Disaster, Distress and Resolution: Decoding RBI’s NBFC Relief Framework

/0 Comments/in /by

-Jeel Ranavat, Assistant Manager (jeel@vinodkothari.com)

Overview

A natural calamity does not just damage property or disrupt livelihoods — it can instantly push otherwise disciplined borrowers into financial stress. Loan repayments become difficult not because borrowers are unwilling to pay, but because businesses halt, incomes disappear, and economic activity comes to a standstill. Recognising this reality, the RBI has introduced a comprehensive new framework on relief measures in areas affected by natural calamities  (Natural Calamities Directions) for lenders that fundamentally changes how borrower distress arising from calamities is to be handled.

RBI has moved towards a more structured and time-bound relief mechanism — one that focuses not only on faster restructuring and borrower protection, but also on ensuring prudential discipline for lenders. From proactive resolution and protection against sudden NPA downgrades to stricter timelines, additional provisioning norms, and disaster-sensitive credit assessment.

Read more

RBI Proposes Uniform Recovery Norms Across All Lenders

/0 Comments/in /by

Revised draft enables device locking facility and removes the restriction taking legal action as first  resort

Tejasvi Thakkar, Simrat Singh and Jeel Ranavat | finserv@vinodkothari.com

Introduction

Pursuant to the RBI’s stated intent in theStatement on Developmental and Regulatory Policies to harmonise the conduct of Regulated Entities in relation to loan recovery, comprehensive draft instructions were initially proposed on May 20, 2026 consolidating and rationalising the existing scattered provisions. The draft has been revised and RBI has proposed Draft – Reserve Bank of India (Non-Banking Financial Companies – Responsible Business Conduct) Amendment Directions, 2026 which introduces several changes to the proposed recovery and conduct framework for NBFCs.

[Changes proposed under the revised draft have been highlighted in red for the ease of reference]

The key changes proposed are introduction of the device locking facility with restrictions, widening of the scope of harsh practices, removing the earlier restriction against initiating legal action as a first resort etc.

The instructions are applicable to all NBFCs, excluding Mortgage Guarantee Companies, Core Investment Companies, NBFC-Account Aggregators, Standalone Primary Dealers, Non-Operating Financial Housing Companies, and NBFCs not having any customer interface. The key requirements of the proposed framework are summarised below:

Key highlights

Policy Requirement

REs shall formulate a separate policy on recovery of loan dues, engagement of recovery agents and taking possession of security, by its own employee or recovery agent. The policy shall, inter-alia, cover:

  • Eligibility and due diligence criteria for engagement of recovery agents.
  • Specified recovery activities permitted to be carried out.
  • Code of Conduct requirements.
  • Performance evaluation standards, inspection and control mechanism.
  • Procedures and penal actions in case of non-compliance by recovery agents.
  • Recovery procedures in case of demise of borrower.
  • Mechanism to identify borrowers facing repayment difficulties and provide guidance on recourse options
  • Incentive structures not inducing harsh recovery practices.
  • Enforcement and possession framework including legal action not to be adopted as the first resort.
  • Triggers for initiation of recovery process.
  • Graded actions as per an escalation matrix for loan recovery.
  • Provision for compensation to the borrowers / guarantors for loss arising on account of recovery related actions of the NBFC or the recovery agencies.

Issue: Whether this can be combined with the policy on Code of Conduct for DSAs/DMAs?

Our view: Since the present requirement specifically deals with recovery conduct, possession and enforcement of security interest, and engagement of recovery agents, the same should ideally be maintained as a separate policy. The DSA/DMA CoC policy deals largely with sourcing-stage conduct such as mis-selling and consequent compensation-related aspects. However, where there are overlapping requirements, NBFCs may structure the same within a broader conduct framework, divided into separate sections. However, it should remain distinct from the outsourcing policy.

