Digital Lending Directions, 2025

/0 Comments/in , /by

Largely a consolidation; New rules on multi-lender platforms and lending apps

– Aditya Iyer, Manager (Legal), Tejasvi Thakkar, Assistant Manager | (finserv@vinodkothari.com)

Background

On May 08 2025, the RBI notified the Digital Lending Directions, 2025 (‘Directions’). At the outset, it is worth noting that the Directions are not a regulatory overhaul of any kind; they are rather a consolidation of the extant regulations (including the FAQs), with certain key additions relating to multiple lender platforms as well as disclosure on DLAs to RBI, along with the certification from CCO. Further, the fact that the FAQs have also been integrated into the regulation signals the RBI’s intent to impart seriousness to its FAQs.

Below, we analyse the key changes, along with the compliance implications they present for REs.

Effective Dates

  1. All paragraphs of the Directions, except for Para 6 (Multiple Lender-LSP Arrangements) and Para 17 (DLA Reporting Requirements) are effective immediately.
  2. Para 17: Reporting in respect of all DLAs on the CIMS portal to be completed by June 15, 2025
  3. Para 6: November 01, 2025.

Snapshot of key additions

  1. Multi-lender platforms: In case of RE-LSP arrangements involving multiple lenders, there are additional compliance requirements prescribed upon the REs. For reference, these multi-lender platforms are essentially “loan marketplaces” hosted by the lending service provider for the various lenders it partners with. These platforms often match the onboarded consumer with a lender meeting their specification (and vice versa for the lender), or enable the consumer to make a selection basis a given range of choices.

It is to be noted that these platforms are unlike a traditional e-commerce marketplace which operates as an intermediary (a concept we have discussed in detail in our earlier write-up, which can be read here). Here, the REs contract with the service providers/platform for sourcing customers through the platform, and for the platform/service provider to provide services to customers on behalf of the RE, thus making them LSPs.

REs contracting with such LSPs, shall ensure that their platforms protect the customer’s right to choose, without using any dark patterns and deceptive practices, and that such platforms display all the information required for the customer to make a free choice (including APR, penal charges, loan tenure, etc.)

The rationale behind creating rules for multi-lender platforms seems to be as follows:

  • Unbiased Interface: The LSP representing and hosting multiple lenders on its platform should not have differential arrangements with certain REs which promote said REs on the platform to the exclusion of others.
  • Information asymmetry: By compelling the platform to disclose all the lenders, and all the available choices, the borrower’s information asymmetry is reduced (i.e. there is parity in the information available to them).
  1. Reporting of the DLAs: REs shall report to the RBI information about all the DLAs engaged by them, in the prescribed format under the Directions.
  2. Extended responsibilities of the CCO: In connection with the reporting of DLAs, the CCO (or other officer designated by the RE) shall be responsible to make certain certifications, including:
    1. Certification that data submitted on DLAs via CIMS portal is correct;
    2. Certification that DLAs are complying with the applicable law and regulatory requirements (including under the Directions). This appears to be an extensive regulatory certification to be done by the CCO, which may likely include assessing the DLA’s compliance with/against following circulars:
      • Digital Lending Directions, 2025;
      • Annex XIII of the SBR Directions – Instructions for outsourcing of financial services;
      • Master Direction on Outsourcing of Information Technology Services;
      • Digital Personal Data Protection Act, 2023;
      • Consumer Protection Act, 2019;
      • Consumer Protection (E-Commerce Rules), 2020;
      • Guidelines For Prevention and Regulation of Dark Patterns.

This would also seem to require the REs to conduct a very substantive “digital lending audit” or other similar assessment on the LSPs. This also assumes greater significance in light of the evolving approach of the regulator, which reportedly includes engaging directly with the LSPs whilst auditing the NBFC.

