FAQs on Digital Lending Regulations

Updated on February 15, 2023

The RBI had constituted a Working Group on digital lending including lending through online platforms and mobile apps on January 13, 2021[1]. The Working Group (‘WG’) submitted its report and the same was published by the RBI on November 18, 2021[2] (‘Report’).

On August 10, 2022, the RBI issued a press release on implementation of the recommendations of the WG. The press release contains three annexures that are either applicable immediately or may be applicable in due course. Through the press release, RBI seeks to implement the recommendations and suggestions of the WG on digital lending.

Further, the RBI has issued the Guidelines on Digital Lending on September 2, 2022 (‘Guidelines’). The text of the Guidelines is largely similar to the press release, with certain modifications and insertions of footnotes.

We have developed a set of FAQs on the press release and updated the same based on the Guidelines issued by RBI, where we intend to answer some of the critical questions relating to the digital lending regulatory framework.

The following FAQs have also been updated in line with the RBI FAQs dated February 14, 2023.

Table of Contents
Scope and Applicability	Cooling off/ look up period
Entities covered by the regulatory framework	Due diligence requirements
BNPL facilities	Data & Technology Requirements
Flow of Funds	Reporting to CICs
Disclosure to Borrowers	Additional disclosure requirements
Grievance Redressal Mechanism	Impact on Existing Loans
Key Fact Statement	Treatment for Structured Default Guarantees
Automatic increase in credit limit

Scope and Applicability

1. What does the Press Release entail? Is the Press Release itself the regulation, or regulations are expected to come separately?

The press release issued by RBI on August 10, 2022 (‘Press Release’)^[3], aims to provide the regulatory stance of RBI on digital lending and to implement the recommendations of the Working Group on ‘digital lending including lending through online platforms and mobile apps’ (WG).

With the Press Release the RBI initiated implementation of the recommendations of the Working Group in tranches, and the points/decisions mentioned in Annex I have been implemented immediately. Some of these may require separate regulatory instruments, say, by way of amendment in the Directions.Subsequent to the Press Release, the RBI has issued Guidelines on Digital Lending as per its Notification No. RBI/2022-23/111 dated 2nd September 2022. Entities involved in Digital Lending will need to implement the contents of the said Guidelines.

2. What type of entities should be concerned with the Press Release and these Guidelines?

All Regulated Entities (REs), their Lending Service Providers (LSPs), Digital Lending Apps (DLAs) of REs, DLAs of LSPs engaged by REs are the ones covered under the ambit of the Press Release and Guidelines.

Besides, the part dealing with FLDG will cover every entity or third party providing or receiving default guarantee in respect of loan pools sourced and serviced by such FLDG providers.

3. Are co-lending banks and NBFCs also impacted by the Press Release and Guidelines?

It is our view that entities which have entered into co-lending arrangements with other entities, which, in turn, are using digital lending, also need to ensure adherence to the provisions of these Guidelines.

Initially, Annex I in the Press Release talked about REs loan servicing, disbursement, repayment, etc. to be done directly in their bank account without any pass-through account/ pool account of any third party. An exception is made in case of flow of money between REs for co-lending transactions, which further implies that co-lending arrangements with digital lenders are also covered under the Press Release. The Guidelines also provide the same carve-out with regard to co-lending arrangements.

However, in our view, direct assignment transactions, under TLE Directions, where an assignee is simply acquiring receivables, need not be concerned with the implementation of the regulatory framework, except as a part of general due diligence on origination practices.

4. What is the significance of dividing the implementation into three separate Annexures?

The press release contains three annexures, each of which deal with the following –

1. Annex I^[4] – Recommendations accepted for immediate implementation and the consequent regulatory stance. The DL Guidelines have been issued on the implementation of this Annex I;
2. Annex II^[5] – Recommendations, though accepted in-principle, which require further examination; and
3. Annex III^[6] – Recommendations which require wider engagement with the Government of India and other stakeholders in view of the technical complexities, setting up of institutional mechanism and legislative interventions.

5. Is the Press Release regulation in itself? Or separate regulations are yet to come?

Annex I of the Press Release contains the recommendations of the WG that have been accepted for immediate implementation and the consequent regulatory stance. Further, para 7 of the Press Release states that “All the regulated entities of RBI are advised to be guided by the regulatory stance conveyed in this press release.”

This implies that the Annex I would be the regulatory framework for digital lending and as such would be mandatorily applicable on Regulated Entities (REs), their Lending Service Providers (LSPs), Digital Lending Apps (DLAs) of REs, DLAs of LSPs engaged by REs.

However, the same para 7 mentioned that detailed instructions will be issued separately. This meant that Annex I only provided the regulatory stance of RBI. While the REs were expected  to be guided by the regulatory stance conveyed in the Press Release, the RBI notification dated September 2, 2022 codifies such regulatory stance of the RBI .

6. From when is the Press Release applicable? Are all annexures applicable immediately?

The Press Release contains three annexures, each of which have different stages of applicability. The applicability of each of these annexures is discussed below.

Applicability of Annex I

The recommendations covered under Annex I are already accepted by the RBI for implementation. Accordingly, the provisions of Annex I shall be applicable immediately, that is from the date of the Press Release, August 10, 2022. Further, para 7 states that the REs must be guided by the regulatory stance conveyed in the Press Release, which further strengthens the view that Annex I is applicable immediately..

Applicability of Annex II

Annex II contains those recommendations that are accepted ‘in-principle’ but require further deliberation by RBI. So it seems that Annex II is not applicable immediately. However, there is a part in Annex II, dealing with the widely prevalent practice of “first loss default guarantee”, where it seems from the language that the intent is to regulate the same immediately.

As such, for the treatment of structured default guarantee see later part of these FAQs

Applicability of Annex III

Annex III deals with the recommendations of the WG that require wider engagement of the Government of India and other stakeholders. Accordingly, it seems that Annex III is not applicable immediately. However, the views of the regulator are clear and it is only a matter of time that these may also be implemented.

7. The Guidelines have been issued on September 02, 2022. What is the date of applicability now-  The date of issuance of press release or the date of issuance of Guidelines?

The intention is to make the provisions immediately applicable. Hence, in our view, the date of applicability should be the date from which the provisions on digital lending were made public i.e. the date of issuance of press release. However, there is a deferment for digital loans existing as on the date of the Press Release.

8. The Guidelines make a reference to November 30, 2022. What is the relevance of this date?

November 30, 2022 is the deferred timeline allowed with respect to existing digital loans. In order to ensure a smooth transition, REs have been given time till November 30, 2022, to put in place adequate systems and processes to ensure that ‘existing digital loans’ are also in compliance with the Guidelines. Further, existing arrangements and partnerships, for loans to be extended post the issuance of Guidelines, may also have to be completely reworked in light of the regulations (also, refer to the later part of FAQs).

This also implies that there is no grandfathering for existing loans, already sanctioned as on the date of the Press Release.

However, it may be clearly noted that the Guidelines apply immediately to new customers and existing customers availing new loans from the intro para 3. Hence, reference to Nov 30 is only for existing loans.

9. What exactly is meant by ‘existing loans’? Loans may have been disbursed, or sanctioned but not yet disbursed? Will the Guidelines apply in both cases?

Yes, existing loans would include both sanctioned and disbursed as well as loans sanctioned but not disbursed. The cut off date would be August 10, 2022.

10. What is meant by ‘put in place adequate systems and processes in place, for existing loans? Does this mean all the provisions of the Guidelines shall have to be ensured with respect to existing loans? How will this be done?

One will have to look at the practicability of the compliance and accordingly determine the possibility of incorporating the same in existing loans. For example, list of LSPs is required to be provided on the Platform. The same may be ensured from the effective date of the Guidelines. Hence, the same may be done.

Another example may be taken with respect to compliance of the provisions of para 7.1 of the Guidelines which requires assessing the economic profile of the borrower before extending the loan. The existing loans have already been disbursed, hence, assessment of economic profile of such borrowers may be of no use at this stage unless there is a further increase in credit limit. Refer detailed discussion on implication of the DL Guidelines on existing loans in the later part.

11. What exactly is the meaning of “digital lending” for the purposes of the regulatory framework? Are all types of financial facilities to be covered?

