Debugging the Digital Lending Domain

RBI Working Group Report brings major recommendations to the digital lending regulatory framework

Team Finserv | finserv@vinodkothari.com

Introduction

Digital lending does not have a major share yet in the overall financial sector, the graph of the digital lending growth will only move upwards.^[1] Time and again RBI has been cautioning the public with respect to unauthorised DLPs/ DLAs.

Digital Lending Platform (‘DLP’) (web) / Digital Lending Apps (application) (‘DLA’) are  web or mobile based applications with user interface that facilitate borrowing by a financial consumer from a digital lender.   The scenario of these lending platforms is somewhat like this – a prospective borrower goes to an app/ platform, fills up some information. At the background, the DLP/ DLA collects and collates the information, including credit scores of the individual. Finally, the loan is sanctioned in a jiffy, mostly within minutes.

When we say ‘digital lending’, we instantly think ‘fast’, ‘convenient’  and an ‘efficient’ form of lending, happening at the tip of our fingers. However, digital lending comes with its own thorns, which may leave the financial system vulnerable and disrupted. This is due to various reasons such as unauthorised lenders getting easy access through digital platforms, digital lending service providers gaining off-balance exposures, disregard to various fair practice code and code of conduct, breach of consumer data etc.

The RBI had constituted a Working Group on digital lending including lending through online platforms and mobile apps on January 13, 2021. The Working Group (‘WG’) has submitted its report and the same has been published by the RBI on November 18, 2021 (‘Report’).

The Report rests on the principle that ‘the assumption that because something is technologically possible, it should be allowed, is flawed and needs to be challenged. There should be technology neutrality, which would imply that what is not legal offline, cannot be legal online’.

The Report states that there are three kinds of entities (as given in the illustration) majorly functioning in the digital financial domain. The Report intends to target these entities.

Issues^[2] in the digital lending space^[3]

1) Entities in the digital market requiring attention –

• Lending Service Providers (LSP) –

Lending Service Providers are agents of a balance sheet lender (banks, NBFCs etc.) who carry out one or more of the lender’s functions such as customer acquisition, underwriting support, pricing support, disbursement, servicing, monitoring, collection, liquidation of specific loan or loan portfolio for compensation from the balance sheet lenders. LSPs offer support functions and therefore are not undertaking ‘business of a financial institution’ as defined under the RBI Act. The loans sourced are not their assets and sit on the books of lenders. Since they perform activities that are originally a lender’s functions, they are considered as outsourcing agents and their activities are governed by the respective guidelines on outsourcing of financial services by NBFCs and Banks.

LSPs could either be regulated (Account Aggregator, Peer-to-Peer lending platform etc.)  or remain outside the regulatory purview of the financial regulator. Further, LSPs providing services to entities registered under other laws, are not regulated at all, leaving them out of scrutiny.

• Fringe lenders –

These are shadow unregistered  balance sheet lenders. The use of technology based platforms makes identification and monitoring of such entities even more difficult.

 

2) First Loss Default Guarantee (FLDG) and other synthetic structures –

FLDG is a very common and popular credit enhancement offered by fintech players. It is an indemnification by the third party to secure the obligations of the borrower towards the lender, up to a certain level. Though the term generally used is ‘guarantee’, however, it is legally not a guarantee since the borrower is not aware about such a transaction. The indemnification by the third party ensures skin in the game of the fintech player for loans sourced and originated by it.

However, such synthetic structures allow unregulated entities to lend without complying with prudential norms. Since upon invocation the loans come on the books of the platform, by virtue of the right of subrogation. Such structures are akin to off-balance sheet portfolio of LSP, however, credit risk is borne without requiring to maintain adequate capital. Further, such fintech players also sometimes extend balance sheet loans till they don’t meet 50-50 principal business  criteria, to remain outside the purview of law. Since these fintech players offer FLDG to various lenders, it could lead to piling up of risks.

In his article on Lenders’ piggybacking: NBFCs lending on Fintech platforms’ guarantees, Mr. Vinod Kothari has explained the regulatory concerns associated with such synthetic structures. However, what has been concluded is that fintech-based lending is here to stay, and grow. Risk participation by fintechs does not defeat the system – rather, it promotes lending and adds to the credibility of such fintech’s risk assessment. The article has recommended that the RBI may evolve appropriate guidelines for treating the credit exposure taken by such platforms as a part of their credit-equivalent assets.

