Module Home Take Quiz
PART 3 OF 7

Digital Lending Regulations

Comprehensive coverage of RBI Digital Lending Guidelines 2022, FLDG framework, LSP regulations, fair practices code, and lending app compliance requirements.

1. RBI Digital Lending Guidelines 2022

On August 10, 2022, RBI issued comprehensive guidelines on digital lending following the recommendations of the Working Group on Digital Lending. These guidelines fundamentally restructured the digital lending ecosystem in India.

1.1 Background and Objectives

The guidelines were issued to address concerns about:

  • Unbridled engagement of third parties in lending
  • Mis-selling and breach of data privacy
  • Unfair business practices including exorbitant interest rates
  • Unethical recovery practices
  • Regulatory arbitrage by unregulated entities

1.2 Scope of Application

The guidelines apply to:

  • Commercial Banks (including Small Finance Banks)
  • Primary (Urban) Co-operative Banks
  • State Co-operative Banks and District Central Co-operative Banks
  • All Non-Banking Financial Companies (including HFCs)

Key Principle

Lending should happen only from the books of Regulated Entities (REs). All other entities in the digital lending ecosystem must operate only as agents/service providers to REs and cannot lend on their own account.

2. Players in Digital Lending Ecosystem

2.1 Regulated Entities (REs)

Banks and NBFCs regulated by RBI that actually disburse loans:

  • Must hold the loan on their balance sheet
  • Responsible for all regulatory compliance
  • Must disburse loan directly to borrower's bank account
  • Must receive repayments directly in RE's account

2.2 Lending Service Providers (LSPs)

Agents of REs who carry out lending-related functions:

Function Permissible?
Customer acquisition/sourcing Yes
Credit assessment support Yes (advisory to RE)
Documentation/verification Yes
Servicing/collections Yes
Disbursing loans from own funds No
Credit decision-making No (RE must decide)

2.3 Digital Lending Apps (DLAs)

Mobile/web applications used for lending-related functions:

  • RE's own DLA: Operated by the RE itself
  • LSP's DLA: Operated by LSP on behalf of RE
  • Must display RE's name prominently
  • Cannot be standalone lending apps without RE backing

Impact on Lending Apps

Pre-2022, many apps operated as "digital lenders" without clear regulatory backing, often partnering with NBFCs in opaque arrangements. Post-guidelines:

  • Apps must clearly disclose the RE providing the loan
  • Loan must reflect on RE's books, not app's
  • Apps can only be service providers, not lenders
  • Many unregulated apps had to exit or partner with REs

3. First Loss Default Guarantee (FLDG) Framework

FLDG arrangements where LSPs or other entities guarantee a portion of loan losses were restricted and then regulated through specific guidelines.

3.1 RBI FLDG Guidelines (June 2023)

Key provisions of the FLDG framework:

  • Who can provide FLDG: Only LSPs and other REs (not unregulated entities)
  • Cap: Maximum 5% of the loan portfolio amount
  • Form: Cash deposit, fixed deposits with lien, bank guarantee
  • Invocation: Only after 120 days past due
  • Tenure: Cannot exceed actual contract period

3.2 Implications of FLDG Cap

Before FLDG Regulation After FLDG Regulation
LSPs could guarantee 100% of losses Maximum 5% of portfolio
REs had little "skin in the game" RE bears 95%+ of credit risk
Synthetic securitization concerns Genuine lending relationship
Aggressive growth by LSPs More prudent underwriting

Rationale for FLDG Restriction

When LSPs provided 100% FLDG, the RE had no credit risk exposure, making the arrangement more like origination-for-fee rather than true lending. This created concerns about regulatory arbitrage and inadequate credit assessment.

4. Disclosure and Transparency Requirements

4.1 Pre-Sanction Disclosures

Before loan sanction, borrowers must receive:

  • All-inclusive cost of digital loans (APR)
  • Itemized list of fees and charges
  • Details of the RE providing the loan
  • Details of the LSP (if any)
  • Grievance redressal mechanism

4.2 Key Fact Statement (KFS)

A standardized document containing:

  • Annual Percentage Rate (APR) in bold
  • Recovery mechanism and consequences of default
  • Cooling-off period details
  • All fees, charges, and penalties

4.3 Post-Disbursement Requirements

  • Sanction letter on RE's letterhead
  • Copy of loan agreement
  • Account statement access
  • Repayment schedule

4.4 Annual Percentage Rate (APR) Calculation

APR must include all costs to the borrower:

  • Interest rate
  • Processing fees
  • Documentation charges
  • Verification fees
  • Insurance premiums (if bundled)
  • Credit score report charges

5. Fund Flow and Account Requirements

5.1 Disbursement

Critical requirements for loan disbursement:

  • Direct to Borrower: Loan must be disbursed directly to borrower's bank account
  • No Pass-through: Cannot go through LSP's account
  • No Wallet Loading: Cannot be disbursed to PPI/wallet
  • Exception: For specific end-use loans (e.g., merchant financing), disbursement to merchant permitted

5.2 Repayment

Requirements for loan repayment:

  • Repayments must come directly to RE's bank account
  • No pooling through LSP accounts
  • E-mandate/auto-debit from borrower's account permissible

Fund Flow - Compliant Structure

Disbursement: RE Bank Account → Borrower Bank Account (Direct NEFT/IMPS/UPI)

Repayment: Borrower Bank Account → RE Bank Account (Direct/E-mandate)

Non-Compliant: RE → LSP → Borrower OR Borrower → LSP → RE

6. Data Protection and Privacy

6.1 Data Collection Principles

  • Need-based: Collect only data necessary for lending
  • Explicit Consent: One-time consent with option to opt-out
  • Audit Trail: Maintain consent records
  • No Biometric: Cannot collect biometric data (except for e-KYC)

6.2 Data Access Restrictions

Lending apps cannot access:

  • Contact lists/phonebook
  • Gallery/photos
  • File storage (beyond documents required)
  • SMS beyond OTP
  • Location (except for specific use cases with consent)

6.3 Data Storage and Retention

  • Data must be stored in servers located in India
  • Retention only for the period necessary
  • Deletion upon request (subject to regulatory requirements)
  • LSP data access limited to service provision

7. Recovery and Collection Practices

7.1 Prohibited Practices

  • Harassment, abuse, or threats
  • Contacting borrower at unusual hours (before 8 AM, after 7 PM)
  • Contacting third parties without borrower's consent
  • Using defamatory language
  • Publishing defaulter's names/photos
  • Sending messages to contacts from phonebook

7.2 Fair Practices Requirements

  • Collection agents must be authorized and trained
  • Proper communication channels only
  • Documented recovery procedures
  • Grievance mechanism for recovery complaints

Enforcement Actions

RBI has taken action against several NBFCs and directed removal of non-compliant lending apps from app stores. Google and Apple have also updated their policies to align with RBI guidelines.

8. Compliance Checklist for Digital Lending

  1. Ensure loans are booked on RE's balance sheet
  2. LSP agreements compliant with guidelines
  3. FLDG arrangements within 5% cap
  4. Direct disbursement to borrower's bank account
  5. KFS and disclosures implemented
  6. APR calculation includes all costs
  7. Data collection limited and consent-based
  8. App permissions restricted to necessary
  9. Recovery practices compliant with Fair Practices Code
  10. Grievance redressal mechanism in place