A snapshot of all the changes in the Directions is discussed in the table below:

AspectBrief of the Provisions (Changes and Additions)Our Analysis
PreambleIn the preamble, there are additions highlighting the key regulatory concerns in digital lending. These are:   “The concerns primarily relate to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices.”The preamble to the Directions clearly outlines the concerns of the regulator thereby setting the context for the issuance of these guidelines.

By highlighting such concerns, the preamble lays down the RBI’s intent to address and curb unfair practices by lenders and to protect borrowers from such malpractices.   Accordingly, any practices followed by lenders that are inconsistent with the aforesaid principles must be discontinued and aligned with the Directions.
LSP definitionPara 4. Definition of LSP: The Directions clarify that the role of the LSP is specific to carrying out digital lending functions.The earlier definition of Lending Service Provider (LSP) under the DL Guidelines stated that any entity acting as RE’s agent, performing any lending function on behalf of the RE/lender would be considered an LSP.   It has now been clarified that only entities carrying out digital lending functions on behalf of the RE shall be classified as LSP. Given that the concept of LSP is relevant for Digital Lending this seems like a clarificatory change.   In case of non-digital loans, service providers performing lending functions on behalf of the RE would continue to be governed by the RBI’s Directions on Outsourcing of Financial Services.
Penal chargesPara 8. Disclosure to borrowers: Previously, it had been stated that the rate of penal charges should be disclosed on an annualized basis to the borrowers.   Now, the Directions are harmonized with the KFS Circular, and it is clarified that REs shall be guided by the KFS circular for penal charges in digital lending.Lenders are required to disclose interest rates on an annualized basis to ensure transparency and enable comparison.   The requirement of disclosing the annualized penal charges under the DL guidelines has been removed. Penal charges are event-based, contingent on defaults, and may vary in form (one-time, daily, monthly) depending on the loan type/tenure. Accordingly, annualizing the penal charges may not be feasible in such cases and could misrepresent the nature and incidence of such charges.
Due diligence requirements with respect to LSPsPara 5. Contractual obligations: Digital lending by a RE involving a LSP shall be carried out under a contractual agreement between the RE and the LSP, which clearly defines the respective roles, rights, and obligations of each party thereto.   Para 5.2. LSPs past conduct: The enhanced due diligence conducted by the RE, shall also probe into the LSPs past conduct.   Para 5.3 Monitoring mechanisms: The RE shall as part of its policy, also lay down monitoring mechanisms for the loan portfolio originated by the LSP(1) Roles and responsibilities to be captured in the contract: This reiterates the norms captured under the IT Outsourcing Directions (Para 16), and the Instructions on Financial Services Outsourcing for NBFCs (Annex XIII SBR, Para 5.5)   (2) Policy requirements: REs are now also required to include monitoring mechanisms as part of their policy for the loans originated by the LSP. This could be a part of the outsourcing policy itself.
RE-LSP arrangements involving multiple lendersPara 6. Digital view of all loan offers: The LSP shall provide a digital view of all loan offers matching the borrower’s requests which meets the borrower’s requirements. The name of unmatched lenders should also be disclosed   The mechanism adopted by the LSP for matchmaking of borrowers with the lenders shall be properly documented.   Additionally, LSPs shall ensure that the content displayed by them is unbiased, objective, and does not promote the products of a specific RE, including through dark-patterns.   However, in case the loan products are ranked on a publicly pre-disclosed metric, then such ranking shall not be construed to be promotion of a product.   In order to enable fair comparison by the borrower – “the digital view of loan offers from matching lenders shall include the name (s) of the RE (s) extending the loan offer, amount and tenor of loan, APR, monthly repayment obligation and penal charges (if applicable), in a way which enables the borrower to make a fair comparison between various offers”.The focus here is on enabling and protecting the customer’s right to choose.   These requirements are in line with the draft RBI Circular on Transparency in Loan Aggregation. Our detailed write-up on the same can be viewed here.     In case of co-lending through DLAs, as the proposed directions on co-lending rules out CLM2, it shall be ensured that both the co-lender’s criteria are checked and assessed upfront, upon receiving borrower’s application.    