The Guidelines define Digital Lending as

A remote and automated lending process, largely by use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.

There are two important words – digital and lending.

First of all, the facility in question has to be a loan, or facility in the nature of a loan. As discussed below, BNPL facilities are covered by the regulatory framework.  However, our reading is that not every form of digitally originated credit facility is a “lending” transaction. For example, invoice discounting or factoring transactions do not seem to be falling under the purview of these regulations. However, in case of a credit facility secured by loan receivables (exempted from the purview of factoring), the same shall be considered as lending.

Does the lending have to be to  consumers? If the lending is to business entities, is it intended to be covered by the regulatory framework? The stance of the regulations is clearly consumer protection, and ideally, it does not seem appropriate to apply the regulation to lending to business entities. However, the RBI has vide its FAQs clarified that the DL Guidelines are also applicable for corporate (including MSME loans) and all such transactions, in case they are meeting the definition of ‘Digital Lending’.

The second important part of the phrase is “digital”. The question is, what all parts of the lending transaction need to be digital, or contactless, in order to be called digital lending. The WG acknowledged the lack of a universally acceptable definition of ‘FinTech credit’ or ‘digital lending’ and did not attempt to define these terms in their report, since new models and approaches were still evolving. However, the WG recognized that “One generally accepted feature of digital lending is that it means ‘access of credit intermediation services majorly over digital channel or assisted by digital channel’.” The characteristics distinguishing digital lending from traditional lending were set out in the WG report which states that “the characteristics that are essential to distinguish digital lending from conventional lending are use of digital technologies, seamlessly to a significant extent, as part of lending processes involving credit assessment and loan approval, loan disbursement, loan repayment, and customer service.”

Accordingly, the parts of a lending transaction that need to be digital or contactless in order to be called digital lending is subjective but must involve, at least to a significant extent (the Guidelines use the term “largely”), the use of digital technologies as part of lending processes involving customer procurement, credit assessment and loan approval, loan disbursement, loan repayment, and customer service. This was also clarified by the regulator in the FAQs that DL Guidelines are applicable to ‘digital loans’ offered over any digital platform which meet the definition of ‘Digital Lending Apps/ Platforms’ (DLAs).

12. In case some of the lending process is being conducted physically, will that still be considered as digital lending?

As discussed above, digital lending would mean that to a significant or large extent digital technologies are being used in the lending process. There are various sub-processes involved in the process of lending – it usually starts from customer introduction, followed by product introduction, credit assessment, underwriting, pricing, collection and recovery. Even if certain aspects of the process are conducted physically, like the document procurement or physical execution of documents, but in case the major part of the process is digital, the same shall be regarded as digital lending.

The RBI’s FAQs clarifies the position even further stating that the phrase ‘largely by use of seamless digital technologies’ has been used in the Digital Lending definition to accord operational flexibility to REs in ‘Digital Lending’. Therefore, even if some physical interface with customer is present, the lending will still fall under the definition of Digital Lending. However, while doing so, the REs should ensure that the intent behind the Guidelines is adhered to.

13. In case just the loan agreement execution is digital- will it still be digital lending?

As discussed above, since a significant part of the lending process is not digital, the same shall not be considered as digital lending.

14. If any part of the loan sourced and processed digitally is secured against any receivables or other asset, will that have any impact on the fact that the same is digital lending?

The fact that the loan is secured would not change the nature of the loan- the same shall continue to be considered as digital lending.

15. Can providing home loans be considered as digital lending if just sourcing is through an online platform but the credit underwriting process, execution and everything is physical?

No, a significant and important part of the home loan process is usually conducted physically and hence, the same should not be considered as digital lending.

15A. Whether loans or EMI programmes on credit cards and debit cards fall under the definition of ‘digital lending’?

Loan products offered on Credit Cards which are not covered/ envisaged under Para 6(b)(iii)^[7] of the Master Direction on Credit Card and Debit Card – Issuance and Conduct, 2022, shall be governed by the stipulations laid down under the Guidelines on Digital Lending. However, the  the Guidelines will be applicable to all loans offered on Debit Card, including EMI programs.

Entities covered by the regulatory framework

16. Who is an LSP? What are DLAs? 

The WG report on digital lending appropriately defines an LSP to mean “..an agent of a balance sheet lender who carries out one or more of lender’s functions in customer acquisition, underwriting support, pricing support, disbursement, servicing, monitoring, collection, liquidation of specific loan or loan portfolio for compensation from the balance sheet lender.”

RBI has clarified that only if a lending transaction qualifies under the definition of ‘Digital Lending’, will the service provider facilitating such lending be designated as LSP.

Further, DLAs are defined to mean “Mobile and web-based applications with user interface that facilitate borrowing by a financial consumer from a digital lender.” As per the Press Release and the Guidelines, DLAs will include apps of the REs as well as operated by LSPs which are engaged by REs for extension of any credit facilitation services.

17. Does the Press Release also cover LSPs and DLAs? How will the RBI regulate the implementation by LSPs and DLAs?

It is quite clear that the Press Release is applicable on REs. The question that arises is whether the LSPs and DLAs are also required to ensure implementation of the Press Release? Para 7 of the Press Release states that “The REs are advised to ensure that the LSPs/DLAs also implement the requirements set out in Annex-I, as applicable..”

Thus, the Press Release also covers LSPs and DLAs[8]. Annex I specifically contains items that the LSPs and DLAs are required to ensure. The onus of ensuring implementation of these requirements by the LSPs and DLAs, however, will rest with the REs (refer para 7).

The same stance has been reiterated in the Guidelines as well.

18. Are the concepts of LSP and DSA one and the same?

No, DLA is the digital interface in the form of an app or platform. Whereas, LSP is the service provider either operating the DLA or providing any other service to the lender.

BNPL facilities

19. How do we say that BNPL facilities are covered by the regulatory framework?

The BNPL model is a form of point of sale credit, wherein the customer is given a window of time, which is an interest free period, within which to repay the amount. The WG noted that while the BNPL model is implemented in partnership with banks/NBFCs, FinTechs are also increasingly engaging in such transactions. In view of this, the WG recommended that new lending products involving short term, unsecured/ secured credits going under the guise of deferred payments or the like, such as BNPL, should be treated as part of balance sheet lending.

RBI through the Press Release read with Annex I and para 14.2 of the Guidelines has stated that extension of BNPL facilities are to be reported to CICs. Accordingly, BNPL products would be covered by the regulatory framework.

The WG intended that the BNPL products which are not in the nature of operational credit by merchants, should be treated as part of balance sheet lending. This would mean that a pure credit sale facility extended by a merchant, although in the nature of BNPL, would not be treated as balance sheet lending.

20. What is the “operational credit facility” provided by a merchant, which is not regarded as digital lending?

This would include a simple credit period extended by a merchant to a customer for making the payment. This is not in the nature of a financial facility. If the customer does not make the payment within this operational credit period and subsequently converts this facility into EMIs that starts charging an APR, such a facility would then be considered as a credit facility.

21. A merchant provides a credit facility to a customer. The lender comes and provides financial support to the merchant, through physical mode. Is this a case of digital lending?

In our view, not. It is a facility given by the lender to the merchant, and not to the customer buying the goods or services of the merchant. We do not see a reason to apply the digital lending framework in such a case.

22. A vendor sells goods on credit to a buyer, and gets the receivables funded, by way of a recourse/non-recourse facility – is it a case of BNPL?

Under this case, the merchant avails a loan against the security of receivables. This seems to be a case of invoice financing and not a case of BNPL.

Flow of Funds

23. Can funds be routed through the bank account of the LSP? What is the regulatory stance with respect to loan servicing, disbursements, repayments, etc.?

The WG recommended in para 3.4.1.2 that “In order to avoid creation of operational grey areas in the process and for the sake of better transparency, all loan servicing, repayment, etc., should be executed directly in a bank account of the balance sheet lenders without any pass-through account/ pool account of any third party.”

The RBI’s stance under Annex I and para 3 of the Guidelines is in line with the WG recommendation. REs have to ensure that all loan servicing, repayment, etc., are executed directly in their bank account without any pass-through account/ pool account of any third party. Further, the disbursements shall always be made into the bank account of the borrower.

