A Working Group on Digital Lending (“RBI WG”), constituted by the Reserve Bank of India (“RBI”), had published its Report in November 2021. It had made recommendations on (i) the legal and regulatory framework for digital lending; (ii) technology; and (iii) financial consumer protection, implementable over the near-term (up to one year) and medium-term (beyond one year).
Pursuant to a review of these recommendations, the RBI has accepted a few, through the Circular titled Recommendations of the Working Group on Digital Lending – Implementation, dated August 10, 2022 (“Circular”), in two parts: (i) for immediate implementation; and (ii) for further examination, although accepted in-principle. The RBI has categorised other recommendations as requiring wider engagement with the Government of India and relevant stakeholders in the digital lending ecosystem, in view of the operational challenges and complexities in their implementation.
(i) While the RBI WG had envisaged allowing disbursements of loans by full-KYC prepaid payment instruments (“PPIs”), where the borrowers had only a PPI account and no bank account, the RBI has not implemented this specific recommendation.
(a) Unlike the RBI’s circular on ‘Loading of PPIs through Credit Lines’ issued on June 20, 2022, to authorised non-bank PPI issuers, the Circular makes no distinction basis the nature of funding.
(b) Permissibility of check-out financing products enabled through PPIs, whether loaded through credit lines/ term loans, may accordingly be impacted.
(c) The wide stipulation under the Circular may also impact BNPL products, involving direct settlement of transactions through credit disbursement to merchants.
(ii) RBI has sought to address the long-standing risk of under-reporting of credit default data for loans originated through digital lending applications (“DLA”). Regulated entities (“REs”) are now required to disclose any lending through DLAs to credit information companies, independent of the nature and tenor of the product.
(a) The applicable framework for credit default reporting of first loss default guarantee (“FLDG”) backed facilities, provided through DLAs, needs further consideration.
(b) The applicability of the Master Directions on Securitization of Standard Assets (“Securitization Guidelines”) does not prohibit existing FLDG backed structures present in the market. However, the applicability of commercial/ compliance considerations, typically reserved for credit enhancements provided by originating lenders under the Securitization Guidelines, may have to be examined.
(iii) In consonance with the existing approach towards sectoral based data privacy protection requirements, the RBI has incorporated principles of purpose limitation, consent based data collection (with mechanisms for revocation and if required, effect permanent deletion of the data) and consent based disclosure to third-parties.
(a) DLAs are not allowed to store personal information of customers, other than basic information required to carry out their operations, such as name, address, contact details, etc. This may require re-looking, given the data lake structures of DLAs.
(b) While data localisation norms have been applied broadly by the RBI in the past, the explicit requirement covering DLA transactions may lead to cost implications.
The approach of the RBI to ‘regulate not prohibit’ is a welcome step and will ensure continuation of innovation and investment in the burgeoning FinTech/ TechFin sector in India, subject to compliance with consumer protection, corporate governance and credit reporting standards.