Automatic increases in credit limitPara 7. Explicit request from the borrower: Previously, there was to be no automatic increase in the borrower’s credit limit unless explicit consent of the borrower is obtained for the same.   Now, the requirement is that it shall be based on an “explicit request”, which shall be received, evaluated, and kept on record for such increase.The recent change mandates that any increase in a borrower’s credit limit must be based on an explicit request originating from the borrower, rather than being automatically applied.   Under the Directions, the initiation of any credit limit enhancement must come from the borrower.   While lenders may continue to offer options or incentives for a higher credit limit, implementation can occur solely upon express request raised by the borrower. Further, non-response or silence shall not be construed as deemed consent for any automatic increase.
Physical recovery agentsPara 9.5. Use of physical recovery agents: Earlier, the requirement in this regard was that REs shall ensure that all loan servicing, repayment, etc. is executed directly by the borrower in the REs bank account, without any pass-through account / pool account, including that of the LSP.   Now, it has been clarified that in case of physical recovery practices, cash may be deposited by the borrower with the recovery agents / service provider.    However, such collections should be reflected in the borrower’s account on the same day. Further, such recovery fees should be paid by RE to the LSP, and not charged by LSP to the borrower.    To address recovery-related challenges under the Digital Lending Guidelines, in case of recovery from delinquent borrowers’ lenders have been permitted cash collections. Allowing such recovery practices can help in mitigating losses.
Cooling-off period and processing feePara 10. Cooling off period: Under the previous requirements, borrowers were to be allowed to exit a digital loan by paying off the principal and APR without any penalty during an initial cooling-off period.   However, it has been clarified that the REs may retain a “reasonable one-time processing fee” if the customer exits the loan during this period.This was clarified via the RBI FAQs and have now been included under the regulations.  
Storage of dataPara 13. Storage of data: REs previously had been required to ensure that all the data is stored only in servers located within India.   Now, it has been clarified that in case the data is processed outside India, it shall be deleted from the said servers and brought back to India within 24 hours of processing.The storage and deletion of data must be ensured accordingly.  
Reporting of DLAs to RBIREs shall by June 15 2025 report on CIMS all DLAs deployed/ joined by them, whether their own or those of the LSPs, either exclusively or as a platform participant. Lenders shall update the list as and when additional DLAs are engaged by them.    First reporting to be ensured by June 15, 2025    
Enlarged responsibilities of the CCOCrucially, the CCO, (or any other officer) will be required to:   Certify that the data on DLAs submitted is correct. That the DLAs are complying with the extant regulatory instructions (note: this would also include all the other regulations applicable upon REs use of a DLA)Data collection and storage by the DLAs is in compliance with applicable law, including the provisions of the DL Guidelines DLAs have a link to the RE’s websiteThe RE may designate the CCO or any other senior officer, responsible for the Digital Lending compliances to ensure the reporting.   As regards certifying that the DLA complies with extant regulatory instructions, and applicable law – in addition to RBI guidelines on digital lending, compliance may also be ensured with the following, as applicable:    Digital Personal Data Protection Act, 2023 Consumer Protection Act, 2019 Consumer Protection (E-Commerce Rules), 2020 Guidelines For Prevention and Regulation of Dark Patterns  
Default Loss GuaranteeThe existing norms under the DLG Guidelines and FAQs have been consolidated under this circular.No change

Other resources on the topic:

Resources on Digital Lending

You might also like
Liquidity stress testing for NBFCs
Chains of control: Change of control approval keeps NBFCs perplexed, often non-compliant 
Overview of Non Banking Finance Sector in India
Securitisation: Indian market grows amidst global volume contraction
Securitisation of stressed loans: Opportunities and structures
RBI proposes to strengthen governance in Banks
Holding of promoter shares through investment companies: Dividend restrictions clog upstreaming and create tax inefficiency
AML/ CFT Compliances Expand - RBI Further Amends KYC Master Directions
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *