rates are not noticed by the borrowers as most of the NBFCs show monthly interest rates rather than the yearly rates in their communications on the app or the website.
Many borrowers usually don’t read the entire set of terms and conditions and end up granting these NBFCs access to their personal information. Information trading is yet another business that the NBFCs may secretly engage into posing a threat to borrowers’ information.
The NBFCs are rightly playing the psychology game by becoming a friend in need for the borrowers. No matter how high the interest rates maybe or how risky the transaction maybe, it is a handy help whenever needed.
Furthermore, the advertisements made by these NBFCs are so catchy that they may lure a person who might not really be in need of finance. The catchy phrases like “make your dream wedding come true”, “let the wanderlust in you come alive” create a “need” for the customer to become a borrower. Marriage functions, travel and luxuries things are the Indian way of showing richness and the abovementioned philosophy wraps people in a comfortable blanket of justification to remain under debt-burden.
ALL OUR MONEY INTO THE BLACK HOLE
While lending to businesses results in more capital formation and growth of the economy. Personal lending mostly results in wasteful expenditure. Further, the interest rates being so high, many a times the borrowers obtain another loan to pay the previous loan and gets trapped into the vicious circle of obtaining and repaying loans. The increasing lending volumes are not an indication of overall growth of the economy. Most of the purposes for which such loans are availed are consumption-based and have no value-addition. All the money taken on loan is being used in consumption-based expenditure and not in value-addition activities and thus even after such high lending volumes, the growth of the economy is just disappearing into the black hole.
While on one hand, such loans are helping us in need, on the other hand they are luring us to take unnecessary debt burden. The lender NBFCs are under the risk of regulatory action by the regulators since many of them are in non-compliance with regulatory requirements. The borrowers are under the risk of pressing themselves under unnecessary debt burden and huge interest costs. The recovery procedures of these NBFCs are very lenient but due to the high interest costs, the cost of funds is readily recovered by the lender NBFC. Even when banks have tried to provide quick loans under 59-minutes loan scheme, they have failed to do away with the procedural requirements such as document submission and are still regarded as “slow-loans” considering the super-fast loans being provided by NBFCs within 5 minutes.
Though immensely helpful, these loans have a potential to impact the economy in such a manner that it seems to be beneficial while it’s actually not. The borrowers are happily floating in the bubble of “instant loans” which is definitely going to burst in no time.
 Source: Economic Times
 Source: CNBC
 Source: Business Standard
Published on April 22, 2019 | Updated as on August 26, 2019
April 2019 marks the introduction of a structured proposal on regulatory sandboxes (“Proposal”). ‘Sandboxes’ is a new term and has created a hustle in the market. What are these? What is the hustle all about? The following article gives a brief introduction to this new concept. With the rapidly evolving entities based on financial technology (Fintech) having innovative and complex technical model, the regulators have also been preparing themselves to respond and adapt with changing times. To harness such innovative business concepts, several developed countries and emerging economies have recognised the concept of ‘regulatory sandboxes’. Regulatory sandboxes or RS is a framework which allows an innovative startup involved in financial technologies to undergo live testing in a controlled environment where the regulator may or may not permit certain regulatory relaxations for the purpose of testing. The objective of proposing RS is to allow new and innovative projects to conduct live testing and enable learning by doing approach. The objective behind the framework is to facilitate development of potentially beneficial but risky innovations while ensuring the safety of end users and stability of the marketplace at large. Symbolically, RSs’ are a cocoon in which the startups stay for some time undergoing testing and growing simultaneously, and where it is determined whether they should be launched in the market. In furtherance to the recommendation of an inter-regulatory Working Group (WG) vide its Report on FinTech and Digital Banking1 , the Reserve Bank of India has released the draft ‘Enabling Framework for Regulatory Sandbox’ on April 18, 20192 . The final guidelines shall be released based on the comments of the stakeholders on the aforesaid draft.
Benefits and Limitations
- Regulator can obtain a first-hand view of benefits and risks involved in the project and make future policies accordingly.
