Moneycontrol PRO
Open App

RBI’s digital lending rules cover the same ground, long way to go

Months after the RBI hinted that it is ready to release the norms, it has only approved 12 guidelines as hygiene norms to be followed by regulated entities keeping in mind customer safety. The key issue of thwarting unregulated fake apps through norms still remains unresolved.

August 11, 2022 / 01:08 PM IST
Representative image.

Representative image.

The Reserve Bank of India’s (RBI) first batch of recommendations on norms to govern digital lending apps has clearly been well thought through, but it is as clear that the central bank is playing a cautious game.

“Key members of the working group on digital lending have held over 60 meetings to firm up their views on these norms. In fact, they have also spoken with large investors to get their views on how the space should be regulated,” a fintech executive said in early July.

Back then, the RBI was expected to release the final set of digital lending norms at any time. The wait was an anxious one for fintechs. While the RBI was very open to feedback in its consultations, there was no indication of what final call the regulator would take on key norms.

The only fear was whether the central bank would introduce some drastic measures without warning, similar to the June 20 clarification on lending through prepaid payment instruments (PPIs).

Months after the RBI hinted that it is ready to release the norms, it has only approved 12 guidelines as hygiene norms to be followed by regulated entities keeping in mind customer safety. The key issues still remain unresolved.


Consumer protection and transparency

On Wednesday, August 10, the RBI said that it has approved one set of norms to be implemented immediately, largely focusing on customer safety and emphasising on transparent reporting of lending activities to credit rating agencies. For now, the norms do not have any adverse impact on mainstream regulated fintechs.

Another set of recommendations have been accepted in principle, while some require wider engagement with the government and other stakeholders, according to RBI.

In the list of norms accepted, RBI has said that all loan disbursals and repayments should happen to and from bank accounts of the regulated entity that does the lending and collection of repayments. The transactions should not pass through a pool account or any third party.

The fintechs Moneycontrol spoke with said that the practice is already being followed. If the fintech is a registered non-banking financial company (NBFC), it receives the funds in its bank account. In case of an intermediary, the repayments are directly credited to the lending partner’s accounts.

“The working group recommendations said that in case of fully KYC (know your customer)-compliant PPIs, the loan can be disbursed to the PPI as well. We expect that the RBI will list such exceptions in coming months,” said a fintech founder.

Industry players believe that this specific norm is meant to curb money laundering and practices of falsifying accounts by unprincipled lenders.

“A lot of lot of unscrupulous players were pooling funds in their own accounts before disbursing the loan or repaying the actual lenders. That is illegal if you are not a registered entity and this is one of the ways how money might be further routed out,” said Anuj Kacker, co-founder of personal loan and neobanking platform Freo and vice-president of the Digital Lenders Association of India (DLAI).

Even the few mainstream fintechs that were not routing repayments directly to bank accounts of their lending partners will now be required to do so.

The norms also ask for a cooling-off period to be granted to customers to exit the loan, in light of recent complaints where customers claimed that they were granted approval for loans sought by mistake. Importantly, the RBI has said that loans extended through merchant platforms are also supposed to be reported to credit information bureaus.

The rules also prohibit automatic credit being disbursed or given without explicit borrower consent.

Macquarie said in a report, “In our view, many fintechs do BNPL by adding a credit line to the wallet and the consumer at times is blithely unaware that he has taken a line of credit. These malpractices are now being restricted by RBI.”

“We remain cautious on fintech companies and maintain our Underperform on Paytm. The key interpretation in our view is that the burden of compliance increases and many fintechs which were growing aggressively without proper discipline will see slower growth in the medium term as they try adhering to the new rules of RBI,” the note added.

FLDG: Hints dropped?

The key point of contention was the RBI’s views on first loss default guarantee (FLDG), a lending model between digital lending fintechs and their partner banks and NBFCs. Under these agreements, the fintech promises to compensate the partners up to a predetermined percentage in case a customer fails to repay the loan.

The working group in a November 2021 report had said that this could potentially build up risks and such arrangements should be banned for unregulated players. The RBI has said that these recommendations are under consideration. Meanwhile, regulated fintechs have been asked to adhere to the master directions on securitisation of standard assets.

According to Mandar Kagade, founder-principal, Black Dot Public Policy Advisors, a firm that works in the digital banking space, “The master direction states that lenders should adhere to a minimum retention requirement of 5-10 percent depending on the tenor of the loan. That appears to suggest the RBI may be comfortable with originator loan service provider writing a FLDG up to 10 percent of the exposure.”

Shilpa Mankar Ahluwalia, partner and head, fintech at law firm Shardul Amarchand & Mangaldas & Co, said, "The new rules require FLDG structures to comply with the requirements governing credit enhancements, service providers and capital adequacy requirements mentioned in the master direction."

According to Mankar Ahluwalia, assuming this is the case, only entities regulated by at least one financial services regulatory are eligible to issue FLDGs.

"This will have significant implications for many existing partnerships. Going forward, it appears that only LSPs (loan service providers) that have an NBFC within their group structure will likely be able to continue to rely on the FLDG lending model," she added.

Key concerns yet to be resolved

The need to regulate digital lending arose in 2020 after many unsuspecting customers fell prey to unregulated Chinese apps and many died by suicide after being harassed for repayments. Almost two years later, a direct legislation to ban these entities is still not out. The Directorate of Enforcement (ED) has been cracking down on these apps since the past few months and RBI has cancelled licences of suspect entities.

The RBI has said that the government may consider a law to ban unregulated lending activities that would cover all entities not authorised by the banking regulator and not registered under any other law for specifically undertaking public lending.

“The norms that have been announced don’t do much to tackle the main issue of fake loan apps. For so much of hyped conversations about this for nearly two years, it seems that only lending operating circular norms have been issued. Most of these were already being followed by mainstream and credible players,” said a fintech industry source.

“Somewhere along the way the RBI probably realised that it needs to do more to lay out norms for even regulated players, and this seems like a basic checklist for them. But what about the unregulated entities and non-finance lending scamsters? With the current inability to track those, how can regulator avoid undue negativity for the regulated entities?”

With everything in the norms mandated for ‘regulated entities’, this seems like a gist of additional norms for NBFCs, he added. Most digital lenders including MoneyTap, Slice’s Quadrillion Finance, ZestMoney, Axio (formerly Capital Float), etc., have NBFC licences.

Card-based lender Uni comes under the purview of the RBI through its PPI licence. Simpl is the only one among lending fintechs that does not have any RBI licence.

The recommendations also suggested setting up of an independent body to verify legitimate apps. That too is pending.

“The independent body is important as it would have created a list of safe apps. Until that is not done, customers do not have any registry to refer to before borrowing. They will continue to be at risk,” the source added.

Further consultations

The forming of a self-regulatory organisation (SRO) has been given an in-principle approval by the RBI. However, the regulator has not yet clarified which of the existing associations will be asked to take up the mantle.

The key associations including DLAI and the Fintech Association for Consumer Empowerment (FACE) had made representations to the RBI to take up the role of the SRO.

“We also look forward to engaging with the RBI in coming months as the industry moves towards forming an SRO to promote adherence to these recommendations,” DLAI said in a statement.

A fintech founder added, “We will take a few days to assess the norms and take expert views on those. If any questions arise, we will request for consultations with the RBI.”
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Priyanka Iyer
first published: Aug 11, 2022 01:08 pm
ISO 27001 - BSI Assurance Mark