-Vinod Kothari (firstname.lastname@example.org)
Marketplace lending, P2P lending, or Fintech credit, has been growing fast in many countries, including the USA. It is estimated to have reached about $ 24 billion in 2019 in the USA.
However, there are some interesting legal issues that seem to be arising. The issues seem to be emanating from the fact that P2P platforms essentially do pairing of borrowers and lenders. In the US practice, it is also commonplace to find an intermediary bank that houses the loans for a few days, before the loan is taken up by the “peer” or crowd-sourced lender.
USA, like many other countries, has usury laws. However, usury laws are not applicable in case of banks. This comes from sec 85 of National Bank Act, and sec. 27 (a) of the Federal Deposit Insurance Act.
In P2P structure, the loan on the platform may first have been originated by a bank, and then assigned to the buyer. If the loan carries an interest rate, which is substantially high, and such high interest rate loan is taken by the “peer lender”, will it be in breach of the usury laws, assuming the rate of interest is excessive?
One of the examples of recent legal issues in this regard is Rent-Rite Superkegs West, Ltd., v. World Business Lenders, LLC, 2019 WL 2179688. In this case, a loan of $ 50000 was made to a corporation by a local bank, at an interest rate of 120.86% pa. The loan-note was subsequently assigned to a finance company. Upon bankruptcy of the borrower, the bankruptcy court refused to declare the loan as usurious, based on a time-tested doctrine that has been prevailing in US courts over the years – called valid-when-granted doctrine.
The valid-when-granted doctrine holds that if a loan is valid when it is originally granted, it cannot become invalid because of subsequent assignment. Several rulings in the past have supported this doctrine: e.g., Munn v. Comm’n Co., 15 Johns. 44, 55 (N.Y. Sup. Ct. 1818); Tuttle v. Clark, 4 Conn. 153, 157 (1822); Knights v. Putnam, 20 Mass. (3 Pick.) 184, 185 (1825)
However, there is a ruling that stands out, which is 2015 ruling of the Second Circuit court in Madden v. Midland Funding, LLC (786 F.3d 246). In Madden, there was an assignment of a credit card debt to a non-banking entity, who charged interest higher than permitted by state law. The court held that the relaxation from interest rate restrictions applicable to the originating bank could not be claimed by the non-banking assignee.
The ruling in Madden was deployed in a recent [June 2019] class action suit against JP Morgan Chase/Capital One entities, where the plaintiffs, representing credit card holders, allege that buyers of the credit card receivables (under credit card receivables securitization) cannot charge interest higher than permitted in case of non-banking entities. Plaintiffs have relied upon the “true sale” nature of the transaction, and contend that once the receivables are sold, it is the assignee who needs to be answerable to the restrictions on rate of interest.
While these recent suits pose new challenges to consumer loan securitization as well as marketplace lending, it is felt that much depends on the entity that may be regarded as “true lender”. True lender is that the entity that took the position of predominant economic interest in the loan at the time of origination. Consider, however, the following situations:
- In a marketplace lending structure, a bank is providing a warehousing facility. The platform disburses the loan first from the bank’s facility, but soon goes to distribute the loan to the peer lenders. The bank exits as soon as the loan is taken by the peer lenders. Will it be possible to argue that the loan should be eligible for usurious loan carve-out applicable to a bank?
- Similarly, assume there is a co-lending structure, where a bank takes a portion of the loan, but a predominant portion is taken by a non-banking lender. Can the co-lenders contend to be out of the purview of interest rate limitations?
- Assume that a bank originates the loan, and by design, immediately after origination, assigns the loan to a non-banking entity. The assignee gets a fixed, reasonable rate of return, while the spread with the assignee’s return and the actual high interest rate paid by the borrower is swept by the originating bank.
Identity of the true lender becomes an intrigue in cases like this.
Securitization transactions stand on a different footing as compared to P2P programs. In case of securitization, the loan is originated with no explicit understanding that it will be securitized. There are customary seasoning and holding requirements when the loan is incubated on the balance sheet of the originator. At the time of securitization, whether the loan will get included in the securitization pool depends on whether the loan qualifies to be securitized, based on the selection criteria.
However, in case of most P2P programs, the intent of the platform is evidently to distribute the loan to peer-lenders. The facility from the bank is, at best, a bridging facility, to make it convenient for the platform to complete the disbursement without having to wait for the peer-lenders to take the portions of the loan.
US regulators are trying to nip the controversy, by a rule that Interest on a loan that is permissible under 12 U.S.C. 85 shall not be affected by the sale, assignment, or other transfer of the loan. This is coming from a proposed rule by FDIC /OCC in November, 2019.
However, the concerns about the true lender may still continue to engage judicial attention.
Usurious lending laws in other countries
Usurious lending, also known as extortionate credit, is recognised by responsible lending laws as well as insolvency/bankruptcy laws. In the context of consumer protection laws, usurious loans are not regarded as enforceable. In case of insolvency/bankruptcy, the insolvency professional has the right to seek avoidance of a usurious or extortionate credit transaction.
In either case, there are typically carve-outs for regulated financial sector entities. The underlying rationale is that the fairness of lending contracts may be ensured by respective financial sector regulator, who may be imposing fair lending standards, disclosure of true rate of interest, etc. Therefore, judicial intervention may not be required in such cases. However, the issue once again would be – is it justifiable that the carve-out available to regulated financial entities should be available to a P2P lender, where it is predesigned that the loan will get transferred out of the books of the originating financial sector entity?
P2P lending or fintech credit is the fastest growing part of non-banking financial intermediation, sometimes known as shadow banking. A lot of regulatory framework is designed keeping a tightly-regulated bank in mind. However, P2P is itself a case of moving out of banking regulation. Banking laws and regulations cannot be supplanted and applied in case of P2P lending.
We have been engaged in research in the P2P segment. Our report on P2P market in India describes the basics of P2P lending structures in India and demonstrates development of P2P market in India.
Our other write-ups on P2P lending may also be referred:
The Reserve Bank of India (RBI) has vide its notification dated December 24, 2019, introduced a new kind of semi-closed Prepaid Instrument (PPI) which can only be loaded from a bank account and used for purchase of goods and services and not for funds transfer. This PPI has been introduced in furtherance of Statement on Developmental and Regulatory Policies issued by the RBI. The following write-up intends to provide a brief understanding of the features of this instrument and carry out a comparative analysis of features of existing kinds of PPIs and the newly introduced PPI.
The features of the newly introduced PPIs has to be clearly communicated to the PPI holder by SMS / e-mail / post or by any other means at the time of issuance of the PPI / before the first loading of funds. Following shall be the features of the newly introduced PPI:
- Issuer can be banks or non-banks.
- The PPI shall be issued on obtaining minimum details, which shall include a mobile number verified with One Time Pin (OTP) and a self-declaration of name and unique identity / identification number of any ‘mandatory document’ or ‘officially valid document’ (OVD) listed in the KYC Direction.
- The new PPI shall not require the issuer to carry out the Customer Due Diligence (CDD) process, as provided in the Master Direction – Know Your Customer (KYC) Direction (‘KYC Directions).