- Product can be tested without an expensive launch and any shortcoming thereto can be rectified at initial stages.
- Improvement in pace of innovation, financial inclusion and reach.
- Firms working closely with RS’s garner a greater degree of legitimacy with investors and customers alike.
- Applicant may tend to lose flexibility and time while undergoing testing.
- Even after a successful testing, the applicant will require all the statutory approvals before its launch in the market.
- They require time and skill of the regulator for assessing the complex innovation, which the regulator might not possess.
- It demands additional manpower and resources on part of regulator so as to define RS plans and conduct proper assessment.
Emergence of concept of RS
The concept of RS emerged soon after the Global Financial Crisis (GFC) in 2007-08. It steadily gained prominence and in 2012, Project Catalyst introduced by US Consumer Financial Protection Bureau (CFPB) finally gave rise to the sandbox concept. In 2015, UK Government Office for Science exhibited the benefits of “close collaboration between regulator, institutions and FinTech companies from clinical environment or real people” through its FinTech Future report. In 2016, UK Financial Conduct Authority launched its regulatory sandbox. Emergence of RS in India In February 2018, RBI launched report of working group on FinTech and digital banking. It recommended Institute for Development and Research in Banking Technology (IDRBT) as the entity whose expertise could run RS in India in cooperation with RBI. After immense deliberations and research, RBI announced its detailed proposal on RS in April 2019. Some of the provisions of the proposal are described hereunder.
Who can apply?
A FinTech firm which fulfills criteria of a startup prescribed by the government can apply for an entry to RS. Few cohorts are to be run whereby there will be a limited number of entities in each cohort testing their products during a stipulated period. The RS must be based on thematic cohorts focusing on financial inclusion, payments and lending, digital KYC etc. Generally , 10-12 companies form part of each cohort which are selected by RBI through a selection process detailed in “Fit and Proper Criteria for Selection of Participants in RS”. Once approval is granted by RBI, the applicant becomes entity responsible for operating in RS. Focus of RBI while selecting the applicants for RS will be on following products/services or technologies:
- Retail payments
- Money transfer services
- Marketplace lending
- Digital KYC
- Financial advisory services
- Wealth management services
- Digital identification services
- Smart contracts
- Financial inclusion products
- Cyber security products Innovative Technology
- Mobile technology applications (payments, digital identity, etc.)
- Data Analytics
- Application Program Interface (APIs) services
- Applications under block chain technologies
- Artificial Intelligence and Machine Learning applications
Who cannot apply?
Following product/services/technology shall not be considered for entry in RS:
- Credit registry
- Credit information
- Crypto currency/Crypto assets services
- Trading/investing/settling in crypto assets
- Initial Coin Offerings, etc.
- Chain marketing services
- Any product/services which have been banned by the regulators/Government of India
For how long does a company stay in the cocoon?
A cohort generally operates for a period of 6 months. However, the period can be extended on application of the entity. Also, RBI may, at its discretion discontinue testing of certain entities which fails to achieve its intended purpose. RS operates in following stages:
|1||Preliminary screening||4 weeks||The applicant is made aware of objectives and principles of RS.|
|2||Test design||3 weeks||FinTech Unit finalises the test design of the entity.|
|3||Application assessment||3 weeks||Vetting of test design and modification.|
|4||Testing||12 weeks||Monitoring and generation of evidence to assess the testing.|
|5||Evaluation||4 weeks||Viability of the project is confirmed by RBI|
An alternative to RS
An alternative approach used in developing countries is known as the “test and learn” approach. It is a custom-made solution created by negotiations and dialogue between regulator and innovator for testing the innovation. M-PESA in Kenya emerged after the ‘test-and-learn’ approach was applied in 2005. The basic difference between RS and test-and-learn approach is that a RS is more transparent, standardized and published process. Also, various private, proprietary or industry led sandboxes are being operated in various countries on a commercial or non-commercial basis. They conduct testing and experimentation off the market and without involvement of any regulator. Asean Financial Innovation Network (AFIN) is an example of industry led sandbox.