3) Shadow lending^[4] –

Technology provides anonymity and camouflage that further aids shadow lenders to undertake unregulated lending.

4) Payment banks –

Since payment banks are restricted to only provide small savings accounts and services to the marginalised class and are not permitted to lend, they act as LSPs to bigger banks and NBFCs.

Recommendations and Suggestions of the Working Group

The recommendations have been categorised into three categories as enumerated in the chart below –

The detailed recommendations of the WG are explained below:

I. Legal and Regulatory recommendations

Legal manoeuvre preserving the traditional lending market may not work for its ‘E’ version. The old-fashioned laws may leave various gaps in favour of unscrupulous players. Therefore, the regulators will always need to adapt to the highly dynamic and ever-evolving digital lending market.

1) Restricting balance sheet lending through DLAs to REs or entities registered under any other law for specifically undertaking lending business

FinTech balance sheet lending has been defined as electronic platforms using their own balance sheet in the ordinary course of business to intermediate between borrowers and lenders. The same is intended to be restricted since the lending done through FinTech is not regulated by the RBI and hence, the terms of lending or such lending practices may not be fair and transparent.

2) New digital lending products involving short term, unsecured/ secured credits going under the guise of deferred payments or the like, such as BNPL should be treated as part of balance sheet lending, if not in the nature of operational credit by merchants. Since these products do not meet the requirements of traditional credit facilities, a suitable notification may be issued by the Government of India in this regard.

The kind of innovations that are going around in the market seem to create a whole lot of new financial products that are disguised as something other than lending. The recommendation intends to recognise such products as a part of on balance sheet lending. In this regard, it would be important to recognise the various financial products that are prevalent in the market and that have features of deferred payment.

3) Prohibiting REs from entering into arrangements involving synthetic structures, such as, FLDG with unregulated entities

Most of the existing arrangements between fintech partners and lenders have the essential feature of FLDG being provided by the digital platform to the lender. The FLDG is in essence a support that the platform provides to the lender since the loans are sourced by the former. By virtue of the invocation of this FLDG and right of subrogation, the loans are transferred from the books for the regulated lender to the unregulated platform. Further, before invocation, these fintech partners provide such guarantee (indemnity) without maintaining any capital against the credit risk borne from the off-balance sheet exposure. The recommendation is to completely restrict the same.

Even in 2019^[5], RBI prohibited P2P lenders from assuring any return of principal/payment of interest.

4) Setting up of a self-regulatory body (SRO) covering DLAs and LSPs in the digital lending ecosystem

Due to maturity level and complex structures of the evolving ecosystem for digital lending and potential regulatory arbitrage, a need was felt to have a multi-agency approach. to address the issues in their entirety. Further, uniform agreement between LSPs and Lenders is to be provided by the self-regulatory organisation (SRO).

5) Setting up of a nodal independent agency

The Working Group also proposes to set up an independent agency DIGITA (Digital India Trust Agency) in consultation with the market participants and regulators. It will primarily be responsible for verifying technological credentials of digital lending platforms and other service providers operating in the digital lending ecosystem before they are open for public use. Any eligible platform/ app not carrying the ‘Verified’ signature of the DIGITA will be considered as unauthorized. DIGITA shall also be maintaining a public register of all verified apps / platforms on its website, for public information.

Any subsequent changes to ‘verified’ apps will also be subject to surveillance and any potential non-compliance arising out of the same could lead to revocation of the ‘verified’ status.

6) Regulatory framework for digital banks / neo banks

• A ‘digital bank’ means an online arm of a bank. This could either be in the form of a traditional bank extending ‘digital services’ or online-only ‘neo banks’. ‘Neo’ by definition means ‘new’. Neo banking is a new age banking set-up which has an online-only presence. Unlike traditional banks with brick and mortar branches, services of a neo bank are accessible anywhere with an internet connection and are offered completely online. Indian laws currently require banks to have a physical presence to offer internet banking services^[6].
• Neo-banks have digital as the only or predominant channel for engaging with customers and challenge either the products, user experience or business models of traditional banks and other financial services organisations. RBI does not recognise these virtual-only banks and therefore ‘neo-banks’ remain unregulated. Given that ‘neo-banks’ cannot function independently and usually partner with traditional banks/ non-banks. They offer outsourcing functions to their counterparts with licenses.
• Considering the changing landscape and constant innovations in the financial sector, the Report states that the operations of ‘digital banks’/ ‘neo banks’ should be covered under RBI regulations. This should also include governing bank-FinTech partnerships.
• Currently there are many FinTech start-ups in the neo-banking space such as Jupiter, EpiFi, Niyo, Open. RazorpayX is one of the neo bank start-ups providing lending services in partnership with multiple NBFCs.

7) Execution of transactions directly between the lender and borrower-

Digital Lending Platforms acting as intermediaries between lenders and borrowers is quite common. The DLP acts as the interface of the transaction and is responsible for dealing with customers. It may also be involved in loan origination, execution of a loan agreement, collection of payments etc. While the RBI recognises the importance of DLPs as a liaison for the transaction, what is discouraged is flow of funds through the DLP. The role of DLP should only be restricted to facilitating the transaction and not as a fund-flowing passage, as this poses risks of siphoning, laundering etc.

Therefore the following has been recommended –

• Loan servicing, repayment to be executed directly in the bank account of the lender
• There should not be pass-through account/ pool account of third party
• Disbursement should be made directly in the bank account of the borrower
• Pre-paid instruments – cards, wallets – may be used when full interoperability among PPIs is implemented
• In case of borrowers who only have PPI account and no bank account, money can be disbursed to the PPI account only if the same is fully KYC compliant
• Fees to be paid to the LSP, shall be paid by lenders, and not to be received from borrowers directly

8) Reporting to CICs with respect to lending done through digital lending platforms/ LSP

It has been recommended to mandatorily require submission of information with respect to lending done through DLAs. Such reporting will be done irrespective of the nature or tenure of loans, capturing all kinds of loans. The reporting will also be done at shorter intervals as compared to conventional reporting.

However, to avoid any misuse of credit information for loan marketing by any random digital lender, access to credit information on behalf of the borrower, will be done only by regulated agents of any financial sector regulator, as agents of borrowers for  information collection.

Non-adherence or delayed reporting may lead to restriction of certain activities, at the post-origination stage, like assignment/ securitisation/ loan recovery enforcement process.

9) Introducing ‘The Banning of Unregulated Lending Activities (BULA) Act’-

An Act outlawing all entities not regulated and authorized by RBI for undertaking lending business or entities not registered under any other law for specifically undertaking public lending business, is recommended to be introduced.

What will constitute ‘public lending’ will also be defined.

10) Withdrawal of digital lending provisions from the Certificate of Registration (‘CoR’) of NBFCs not undertaking digital lending, for a reasonably long period –

The Report recommends withdrawing enabling clauses, in registration certificates, with respect to undertaking digital lending by NBFCs who are inactive in carrying out digital lending activities. This has been introduced with the intention to curb inactive NBFCs, having digital lending license but not undertaking the same for a reasonably long time, from acting as channels for unauthorised digital lending by unregulated entities

11) Record maintenance and monitoring of unauthorised entities (para 3.4.3.3)

Lenders may not always have complete and adequate information of delinquent entities in the digital lending space. Therefore, there is a need to enable identification of such entities by enforcement agencies who may have access to such information. The following has been recommended in this behalf –

• A list of unscrupulous lenders will be maintained and made available to regulators, entities etc. by the Digital Intelligence Unit of Government and other agencies. Such list will be used by lenders while undertaking enhanced due diligence.
• A National Financial Crime Record Bureau may be established which will be accessible by lenders.

Further, monitoring will be done of digital lending apps through media/ social media monitoring, web-scraping etc. Also, all publicity and advertisement material over the web of unverified digital lending apps, may be continuously monitored through appropriate detection techniques.

12) Avoiding step-in risks for lenders (para 3.4.4.) –

As per BIS, ‘step-in risk arises when a bank considers that it is likely to suffer a negative impact from the weakness or failure of an unconsolidated entity and concludes that this impact is best mitigated by stepping in to provide financial support (eg to avoid the reputational risk the bank would suffer otherwise).

As per RBI, partnering by lenders with unregulated lending service providers may lead to ‘step-in risks’.

13) Short term, unsecured/ secured credit under the guise of deferred payments,

eg.: Buy now, pay later loan products to be treated as a part of balance sheet lending or operational credit by merchants and specific notification to be issued for them.

II. Recommendations relating to technology

“In the long run, RBI needs to conceptualize an adaptive, outcome-focused regulatory framework with a responsive and iterative approach. It should provide for a segmented and data driven design rather than ‘one size fits all’ mold.”

Based on the above principle, the WG has made recommendations with respect to various technological aspects relating to digital lending. Merging technology with financial transactions may bring in additional risks like privacy concerns, hacking of data, misuse of AI, security etc. These issues have been appropriately addressed in the Report of the WG.

1) Verified apps by DIGITA (para 4.4.1.2):

The same has been discussed earlier.

2) Baseline digital hygiene guidelines (para 4.4.1.3):

These are fundamental requirements which will have to be adhered to by the LSPs in addition to regulated entities and will include:

• Meet the basic tech standards on cyber security specified by RBI
• DLA owners should appoint a nodal officer for dealing with Fintech related issues that may arise and officer’s contact details should be displayed on the website for public access.

3) DLA – its user interface, algorithm, servers etc.

4) Glass-box learning method

Since a financial transaction can involve verification and analysis of multiple factors to determine eligibility, viability etc. the app’s algorithm should be trained to the effect that it understands these factors and is able to point out potential discriminating factors. This can be done by continuously training the algorithm by using Glass-box models of AI to enhance transparency and acceptability of algorithms. In Glass-box models, the app developer can see the methods used by the AI to build upon its existing knowledge. This helps the developer to provide more relevant data for the AI to develop further.

5) Data Governance:

The WG envisages that the ‘Data Protection Authority’ proposed to be established in the Personal Data Protection Bill could serve as the regulatory body to oversee the financial apps as well in the future.

The DLA should have a comprehensive privacy policy available publically, regarding collection of personal data. Names of 3rd parties, if any, collecting the user data shall also be disclosed. Other permissions such as use of camera, microphone, location etc shall be on need basis. No biometric data related to customer due diligence should be stored in the systems associated with the DLA.

III. Consumer Protection recommendations^[7]

Digital lending brings many of the risks of traditional lending, but also few more unique ones. Digital lenders provide charismatic and appealing services under the tag of ‘convenience’ and ‘swift’, however, which leave the consumer class often vulnerable.

The borrower may face issues at every stage:

• pre-contract stage (risk – product design, distribution),
• contract stage (risk – transparency, pricing) and
• post-contract stage (risk – treatment and recourse).

While there are various consumer protection provisions in place, such as fair practices code, outsourcing guidelines, DLP guidelines^[8], consumer protection act, ombudsman scheme etc, however, they still fall short. Also, the digital lending framework will need to be tweaked to ensure effective protection of digitised customers.

Digital lending generates many of the similar financial consumer risks as in the conventional lending models and a few more. Innovative technologies and delivery/ interface channels, along with new lending class/ vocabulary create unique and newer risks for consumers as the focus is more on convenience/ ease of access rather than protection.

 

In this regard, the WG has made the following recommendations:

1) Code of conduct for advertisement for digital loans (para 4.1.1)

DLAs, as any other seller, advertise their loans as attractive products, which often are misleading.  It has been recommended that such advertisements should not contain any misleading claims. Further, where advertisements are by way of marketing messages, the customer should have the option to opt in or out of the same at any time. A Code of Conduct providing for responsible advertisement will also be introduced by the SRO.

2) Minimising repayment distress (para 5.4.1.2)

Since digital lending loans use aggressive marketing techniques, usually loans are granted, without keeping the vulnerability of the borrower in mind. The following has been recommended-

a) Pay-day loans/ short term consumer credit –

Pay-day loans are short-term loans with high interest rates, based on a person’s income. These are called pay-day loans since these are usually granted to salaried/ wage earners and the principal is repaid out of the succeeding salary. These loans are looked down upon globally, as these loans are very expensive and also have a very short repayment period, leaving borrowers in a debt trap. RBI intends to restrict these loans

b) Simplified products in low-penetrated markets

Products offered in low credit-penetrated markets, by DLAs, should be simplified and should be interfaced to consumers in an easily understandable manner.

c) Mandatory user-education during customer onboarding

Information with respect to product features, computation of loan limits, costs, conditions, etc. at an early stage of on-boarding, will enable borrowers to make informed decisions before they accept to borrow

d) Cooling off period to exit loans

To enable borrowers to have an exit option, it is suggested that borrowers be given a cooling off period, (globally ranging between 3 to 14 days,) by paying proportionate APR without any penalty.

3) Enhanced consumer awareness (para4.1.3 )

Complete disclosure of information and consumer education is instrumental for preventing consumers from being stuck with loans they were not fully aware of. Disclosure with respect to loans should be made available upfront in an easily understandable manner.

The following has been recommended to ensure the same –

a) Key Fact Statement

• A key fact statement (KFS) in standardized format, containing brief facts of the loan product offered to be provided for all digital lending products.
• Summary of information and abridged KFS should also be sent over SMS/ email. Any cost borne by the borrower directly or indirectly should also be stipulated.
• Digitally signed sanction letter to be sent over email.
• All direct and indirect costs to be stated.

b) Loan agreement

• A standardised and simplified format to be provided by the SRO
• The loan agreement should be in a language understood by the borrower,
• Agreement should adhere to existing regulations by RBI

c) In case a loan application is rejected, reasons for such rejection to be communicated.

d) The DLAs should obtain feedback/ rating for their services offered in formats to be provided by the SRO.

Even though India has advanced in consumer awareness in the FMCG sector, consumers remain highly uninformed when it comes to the lending segment despite strict prescriptions by the RBI through its regulations. Substantial frauds occur due to negligence or unawareness of the customers. Thus, it becomes important to have specific guidelines in this regard.

4) Preventing over-indebtedness (5.4.2)

In general parlance, it is common that loans disbursed through DLAs are not adequately screened by the DLA and thus, ineligible borrowers are granted loans which results in subsequent defaulting loans.

Thus, it is prescribed that the lenders themselves assess the borrower prior to disbursing the loan.  During the assessment, specific weightage should be given to the economic profile of borrowers. Specific prescription has been made for lenders distributing products such as one-click loans which are mandatorily required to assess the consumer’s creditworthiness and keep a record of the same to facilitate audit.

In this regard, it has been suggested that the DLAs should not adopt practices which lead the customers in a debt trap. To curb such predatory practices, the following points have been suggested:

• Putting in place an anti-predatory lending policy be formulated and publicized by each lender.
• All such customers are to be diverted to a financial education website page designed in vernacular languages which acquaint the prospective borrowers of the consequences of the loans availed.
• The scope of the Financial Literacy Centres, Centre for Financial Literacy (CFLs) and even Electronic Banking Awareness and Training Programmes (E-baat), to include digital lending and DLAs.
• Restriction on loan flipping i.e a structure wherein high-cost loans are refinanced without demonstrating any benefit to the borrower. Also, an automatic increase in credit limits is restricted unless consumer protection norms have been considered and express consent of the borrower has been taken on record.

The intent behind such prescriptions is to protect the customers from the appealing schemes offered by lenders which guide such borrowers to borrow in excess of their capacity, ultimately leading to high debts on the borrowers caught up in the never-ending debt trap.

5) Prescriptions for responsible pricing (anti-usurious lending) (5.4.3)

The RBI proposes that proper prescriptions should be made as to which all reasonable costs are included in the Annual Percentage Rate (‘APR’). Reasonable costs, here, may be construed to be costs which are directly linked with the loans advanced. All the costs included in the APR must be adequately disclosed to enable the customers to understand the cost break up in a proper manner along with the impact of repayment of loan before or after the due date for repayment. It has been proposed that the lender should not be charged in excess of what was expressly agreed to at the time of disbursal of loan unless the change is intimated to the borrower in advance.

The intention behind such disclosures, is, apart from consumer awareness, reduction of defaulting loans. Meaning thereby, that, when the customers are reasonably informed about the charges he/she has to pay, he/she may accordingly plan his/her finances and satisfy his/her debt obligations.

Further, the following practices are reviewed:

• Interest on loan must be calculated as a percentage of outstanding principal amount and should not be charged in advance.
• Other fees outstanding on account of the customer should not be included as outstanding principal for charging compounded interest.
• Calculation of interest on the basis of days for which the loan is disbursed.
  The reduced interest amount on account of prepayments should be charged effectively from the date of such repayment.
• In case of prepayment of short term loans, the lenders shall not impose penal interest on borrowers, but may impose a nominal administrative fee.
  In case of prepayment of long term loans, the penalty may be imposed; however, in such a case, the APR charged on such loans shall be lower than the APR that would have been charged without a prepayment penalty clause.
  The recommendations strictly prohibit charging of hidden costs from the borrowers. This, in essence, seems to be in line with the existing Fair Practices Code (FPC) applicable on banks and NBFCs.

All in all, the particular recommendation strives to regulate the interest rate charged by the DLAs. The recommendation becomes more significant considering the recent catastrophe caused by the DLAs. The root cause of the disaster may be traced to the exorbitant interest rates charged by the platforms. Thus, the regulator has now made clear prescriptions regarding the charges that may be taken from the borrower.

6) Fair and Respectful Treatment of Borrowers (5.4.4)

As the RBI aims at sensitising lenders towards borrower’s needs, it prescribes the following regarding the same:

• The lender is posed with the responsibility of recognising borrowers which have a difficulty in repaying the outstanding loans so as to help them before the borrowers default and to treat them at par with other borrowers instead of resorting to undue harassment for recovery of loans.
• When lending through third parties or lending service provider, the following are to be specifically considered:
  • The lenders should, prior to outsourcing the services to a third party, should carry out an enhanced due diligence commensurate with the risks faced from the third party. It becomes important to focus on the quality of the due diligence, as the lenders remain primarily responsible for the recovery methods used by the recovery agents.
  • A great point of contention in the entire lending procedure is the harsh recovery methods used by lenders which often leads to undue harassment of the borrowers. As it has been witnessed in the past, there has been misuse of the customers’ sensitive data by the recovery agents who adopted abusive practices in the name of recovery. For regulating the recovery practices so adopted by the lenders or third party engaged by for the recovery function, the RBI has prescribed mandatory placement of collection policies and procedures on their website. Further, the loan agreement should explicitly disclose the appointment of third parties for the recovery of loans. In case the third party is appointed post sanction of the loan, the borrower is to be intimated regarding the same.
  • It is to be ensured that the recovery agents are imparted adequate training to enable them handle defaulting borrowers.
  • The lenders are posed with the responsibility of periodic review of the third party engaged in recovery and strictly maintain a “negative list” for underperforming recovery agents.
  • Credit score of any customer has an enormous impact on the credit history of the customer, which is of great relevance when the customer intends to borrow further from other lending institutions. Thus, the recommendations prescribe genuine and prudent reporting by the lenders to the CIC about credit information of the borrowers so as to maintain a fair and correct credit history of the customer.

Conclusion

The various recommendations and suggestions given by the committee have to be examined by the RBI before coming out with detailed regulations for the same. Considering the powers of the RBI and the fact that they don’t have any regulatory control over the unregulated entity, it would be quite important to see the actual implementation of these recommendations- whether through the regulated entities itself or by expanding the scope of supervision by the respective regulators over the blooming digital sector.

^[1] We have covered an introduction to digitisation of the financial market in our article – Moving to contactless lending, in a contact-less world

^[2] Also,  issues with respect to our banking system, as pointed out by Raghuram Rajan and Viral Acharya, has been covered in our article- Stop crazy lending, lazy lending, write Rajan and Acharya

^[3] In 2019, the Department of Economic Affairs had shared the report of the Steering Committee discussing various issues faced by fintech companies. You may refer to our article on STEERING COMMITTEE REPORT ON DIGITAL LENDING: ISSUES AND SOLUTIONS

^[4] Read a detailed analysis on the same by Mr. Vinod Kothari here – https://vinodkothari.com/wp-content/uploads/2020/01/shadow-banking-in-India.pdf

^[5] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11137

^[6] Para 6.1 of  Master Circular – Mobile Banking transactions in India – Operative Guidelines for Banks

^[7] You may refer to our article – Digital Consumer Lending: Need for prudential measures and addressing consumer protection

^[8] RBI had extended FPC to DLPs as well – You may refer to our article – Extension of FPC on lending through digital platforms

Our resources on Digital lending Guidelines: https://vinodkothari.com/?s=digital+lending