- The amount loaded in such PPIs during any month shall not exceed ₹ 10,000 and the total amount loaded during the financial year shall not exceed ₹ 1,20,000.
- The amount outstanding at any point of time in such PPIs shall not exceed ₹ 10,000.
- Issued as a card or in electronic form.
- The PPIs shall be reloadable in nature. Reloading shall be from a bank account only.
- Shall be used only for purchase of goods and services and not for funds transfer.
- Holder shall have an option to close the PPI at any time and the outstanding balance on the date of closure shall be allowed to be transferred ‘back to source.’
The Master Direction on Issuance and Operation of Prepaid Payment Instruments contain provisions for two other kinds of semi-closed PPIs having transaction limit of ₹10,000. The features of these PPIs seem largely similar. However, there are certain differences as shown in the following table:
|Basis||PPIs upto ₹ 10,000/- by accepting minimum details of the PPI holder
|PPIs upto ₹ 1,00,000/- after completing KYC of the PPI holder
|PPIs upto ₹ 10,000/- with loading only from bank account
|Issuer||Banks and non-banks||Banks and non-banks||Banks and non-banks|
|PPI holder identification procedure||Based on minimum details (mobile number verified with One Time Pin (OTP) and self-declaration of name and unique identification number of any of the officially valid document (OVD) as per PML Rules 2005)||KYC procedure as provided in KYC Directions||Based on minimum details (mobile number verified with One Time Pin (OTP) and a self-declaration of name and unique identity / identification number of any ‘mandatory document’ or OVD as per KYC Directions|
|Reloading||Allowed||Allowed||Allowed (only from a bank account)|
|Form||Electronic||Electronic||Card or electronic|
|Limit on outstanding balance||₹ 10,000||₹ 1,00,000||₹ 10,000|
|Limit on reloading||₹ 10,000 per month and ₹ 1,00,000 in the entire financial year||Within the overall PPI limit||₹ 10,000 per month and ₹ 1,20,000 during a financial year|
|Transaction limits||₹ 10,000 per month||₹ 1,00,000 per month in case of pre-registered beneficiaries and ₹ 10,000 per month in all other cases||₹ 10,000 per month|
|Utilisation of amount||Purchase of goods and services||Purchase of goods and services and transfer to his bank account or ‘back to source’||Purchase of goods and services|
|Conversion||Compulsorily be converted into Type 2 PPIs (KYC compliant) within 24 months from the date of issue||No provisions for conversion||Type 1 PPIs maybe converted to Type 3, if desired by the holder|
|Restriction on issuance to single person||Cannot be issued to same person using the same mobile number and same minimum details more than once||No such provision||No such provision|
|Closure of PPI||Holder to have option to close and transfer the outstanding balance to his bank account or ‘back to source’||Holder to have option to close and transfer the outstanding balance to his bank account or ‘back to source’ or to other PPIs of the holder||Holder to have option to close and transfer the outstanding balance ‘back to source’ (i.e. the bank account of the holder only)|
|Pre-registered Beneficiary||Facility not available||Facility available||Facility not available|
THE UPPER HAND
Based on the aforesaid comparative analysis, it is clear that for issuance of the newly introduced PPI or the Type 3 PPI, the issuer is not required to undertake the CDD process as provided in the KYC Directions. Only authentication through mobile number and OTP supplemented with a self-declaration regarding of details provided in the OVD shall suffice. This implies that the issuer shall not be required to “Originally See and Verify” the KYC documents submitted by the customer. This would result into digitisation of the entire transaction process and cost efficiency for the issuer.
Compared to the other 2 kinds of PPIs, one which requires carrying out of the KYC process prescribed in the KYC Directions and the other, which can be issued without carrying out the prescribed KYC process but has to be converted into Type 2 PPI within 24 months, this new PPI can be a good shot aiming at ease of business and digital payments upto a certain transaction limit.
The newly issued PPI will ensure seamless flow of the transaction. As compared to other PPIs, it will be easier to obtain such PPIs. Further, the limitations such as reloading only from the bank account, restriction of transfer of money from PPI etc. are some factors that shall regulate the usage of such PPIs. These may, however, pull back their acceptance in the digital payments space.
 “officially valid document” means the passport, the driving licence, the Permanent Account Number (PAN) Card, the Voter’s Identity Card issued by the Election Commission of India or any other document as may be required by the banking company, or financial institution or intermediary
 Permanent Account Number (PAN)
 “Officially Valid Document” (OVD) means the passport, the driving licence, proof of possession of Aadhaar number, the Voter’s Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.
Our other write-ups relating to PPIs can be viewed here:
Our other resources can be referred to here:
– Richa Saraf (email@example.com)
The Department of Economic Affairs has recently shared the report of the Steering Committee which discusses the various issues faced by fintech companies. This write up tries to focus on the issues in relation to online lending, and the recommendations given by the Steering Committee on the same.
Verifying the Authenticity of User:
RBI already provides for guidelines pertaining to Know Your Customer (KYC), specifying Originally Seen and Verified (OSV) norms, laying down conditions for non-face to face KYC, and in fact the e- KYC process was simplified with the advent of Aadhaar. However, the Aadhaar verdict by the Apex Court has adversely affected the fintech industry, and the Steering Committee has observed that there is need to explore alternatives for physical KYC. The following are the key recommendations in this regard:
- Offline Authentication Process: These days smartphones are equipped with biometric enabled multi-factor authentication, therefore, technology may be put to use for the purpose of KYC and authentication of the user. Some fintech companies have already come up with various unconventional mode of KYC, such as video based KYC, obtaining validated electronic versions of KYC related documents through DigiLocker, etc., as an additional layer of protection, authentication of the user can also be done by sending an OTP at the registered mobile number of the user, or by using geo location, which indicates the IP address of the user. The Committee has also recognised some of these options in its Discussion Paper, provided the same is subject to prior customer consent.
- Central Data Registry: In the light of representations made by various stakeholders, the Committee has expressed that e-KYC has the potential to reduce customer on-boarding and servicing costs significantly, and has, therefore, recommended that all financial sector regulators fix deadlines for on boarding existing KYC data to the Central KYC registry, making KYC a complete digital and paperless process.
- Other non- traditional way of data exchange: The Discussion Paper also mentions about the usage of the Application Programme Interface (API), for facilitating real time information sharing; India Stack being one such API, where digital records move with an individual’s digital identity, eliminating the need for massive amount of paper collection and storage.
Determination of Borrower’s creditworthiness:
The Steering Committee has noted how the poor and the unbanked are often unable to access credit due to the lack of formal credit history and/ or non-availability of significant information/ document. The following are the key recommendations in this regard:
- Data sharing in the finance industry: The Committee believes that APIs must be used for cloud storing of data, and the same should be open, to ensure equal access to all those who wish to build on or rely on this data. For instance, an India Agri Stack can be built, such that lenders can evaluate the creditworthiness of agricultural borrowers. This stack can include a farmer’s borrowing history, land ownership data, income data, among other information. Additional APIs to facilitate research and the creation of applications may include: Government departments and local government bodies unified stack; land registry and state land records; ownership/fitness/loan/mortgage/enforcement records to provide transparency to transactions; and so on. Further, India MSME Stack may be built for MSME financing related data.
- Digitisation of land records: The Digital India- Land Records Modernisation Program is aimed at national integration of all land related data across the country in order to provide conclusive titles, including details such as characteristics of the land, mortgages, encumbrances, ownership and other rights, etc., enabling financial services companies to make informed decisions about lending.
- Reliance on Informal Modes: Fintech companies are using a variety of sources for collecting customer information and advanced data analytics to access customer credibility, for instance obtaining data from social media usage, web browser history, financial transaction behaviour, product purchase behaviour, etc. from the mobile phones of prospective borrowers. Some companies are also resorting to psychometric tests to build the customer’s profile.
For agri- loans specifically, to access the credit score of a borrower, it is suggested that companies use permutation and combination of the alternate data which may be available, such as weather forecasts and records, agronomic surveys, accessing the demographic, geographic, financial and social information of the customer, farmer progressiveness and such like. Referring to a Chinese agricultural fintech company Nongfenqi, which generates credit scores on the basis of interaction with customers’ business partners, fellow customers and villagers, the Committee has observed that the default rate in such model is merely 0.1%. In order to increase access to credit and to stabilise the growth of such practices, the Committee has recommended that Ministry of Economics and Information Technology (MEITY) and TRAI to formulate a policy to enable such practices through a formal, consent-based mechanism.
- Usage of Artificial Intelligence (AI): AIs afford an opportunity to gain insight into customer behaviour pattern, thereby aiding in determination of their creditworthiness. Equifax is one credit information agency, which gives potential lenders an overall insight on the borrower’s credit health through Neuro Decision Technology. It claims to predict the likelihood of a business incurring severe delinquency, charge-off or bankruptcy on financial accounts within the next 12 months. Vantage Score Solution, which claims to predict the likelihood of the borrower repaying the borrowed money, also used AI to develop a model for people with thinner credit profiles.
The Steering Committee has also recognised AI for modernising the credit scoring methodology and approach.
Execution of agreements online:
Fintech entities have been vigorously using e- mode for entering into transactions; for instance, providing app- based loan, on a click. While one may contend that click- wrap agreements are prone to fraud, since the user is not known, and thus, cannot be relied upon, such may the case in any mode of execution. Most of the time in litigations, it is not uncommon for parties to challenge the authenticity of agreement, claiming that the acceptance by mail was not sent by him, that the signature is forged, etc. While physical signatures may be examined by way of forensic, it is difficult to verify whether a click- wrap agreement was actually entered into by the parties or was a mere mistake on the part of either of the parties.
While e-agreements are generally held as valid and enforceable in the courts, for high stake transactions, parties have apprehensions on the enforceability in case of default of loan or non- compliance of any of the terms, and therefore, they still insist on wet signatures on physical agreements. The Steering Committee has discussed about re-engineering of legal processes for the digital world. The Committee suggests that insistence on wet signatures on physical loan agreements be replaced by paperless legal alternatives, as these can enable cutting costs and time in access to finance, repayment, recovery, etc., for businesses and financial service companies. To achieve the goal of paperless economy also the requirement of physical loan agreements are unwanted. The Committee has, therefore, recommended that the Department of Legal Affairs should review all such legal processes that have a bearing on financial services and consider amendments permitting digital alternatives in cases such as power-of-attorney, trust deeds, wills, negotiable instrument, other than a cheque, any other testamentary disposition, any contract for the sale or conveyance of immovable property or any interest in such property, etc., (where IT Act is not applicable), compatible with electronic service delivery by financial service providers.
Other recommendations w.r.t. lending industry:
(a) Enhancing competition by way of referral pool:
The Committee recommends that all financial sector regulators may study the potential of open data access among their respective regulated entities, for enabling competition in the provision of financial services; RBI may encourage banks to make available databases of rejected credit applications available on a consent-basis to a neutral marketplace of alternate lenders. In line with the Open Data Regulations in the UK banking sector, the Committee further recommends that RBI may consider making available bank data (such as transaction and account history data) to fintech firms through APIs.
(b) Data privacy risks:
The Committee notes that the data sharing between entities is also subject to privacy laws, and while the Ministry of Science and Technology has already formulated the National Data Sharing and Accessibility Policy, and MEITY is the nodal Ministry to implement the policy, the same needs wider acceptance and implementation. The Committee has further recommended that a taskforce in the Ministry of Finance may be set up with the participation of the regulators and suitable recommendations may be made to safeguard the interests of consumers.
The Committee has expressed that the provisions of the Data Protection Bill, 2018 may have far-reaching implications on the growth of fintech sector, and has therefore, recommended that regulators should urgently review the existing regulatory framework with respect to data protection and privacy concerns, in keeping with emerging data privacy legislation in India.
Our related write-ups can be viewed here:
Please find below the link for other write-ups relating to Fintechs.
–Anita Baid and Richa Saraf (firstname.lastname@example.org)
With the evolution of technology, the way of executing documents have also evolved. With the increasing demand for modern, convenient methods for entering into binding transactions, electronic agreements and electronic signature have gained a lot of momentum in recent years. Technological developments have not only changed the ways in which these transactions are entered into but the execution process has also revolutionised significantly.
Speaking about e- agreements, while there has been various case laws, wherein email between parties has also been accepted as a binding contract, the validity and enforceability of click- wrap agreements still continues to be a cause of concern. The recent report of the Steering Committee on Fintech Issues has also discussed about re-engineering of legal processes for the digital world. The Committee suggests that insistence on wet signatures on physical loan agreements be replaced by paperless legal alternatives, as these can enable cutting costs and time in access to finance, repayment, recovery, etc., for businesses and financial service companies. To achieve the goal of paperless economy also the requirement of physical loan agreements are unwanted. The Committee has, therefore, recommended that the Department of Legal Affairs should review all such legal processes that have a bearing on financial services and consider amendments permitting digital alternatives in cases such as power-of-attorney, trust deeds, wills, negotiable instrument, other than a cheque, any other testamentary disposition, any contract for the sale or conveyance of immovable property or any interest in such property, etc., (where IT Act is not applicable), compatible with electronic service delivery by financial service providers.
In this article, we have discussed the legal validity of electronic agreements and electronic signatures.
Validity of E- Agreement as per the Contract Act, 1872
Section 10 of the Contract Act lays down as to what agreements are contracts. It states:
“All agreements are contracts if they are made by the free consent of parties competent to contract, for a lawful consideration and with a lawful object, and are not hereby expressly declared to be void.”
Contracts executed electronically are also governed by the basic principles provided in the Contract Act, which mandates that a valid contract should have been entered with a free consent and for a lawful consideration between two majors. The intent of the parties is, therefore, relevant.
In case of click wrap agreements also, if the terms and conditions are provided to the user (offer) and he confirms to the same by ticking on “I Agree” (acceptance), then he shall be held liable to honour the obligations under the contract.
Recognition of E- Agreement and Digital Signature under the Information Technology Act, 2000
Section 10A of the IT Act expressly provides for validity of contracts formed through electronic means and states that-
“Where in a contract formation, the communication of proposals, the acceptance of proposals, the revocation of proposals and acceptances, as the case may be, are expressed in electronic form or by means of an electronic record, such contract shall not be deemed to be unenforceable solely on the ground that such electronic form or means was used for that purpose.”