Due diligence (DD) requirements

  1. Frame and implement a due diligence framework in line with the RBI Outsourcing Directions, 2025.
    1. RE to ensure that recovery agencies shall undertake due diligence and verification of their employees/representatives at the time of engagement and on a periodic basis. Policy to specify such periodicity and scope of verification.

Training Requirements

  1. Recovery agents shall mandatorily possess certification from the Indian Institute of Banking and Finance (IIBF) for debt recovery agents. (Aligned with the HFC Master Directions)
    1. Existing agents without certification shall obtain the same within one year from issuance of directions

Code of Conduct for recovery Agents

  1. REs shall put in place a CoC for recovery agents and employees engaged in recovery and obtain undertakings for adherence.
    1. The CoC shall include, inter alia:
      1. Fair and respectful treatment of borrowers.
      2. Sharing only limited borrower information necessary for recovery and preventing misuse.
      3. Mandatory documents to be carried (ID card, copy of recovery letter etc)
      4. Permissible hours of contact
      5. Place of contact rules
      6. Restriction on contacting third parties
      7. Detailed prohibition of harsh practices
      8. Borrower information confidentiality
      9. No recovery action where grievance is pending
      • Recording of recovery calls with due borrower intimation.

Though the earlier draft proposed that recovery action cannot be taken if the grievance is found to be frivolous, however, the revised draft specifies that recovery cases cannot be referred to recovery employees or agencies while a borrower grievance relating to loan dues or recovery remains pending with the NBFC.

While the intent of the proposal is to strengthen borrower protection, it may make recoveries more difficult for lenders, as any borrower grievance can pause recovery action regardless of whether the complaint has merit. In our view, this could be misused by borrowers with malicious intent, by raising complaints primarily to delay or stall recovery proceedings.

Issue: Whether the CoC prescribed earlier under HFC Directions stands subsumed?

Our view: Yes. The earlier HFC provisions largely stand harmonised and subsumed within the present draft framework, except for certain differences which have been captured in the Annexure below.

Recovery agents shall be required to carry recovery notice, identity card and authorisation letter which shall include the telephone number of the / recovery agency and the grievance redressal officer appointed by the NBFC, and shall adhere to the following conduct requirements:

  • Interact only with the borrower / guarantor and not approach relatives or other contacts; maintain civil behavior;
  • Contact / visit borrowers only between 08:00 hours and 19:00 hours;
  • Honour borrower’s request to avoid calls / visits at particular times in normal circumstances;
  • Contact borrowers ordinarily at the place of their choice, failing which at residence, and thereafter at place of business / occupation. In the absence of any specific choice or if the borrower / guarantor fails to appear at the chosen place on two or more successive occasions, the employee / recovery agent may contact the borrower / guarantor at the place of his / her residence / occupation.
  • Avoid calls / visits during inappropriate occasions such as bereavement, calamities, marriage functions, festivals, etc.
  • In case of microfinance loans, undertake recovery at a mutually decided designated place, with field visits permitted only upon repeated non-appearance.
  • Ensure only duly authorised representatives visit borrower’s premises for recovery activities.
  • Ensure any written communication to borrowers has RE’s approval.
  • Promptly issue proper acknowledgement / receipt for collections made.
  • Refrain from harsh practices, including use of abusive/minatory  language,
  • use of social media for posting video / audio recordings or personal details of the borrower / guarantor;
  • sending inappropriate messages either on mobile or through social media;
  • excessive or anonymous calls, intimidation or harassment, threats of violence, misleading representations, or intrusion into borrower’s privacy,
  • making false or misleading representations to the borrower / guarantor, especially about the extent of the debt or the consequences of nonrepayment

    The revisions to the draft has widened the scope of “harsh practices” to explicitly include misuse of social media for recovery purposes, including disclosure of borrower information and sending abusive, threatening, or inappropriate communications through mobile or digital platforms.