Globalization in RS
A noteworthy RS in the Global context has been the UK’s Financial Conduct Authority (FCA) which has accepted 89 firms since its launch in 2016. It was one of the early propagators to lead the efforts for GFIN and a global regulatory sandbox. Global Financial Innovation Network (GFIN) is a network of 11 financial regulators mostly of developed countries and related organizations. The objective of GFIN is to establish a network of regulators, to frame joint policy and enable regulator collaboration as well as facilitate cross border testing for projects with an international market in view.
Final framework for RS
RBI introduced final framework for the RS on August 13, 2019 which is almost on the same lines as the Proposal as mentioned above. However the RBI has relaxed the minimum capital requirement to Rs 25 lakhs in place of Rs. 50 lakhs as required under the draft framework with a view to expand the scope of eligible entities.
Regulatory sandboxes were introduced with a motive to enhance the outreach and quality of FinTech services in the market and promote evolution of FinTech sector. Despite certain limitations, which can be overcome by using transparent procedures, developing well-defined principles and prescribing clear entry and exit criteria, the proposal is a promising one. It strives to strike a balance between financial stability and consumer protection along with beneficial innovation. It Is also likely to develop a market which supports a regulated environment for learning by doing in the scenario of emerging technologies.
By Vishes Kothari (firstname.lastname@example.org)
With the proliferation of retail lending NBFCs offering a variety of traditional and disruptive products, there has been the frequent question about NBFCs being able to issue credit cards.
This question leads onto various further questions- for example, is a credit ‘card’ facility in virtual form also a credit card? Hence it appears that one must first examine what exactly is the defining feature of a credit card. This note intends to explore this pertinent question.
Credit Card: Defining features
There is no direct definition of the credit card to be found in Indian laws and regulations issued by the RBI. This is because before the advent of new technologies resulting in new products, it was generally quite clear as to what was meant by a credit card facility. A card meant what looked like a card – the piece of plastic that one would keep in one’s pocket or wallet. However, technological advancements have completely changed that perception.
In UK law, one finds a definition of a credit card in The Credit Cards (Merchant Acquisition) Order 1990. This regulation provides:
“credit card” means a payment card the holder of which is permitted under his contract with the issuer of the card to discharge less than the whole of any outstanding balance on his payment card account on or before the expiry of a specified period (subject to any contractual requirements with respect to minimum or fixed amounts of payment), other than:
(a) a payment card issued with respect to the purchase of the goods, services, accommodation or facilities of only one supplier or of suppliers who are members of a single group of interconnected bodies corporate(1) or who trade under a common name,
(b) a payment card with respect to which the payment card account is a current account, or
(c) a trading check;
“payment card” means a card, the production of which (whether or not any other action is required) enables the person to whom it is issued (“the holder”) to discharge his obligation to a supplier in respect of payment for the acquisition of goods, services, accommodation or facilities, the supplier being reimbursed by a third party (whether or not the third party is the issuer of the card and whether or not a fee or charge is imposed for such reimbursement);
A credit card has thus been defined by an exclusion principle- it is all those payment cards which a user can use to ‘discharge obligations’ (i.e. make payments) with the exception of debit cards, cheques and cards which can be used at the outlet of only a single brand/store.
Thus, the credit card appears to have been defined by its ability to claim credit from the issue to make payments to a third party, via the use of the card.
This definition appears quite convenient to apply to the Indian financial services sector.
Who can issue credit cards?
Prior approval of the RBI is not necessary for banks desirous of undertaking credit card business either independently or in tie-up arrangement with other card issuing banks.