An e-agreement subsequent to its execution is stored/recorded with the executing parties in electronic form, and is considered as an electronic record under the IT Act. In this regard, it is relevant to refer to Section 2(1)(t) of the IT Act, which defines an electronic record as “data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche”.
The terms electronic signature and digital signature have been defined under the IT Act.
In fact, the IT Act quite comprehensively covers the legalities of digital signature certificates (DSCs). Section 5 of the IT Act gives electronic signatures their legal character.
“5. Legal recognition of electronic signatures: Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signature affixed in such manner as may be prescribed by the Central Government. “
Considering that the IT Act has recognised e-signatures as legal and binding, the same may also form a strong basis for initiating litigation before a court of law.
Recognition of E- Agreement and E- Signature under Stamp Acts
While a majority of state stamp laws do not specifically include electronic records within their ambit, some state stamp duty laws do recognise “electronic records” within the purview of “instrument”. For instance, Section 2(l) of the Maharashtra Stamp Act, 1958 specifically refers to electronic records in the definition of the term “instrument” as under:
“instrument includes every document by which any right or liability is, or purports to be, created, transferred, limited, extended, extinguished or recorded, but does not include a bill of exchange, cheque, promissory note, bill of lading, letter of credit, policy of insurance, transfer of share, debenture, proxy and receipt;
Explanation. – The term “document” also includes any electronic record as defined in clause (t) of sub-section (1) of section 2 of the Information Technology Act, 2000.”
The Maharashtra E-Registration and E-Filing Rules, 2013 also make appending of electronic signature or biometric thumb print mandatory, thereby further giving recognition and legal validity to e-contract and e- signature. The Indian Penal Code, the Banker’s Book of Evidence Act 1891 and the Reserve Bank of India Act, 1934 also contain provisions in relation to such electronic contracts which contain digital signature.
Admissibility of E- agreements as evidence?
Under the Evidence Act, 1872, an e-agreement has the same legal effect as a paper based agreement. The definition of “evidence” as provided under Section 3 of the Evidence Act includes “all documents including electronic records produced for the inspection of the court.” Section 65B(1) of the Evidence Act provides that any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer shall be deemed to be also a document and shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein of which direct evidence would be admissible”.
Further, Section 47A of the Evidence Act stipulates that when the Court has to form an opinion as to the electronic signature of any person, the opinion of the Certifying Authority which has issued the electronic Signature Certificate is a relevant fact, and Section 85B of the Evidence Act stipulates that unless the contrary is proved, the Court shall presume that-
- the secure electronic record has not been altered since the specific point of time to which the secure status relates;
- the secure digital signature is affixed by subscriber with the intention of signing or approving the electronic record.
UNCITRAL Model Law on Electronic Signatures
In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronic Commerce to bring uniformity in the law in different countries. Based on which, India enacted the Information Technology Act, 2000. Subsequently, in 2001, as an addition to the existing Model Law, a Model Law on Electronic Signatures was adopted by the General Assembly of UNICTRAL.
Article 2 (a) of the Model Law defines electronic signatures as below:
“Electronic signature” means data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message;”
The Model Law has further examined various electronic signature techniques being used, and has broadly recognised two categories of electronic signatures-
- Digital Signatures relying on public-key cryptography; and
- Electronic Signatures relying on techniques other than public-key cryptography.
UK Law Commission- Consultation Paper on Making a Will
The Law Commission has considered various forms of e- signatures such as typed names and digital images of handwritten signatures, passwords and PINs, biometrics, and digital signatures. The following are the key discussions in the Consultation Paper with respect to alternative modes of signature:
- A rudimentary electronic signature may consist of a typed name in an electronic document, or a digital image of a handwritten signature. Such digital images may be produced by a scan or a photograph of the signature. However, there is a high risk of fraud in these forms of e- signature, as any person can copy the signature of any other person.
- A biometric signature is a type of electronic signature that measures a unique physical attribute of the signatory in order to authenticate a document. For instance, fingerprints, retina scan, voice recognition, facial recognition. A biodynamic manuscript signature is also a type of biometric signature that is increasingly being used, where the unique way by which a person signs is recorded by way of various parameters including speed, pressure, and even the angle of the stylus, however, the reliability of biodynamic signatures varies on the systems used to record and analyse them.
On a combined reading of the national and international laws, it can be said that e-agreements are valid and enforceable in the courts, however, since the risk associated with e-signatures are high, for high stake transactions, parties still insist on wet signatures on physical agreements. For fintech entities, who have been vigorously using e- mode of documentation and execution, in order to avoid fraud or forgery, e- signatures can be used with an additional layer of security, for instance, by verifying the electronic signature via sending an OTP at the registered mobile number, or by using geo location, to capture the IP address, or such other mechanism to track the detail of the electronic device from where the e-signature has been affixed. Such two-tier verification process shall also ensure authenticity of the signatory.
Our other write-ups on e-agreements and fintech lending can be referred here:
By Kanakprabha Jethani | Executive
Vinod Kothari Consultants P. Ltd.
Personal loans by NBFCs are mostly extended as revolving lines of credit. Most of these facilities are originated by use of online apps. The lender will be quite keen, if there were no regulatory obstacles, to provide this line of credit by way of a credit card, or virtual credit card. However, there are regulatory barriers to NBFCs issuing credit cards. Therefore, NBFCs end up giving revolving lines of credit. However, the lurking issue is – if a credit card is also an instance of a revolving line of credit, is revolving line of credit an alternative to a card or virtual card, and if so, are there regulatory issues in NBFCs giving personal revolving lines of credit?
The issue is not whether the credit is personal, or for business purposes, for instance, a working capital line of credit. There is a general notion that NBFCs cannot extend working capital lines of credit, while they may give working capital loans.
It is important to examine this issue at length – as is done in this article.
Revolving line of credit: explained
A revolving line of credit is a mode of lending wherein the lender agrees to lend an amount equal to or less than a pre-determined credit limit, as approved for the borrower. The parameters for fixing the limit may be the credit appraisal of the borrower, or, as in case of working capital, the asset liability gap. The borrower may continue to use the line of credit – he may keep repaying, in which case the drawn amount comes down, and then he may re-draw, when the drawn amount goes up. The credit limit gets restored on repayment being made by the borrower. Such line of credit maybe secured or unsecured, depending on the agreement between lender and the borrower. The line of credit is essentially governed by the agreement between the parties. The term “revolving” does not imply that the line of credit is not subject to a review, or repayment. Each line of credit has a review period. If the lender decides not to revolve the line of credit, then the line of credit becomes a term loan, and has to be paid down as per the terms of agreement between the lender and the borrower.
For certain types of facilities, a revolving line of credit is aptly suitable. While, in case of businesses, working capital is best financed by a line of credit, in case of personal finance also, the ability to draw based on a line of credit extends the finances of the borrower, and allows him the flexibility to tap into the funding when needed, and pay it off when not needed. There is, of course, a standing commitment on the part of the lender to provide the facility amount the amount of the limit, for which lenders may charge a continuing commitment charge.
A line of credit implies a commitment to disburse. To the extent of the amount already disbursed, there is a funded facility. To the extent of the limit sanctioned but not yet availed, there is an unfunded commitment to disburse. Undisbursed or partly disbursed loans are common in case of term loans as well – for example, a home loan may take a substantial time to get disbursed.
Similarities between a credit card and revolving line of credit
A credit card is a payment card which the borrower may use for making payments at point of sale. The lender makes payment on behalf of the borrower and then recovers the same from the borrower. A detailed explanation of features of credit cards maybe referred to in one of our write-ups.
A revolving line of credit shares some of its features with a credit card, due to which they are seen as equivalents. The similarities between both the modes are as follows:
- Borrowers can take the disbursement as and when needed.
- The lender, in both cases, always reserves the right to reduce the credit limit.
- The lender has to maintain optimum amount of working capital to meet the disbursement demands of the borrowers.
- The credit limit is restored on repayment being made.
Disparity between credit card and revolving line of credit
Based on usual practice of the market, the following are the key points:
- Security: A revolving line of credit maybe secured or unsecured, whereas, a credit card is always unsecured.
- End-use restrictions: There are no restrictions on end use of funds in case of a credit card. However, in a line of credit, the end use is restricted by mentioning the purpose for availing the loan in the loan agreement. Of course, the purpose may be generic – for example, personal use or general business use.
- Restriction w.r.t. withdrawal of fund: A revolving line of credit does not require a purchase to be made in order to get the funds disbursed. It allows money to be transferred into bank account for any reason without requiring an actual transaction. Whereas, in case of a credit card, payments can be made at Point of Sale (PoS) only and thus, it requires an actual transaction for the disbursement to be made..
- Interest Period: In case of credit card, if repayment is made within a specified term, no interest is usually charged. However, after the specified period, a high rate of interest is charged. While on the other hand, in case of a revolving line of credit, the interest is calculated from the day of disbursement being made at a comparatively lower rate.
- Credit Limit: As a market practice, revolving line of credit maybe availed for business purposes or personal purposes and thus, has higher credit limits as compared to a credit card which is generally used for personal purposes only.
- Manner of Repayment: In case of credit card, funds once availed have to be repaid within a specified period of time, in lump sum. On the other hand, when credit is availed from a revolving line of credit, the same is repaid by the borrower in instalments.
- Risks: Credit cards come with the risk of theft, misuse etc. However, the same maybe done away with, in case of virtual credit cards.
The fundamental difference
The abovementioned differences are, in essence, surficial. They are based on practices of the market, which may easily be reshaped suiting the needs of the parties. What is the key difference between a card, virtual card and a revolving line of credit?
A logical difference that one finds is that while in case of a credit card, the borrower uses it to make payments to third parties, in case of a revolving line of credit, the disbursements are made to the account of the borrower from where the borrower may use it for the required purpose. A credit card is an instrument: it can be used to settle payments, and therefore, becomes a part of the payment and settlement system. A straight line of credit may be tapped by the borrower. After tapping the line, the borrower may use it for making payments and settlements. But the line of credit itself is not an instrument of settling payments.
Therefore, fundamentally, while a revolving line of credit is a promise by lender to the borrower, a credit card is a promise by the lender to the world at large. A lender in case of a line of credit is obliged to make disbursement to the borrower, and only the borrower has a recourse against the lender. However, in case of issue of credit cards, the issuer or the lender is obliged to make payments to any authorized merchant who supplies goods and services against the card.
The burning question- Can NBFCs extend revolving line of credit?
The distinction between a revolving line of credit and credit card has already been highlighted above. Further, it is also quite evident from the above discussion that a credit card has wider risks than that of a revolving line of credit. In case of a revolving line of credit, the failure on the part of the lender to disburse the sanctioned amount impacts the borrower. However, if a card issuer defaults, it may affect all those merchants who might have used the card to supply goods and services. There may be a contagion impact, and therefore, the failure of a card issuer has systemic implications. Thus, capital adequacy, solvency and liquidity are far greater issues for a card issuer, than in case of a plain lender against revolving line of credit.
The above discussion leads one to conclude that there are no specific concerns in case of granting of a revolving line of credit. The only concern may be the exposure on account of the sanctioned but undisbursed amount, for which off-balance sheet credit conversion factors exist.
The above logic may further be supported by the provisions of the Prudential Framework for Resolution of Stressed Assets, wherein the Reserve Bank of India (RBI) has recognized the practice of extending revolving line of credit by NBFCs. Following is the relevant extract from the said framework which is applicable on Scheduled Commercial Banks (excluding RRBs), All India Term Financial Institutions, Small Finance Banks, Deposit taking NBFCs and Systemically Important NBFCs (‘NBFC-SI’):
In the case of revolving credit facilities like cash credit, the SMA sub-categories will be as follows:
|SMA Sub-categories||Basis for classification – Outstanding balance remains continuously in excess of the sanctioned limit or drawing power, whichever is lower, for a period of:|
So, firstly there are no express restrictions on extending revolving line of credit and secondly, the RBI recognizes such credit in its frameworks. Therefore, it is safe to take this recognition as a provenance to allowability of extending revolving line of credit by NBFCs.
Further, the provisions relating to restructuring of accounts of borrowers by NBFCs as per the Master Directions also recognize extension of revolving cash credit. It recognizes that roll-over of short-term loans based on actual requirement of borrower and not as a concession considering the credit weakness of the borrower, shall not be considered as restructuring of accounts. For-this purpose, short-term loans shall not include properly assessed regular Working Capital Loans like revolving Cash Credit or Working Capital Demand Loans. The relevant extract is as follows:
“In the cases of roll-over of short-term loans, where proper pre-sanction assessment has been made, and the roll-over is allowed based on the actual requirement of the borrower and no concession has been provided due to credit weakness of the borrower, then these shall not be considered as restructured accounts.
Further, Short Term Loans for the purpose of this provision do not include properly assessed regular Working Capital Loans like revolving Cash Credit or Working Capital Demand Loans.”
Concerns on maintenance of capital
In case of line of credit, the disbursements are to be made as and when the borrower requires, therefore, the NBFC should maintain adequate capital and liquidity to meet such abrupt demands. The RBI Master Directions take care of the solvency concerns of the NBFCs extending revolving line of credit. Liquidity standards, internally set by the NBFC under the ALM process, also contain safeguards by taking the undisbursed amount of committed facilities as “required funding”.
The Master Directions for NBFC-SI requires the NBFC-SIs to maintain a Capital to Risk Assets Ratio (CRAR) of 15%. It provides the detailed methodology of how the risk-weighting of assets is to be done to meet the CRAR requirement.
Following is the extract from the said methodology:
|Instrument||Credit Conversion Factor|
|Other commitments (e.g., formal standby facilities and credit lines) with an original maturity of:
up to one year
over one year
|Similar commitments that are unconditionally cancellable at any time by the applicable NBFC without prior notice or that effectively provide for automatic cancellation due to deterioration in a borrower’s credit worthiness||
Thus, depending on the terms of the revolving line of credit, a credit conversion factor will be multiplied to the total amount of obligation and the capital will be maintained accordingly.
Further, the Master Directions for Non-Systemically Important NBFCs (NBFC-NSIs) require the NBFC-NSIs to maintain a leverage ratio of 7. Leverage Ratio shall mean Total outside Liabilities/ Owned Funds.
The definition of Total Outside Liabilities can be derived from Master Directions for Core Investments Companies (CICs) which is as follows:
“outside liabilities” means total liabilities as appearing on the liabilities side of the balance sheet excluding ‘paid up capital’ and ‘reserves and surplus’, instruments compulsorily convertible into equity shares within a period not exceeding 10 years from the date of issue but including all forms of debt and obligations having the characteristics of debt, whether created by issue of hybrid instruments or otherwise, and value of guarantees issued, whether appearing on the balance sheet or not.”
Due to the leverage restriction, NBFC-NSIs shall also automatically be restricted from lending more than its capacity.
Nuts and bolts to the structure of revolving line of credit
From the above discussion, it is clear that NBFCs may extend revolving line of credit. However, from the prudence perspective, following are certain essentials that must be kept in mind by the NBFCs while extending a revolving line of credit:
- It is advisable for the lender to retain the right to unconditionally cancel the commitment of revolving line of credit. In such case, the credit conversion factor for such exposure shall be “0”.
- The terms of the line of credit must provide for review and reset as the lender may deem fit.
- The lender must ensure that it maintains liquidity to meet abrupt calls for disbursement by the borrower.
- In case the tenure of revolving line of credit is pre-determined, the credit conversion factor shall accordingly be taken as 20 or 50.
Though there are similarities between features of a credit card and a revolving line of credit, but the differences are not skin-deep. Further, it may also be argued that the RBI Master Directions recognize NBFCs extending line of credit, by providing expressly for prudential framework for SMA classification for revolving line of credit.
Among the disruptive Fintech practices, app-based lending is certainly notable. The scenario of an app-based lending is somewhat like this – a prospective borrower goes to an app platform, fills up some information. At the background, the app collects and collates the information including credit scores of the individual, may be the individual’s contact bases in social networks, etc. Finally, the loan is sanctioned in a jiffy, mostly within minutes.
The borrower interacts with the platform, but does the borrower know that the loan is actually not coming from the platform but from some NBFC? Whether the borrower knows or cares for who the lender is, the fact is that mostly, the technology provider (platform) and the funding provider (lender) are not the same. It may be two entities within the same group, but more often than not, the lender is an NBFC which is simply originating the loan based on the credit comfort provided by the platform.
The relation between the platform and the lender may take one of the following forms: (a) platform simply is procuring or referring the credit; the platform has no credit exposure at all; (b) the platform is acting as a sourcing agent, and is also providing a credit support, say in form of a first-loss guarantee for a certain proportion of the pool of loans originated through the platform; (c ) the platform provides full credit support for all the loans originated through the platform, and in return, the lender allows the platform to retain all the actual returns realised through the pool of loans, over an and above a certain “portfolio IRR”.
Option (a) is pure sourcing arrangement; however, it is quite unlikely that the lender will be willing to trust the platform’s credit scoring, unless there is significant skin-in-the-game on the part of the platform.
If it is a case of option (c ) [which, incidentally, seems quite common, the loan is actually put on the books of the lender, but the credit exposure is on the platform. The lender’s exposure is, in fact, on the platform, and not the borrower. The situation seems to be quite close to a “total rate of return swap”, a form of a credit derivative, whereby parties synthetically replace the exposure and the actual rate of return in a portfolio of loans by a pre-agreed “total rate of return”.
Our objective in this article is to examine whether there are any regulatory concerns on the practice as in case of option (c ) . Option c is an exaggeration; there may be a case such as option (b). But since option (b) is also a first loss guarantee with a substantial thickness, it is almost akin to the platform absorbing virtually all the risks of the credit pool originated through the platform.
Before we get into the regulatory concerns, it is important to understand what are the motivations of each of the parties in this bargain.
The motivation on the part of the platform is clear – the platform makes the spreads between the agreed portfolio IRR with the lender, and the actual rate of return on the loan pool, after absorbing all the risk of defaults. Assume, the small-ticket personal loan is being given at an interest rate of 30%, and the agreed portfolio IRR with the lender is 14%, the platform is entitled to the spread of 16%. If some of the loans go bad, as they indeed do, the platform is still left with enough of juice to be a compensation for the risks taken by it.
The readiness on the part of the platform is also explained by the fact that the credibility of the platform’s scoring is best evidenced by the platform agreeing to take the risk – it is like walking the talk.
The lender’s motivations are also easy to understand – the lender is able to disburse fast, and at a decent rate of return for itself, while taking the risk in the platform. In fact, several NBFCs and banks have been motivated by the attractiveness of this structure.
Are there any regulatory concerns?
The potential regulatory concerns may be as follows:
- De-facto, synthetic lending by an entity that is not a regulated NBFC
- Undercapitalised entity taking credit risk
- Skin-in-the-game issue
- A CDS, but not regulated as a CDS
- Financial reporting issues
- Any issues of conflict of interest or misalignment of incentives
- Good borrowers pay for bad borrowers
- KYC or outsourcing related issues.
Each of these issues are examined below.
Synthetic lending by an unregulated entity
It is common knowledge that NBFCs in India require registration. The platform in the instant case is not giving a loan. The platform is facilitating a loan – right from origination to credit risk absorption. Correspondingly, the platform is earning a spread, but the activity is technically not a “financial activity”, and the spread not a “financial income”; hence, the platform does not require regulatory registration.
Per contra, it could be argued that the platform is essentially doing a synthetic lending. The position of the platform is economically similar to an entity that is lending money at 30% rate of interest, and refinancing itself at 14%. There will be a regulatory arbitrage being exploited, if such synthetic lending is not treated at par with formal lending.
But then, there are whole lot of equity-linked or property-linked swaps, where the returns of an investment in equities, properties or commodities, are swapped through a total rate of return swaps, and in regulatory parlance, the floating income recipient is not regarded as investor in equities, properties or commodities. Derivatives do transform one asset into another by using synthetic technology – in fact, insurance-linked securities allow capital market investors to participate in insurance risk, but it cannot be argued that such investors become insurance companies.
Undercapitalised entities taking credit risk
It may be argued that the platform is not a regulated entity; yet, that is where the actual credit risk is residing. Unlike NBFCs, the platform does not require any minimum capitalisation norms or risk-weighted capital asset requirements. Therefore, there is a strong potential for risk accumulation at the platform’s level, with no relevant capital requirements. This may lead to a systemic stability issue, if the platforms become large.
There is a merit in the issue. If fintech-based lending becomes big, the exposure taken by fintech entities on the loans originated through them, on which they have exposure, may be treated at par with loans actually held on the balance sheet of the fintech. As in case of financial entities, there are norms for converting off-balance sheet assets into their on-balance sheet equivalents, the same system may be adopted in this case.
Skin-in-the game issue
Post the Global Financial Crisis, one of the regulatory concerns was skin-in-the-game. In light of this, the RBI has imposed minimum holding period, and minimum risk retention requirements in case of direct assignments as well as securitisation.
The transaction of guarantee discussed above may seem like the exposure being shifted by the platform to the NBFC. However, the transaction is not at all comparable with an assignment of a loan. Here, the lending itself is originated on the books of the NBFC/lender. The lender has the ultimate discretion to agree to lend or not. The credit decision is that of the lender; hence, the loan is originated by the lender, and not acquired. The lender is mitigating the risk by backing it up with the guarantee of the platform – but this is not a case of an assignment.
There is a skin-in-the-game on either side. For the platform, the guarantee is the skin-in-the-game; for the NBFC, the exposure in the platform becomes its stake.
A CDS, but not regulated as a CDS
The transaction has an elusive similarity to a credit default swap (CDS) contract. It may be argued that the guarantee construct is actually a way to execute a derivative contract, without following CDS guidelines provided by the RBI.
In response, it may be noted that a derivative is a synthetic trading in an exposure, and is not linked with an actual exposure. For example, a protection buyer in a CDS may not be having the exposure for which he is buying protection, in the same way as a person acquiring a put option on 100 gms of gold at a certain strike price may not be having 100 gms of gold at all. Both the persons above are trying to create a synthetic position on the underlying.
Unlike derivatives, in the example of the guarantee above, the platform is giving guarantee against an actual exposure. The losses of the guarantor are limited to actual losses suffered by the lender. Hence, the contract is one of indemnity (see discussion below), and cannot be construed or compared to a derivative contract. There is no intent of synthetic trading in credit exposure in the present case.
Financial reporting issues:
It may be argued that the platform is taking same exposure as that of an actual lender; whereas the exposure is not appearing on the balance sheet of the platform. On the other hand, the actual exposure of the lender is on the platform, whereas what is appearing on the balance sheet of the lender is the loan book.
The issue is one of financial reporting. IFRSs clearly address the issue, as a financial guarantee is an on-balance sheet item, at its fair value. If the platform is not covered by IFRSs/IndASes, then the platform will be reflecting the guarantee as a contingent liability on its balance sheet.
Conflicts of interest or misalignment of incentives:
During the prelude to the Global Financial Crisis, a commonly-noted regulatory concern was misalignment of incentives – for instance, a subprime mortgage lender might find it rewarding to lend to a weak credit and capture more excess spread, while keeping its exposure limited.
While that risk may, to some extent, remain in the present guarantee structure as well, but there are at least 2 important mitigants. First, the ultimate credit decision is that of the NBFC. Secondly, if the platform is taking full credit recourse, then there cannot be a misalignment of incentives.
Good borrowers pay for bad borrowers
It may be argued that eventually, the platform is compensating itself for the risk of expected losses by adding to the cost of the lending. Therefore, the good borrowers pay for the bad borrowers.
This is invariably the case in any form of unsecured lending. The mark-up earned by the lender is a compensation for risk of expected losses. The losses arise for the loans that don’t pay, and are compensated by those that do.
KYC or outsourcing related issues
Regulators may also be concerned with KYC or outsourcing related issues. As per RBI norms “NBFCs which choose to outsource financial services shall, however, not outsource core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for opening deposit accounts, according sanction for loans (including retail loans) and management of investment portfolio.”
Usually the power to take credit decisions vests with the lender. However, in case the arrangement between the lender and the platform is such that the platform performs the decision-making function, the same shall amount to outsourcing of core management function of the NBFC, which is expressly disallowed by the RBI. The relevant extract from the KYC Master Directions is as follows:
“REs shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced.”
Is it actually a guarantee?
Before closing, it may be relevant to raise a legal issue – is the so-called guarantee by the platform actually a guarantee?
In the absence of tripartite agreement between the parties, the arrangement cannot be said to be a contract of guarantee. Here the involvement is of only two parties in the arrangement i.e. the guarantor and the lender.
It was held in the case of K.V. Periyamianna Marakkayar and others vs Banians And Co. that “Section 126 of the Indian Contract Act which defines a contract of guarantee though it does not say expressly that the debtor should be a party to the contract clearly implies, that there should be three parties to it namely the surety, the principal-debtor and the creditor ; otherwise it will only be a contract of indemnity. Section 145 which enacts that in every contract of guarantee there is an implied promise by the principal debtor to indemnify the surety clearly shows that the debtor and the surety are both parties to such a contract ; for it will be strange to imply in a contract a promise between persons who are not parties to it.”
Accordingly, the said arrangement maybe termed as a contract of indemnity wherein the platform agrees to indemnify the lender for the losses incurred on account of default by the borrower.
Fintech-based lending is here to stay, and grow. Therefore, risk participation by Fintech does not defeat the system – rather, it promotes lending and adds to the credibility of the Fintech’s risk assessment. Over period of time, the RBI may evolve appropriate guidelines for treating the credit exposure taken by the platforms as a part of their credit-equivalent assets.
-Financial Services Division | Vinod Kothari Consultants Pvt. Ltd.
The RBI recently wrote a letter, dated 16th September, 2019, to banks and NBFCs, censuring them over what seems to have been a prevailing practice – sharing of credit information sourced by NBFCs from Credit Information Companies (CICs), to fintech companies. The RBI reiterated that such sharing of information was not permissible, citing several provisions of the law, and expected the banks/NBFCs to affirm steps taken to ensure compliance within 15 days of the RBI’s letter.
This write-up intends to discuss the provisions of the Credit Information Companies (Regulation) Act, 2005 [CICRA], and related provisions, and the confidentiality of credit information of persons, and the implications of the RBI’s letter referred to above.
Fintech companies’ model
Much of the new-age lending is enabled by automated lending platforms of fintech companies. The typical model works with a partnership between a fintech company and an NBFC. The fintech company is the sourcing partner, and the NBFC is the funding partner. A borrower goes to the platform of the fintech company which provides a user-friendly application process, consisting of some basic steps such as providing the aadhaar card or PAN card details, and a photograph. Now, having got the individual’s basic details, the fintech company may either source the credit score of the individual from one of the CICs, or may use its own algorithm. If the fintech company wants to access the data stored with the CICs, it will have to rely on one of its partner NBFCs, since CIC access is currently allowed to financial sector entities only, who have to mandatorily register themselves as members of all four CICs.
It is here that the RBI sees an issue. If the NBFC allows the credit information sourced from the CIC to be transferred to a fintech company, there is an apparent question as to whether such sharing of information is permissible under the law or not.
We discuss below the provisions of the law relating to use of credit information.
Confidentiality of credit information
By virtue of the very relation between the customer and a banker, a banker gets access to the financial information of its customers. Very often, an individual may not even want to share his financial data even with close family members, but the banker any way has access to the same, all the time. If the banker was to share the financial details of a customer, it would be a clear intrusion into the individual’s privacy, and that too, arising out of a fiduciary relationship.
Therefore, the principle, which has since been reiterated by courts in numerous cases, was developed by UK courts in an old ruling in Tournier v National Provincial and Union Bank of England  1 KB 461. Halsbury’s Laws of England, Vol 1, 2nd edition, says: “It is an implied term of the contract between a banker and his customer that the banker will not divulge to third persons, without the consent of the customer, express or implied, either the state of the customer’s account, or any of his transactions with the bank or any information relating to the customer acquired through the keeping of his account, unless the banker is compelled to do so by order of a Court, or the circumstances give rise to a public duty of disclosure or the protection of the banker’s own interests requires it.”
The above law is followed in India as well.
In Shankarlal Agarwalla v. State Bank of India and Anr. AIR 1987 Cal 29, it was held that compulsion to disclose must be confined to the regular exercise by the proper officer to actual legal power to compel disclosure.
In case any information is disclosed without a legal compulsion to disclose, the same is wrongful on the part of the lender.
Credit Information Companies and sharing of information
When an RBI Working Group set up in 1999 under the chairmanship of N. H. Siddiqui recommended the formation of CICs in India, the question of confidentiality of credit information was discussed. It was noted by the Working Group that all over the world, there are regulatory controls on sharing of information by credit bureaus:
The Credit Information Bureaus, all over the world, function under a well defined regulatory framework. Where the Bureaus have been set up as part of the Central Bank, the regulatory framework for collection of information, access to that information, privacy of the data, etc., is provided by the Central Bank. Where Bureaus have been set up in the private sector, existence of separate laws ensure protection to the privacy and access to the data collected by the Bureau. In the U.S.A. where Credit Information Bureaus have been set up in the private sector, collection and sharing of information is governed by the provisions of the Fair Credit Reporting Act, 1971 (as amended by the Consumer Credit Reporting Reform Act of 1996). The Fair Credit Reporting Act is enforced by the Federal Trade Commission, a Federal Agency of the U.S. Govt. In the U.K., Credit Bureaus are licensed by the Office of the Fair Trading under the Consumer Credit Act of 1974. The Bureaus are also registered with the Office of the Data Protection Registrar, appointed under the Data Protection Act, 1984 (replaced by the Data Protection Commissioner under the new Act of 1998). In Australia, neither the Reserve Bank of Australia nor the Australian Prudential Regulation Authority (APRA) plays a role in promoting, developing, licensing or supporting Credit Bureaus. APRA holds annual meetings with the major Bureaus in Australia. The sharing of information relating to customers is regulated in Australia by the Privacy Act. This Act is administered by the Privacy Commissioner, who is vested with the responsibility of framing guidelines for protection of privacy principles and to ensure that Bureaus in Australia conform to these guidelines. In New Zealand, a situation similar to that of Australia exists. In Sri Lanka, the Bureau was formed by an Act of Parliament at the initiative of the Central Bank. A Deputy Governor of the Central Bank is the Chairman of the Bureau in Sri Lanka and the Bank is also represented on the Board of the Bureau by a senior officer. In Hong Kong, the Hong Kong Monetary Authority (HKMA), though not being directly involved in the setting up of a credit referencing agency has issued directions to all the authorised institutions recommending their full participation in the sharing and using of credit information through credit referencing agencies within the limits laid down by the Code of Practice on Consumer Credit Data formulated by the Privacy Commissioner. HKMA also monitors the effectiveness of the credit referencing services in Hong Kong, in terms of the amount of credit information disclosed to such agencies, and the level of participating in sharing credit information by authorised institutions.
The inherent safeguards in the CIC Law
CICRA provides the privacy principles which shall guide the CICs, credit institutions and Specified Users in their operations in relation to collection, processing, collating, recording, preservation, secrecy, sharing and usage of credit information. In this regard, the purpose of obtaining information, guidelines for access to credit information of customers, restriction on use of information, procedures and principles for networking of CICs, credit institutions and specified users, etc. must be clearly defined.
Further, no person other than authorised person is allowed to have access to credit information under CICRA. Persons authorised to access credit information are CICs, credit institutions registered with the CICs and other persons as maybe specified by the RBI through regulations.
The Credit Information Companies Regulations provide that other persons who maybe allowed to access credit information are insurance companies, IRDAI, cellular service providers, rating agencies and brokers registered with SEBI, SEBI itself and trading members registered with Commodity Exchange.
Clearly, fintech companies or technology service providers are not authorised to access credit information. Access of information by such companies is a clear violation of CICRA.
Secrecy of customer information: duty of the lender
Paget on the Law of Banking observed that out of the duties of the banker towards the customer among those duties may be reckoned the duty of secrecy. Such duty is a legal one arising out of the contract, not merely a moral one. Breach of it therefore gives a claim for nominal damages or for substantial damages if injury is resulted from the breach.
Further, in case of Kattabomman Transport Corporation Ltd. V. State Bank of India, the Calcutta High Court held that the banker was under a duty to maintain confidentiality. An appeal was filed against this ruling, the outcome of which was the information maybe disclosed by the banks, only when there is a higher duty than the private duty.
NBFCs providing access to the fintech companies is undoubtedly a private duty and thus, is a breach of duty on the part of the lender.
The case of Fintech Companies and NBFC partnership:
The letter of the RBI under discussion, dated 17th September, 2019, has been seen as a challenge to the working of the fintech companies. However, to understand in what way does this affect the working of fintech companies, we need to understand several situations.
Before coming to the same, it must be noted that the RBI’s 17th September circular is not writing a new law. The law on sharing of credit information has always been there, and the inherent protection is very much a part of the CICRA itself. The RBI circular is, at best, a regulatory cognition of an existing issue, and is a note of caution to NBFCs, who, in their enthusiasm to generate business, may not disregard the provisions of the law.
The situations may be as follows:
- Fintech company using its own algorithm: In this case, the fintech company is relying upon its own proprietary algorithm. It is not relying on any credit bureau information. Therefore, there is no question of any credit information being shared. In fact, even if the fintech uses the score developed by it, without relying on CIC data, with other entities, it is a proprietary information, which may be shared.
- NBFC sharing credit information with Fintech company, which is sourcing partner for the NBFC: If the NBFC is sharing information with a fintech company, with the intent of using the information for its own lending, can it be argued that there is a breach of the provisions of the CICRA? It may be noted that regulation 9 of the CIC Regulations requires CICs to protect credit information from unauthorised access. As already discussed, access by such fintech companies is unauthorised.
- NBFC sharing credit information with Fintech company, which is not partnering with the NBFC: In case, the NBFC is not partnering with the NBFC and is still sharing credit information, there seems to be no reason for such sharing other than information trading. Several NBFCs have at many instances, been reported to have engaged in information trading for additional income.
- NBFC sharing credit information with another NBFC/bank, which is a co-lender: The NBFC may authorise its co-lender to obtain credit information from CICs and the same shall not be an unauthorised access of information, since the co-lender is also a credit institution and is registered with CICs.
- Bank sharing credit information with another NBFC which is a sourcing partner and not a c0-lender: If the sourcing partner is a member of CICs, it may access the credit information directly from the CICs. If the sourcing partner is not a member of CICs, sharing of credit information is violation of customer privacy, and thus, shall not be allowed.
The credit bureau reports are actually being exchanged in the system without much respect to the privacy of the individual’s data. With the explosion of information over the net, it may even be difficult to establish as to where the information is coming from. Privacy and confidentiality of information is at stake. At the same time, the very claim-to-existence of fintech entities is their ability to process a credit application within no time. Whether there is an effective way to protect the sharing of information stored with CICs is a significant question, and the RBI’s attention to this is timely and significant.