Accordingly, the flow of money, i.e., loan servicing, repayment, disbursement, etc. must be necessarily executed directly between the bank accounts of the RE and the borrower. Funds cannot be routed through a pass-through account/ pool account of any third party, which means that the funds cannot be routed through the bank account of the LSPs as well.

24. Can disbursements be done into Prepaid Payment Instruments?

The WG report stated in para 3.4.1.2 that “Borrowers having only PPI account, and no bank account, can be disbursed loan in fully KYC compliant PPIs.”. However, the Press Release and the subsequent Guidelines do not mention anything in this regard. Para 3 of the Guidelines only provides the below carve-out –

The disbursements shall always be made into the bank account of the borrower except for disbursals covered exclusively under statutory or regulatory mandate (of RBI or of any other regulator), flow of money between REs for co-lending transactions and disbursals for specific end use, provided the loan is disbursed directly into the bank account of the end-beneficiary. REs shall ensure that in no case, disbursal is made to a third-party account, including the accounts of LSPs and their DLAs, except as provided for in these guidelines.

This would mean that the disbursal of credit in the wallets or prepaid cards would also not be allowed henceforth. The same would necessarily have to be done into a KYC compliant bank account of the customer. The same situation would be applicable for repayments as well.

25. Whether loan repayment may be made by a borrower using his/ her e-Wallet App (PPI)?

The RBI PR regarding DL does not place a restriction on the origin of the loan repayment. Hence, the loan repayments may be made using the balance in an e-Wallet/ PPI as long as the funds flow directly to the lender’s (RE) account without being routed through any third party intermediary including an LSP.

Also, certain cases, such as loan products involving advances against salary, though the loan is disbursed directly to the bank account of the borrower, the repayment is from the corporate employer, which deducts the EMI amount from the salary. Such repayments can be allowed subject to the condition that the loan is repaid by the corporate employer by deducting the amount from the borrower’s salary. Further, REs should ensure that LSPs do not have any control over the flow of funds directly or indirectly in such transactions. It has also to be ensured that repayment is directly from the bank account of the employer to the RE.

26. Can a Digital Lender make the use of Payment Gateways (PG) or Payment Aggregators (PG) in the disbursement or servicing/ recovery of the loan?

Payment Gateways (PG) and Payment Aggregators (PG) are specifically regulated by the RBI under the Guidelines on Regulation of Payment Aggregators and Payment Gateways and are authorised to provide payment services subject to conditions laid down in the said Guidelines. Being regulated entities authorised by the RBI to process payments they may not be considered as pass-through account/ pool account of any third party and may be used for the purpose of disbursing oor collecting payments against digital loans.

The RBI has also clarified in its FAQs that the principle underlying the Digital Lending Guidelines is that an LSP should not be involved in handling of funds flowing from the lender to the borrower or vice versa. While entities offering only PA services shall remain out of the ambit of ‘Guidelines on Digital Lending’, any PA also performing the role of an LSP must comply with the Digital Lending Guidelines. This would mean that even PAs could be classified as LSP in case they are providing such services to the RE.

27. Can a digital lender directly pay to the merchant against the invoice instead of disbursing the loan amount to the customer/ borrower’s account (say, the customer buys a TV and the lender pays the retail merchant directly)?

Annex I in the RBI Press Release provided the following exclusion with respect to disbursement of loan funds –

Exceptions would be considered for disbursals covered exclusively under statutory or regulatory mandate, flow of money between REs for co-lending transactions, and disbursals where loans are mandated for specified end-use as per regulatory guidelines of RBI or of any other regulator.

Further, the Guidelines use the below language with respect to the end-use carve out-

…disbursals for specific end use, provided the loan is disbursed directly into the bank account of the end-beneficiary

Hence, the disbursements made directly to merchants, who are the end beneficiary in case of an asset finance of BNPL facility transactions, as part of the end use agreement with the borrower may be considered to fall under such a curve-out.

28. Can any fees that are payable to the LSP be charged by the LSP to the borrower?

According to Annex I and para 4.3 of the Guidelines, the REs must ensure that any fees, etc. payable to LSPs is paid directly by them (REs) and are not charged by LSP to the borrower directly.

Accordingly, any fees, etc. payable to the LSPs shall be paid by the REs, and not by the borrower.

29. Can the funds be disbursed from an escrow account maintained by the RE and LSP?

The requirement is to facilitate any loan transaction from the bank account of the lender to the bank account of the borrower. In our view, in case the escrow account is in the name of lender and the operating rights are with the LSP, there should not be any commingling risk since the funds would be ring fenced. Further, the lender should also have the right to revoke the operational rights given to the LSP.

30. Can the funds be disbursed from a nodal account maintained by the RE and LSP?

Same as above. In other words, the flow of funds between the bank accounts of borrower and lender in a lending transaction cannot be controlled directly or indirectly by a third-party including LSP.

30A.  In case of delinquent loans, recovery/ servicing of digital loans may be undertaken by a recovery agent collecting cash from borrowers. Will such cases be exempted from the requirement of direct repayment of loan in the RE’s bank account?

RBI clarifies that in case of delinquent loans, REs can deploy physical interface to recover loans in cash, where absolutely necessary. In order to afford operational flexibility to REs, such transactions are exempted from the requirement of direct repayment of loan in the RE’s bank account. However, any recovery by cash should be duly reflected in the borrower’s account and REs shall ensure that any fees, charges, etc., payable to LSPs are paid directly by them (REs) and are not charged by LSP to the borrower directly or indirectly from the recovery proceeds.

31. Is there any exemption to flow of funds from one co-lender or an escrow of the co-lenders?

Yes, the flow of money between REs for co-lending transactions has been exempted from the restriction of flow of funds directly in the RE’s bank account without any pass-through account/ pool account of any third party.

32. Are all co-lending transactions covered under the aforesaid exemption?

Under the Guidelines, there is an exemption for co-lending transactions between REs. However, the footnote inserted in the Guidelines states that Co-lending arrangements shall be governed by the extant instructions as laid down in the Circular on Co-lending by Banks and NBFCs to Priority Sector dated November 05, 2020, and other related instructions.

The RBI has guidelines in place for regulating the co-lending arrangement between a bank and NBFC for PSL loans. However, the other co-lending arrangements, like those between NBFC and NBFC as well as those for non-PSL loans were not regulated as such. Most of the co-lending transactions are accordingly undertaken based on the contractual and commercial arrangement between the co-lenders.

Does this mean that co-lending cannot be done outside the purview of guidelines? In our view, that should not be the case. However, all co-lending transactions should pari materia follow the existing RBI regulations on PSL co-lending, including but not limited to the requirement of having a minimum loan share of 20%.

RBI has even clarified that the exemption can be extended to co-lending arrangements between REs for non-PSL loans subject to the condition that no third party other than the REs in a co-lending transaction should have direct or indirect control over the flow of funds at any point of time. This also makes it clear that fintech or non-NBFCs cannot enter into co-lending arrangement with NBFCs to avail themselves of the exemption.

​33. Whether the repayments option can be provided on the third party digital lending platform and the proceeds of repayment be collected in the co-lending partner’s account, which in turn forwards the repayments in Collection Escrow Account?

In the given scenario, payment options/ interface/ gateway may be provided on the lending platform (DLA), however, the transfer of funds must occur directly to the lenders’ account without passing through a third party intermediary like the platform provider. With the carve out regarding flow of funds among co-lender provided in the provision, the transfer may occur to the co-lending partner’s account or to a collections escrow account maintained in the name of either or both the co-lenders.

Disclosure to Borrowers

34. What is Annualised Percentage Rate (APR)? Is it the same as Annualised Rate of Interest?

Para 2.1 of the Guidelines states that “APR is the effective annualised rate charged to the borrower of a digital loan. APR shall be based on an all-inclusive cost and margin including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., and exclude contingent charges like penal charges, late payment charges, etc.”

In case of NBFCs and Banks, there is a requirement to disclose the annualised rate of interest to be charged to the borrower. The intent is to ensure that the borrower is able to compare the rate of interest charged by different lenders. However, the annualised rate to be specific by the lender is just restricted to the interest and does not include the additional charges, such are processing fees etc.

Accordingly, APR would be different from the annualised rate of interest that NBFCs and Banks are required to disclose. The APR is an all-inclusive cost of digital loans which is required to be disclosed to the borrower up front by the REs.