In the case of NBFCs, the RBI vide Master Direction DNBR. PD. 008/03.10.119/2016-17 dated September 01, 2016, has stipulated that only the following types of NBFCs are permitted to issue credit cards with the prior approval of the RBI:
- Issue of Credit Card
Applicable NBFCs registered with the Bank shall not undertake credit card business without prior approval of the Bank. Any company including a non-deposit taking company intending to engage in this activity requires a Certificate of Registration, apart from specific permission to enter into this business, the pre-requisite for which is a minimum net owned fund of ₹ 100 crore and subject to such terms and conditions as the Bank may specify in this behalf from time to time. Applicable NBFCs shall not issue debit cards, smart cards, stored value cards, charge cards, etc. Applicable NBFCs shall comply with the instructions issued by Bank to commercial banks vide DBOD.FSD.BC.49/ 24.01.011/ 2005-06 dated November 21, 2005 and as amended from time to time.
It seems clear that the RBI intends to make the eligibility criteria very steep by putting in place the requirement for an NOF of 100 crores. Moreover, the issuance of credit cards can only happen via approval route.
The case of virtual credit-cards
New technologies have led to the development of various new products and variants of traditional credit card facilities. One such development is the possibility of having ‘virtual credit cards’ which function via a downloadable app or other software and eliminate the need for a plastic card altogether. The question arises that are such virtual cards to be considered as ‘credit cards’ and hence, is it that only the NBFCs eligible to issue credit cards may issue the virtual variants?
A literal reading of the definition/regulations above would, of course, imply that the credit card refers to a plastic card. Hence once could conclude that any NBFC can issue virtual ‘credit cards’ as it does not involve the use of a card at all.
In our opinion, this is not in keeping with the spirit of the law. Restrictions have been placed to restrict the NBFCs which can issue credit cards as this facility is a sensitive facility which is offered to and used by members of the lay public. If by merely changing the actual form of the credit card, i.e. by making it a downloadable app or any other virtual form, if one could circumvent all the checks and balances that have been put into place on who can issue credit cards, then that would not be in keeping with the spirit of the law/regulations.
In our view the regulation applies not only to potential credit card issuers but instead to credit facility issuers- i.e. issuers wanting to issue credit card-like instruments, whatsoever may be their actual form. Hence we would hold that only those NBFCs which are eligible to issue credit cards are eligible to issue virtual credit cards.
There have appeared on the market another type of card – the ‘EMI Cards’.
While a credit card facility involves the user having an instrument which gives him access to an on-tap revolving line of credit, the EMI Card is a card with a pre-approved loan. When the user of the card presents the Card at third party merchant outlet, the Card converts the purchase payment into EMI payments payable to the card issuer. Hence the card acts like a pre-approved loan. Usually no interest rates are charged from the user of the card, instead there the card issuer has an arrangement with the merchant (perhaps a commission arrangement). Such cards might also come with an annual subscription fee charged from the user.
In an EMI card the issuer of the instrument is able to regulate the expenses for which the holder can make payments using the EMI card, unlike in case of a credit card, where the issuer has no control over the places where the card is being used. The issuer of an EMI card can reject a loan request as per the agreement under which the card is issued, even when there is unused balance on the card, whereas in case of credit card the issuer cannot reject a payment request if there is unused balance on the instrument.
An EMI card is an instrument which is mostly used to finance purchase consumer goods by the holder of the card, whereas credit card are being used to pay for any kind of expenses of the holder.
The issuer of an EMI card is able to have greater control over its usage by the holder as compared to a credit card issuer.
Hence in a credit card, while the user taps into a new loan each time he avails of credit via using the card facility, an EMI card is an instrument which activates a loan up to a certain pre-approved limit.
Because the EMI Card is not a credit facility, it would follow that the usual restrictions applicable to the issuance of credit cards would not be applicable here. However, the distinction between a traditional credit card and a so-called EMI card is too thin to be visibly clear. Therefore, there is a strong possibility of the regulations on credit cards getting surpassed by entities promising loan facilities via cards. While the need for regulatory clarity is clear, in the meantime, issuers have to be able to evidence their ability to control the facility, such that the card does not become a surrogate for a credit card.
By Vishes Kothari (email@example.com)
Real estate suffers from the paradox of being a much sought after mode of investment which is at the same time illiquid, has high investment threshold and is difficult to adminster and manage. However technology can provide newer and more efficient ways of investing smaller amounts into co-ownership of property.