Grievance redressal mechanism

  • Establish a dedicated recovery-related grievance redressal mechanism.
  • Provide complete details of the Grievance Redressal Officer and the mechanism in all recovery communications and loan agreements.
  • Define criteria for identification and closure of frivolous complaints with appropriate internal oversight.
  • REs should address issues including for issues relating to delays or difficulties in unlocking mobile device functionalities.

Responsibilities of REs

REs shall:

  • Prominently display an up-to-date list of empanelled recovery agents on all customer interface channels. Details to be provided
    • names of agents,
    • details of individuals engaged
    • period of engagement.
    • Type of recovery agent (corporate / individual),
    • Correspondence address,
    • Purpose of engagement (recovery / possession of security),
    • Assigned geographical areas,
  • The revised draft has introduced a timeline for REs to update the list within seven calendar days of any modification to the list.
  • In case of termination of agreement with the recovery agency,  REs are required to  inform the borrowers immediately.
  • Maintain records of recovery calls, including timing, frequency, and call recordings, for at least 6 months or until disposal of sub judice matters.
  • Inform the borrowers/guarantors that calls are being recorded.
  • At the time of forwarding cases for recovery,
    • In case a registered mobile number or email is available, inform borrowers atleast one day before the first recovery visit about the details of the recovery agent through SMS/Email.
    • In case digital details of the borrower  are  unavailable, inform borrowers atleast 3 days prior through physical notice.

Possession of mortgaged / hypothecated assets

Loan agreements shall contain a legally enforceable possession clause, clearly disclosed at the time of execution. The agreement shall, inter alia, specify:

  • Notice period and circumstances for waiver;
  • Procedure for taking possession of security;
  • Final opportunity to the borrower for repayment prior to sale/auction;
  • Procedure for restoration of possession;
  • Transparent process for sale or auction of the secured asset.

Periodic review, monitoring and control

REs shall put in place a management structure to monitor and control the activities of recovery agents and ensure that such agents refrain from actions that could harm the RE’s integrity and reputation. Accordingly, the RE should ensure:

  • Appropriate monitoring and conduct provisions shall be incorporated in agreements with recovery agents.
  • Remain fully responsible for the actions of recovery agents.
  • Undertake periodic review of recovery mechanisms to learn from experience and effect improvements.

Technology-Based Recovery Restrictions

The revised draft also proposes that the REs are restricted from using technology-based mechanisms (Remote Device Locking) to remotely restrict or disable functionalities of a borrower’s mobile device as a recovery tool, except in cases where the loan itself was granted for financing that specific device.

This can be done subject to certain conditions:

  1.  Loan agreement must expressly authorise such restrictions in clear and unambiguous terms.
  2. Trigger events for recovery actions must be specifically defined and disclosed upfront.
  3. A structured notice mechanism must be provided before any restriction is imposed.
    1. Notice of  atleast 21 days to be issued to borrower after the loan becomes 60 DPD
    1. After expiry of 21 days notice atleast another 7 days of time to the borrower to cure the default.

The default is 90DPD and the borrower has not curated the default irrespective of the notices Restrictions should follow a graduated, step-by-step escalation process.

  • REs  shall not restrict or disable essential device functionalities including internet access, incoming calls, emergency SOS, or emergency government/public safety notifications.
  • NBFC must reverse any restriction within 1 hour of default being cured.
  • NBFC must pay ₹250 per hour compensation for wrongful restriction or delayed reversal.
  • Device restriction mechanism must be uninstalled after full loan repayment.
  • Borrower retains the right to prepay the loan anytime (partial or full).
  • NBFC must maintain a strong grievance redressal system for unlocking-related issues.
  • NBFC is strictly prohibited from accessing, using, or retaining borrower device data for        recovery or any purpose.
  • NBFC is not allowed to access, use or obtain or retain the data in the phone for recovery in any circumstances

This means the lender cannot view personal files, contacts, messages, photos, location data, or any other information stored on the device while enforcing recovery measures.

Please refer to our detailed write -up on thisRemote Device Locking: RBI proposes highly guarded path

For Housing Finance Companies:

Most of the proposed requirements are not entirely new in substance for HFCs, as they were already reflected in the Guidelines for Engaging Recovery Agents under paragraph 170 of the RBI HFC Directions, 2025. The proposal now is to delete those HFC-specific guidelines and require HFCs to comply with the proposed Directions.

However, while the underlying principles remain largely consistent, the proposed Directions significantly strengthen and formalise the recovery framework. The approach shifts from principle-based guidance to a more structured, prescriptive, and compliance-oriented regime. The key changes are as follows:

  1. Mandatory written recovery policy:Under the HFC Directions, compliance was required with paragraph 170, but there was no express requirement to frame a consolidated written policy governing recovery of loans, engagement of recovery agents, and repossession of security. The proposed Directions now mandate a formal, documented recovery policy. Such policy must specifically cover eligibility criteria for engagement of agents, due diligence standards, performance evaluation parameters, inspection and audit mechanisms, and penal actions for non-adherence. This marks a shift from guideline-based adherence to a structured governance framework.
  2. Borrower distress identification mechanism: The HFC Directions required utilisation of credit counsellors in cases where a borrower was considered to “deserve sympathetic consideration,” which was discretionary and reactive in nature. The requirement of early stage borrower distress identification has been removed from the revised draft which indicates a shift from a proactive, structured borrower support system to a more reactive, institution-led approach based on observed default or non-payment events.
  3. Explicit data governance controls:While the HFC Directions required training of recovery agents on respecting customer privacy, the proposed draft goes further by mandating that only limited borrower information be shared with recovery agents and that adequate safeguards be put in place to prevent misuse or unauthorised transfer of customer data. This introduces clearer data governance and accountability obligations.
  4. Restriction on initiating legal action as first resort: The HFC Directions did not prescribe any sequencing rule regarding enforcement remedies. The earlier draft proposed that legal action for recovery or enforcement of security shall not be initiated as a first resort, thereby imposing a structured progression in recovery measures.

However, the revised draft provides for removal of this provision and suggests a relaxation of the earlier restriction against initiating legal action as a first resort for recovery.

This may provide lenders greater flexibility in choosing recovery measures and pursuing legal remedies at an appropriate stage.

Conclusion

Recovery is as vital to lending as disbursement, if not more. Credit often begins with a courteous engagement by the lender, but too often, the standards of professionalism seen at the time of sanction weaken at the stage of enforcement. The right to recover is unquestionable; harassment is not. The proposed Directions seek to correct this imbalance by requiring lenders to uphold the same standards of fairness, transparency and discipline during recovery as at the time of origination.

Wadia Ghandy Award for Structured Finance Research – Shortlisted articles

/0 Comments/in /by

A compendium of shortlisted articles submitted for the 4th edition of Wadia Ghandy Award for Structured Finance Research

4th edition Wadia Ghandy Awards for Structured Finance Research_ Compendium of Articles_.docxDownload

RBI’s Pillar 3 Proposes Disclosure of Liquidity Risks and Measures 

/0 Comments/in /by

Move from Narrative Disclosures to Structured Transparency

– Payal Agarwal, Partner | payal@vinodkothari.com 

The draft Capital Adequacy Amendment Directions of RBI propose changes to the existing Directions in relation to the Pillar 3 disclosure requirements (Market Discipline). The amendments are proposed to be made towards better alignment of the regulatory disclosure framework with the Basel norms. In addition to the new disclosure requirements with respect to Liquidity Risks and Macro-prudential Supervisory measures, the Draft proposes a move from narrative disclosures to a more structured, comprehensive transparency. 

Proposed to be effective from: quarter ended 30th September, 2026 

Highlights of the proposal 

  • Banks to have formal disclosure policy for Pillar 3 data
    • Key elements of the policy to be described in the year-end Pillar 3 report or cross- referenced to another location where they are available 
  • Formal attestation by one or more WTDs in writing that Pillar 3 disclosures have been prepared in accordance with the board-agreed internal control processes 
  • Safeguarding proprietary and confidential information:
    • Disclosure not required for proprietary or confidential information that may reveal the position of a bank or contravene its legal obligations 
    • More general information about the subject matter including the fact that specific items of information have not been disclosed and the reasons thereof. 
  • Guiding principles of Pillar 3 disclosures specified
    • Disclosures to be clear, comprehensive, meaningful, consistent and comparable
  • Disclosure of data points for previous period not required in case of  first-time reporting of a metric
    • For permitted transitions, the transitional data shall be reported unless the bank is compliant with fully loaded requirements 
  • For regulatory disclosures on the website, archive period proposed to increase to 10 years, against existing 3 years’ requirement 

Disclosure on Liquidity Risk Management measures

The proposed format, amongst others, incorporates a new field for liquidity related disclosures. This includes, qualitative and quantitative disclosures on liquidity risk management aspects, alongside disclosure of Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR):  

Qualitative disclosures: LRM governance Funding strategy including policies on diversification and tenor Liquidity risk mitigation techniquesExplanation of stress testingOutline of contingency funding plans Quantitative disclosures: Measurement tools for structural liquidity and cash flow projections Concentration limits on collateral pools and sources of fundingLiquidity exposures and funding needs and entity and branch level including limitations on transferability of liquidityBalance sheet and off-balance sheet items broken down into maturity buckets and the resultant liquidity gaps

Contents of disclosure (Annex III)

Proposed Format

Existing Format

New Disclosures

Frequency of Disclosure

1. Overview of risk management, key prudential metrics, and RWA

  

Template KM1: Key metrics (at consolidated group level)

New addition in the form of summary table, cross-linked to respective detailed tables
  • Liquidity Coverage Ratio (LCR)
  • Net Stable Funding Ratio (NFSR)

Quarterly

Table OVA: Bank risk management approach

General qualitative disclosure requirement under Risk Exposure and Assessment

More granular information such as risk governance structure, qualitative information on stress testing etc. 

Annual

Template OV1: Overview of RWA

No specific equivalent

RWAs and minimum capital requirements broken down for various risk categories: credit, CCR, market, operational etc.

Quarterly

2. Linkages between financial statements and regulatory exposures

  

Table LIA: Explanations of differences between accounting and regulatory exposure amounts

New table, some information overlap with Table DF-1: Scope of application

Qualitative explanations on the differences observed between accounting carrying value and amounts considered for regulatory purposes

Annual

Table LIB: Outline of the differences in the scope of consolidation (entity by entity)

Corresponds to Table DF-1: Scope of application

Annual

Template LI1: Differences between accounting and regulatory scopes of consolidation and mapping of financial statement categories with regulatory risk categories

No specific table; however, overlaps with Table DF-12: Composition of capital – reconciliation requirements

Breakdown of each component of balance sheet by risk framework — credit risk, CCR, securitisation, market risk, or not subject to capital requirements/ capital deduction 

Annual

Template LI2: Main sources of differences between regulatory exposure amounts and carrying values in financial statements

No specific table; source of material differences between its total balance sheet assets (net of on-balance sheet derivative and SFT assets) as reported in its financial statements and its on-balance sheet exposures to be disclosed and detailed in line 1 of the common disclosure template.

Detailed template covers sources of differences, viz., valuation differences, netting differences, provisions, and prudential filters — by risk category column.

Annual

Template PV1 – Prudent valuation adjustments (PVAs)

Only a single line-item within regulatory capital composition table

Break down PVAs by type (CVA loss, closeout cost, early termination, model risk, operational risk, funding costs, administrative costs, other) and by instrument category (equity, rates, FX, credit) and book (trading / banking).

Annual

3 Composition of Capital

  

Table CCA – Main features of regulatory capital instruments

Table DF-13: Main features of regulatory capital instruments

Ongoing, at least on a semi-annual basis

Template CC1 – Composition of regulatory capital

Table DF-11: Composition of capital

Semi-annual

Template CC2: Reconciliation of regulatory capital to balance sheet

Table DF-12: Composition of capital – reconciliation requirements

Higher granularity provided under each line-item

Semi-annual

4 Remuneration

  

Table REMA – Remuneration policy

Qualitative disclosures under Table DF-15: Disclosure requirements for remuneration

  

Annual

Template REM1 – Remuneration awarded during financial year

Quantitative disclosures under Table DF-15: Disclosure requirements for remuneration

More granular details sought 

Annual

Template REM2: Special payments

Annual

Template REM3: Deferred remuneration

Annual

5. Credit Risk

  

Table CRA – General qualitative information about credit risk

Table DF-3: Credit risk: general disclosures for all banks

Specific disclosure w.r.t. credit risk function, viz., 

  • Structure and organisation of the credit risk management and control function
  • Relationships between the credit risk management, risk control, compliance and internal audit functions etc. 

Annual

Template CR1: Credit quality of assets

  

Semi-annual

Template CR2: Changes in stock of non-performing loans and debt securities

  

Semi-annual

Table CRB: Additional disclosure related to the credit quality of assets
  • Breakdown of restructured exposures between standard and non-performing exposures.

Annual

Table CRC: Qualitative disclosure related to credit risk mitigation techniques

Table DF-5: Credit risk mitigation: disclosures for standardised approaches

Annual

Template CR3: Credit risk mitigation techniques – overview

Semi-annual

Table CRD: Qualitative disclosures on bank’s use of external credit ratings under the standardised approach for credit risk

Table DF-4 – Credit risk: disclosures for portfolios subject to the standardised approach (qualitative)

  

Annual

Template CR4: Standardised approach – credit risk exposure and Credit Risk Mitigation (CRM) effects

On-balance sheet and off-balance sheet exposures for each asset class:

  • Before CCF and CRM 
  • Post CCF and CRM
  • RWA and RWA density

Semi-annual

Template CR5: Standardised approach – exposures by asset classes and risk weights

Table DF-4 – Credit risk: disclosures for portfolios subject to the standardised approach (quantitative)

Risk weight buckets increased; existing format  divides into 3 major risk buckets

Semi-annual

6. Counterparty credit risk

  

Table CCRA – Qualitative disclosure related to counterparty credit risk

Table DF-10: General disclosure for exposures related to counterparty credit risk

Annual

Template CCR1 – Analysis of counterparty credit risk (CCR) exposure by approach

Structured in a tabulated form with more granular data requirements

Semi-annual

Template CCR3 – CCR exposures by regulatory portfolio and risk weights

Semi-annual

Template CCR4 – Composition of collateral for CCR exposures

Semi-annual

Template CCR5 – Credit derivatives exposures

  

Template CCR6 – Exposures to central counterparties

  

7. Securitisation

  

Table SECA – Qualitative disclosure requirements related to securitisation exposures

Table DF-6: Securitisation exposures: disclosure for standardised approach

List of:

  • affiliated entities (i) that the bank manages or advises and (ii) that invest either in the securitisation exposures that the bank has securitised or where the bank acts as facility provider.
  • a list of entities to which the bank provides implicit support and the associated capital impact for each of them

Annual

Template SEC1 – Securitisation exposures in the banking book

Bifurcation based on: 

  • bank as an originator and as an investor 
  • STC and others 

Semi-annual

Template SEC2 – Securitisation exposures in the trading book

Semi-annual

Template SEC3 – Securitisation exposures in the banking book and associated regulatory capital requirements – bank acting as originator

Semi-annual

Template SEC4 – Securitisation exposures in the banking book and associated capital requirements – bank acting as investor

Semi-annual

8. Market Risk

  

Table MRA – Qualitative disclosure requirements related to market risk

Table DF-7: Market risk in trading book

Elaboration of qualitative disclosures, viz., 

  • Strategies and processes 
  • Structure and organisation of the market risk management function
  • Scope and nature of risk reporting and/or measurement systems.

Annual

Template MR1 – Market risk under the standardised approach

Classification of positions: 

  • Outright products 
  • Options – Simplified approach, delta-plus method or scenario approach

Semi-annual

9. Operational Risk

  

Table ORA: Disclosure related to operational risk and operational resilience

Table DF-8: Operational risk

Elaboration of qualitative disclosures

  

10. Interest rate Risk

  

Table IRRA: Disclosure related to Interest Rate Risk

Table DF-9: Interest rate risk in the banking book (IRRBB)

Elaborated qualitative disclosures

Annual for qualitative disclosure and semiannual for quantitative disclosure

11. Macroprudential supervisory measures

  

Template GSIB1 – Disclosure of G-SIB indicators

12 indicators used in the assessment methodology of the G-SIB framework

Annual

Template CCyB1 – Geographical distribution of credit exposures used in the countercyclical capital buffer

Geographical breakdown of private sector credit exposures (values and RWAs) and Countercyclical capital buffer rate for computation of the bank-specific countercyclical capital buffer rate and amount

Semi-annual

12. Leverage Ratio

  

Template LR1 – Summary comparison of accounting assets vs leverage ratio exposure measure

Table DF 17- Summary comparison of accounting assets vs. leverage ratio exposure measure

Quarterly

Template LR2 – Leverage ratio common disclosure template

Table DF-18: Leverage ratio common disclosure template

Quarterly

13. Liquidity

  

Table LIQA – Liquidity risk management

See above

Annual

Template LIQ1 – Liquidity coverage ratio (LCR)

Unweighted and weighted values of

  • Total High Quality Liquid Assets 
  • Cash outflows and cash inflows (component-wise)

Quarterly 

Template LIQ2 – Net stable funding ratio (NSFR)

Unweighted value by residual maturity and weighted value of

  • Available Stable Funding (ASF) Item (each component)
  • Required stable funding (RSF) Item (each component)

Semi-annual

 

Remote Device Locking: RBI proposes highly guarded path

/0 Comments/in /by

Some proposals may be impractical

– Jeel Ranavat, Assistant Manager| finserv@vinodkothari.com 

On May 21,2026, RBI issued revised draft RBI (Non-Banking Financial Companies – Responsible Business Conduct) Amendment Directions, 2026  that contains  several paragraphs, not being there in the earlier Draft RBI (Non-Banking Financial Companies – Responsible Business Conduct) Second Amendment Directions, 2026 version, which permit a financier of devices to be able to remotely lock its partial functionality, on continued non-payment of dues. Among other safeguards, such as preserving the basic functionality (access to internet, incoming calls, emergency SOS features, and receipt of emergency Government or public-safety notifications), the RBI also imposes a minimum 90 days default to trigger the locking. In our view, given the short tenure of funding, the 90-day default threshold, clearly a legacy of long-term lending practices, is quite impractical in the context. We present the highlights and our critical appraisal of the RBI’s proposals.

Introduction

Remote device locking is fast becoming the new device in recovery practices. With the ability to remotely restrict access to a borrower’s device, lenders are increasingly viewing the technology as a powerful tool to control defaults and strengthen recoveries.

In the past supervisory observations, RBI raised concerns regarding “full device locking” mechanisms adopted by certain lenders/Lending Service Provider (LSPs), noting that such measures may be disproportionate, coercive, and restrict access to essential device functionalities. The concerns appear to stem from borrower protection and fair practices considerations, particularly where borrowers are denied access to basic device features unrelated to the financed asset or outstanding dues.

At the same time, the Digital Personal Data Protection Act, 2023 (DPDP Act) introduces an additional layer of regulatory scrutiny like device-level restrictions and monitoring inherently involve the processing and control of personal data, making borrower consent, lawful processing, proportionality, purpose limitation, and data minimisation central to any remote locking framework.

From a data protection perspective, excessive control over a borrower’s device may raise serious concerns around privacy, digital autonomy, and the broader obligation to safeguard the rights of data principals.

The RBI has issued Revised Draft – RBI (Non-Banking Financial Companies – Responsible Business Conduct) Amendment Directions, 2026 which provides deployment of technology-based mechanism for recovery of loan duesalso known as “Remote Device Locking”, and proposes to restrict the use of device-locking mechanisms as a recovery tool, except where the loan was specifically granted for financing the concerned mobile device. 

The regulatory message is increasingly clear that technology-driven recovery mechanisms cannot come at the cost of privacy, fairness, or access to essential digital services.

Pre-requisites for Remote Device Locking


Device-locking mechanisms as a recovery tool is not permitted. However, in case the loan was specifically granted for financing the concerned mobile device, such measures may be adopted by the lenders subject to certain conditions:

  • Documentation and Communication: 
    • Clear and unambiguous disclosure which expressly authorises such restrictions in loan agreement. 
    • Further, trigger events for initiating recovery-related restrictions must be clearly defined and disclosed upfront to the borrower.
  • Prior Notice: A structured notice and cure mechanism must be implemented prior to imposing any restriction. 
    • A minimum 21-day notice period should be provided once the account reaches 60 DPD, giving the borrower a chance to cure the default. 
    • Following expiry of 21 days notice an additional 7-day cure period is given to the borrower before any restrictive measure is imposed.
  • DPD Status: Restrictions should be invoked only where the account remains in default beyond 90 DPD despite prior notices and cure opportunities, ensuring that such measures are used strictly as a last resort.
  • Access Control: Under no circumstances should restrictions impair access to essential device functionalities, including internet connectivity, incoming calls, emergency SOS services, or government/public safety notifications. 

Conclusion

Most device financing loans are short-tenure products, typically ranging from 3 to 12 months. If  lenders are required to wait until 60 DPD, followed by a 21-day notice period, an additional 7-day cure window, and eventual restriction only after 90 DPD, this may significantly reduce the commercial effectiveness of remote device locking as a recovery tool.

In short-tenure device financing loans, recovery measures are most effective during the early stages of delinquency, when the borrower continues to actively rely on the device. 

In practice, several lenders have historically adopted much earlier-stage device restrictions upon payment default. However, RBI appears to be consciously moving away from such practices due to concerns around coercive recovery measures, borrower protection, proportionality, and access to essential digital services.

Securitisation, Transfer and Distribution of Credit Risk- for Banks and NBFCs.

/0 Comments/in , , , /by

We are pleased to announce the launch of our e-book — Securitisation, Transfer and Distribution of Credit Risk- for Banks and NBFCs

This book, spanning over 900+ pages,  provides a comprehensive analysis of the evolving regulatory and transactional landscape relating to credit risk transfer in India, with detailed commentary on:
• RBI regulations on securitisation
• Transfer of Loan Exposures or so-called direct assignments
• Co-lending arrangements
• Loan syndication arrangements
• SEBI regulations governing the issue and listing of securitised debt instruments

Designed specifically for banks, NBFCs, market participants, legal professionals and compliance teams, the publication offers practical insights into the regulatory framework governing structured finance and credit distribution transactions.

The Commentary is based on RBI’s November, 2025 version of consolidated Directions.

The book was launched during the 14th Securitisation Summit, and the e-book is available exclusively through the Premium Section of our website.

Read an excerpt from the book here.

Register your interests now!

FAQs on Type-I NBFC Registration Exemption

/0 Comments/in , , /by

– Anita Baid, Dayita Kanodia & Chirag Agarwal | finserv@vinodkothari.com

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [259.61 KB]