RBI FAQs clarify that along with the APR disclosed in KFS, annualised rate of interest shall also be disclosed to the borrowers as required under Fair Practices Code applicable to NBFCs.

35. Many loan products have a zero-interest or low-interest period. For example, a typical product may say that the borrower may have no interest if he settles the payment within 30 days, but if he is unable to pay within 30 days, he converts the amount into EMIs, which starts charging APR, say, @ 36%. Will the APR cover the interest free period of 30 days as well?

In our view, the transaction is not a financial facility for the first 30 days. If the customer pays within 30 days, it remains a pure credit payment period, without being converted into a financial facility. Hence, in our view, there is no APR for the first 30 days, and therefore, the question of spreading the APR over the 30 days’ interest free period does not arise.

36. Will processing fees and documentation charges be excluded from the calculation of APR since they are charged on actuals?

Processing fees or documentation charges form part of the non-contingent costs of the borrower and should be taken into account while calculating the APR of the loan product/ arrangement.

37. Should Broken Period Interest (BPI) be considered for calculating APR?

Lenders charge BPI usually in cases where the period between the date of disbursement and the date of the first EMI is greater than a month. Such charge is part of the “all-inclusive cost and margin” of the lender and should form part of the APR.

38. Will APR include prepayment charges?

Since prepayment charges are contingent it will not form part of the APR. Similarly, penal charges such as cheque bounce/mandate failure charges, which are necessarily levied on a per instance basis may not be annualized. However, these charges must be disclosed separately in the KFS under ‘Details about Contingent Charges’

38A. How will the APR be computed in case of floating rate loans?

In case of floating rate loans, APR may be disclosed at the time of origination based on the prevailing rate as per the format of KFS. However, as and when the floating rate changes, only the revised APR may be disclosed to the customer via SMS/ e-mail each time the revised APR becomes applicable.

38B. Is it mandatory to include insurance charges in the calculation of APR?

The insurance charges shall be included in the computation of APR only for the insurance which is linked/integrated in loan products as these charges are intrinsic to the nature of such digital loans. In case insurance premium is collected and paid to the insurance company if the borrower avails of the insurance- the same is not connected with the loan and hence, it shall not form part of the APR for the loan.

38C Para 4.2 of the Digital Lending Guidelines mandate that penal interest/ charges levied shall be based on the outstanding amount of the loan. Whether penal interest/ charges can be levied on a lower base?

The amount under default shall act as the ceiling on which the penal charges can be levied.

Grievance Redressal Mechanism

39. Are the REs required to appoint an additional Grievance Redressal Officer (GRO)?

Para 6 of the Guidelines states that the REs and the LSPs engaged by them are required to have a suitable nodal GRO to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers.

It would seem that the requirement is to have a GRO for the specific purpose of FinTech/ digital lending related complaints/ issues raised by the borrowers. Also, the RBI specifically requires those LSPs which have an interface with the borrowers would need to appoint a nodal Grievance Redressal Officer. However, it may be reiterated that the RE shall remain responsible for ensuring resolution of complaints arising out of actions of all LSPs engaged by them. In our view, the present GRO of the REs may also be designated as the GRO for the purpose of FinTech/ digital lending related complaints/ issues raised by the borrowers.

40. Are the LSPs also required to appoint a GRO?

The responsibility of grievance redressal continues to remain with the RE. Hence, the GRO of the RE shall suffice.

41. What are the responsibilities of the GRO?

Para 6 of the Guidelinescasts wider responsibilities on the GRO appointed for this purpose. The GRO has to deal with FinTech/ digital lending related complaints/ issues raised by the borrowers, as well as, complaints against the respective DLAs.

Thus, the role and responsibilities of the GRO is not limited to complaints against the lender alone, but also covers any FinTech/ digital lending issues and any issues against the DLAs.

42. Can the GRO of the RE, designated as such under FPC, be designated as GRO for the purpose of digital lending regulations?

Since the role and responsibilities of the GRO under FPC and that for DL Regulations would be the same, the same person may be designated as such. The Guidelines do not look for an exclusive GRO for digital lending transactions.

Refer above response. The LSP is not necessarily required to appoint a GRO separately, since the REs shall already have a GRO. The details of the GRO of the RE must be displayed by the LSP.

43. Can one LSP appoint one GRO for loans originated for multiple REs?

Refer above response. The LSP is not necessarily required to appoint a GRO separately, since the REs shall already have a GRO. The details of the GRO of the RE must be displayed by the LSP.

44. Where can one find the details of the GRO and the manner of lodging complaints?

The contact details of the GRO are required to be displayed on the website of the RE, its LSPs and on DLAs prominently and also in the Key Fact Statement provided to the borrower.

The manner and mode in which a complaint may be lodged also must be available on the website of the REs and LSPs, as well as, on the DLAs.

45. What happens if a complaint is not resolved by the RE within the stipulated timeline of 30 days?

If a complaint is not resolved by the RE within the timeline of 30 days, the complainant may lodge a complaint over the Complaint Management System (CMS) portal or other prescribed modes under the Reserve BankIntegrated Ombudsman Scheme (RB-IOS). This is as per the extant RBI guidelines on grievance redressal.

46. In a Co-lending arrangement, whether both lenders need to appoint GRO? Who shall be responsible to resolve complaints related to the DL platform used by the co-lenders where such platform is provided by a third entity non-regulated entity?

In the case of a co-lending arrangement, both (all) lending partners will also be REs and will be required to respectively assign a GRO for their digital lending activities. For the sake of efficiency, the GRO of one partner may also be assigned as the GRO of the other for the co-lending arrangement. However, the responsibility of grievance redressal continues to fall upon the shoulders of both and does not get passed onto one or the other.

The third party provider of digital platform that the co-lenders use for the purposes of credit facilitation will be considered as the LSP and is also required to assign a GRO. The LSP may appoint its own GRO, especially in cases where the LSP provides the platform for multiple lenders, or may assign a GRO of the co-lenders where it is providing services to a specific co-lending arrangement. As per the RBI PR the lenders/ co-lenders (REs) using the platform continue to be responsible for grievance redressal with regard to the issues reported by the borrower against the LSP’s platform.

Key Fact Statement

47. What is a Key Fact Statement? Is the Key Fact Statement different from the Sanction Letter?

The WG recommended that the lenders should provide a Key Fact Statement (KFS) in standardised format for all digital lending products. The intent of a KFS would be to provide the borrower with the summarised details of the key information relating to their digital loan.

Presently, banks are required to provide a clear, concise, one-page key fact statement/ fact sheet in the format prescribed^[9] by RBI under the Master Circular on Customer Service in Banks^[10] to all borrowers as in case of any change in any terms and conditions.

Through para 5.2 of the Guidelines, RBI has mandated REs to provide a Key Fact Statement (KFS) to the borrower before the execution of the contract in standardised format[11] for all digital lending products.

This KFS is meant to be akin to a summary term sheet and would be provided in addition to the sanction letter that lenders normally provide to the borrower. The contents of the KFS (apart from other necessary information) would include –

1. Details of APR,
2. Terms and Conditions of recovery mechanism,
3. Details of grievance redressal officer designated specifically to deal with digital lending/ FinTech related matter,
4. Cooling-off/ look-up period.

48. Whether the KFS and other documents are required to be sent by email/ SMS to the borrower?

According to para 5.2, all digitally signed documents supporting important transactions through DLAs of REs/LSPs, including KFS, summary of product, sanction letter, terms and conditions, account statements, privacy policies of the LSPs with respect to borrowers’ data, etc., must flow automatically from the lender to the registered/ verified email/ SMS of the borrower upon execution of the loan contract/ transactions.

Accordingly, upon execution of the loan contract digitally, there must be an automatic flow of digitally signed documents from the lender to the borrower via email/ SMS.

49. Has the format of KFS been prescribed?

Yes, the format of KFS is provided in Annex-II of the Guidelines. The format among other things include disclosure of APR, contingent charges, cooling-off period, details of LSP acting as recovery agent, details of GRO, detailed repayment schedule etc. Additionally, as per the Guidelines, it should also include details of the recovery mechanism.

A common concern that arises is that recovery agents are assigned by the lenders only when they turn delinquent and so how can the lender specify the details at the time of sanction. To address the concern, RBI has clarified that at the time of sanction of loan, the borrower may be conveyed the name of empaneled agents authorized to contact the borrower in case of loan default. However, if the loan turns delinquent and the recovery agent has been assigned to the borrower, the particulars of such recovery agent assigned must be communicated to the borrower through email/SMS before the recovery agent contacts the borrower for recovery.

Automatic increase in credit limit

50. Is there any restriction on lenders increasing the credit limit/ providing a top up facility automatically?

The WG recommended that automatic increases in credit limits “should be prohibited except under express consent taken on record for such increases, subject to satisfying general customer protection measures.” [para 5.4.2.2 (c) of the WG report]

Annex I of the Press Release accepted this recommendation and has provided that automatic increases in credit limits may be done, subject to the explicit consent of the borrower. The same is also provided in para 7.2 of the Guidelines.

51. Is the consent of the borrower required for each increase in the credit limit? Can there be a one time consent taken for all subsequent increases?

RBI has stated that the explicit consent of the borrower must be taken on record for each such increase. Accordingly, every increase in the credit limit would require explicit borrower consent.

52. Is there any guidance on how ‘explicit’ borrower consent should be obtained?

The same would depend on the interface of the app/platform. No such guidance is provided under the DL Guidelines.

Cooling off/ look up period

53. What is the scope of the cooling off/look up period?

The WG Report has defined the cooling off period as “the period of time from the date of the purchase of the good or service from a distance (e.g., online over phone or email order) within which the purchaser can change her/his mind with return or cancellation of the purchase, as part of Terms and Conditions of the purchase contract.” 

During the cooling off period, the borrower can exit the digitally obtained loan. In such an event,  the borrower is required to pay only the principal amount and the proportionate APR. No extra penal charges will be levied during this period. This is indicative of the prepayment facility allowed to the borrower without any attached prepayment penalty during the cooling off period.

54. What is the duration of the cooling off period?

As noted by the WG Report, the cooling off period globally varies between 3 to 14 days.  The Press Release did not stipulate the no. of days for the cooling off period, however, envisaged that the same shall be determined by the respective Boards of the REs. 

However, as per para 8 of the Guidelines, the period so determined shall not be less than three days for loans having tenor of seven days or more and one day for loans having tenor of less than seven days

55. While computing the cooling-off period of 3 days as above, should the date of disbursement be included?

The essence of the cooling-off period is to allow a particular time window for borrowers to exit digital loans, in case a borrower decides not to continue with the loan. As per the Guidelines, the cooling period should not be less than three days for loans having a tenor of seven days or more. Hence, in our view, one should consider three clear days and the date of disbursement should not be included in the calculation of the same. Accordingly, it shall be D+3 days, that is for the loan disbursed (say) on September 5th, the cooling period shall be till the 8th.

56. Since the cooling off period is required to be board determined, would a board approved policy be required?

Since para 8 provides that the cooling off period needs to be board determined, either a separate board approved policy on cooling off period would be required to be put in place by the REs or the same may be included in the existing credit policy itself.

57. What is the relevance of the cooling off/ look up period in this framework?

With an aim to minimise repayment stress on borrowers, the WG has recommended the inclusion of a cooling off period. This is a viable solution for the borrowers offering them greater flexibility in the transaction as they have the option to exit the loan without attracting any penalty. 

In essence, the borrower must be given an explicit option to exit digital loan by paying the principal and the proportionate APR without any penalty during this period. The cooling off period shall be determined by the Board of the RE. The period so determined shall not be less than three days for loans having tenor of seven days or more and one day for loans having tenor of less than seven days. For borrowers continuing with the loan even after the look-up period, pre-payment shall continue to be allowed as per extant RBI guidelines.

58. Although there is a restriction on imposition of penalty during the cooling off period, can the RE impose a penalty/ prepayment charge after the cooling off period in case of premature termination of the loan?

The WG has explicitly stated that after the expiration of cooling off period, the pre-payment shall be allowed to in accordance with the RBI guidelines. Reference has been made under para 8 of the Guidelines to the relevant RBI guidelines w.r.t. to levy of prepayment penalty on floating rate loans by NBFCs^[12] and banks.^[13] Hence, while the penalty/prepayment charge will be levied by the RE after the expiration of cooling off period, the same will be subject to the existing RBI regulations. 

58A. Can processing fees be charged from the customer if the loan is closed during the cooling-off period?

RBI has clarified that reasonable one-time processing fee can be retained if the customer exits the loan during cooling-off period. This, if applicable, should be disclosed to the customer upfront in KFS. Though the RBI has not specified  as to what would be reasonable, the same should be in line with the market practice. However, the processing fee has to be mandatorily included for the computation of APR.

Due diligence requirements

59. Are the REs required to undertake due diligence of the LSPs prior to engaging them?

In line with the recommendations of the WG, para 9 of the Guidelines requires the REs to undertake enhanced due diligence of the LSPs before entering into a partnership with them.

RBI’s requirement is enhanced due diligence of the LSPs by the REs. Ideally, the due diligence undertaken must be proportionate to the risks posed by the activity as recommended by the WG.

60. What factors must be taken into account while conducting due diligence of the LSPs by the REs?

Enhanced due diligence of LSPs must be conducted by taking into account its technical abilities, data privacy policies and storage systems, fairness in conduct with borrowers and ability to comply with regulations and statutes.

With respect to data storage, RBI requires REs to ensure that the LSP does not store personal information of borrowers except for some basic minimal data (discussed further in questions 45-53).

61. What about underwriting standards for the borrower on a DLA?

RBI, under para 7.1, requires REs to assess the borrower’s creditworthiness in an auditable way and states that “REs may capture the economic profile of the borrowers (age, occupation, income etc) before extending any loans over DLAs”.

62. Does Para 7.1 of Guidelines imply the lender should ensure ‘Responsible Lending’?

Para 7.1 mandates the lenders to capture the economic profile of the borrower with a view to assess their creditworthiness in an auditable manner, before extending any loans. The intention is to ensure that the lenders carry out credit evaluation of the borrower and do not do ‘risky lending’. On a systemic level, this would largely avoid origination of sub-prime assets.

63. ​The regulations require periodic review of conduct of LSP, what kind of review is required to be performed?

Para 9.2 of the Guidelines provides that REs should carry out periodic review of the conduct of the LSPs engaged by them. This is in context to para 5.4.4.3 of the WG Recommendations.

The items with regard to which REs should carry out due diligence and period review are as follows:

• Fairness in conduct with borrowers and ability to comply with regulations and statutes including adherence to guidelines issued by the REs to LSPs with regard to recovery
• Adequate technical abilities, ensuring data privacy, security and storage
• LSPs not store any personal data of borrower except some minimal data (like name, address, contact details)
• Compliance with the requirements prescribed under Annex I

The aforesaid review shall be in addition to the existing requirements under outsourcing guidelines which provides for monitoring and control of the activities of the service provider.

Also, personal information (except basic minimal data) and biometric data should not be stored.

Data & Technology Requirements

At the outset, it may be noted that as regards data and technology requirements, the discussion herein is limited to the provisions of the DL Guidelines. Needless to say, the REs/LSPs/DLAs, etc. will also have to comply with the provisions of the Information Technology Act, 2000, read with relevant rules as well as the provisions of the Credit Information Companies Act, 2005 read with rules/regulations framed thereunder, and other applicable data protection norms.

64. What type of data may be collected by the DLAs?

While the ‘Technology and Data Requirements’ section of the Guidelines (para 10) does not provide a list of data that a DLA may collect as part of the digital lending process, it explicitly specifies that a DLA should only collect data on a need-basis for the purposes of digital lending (e.g. for the purposes of borrower KYC).

Para 10 , however, prescribes requirements for customer consent with respect to data collection, retention and disclosure and also specifies certain types of data (e.g. biometric data) that should not be stored by a DLA.

65. Is there any consent required from the customer for collection of data?

As per para 10, explicit prior customer consent is required for a number of activities, these include the customer’s right to deny the use of specific data, restrict disclosures to 3rd parties, data retention and also the ability to revoke any consent already granted.

Based on a reading of the above provision, data specific customer consent can be of the following types:

• Consent to the DLA’s access and use to the customer’s mobile phone (or other electronic device) resources – camera, audio, location, stored documents and images, etc. –  to collect data
• Consent to the type of data that is actually collected (personal information for the purposes of KYC, income and credit information, etc.)
• Consent to disclosure of the collected data to a specific 3rd party or a specific group of 3rd parties
• Consent to retention of the collected data by the DLA, RE, LSP or other 3rd parties

DLAs should also provide customers the facility to withdraw any of the above types of consent.

66. Is consent for accessing the location information of the customer using his/ her mobile phone resources also required to be obtained by the DLA ? Should such consent be obtained everytime the DLA accesses customer location information?

The DLA should only collect data on a need-basis for the purposes of digital lending (e.g., for the purposes of borrower KYC, credit underwriting). The RBI PR states that the DLA should

…desist from accessing mobile phone resources (e.g., file and media, contact list, call logs, telephony functions, etc) except for one time access to camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements only with the explicit consent of the borrower.

Hence, there cannot be any umbrella consent obtained by the DLA for having access to the location of the customer. Only consent for a one-time access for the limited purpose of conducting KYC is permitted.

67. Is it possible to collect, retain or disclose customer information without their prior consent?

DLAs should desist from collection of customer information unless prior explicit consent has been granted by such customer and only if such information is needed for the purposes of digital lending.

In terms of retaining or disclosing such information, however, it can only do so for statutory or regulatory purposes without prior consent of the customer.

68. The Guidelines specify that customer consent “can be audited, if required”, how should DLAs ensure this?

In line with the Press Release, the Guidelines also require that REs shall ensure that any collection of data by their DLAs and DLAs of their LSPs is need-based and with prior and explicit consent of the borrower having audit trail.

In order for a DLA to maintain a audit trail, it may be required to record a tamper-proof timestamped trail (audit trail) of the following events:

• Consent provided by the customer –

Registered identity and time when consent provided,

The specific action or a set of actions (use of a mobile phone resource, disclosure of data to a specific 3rd party, retention of data, etc) for which consent is provided

• Consent withdrawn by the customer –

Registered identity and time when consent revoked,

The specific action or set of actions for which consent is withdrawn

69. Are there any restrictions on the kind of data that a DLA may collect or store?

Para 10 prescribes data should only be collected by a DLA on a need-basis for the purposes of digital lending. The annexure specifically forbids DLAs or any of its associated systems from collecting and storing biometric data as part of the KYC process.

70. Are there any restrictions on sharing data with 3rd parties?

REs should be guided by the RBI’s guidelines, or any other regulations that may be applicable to it, with regard to sharing of customer data with 3rd parties irrespective of whether it is shared directly or via a DLA or an LSP appointed by the RE.

In terms of the DLA, the RBI has prescribed requirements for customer consent (including withdrawal of such consent).

Also, note our FAQs in the Data and Technology section below

71. Are there any specific provisions with respect to data storage prescribed for digital lenders?

Data collected by a DLA should only be stored in servers located in India. Per the WG Report, this provision does not preclude a DLA from using private cloud storage infrastructure, however, it needs to ensure the vendor’s server location and also that applicable technology and cybersecurity standards prescribed by the RBI (and other agencies) are applied to such infrastructure.

72. Are technology and cybersecurity standards applicable to a DLA or an LSP appointed by a RE?

While there was ambiguity on the applicability of term “intermediary” as per the indian Information Technology Act to a DLA or an LSP used by a RE, the implementation of the WG recommendation under para 13 of the Guidelines explicitly provides that technology and cybersecurity standards prescribed by the RBI (vide its Master Direction on Information Technology Framework^[14], etc.) or any other agency (like IDRBT^[15] or Meity^[16]) will be applicable to a DLA or any LSP appointed by an RE.

REs are also tasked by the Guidelines to monitor and ensure compliance with such standards by its DLA or LSP.

73. Is there any prescription with regard to the data retention policy for a DLA?

Para 11 of the Guidelines specifies that there should be clear policy guidelines regarding data storage although it stops short of prescribing any limit on such storage duration.

Para 10.2, however, prescribes a “delete/ forget the data” functionality whereby the customer may require the DLA to permanently delete such customer data. Such permanent removal (“forget”) functionality would extend to data stored by the RE, LSP or any other 3rd party except to the extent needed for statutory and regulatory purposes.

Reporting to CICs

74. Would all lending through a DLA be required to be reported to Credit Information Companies (CICs)?

Any digital lending, irrespective of the nature/ tenor of the facility done through DLAs must now be reported to the CICs. This is clear from para 14 of the Guidelines and is in line with the WG recommendations.

75. Are BNPL facilities also required to be reported to CICs?

The scope of the digital lending framework now extends to BNPL products as well. Accordingly, RBI has prescribed that REs extending new digital lending products over a merchant platform involving short term, unsecured/ secured credits or deferred payments (essentially BNPL) need to be reported to the CICs by the REs.

Please refer to the section – Impact on Existing Loans – regarding impact to existing BNPL transactions.

Additional disclosure requirements

76. What are the disclosure requirements on the website of the REs?

The REs must display a list of LSPs (and DLAs, if any) engaged by them along with the details of the activities for which they have been engaged, on their website.

Further, as stated earlier, the contact details and the mode of lodging a complaint must also be displayed on the website of the REs.

77. What are the disclosures required on the DLA’s website and application?

The following are the disclosures required on the DLA’s website and application –

1. Privacy policy to be disclosed at all times.
2. Links to REs’ website where further/ detailed information about the loan products, the lender, the LSP, particulars of customer care, link to Sachet Portal, privacy policies, etc. can be accessed by the borrowers.
3. At the onboarding/sign-up stage, prominently display information relating to the product features, loan limit and cost, etc. so as to make the borrowers aware about these aspects.
4. Contact details of the GRO and information on the mode of lodging complaint.

Impact on Existing Loans

78. What will be the impact of the proposed DL Guidelines on existing loans sanctioned as on August 10, 2022?

Para	Particulars	Can it be ensured for existing loans?	Remarks
3	Disbursements and repayments directly in the accounts of borrower/lender respectively	Partly	Fresh disbursement and fresh repayments in existing loans should be directly routed- changes in NACH should also be ensured.
4.1	LSPs not to charge any fees from borrower	Yes	Platform charges may already have been charged at the time of loan disbursements. Even in case there are continuing charges, the same will have to be dropped- cannot be collected from borrower
4.2	Penal interest on outstanding loan to be disclosed upfront in KFS	No	As the contract has already been entered into, the question of providing KFS upfront does not arise
5.1	Disclosure of APR in KFS	No
5.2	Providing KFS before entering into contract	No
5.3	Digitally signed documents to be sent to the borrower by the lender	Partly	Though most of the documents must already have been shared with the borrower at the time of extending the loans, any documents shared with the customer on a regular basis shall be as per these guidelines
5.4	List of DLA and LSPs and their activities to be disclosed on lender’s website	Website	To be ensured
5.5	Disclosure of product information by DLA/LSP	Website	To be ensured on the website
5.6	Details of recovery agents to be provided to the borrower	Yes	The details of LSPs acting as recovery agents (also if there is a change) should be provided by way on an additional communication during the tenure of the loan by November 30, 2022
5.7	DLAs and LSPs to provide links to the lender’s website and product information	Website	To be ensured on the website
6.1	Nodal Officer Grievance Redressal of Digital Lending complaints	Website	To be ensured on the website
6.2	Time period and Escalation of Digital Lending Complaints	Yes	Already in place
7.1	Assessment of creditworthiness of borrower	Partly	In case of any subsequent change in credit limit/terms and conditions of loan, such economic profile should be captured in an auditable way
7.2	Increase in credit limits	Partly	Any existing consent obtained (discretionary clause enabling the lender) for automatic credit increase should no longer be considered valid and all subsequent increase in credit limit (amount or tenure) should be done only after obtaining prior explicit consent of the borrower
8	Cooling-off period	No
9.1	Enhanced due diligence of LSP before onboarding	Partly	This would have already been done as per Outsourcing Guidelines. Further, periodic monitoring shall ensure the same
9.2	Periodic review of LSP	Yes	RE should carry out period review per para 9.2 (below) and ensure LSP systems are in line with DL Guidelines
9.3	Guiding Recovery Agents to comply with Fair Practices	Yes	To be ensured
10.1	Customer privacy and requirement of explicit consent	Partly	Any subsequent collection or sharing of data should follow these Guidelines. DLAs should be upgraded so that they do not access user’s mobile phone resources except as provided in these Guidelines.   Privacy policy should be aligned with these guidelines
10.2	Denial/ revocation of Consent and forget/ delete data options	Partly	Any subsequent collection, disclosure of data, subsequent disclosure to additional 3rd parties should be performed only after obtaining explicit consent.   Facility should be provided to user to revoke consent or delete/ forget user data using DLA   Privacy policy should be aligned with these guidelines
10.3	Disclosure of Purpose	Partly	Any subsequent data collection should disclose the purpose
10.4	Disclosure of personal information to third parties	Partly	see remarks against 10.2
11.1	Minimal personal data stored by DLA/ LSP	Partly	REs to ensure this before the November deadline and perform ongoing monitoring
11.2	Data storage, retention, security policies	Website	Privacy policy should be updated and made applicable to any subsequent actions taken for existing loans
11.3	Prohibition to store biometric data	Yes	Requirement existed before the introduction of the DL Guidelines. REs to continue to ensure adherence
11.4	Data localisation	Yes	Expectation is that data localisation (if not already performed) is completed by November deadline
12.1	Privacy Policy of/ for DLA/ LSPs	Website	see remarks against 10.1
12.2	Disclosure of third parties allowed to collect data	Yes	see remarks against 10.1
13	Compliance with Technology/ cybersecurity standards	Yes
14.1	Reporting to CICs	Yes
14.2	BNPL reporting to CICs	Yes
15	FLDG/ Any structured guarantee	Yes	Refer Q. 80

Treatment for Structured Default Guarantees

79. What exactly is a first loss default guarantee?

See answer to question 72 below

80. What are the capital requirements in case of FLDG by a regulated entity?

Necessary risk weights should be assigned to exposure taken on the loans or pool loans, and capital, as applicable, must be maintained. For example, if there is a pool level first loss guarantee, capital will have to be maintained on the entire pool, however, the same will be subject to the maximum amount the guarantor is exposed to.

If the guarantor is a systemically important NBFC, had it been required to maintain capital on the entire pool, numerically, the capital requirement would have been 15% of the total pool. However, in this example, say the guarantee is capped at 10%. Hence, the capital requirement will be 10% of the pool size.

81. What is the overall intent of the regulators in trying to regulate provision of default guarantee?

Guarantees are age-old and have been a consistent feature of the business of lending. Hence, it is not the giving of guarantees which could be the regulatory fault line. On the contrary, the WG report talked about “synthetic lending”. The term “synthetic lending” was also used by Vinod Kothari in a 2019 article^[17]. A synthetic lending situation arises when a sourcing partner sources loans, guarantees them to an extent so as to cover expected losses of the pool, and sweeps the entire actual rate of return over a threshold or hurdle rate. Thereby, the sourcing partner has the risk (credit risk – almost all the expected losses and a chunk of unexpected losses too) and the reward (excess spread) of the loans. This puts the sourcing partner in the position of a synthetic lender. That is, the sourcing partner becomes a substantive lender. The position is putatively the same had it been a case of origination and securitisation of the pool by the originator.

Hence, the regulator intends to equate such provision of guarantees with securitisation, and apply securitisation regulations to default guarantees.

82. What does the regulatory framework have to say about the default guarantees provided in case of digital lending arrangements?

Part C of Annex II says: “The recommendation pertaining to First Loss Default Guarantee (FLDG) is under examination with the Reserve Bank. Meanwhile, REs shall ensure that financial products involving contractual agreement, in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, shall adhere to the extant guidelines laid down in Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021. Boards of REs shall ensure that the extant regulatory instructions are complied with in both letter and spirit. “

Further, para 14 of the Guidelines states that ‘As regards the industry practice of offering financial products involving contractual agreements such as First Loss Default Guarantee (FLDG) in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, it is advised that REs shall adhere to the provisions of the Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021, especially, synthetic securitisation8 contained in Para (6)(c).’

The regulatory framework intends to treat structured default guarantees as an economic equivalent of securitisation, and therefore, intends to apply the Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021^[18] (SSA Directions). Further, the Guidelines have referred to the treatment as synthetic securitisation. The definition states that- “synthetic securitisation” means a structure where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender.

Synthetic securitisation is a structure whereby^[19] instead of transferring a pool of loans, the risk of the pool is transferred. Mostly, the device used is credit default swaps, but the more traditional instrument of guarantee is also referred to in the definition of synthetic securitisation by the RBI.

Synthetic securitisation, which is quite prevalent and in fact, is recently growing over rest of the world^[20], is prohibited under para 6 of the RBI’s SSA Directions^[21]. Since synthetic securitisation is not even permitted, the implication of treating the provision of FLDGs as a case of synthetically shifting the credit exposure is prohibited.

Two points arise here: Is the RBI saying that the provision of an FLDG is a case of synthetic securitisation? The process of synthetic securitisation is quite different – mostly involving an SPV, and issue of credit-linked notes, with the objective of bundling credit risk and transferring the same to the capital market. The RBI couldn’t have meant to say that provision of structured  guarantees is a case of synthetic securitisation. On the contrary, the RBI is only meaning to talk about the economic equivalence of the prevailing FLDG arrangements to synthetic lending or synthetic transfer of credit exposure.

Second, can one stretch the above provision to mean that any form of credit risk mitigation by a lender is a case of synthetic securitisation? Once again, we need to realise that synthetic securitisation is not merely the shifting of credit risk; it is also obviously accompanied by the shifting of credit spreads. Hence, it cannot be that any risk mitigation by way of a guarantee will amount to a synthetic securitisation and hence, be ruled out.

83. Do the Guidelines provide for a complete bar on FLDGs provided in the Digital Lending transactions?

The Para 15 of the Guidelines state that “As regards the industry practice of offering financial products involving contractual agreements such as First Loss Default Guarantee (FLDG) in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the RE, it is advised that REs shall adhere to the provisions of the Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 dated September 24, 2021, especially, synthetic securitisation contained in Para (6)(c)”

Para 6 (c) of the SSA directions provide for a bar on regulated entities from entering into synthetic securitisation transactions. Synthetic securitisation transactions is defined under SSA Directions as ““synthetic securitisation” means a structure where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender.”

If the literal meaning of this para is taken, it would transpire that any form of risk transfer in a pool of loans by any lender, to a third party, is not permitted. However, as discussed above, in our view, the intent of the Guidelines is to prohibit synthetic shifting of risks and rewards, similar to what would happen in a synthetic securitisation. .

84, Will only first loss default guarantee be covered under the Guidelines or even full loss or second loss default guarantee?

While the word used is FLDG, however, if the entire pool is protected, it does not deviate from the said provision being applicable.

If the guarantee is for the second loss piece, such that the first loss risk stays with the lender, and the third party (risk transferee) acquires a stake in the mezzanine tranche, is this also frowned upon? There is no doubt that mezzanine risk transfers are most common in synthetic securitisations – however, if the intent of the RBI was that the one who holds the loans does not hold the risk, that problem does not exist in case of mezzanine risk transfers.

85. Are only pool-level guarantees covered or loan-level guarantees also?

The construct of a structured guarantee is as follows: There is a loan pool of Rs 100 crores. The guarantor guarantees the pool, subject to a limit of Rs 10 crores. This is, what one would call first loss default guarantee. Surfacially, the guarantee is only for Rs 10 crores, but really speaking, the guarantee covers every loan in the pool, with a loss limit of Rs 10 crores. It is also important to understand that the risk rigour of the first loss default guarantee increases as the pool is larger or more diversified. Smaller or more concentric the pool, the risk taken by the first loss protection seller reduces.

If the protection seller (guarantor) was to take losses, say, from Rs 10 crores to Rs 20 crores, it becomes a case of second loss protection or mezzanine protection. In this case, the protection seller will have no risk till the losses accumulate to Rs 10 crores.

There may be a case where the entire Rs 100 crores is fully protected by the protection seller – this is an unstructured guarantee. While in the first loss guarantee as well, the guarantor is exposed to the losses of the entire pool of Rs 100 crores, the risk of the protection seller is limited to Rs 10 crores only. The difference in case of the full loss guarantee is that the risk of the protection seller is the full value of Rs 100 crores.

Let us now take the case of loan-by-loan guarantee. Assuming the guarantor agrees to guarantee all the loans in the pool, adding up to Rs 100 crores – there is no difference between the full loss guarantee at pool level, and loan-by-loan guarantee of all the loans in the pool.

Putting a variation – assuming the guarantor guarantees all the loans in the pool, and puts a limit of 10% of the losses. This is a case of a partial guarantee. It is not a pool-level guarantee. If one loan in the pool of Rs 100 crores goes bad, the guarantor takes only 10% of the losses, as opposed to the guarantor taking all the losses upto Rs 10 crores in the case of the first loss default guarantee.

The regulator has compared structured guarantees to synthetic securitisation. A synthetic securitisation relates to pool level credit risk. Hence, there is no reason to apply the regulations to loan-specific guarantees. 

86. What if the transferee of risk is a regulated entity?

The mere fact that the guarantee is being provided by a regulated entity also does not change the applicability. The Guidelines would still be applicable for digital loans. In any case, unregulated entities cannot be the guarantee provider under the SSA Directions.

87. Can an unregulated entity provide default guarantee?

As per para 44 of the SSA Directions, credit enhancement can be provided only by regulated entities. The term “regulated entities” shall mean an entity regulated by at least one financial sector regulator.

If this interpretation is taken, it will be extended to say that unregulated entities cannot provide default guarantees at all. The WG, as a part of its recommendations, had made this point.

88. Do the Guidelines bar all forms of the guarantees, including bank guarantees, that may transfer the credit risk from the lender?

SSA Directions defines synthetic securitisation as ““synthetic securitisation” means a structure where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender.”

Accordingly, a transaction shall be considered as synthetic transaction, only when there is transfer of credit risk of the portfolio, hence only pool level guarantees shall be covered by the regulations and not loan level guarantees.

89. Para 15 states that guarantee by third parties shall comply with SSA Directions, can co-lenders still continue to provide FLDG support?

In a co-lending transaction, the originating co-lender provides a default guarantee, thereby protecting the losses of the funding co-lender. This is very common in most of the colending arrangements. It should also be noted that the restriction is on ‘third party guarantees’, however, the co-lender is a lender himself. To the extent the default guarantee is not vitiating the essence of colending as a partnership between two lenders, the same shall not be covered under the Guidelines.

Co-lenders in a co-lending may share risks and rewards, and share the same in a ratio different from the loan sharing ratio. However, if one co-lender effectively provides risk protection and a fixed rate of return to another co-lending, taking all the risk to himself and sweeping all the variable returns, it appears as if the fixed rate earner is taking exposure on the co-lender rather than the borrower. Please refer to our article on co-lending available here – https://vinodkothari.com/2022/07/the-law-of-co-lending/

90. In a co-lending transaction, the originating co-lender provides a default guarantee, thereby protecting the losses of the funding co-lender. The originating co-lender also sweeps all the residual spread. Is this also an equivalent of securitisation?

Refer to our article on co-lending available here – https://vinodkothari.com/2022/07/the-law-of-co-lending/

91. Let us suppose, there was an existing FLDG arrangement between an NBFC and a platform, wherein the platform provided a guarantee of upto 10% of the entire pool to be originated (say Rs. 100 crores). As on August 10, 2022, only Rs. 60 crores loans have been sanctioned and FLDG upto 2%, that is Rs. 2 crore has been utilised. In such a context the following questions arise:

• What is the impact of the regulation on existing FLDG facilities? There may be 4 possible interpretations, at the minimum:
  1. Existing guarantee cover, on loans already having been extended, under the guarantee cover, will get repudiated?
  2. Existing guarantee cover, to the extent of 10% of Rs 100 crores (i.e. Rs. 10 crores), can be utilised, and therefore, loans may be added to the existing guarantee cover till they reach Rs 100 crores.
  3. Existing guarantee cover should be restricted only to the loans already extended, and the limit of 10% should, therefore, be  applied on the value of Rs  60 crores (i.e. Rs. 6 crores), being the loans already lent.
  4. The originator may continue to lend till the effective date of implementation on existing loans, that is, upto 30th Nov., 2022

The question of (1) does not arise at all. No regulatory change applies retrospectively or retroactively, except under explicit authority of the Parliament. Hence, there is on question of contracts already entered into being repudiated, if the contracts have already been acted upon.

Likewise, in our view, (4) does not seem to be the right approach. The RBI’s intent is to give 30th Nov time for implementation only for existing loans. The loans in question are not existing but are yet to be created. Hence, in our view, it is not proper to take (4) view.

Now, as regards (2) and (3), both have their own appeal. The appeal of (2) approach is that the guarantor agrees to provide 10% on a pool of a size of Rs 100 crores. As we mentioned earlier (Q 74), the extent of first loss risk in structured guarantees is directly proportionate to the pool size. Hence, the bargain between the parties will not be realised until the pool has reached a Rs 100 crore value.

The appeal of (3) is simple – supervening regulation causes a contract to be stopped where it is – it should stop, even if it may be unprofitable for either party.

We take a conservative view and recommend approach (3).

• Whether the existing FLDG arrangement/ agreement will require any amendment?

Yes, since the amount of FLDG is being limited to the already sanctioned loans only, it will result in a change in the agreed terms of FLDG, to the extent of FLDG amount. Hence, either the existing agreement may be amended or a supplementary agreement may be executed to give effect to the change in FLDG amount.

---

^[1] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=50961

^[2]https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/DIGITALLENDINGF6A90CA76A9B4B3E84AA0EBD24B307F1.PDF

^[3] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=54187

^[4] https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN1.pdf

^[5] https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN2.pdf

^[6] https://rbidocs.rbi.org.in/rdocs/content/pdfs/PR689DL10082022_AN3.pdf

^[7] Card-issuers shall ensure complete transparency in the conversion of credit card transactions to Equated Monthly Instalments (EMIs) by clearly indicating the principal, interest and upfront discount provided by the merchant/card-issuer (to make it no cost), prior to the conversion. The same shall also be separately indicated in the credit card bill/statement. EMI conversion with interest component shall not be camouflaged as zero-interest/no-cost EMI.

^[8] DLAs will include apps of the REs as well as operated by LSPs which are engaged by REs for extension of any credit facilitation services.

^[9] https://rbidocs.rbi.org.in/rdocs/content/pdfs/DIGI122112021_ANF.pdf

^[10] https://www.rbi.org.in/Scripts/BS_ViewMasCirculardetails.aspx?id=9862

^[11] The format of the KFS is yet to be prescribed by RBI. However, until the same is prescribed, the format given in Annex II to the Master Direction – Reserve Bank of India (Regulatory Framework for Microfinance Loans) Directions, 2022 dated March 14, 2022, can be used to the extent applicable.

^[12] https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11647&fn=14&Mode=0

^[13] https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11646&Mode=0

^[14] Master Direction – Information Technology Framework for the NBFC Sector – https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10999

^[15] Institute for Development and Research in Banking Technology – https://www.idrbt.ac.in/

^[16] Ministry of Electronics and Information Technology – https://www.meity.gov.in/

^[17] https://vinodkothari.com/2019/10/lenders-piggybacking-nbfcs-lending-on-fintech-platforms-guarantees/

^[18] Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 – https://rbidocs.rbi.org.in/rdocs/notification/PDFs/85MDSTANDARDASSETSBE149B86CD3A4B368A5D24471DAD2300.PDF

^[19] Refer to Vinod Kothari’s book on Credit Derivatives and Structured Credit Trading – https://vinodkothari.com/crebook/
Refer to our article on the revival of synthetic securitisation here – https://vinodkothari.com/2022/03/resurgence-of-synthetic-securitisations/

^[20] See our article here on ‘’Resurgence of synthetic securitisations: Capital-relief driven transactions scale new peaks” – https://vinodkothari.com/2022/03/resurgence-of-synthetic-securitisations/

^[21] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12165

Our write-ups on Digital Lending: https://vinodkothari.com/?s=digital+lending