Digitising lending brings many benefits from more inclusive and efficient processes, to improved credit decisions, and a better customer experience. However, the emergence of digital lenders in India in the last few years through online platforms and mobile
apps, has led to concerns around potential systemic implications.
Last November, the Reserve Bank of India (RBI)’s Working Group released a
report titled ’Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps’ (the RBI Report).The first set of the RBI Report’s customer-focused recommendations were
accepted by the RBI in August, and
detailed implementation guidelines have also been published (the DL Guidelines).
The guidelines have significantly impacted the lending industry, particularly for models which leverage the use of pool/ or pass-through accounts, buy-now-pay-later (BNPL), and co-lending models.
The current digital lending landscape in India
Current digital lending models in India are numerous. Partnerships between regulated lenders (driven by non-banking financial companies and banks) and customer facing non-banks are common, and provide mobile and web based applications called digital lending
applications (DLAs). The regulated entities or lenders (REs) also engage agents, called lending service providers’ (LSPs), for various legs of the lending process, like customer acquisition, underwriting, disbursal, or collection under RBI outsourcing and
other norms.
LSPs and DLAs, unlike typical ‘balance sheet lenders’, often do not provide the capital for the lending or carry the credit risk on their balance sheets. These instead essentially play the role of matching the lenders with the borrowers. Use of first loss
default guarantee (FLDG) models, where the LSP offers a first loss guarantee up to a certain percentage of the loan, allowed it to bear some of the risk. These practices, which the RBI describes as akin to a ‘rent-an-NBFC’ model, present a challenge around
monitoring unregistered and informal lending and outsourcing, and anonymised ‘shadow lending’ as a result of this. These were some of the primary concerns identified by the RBI Report last year.
Implications for lending models and fund flows
The DL Guidelines now introduce multiple changes to existing practices of lending REs and their partners, with the aim of increasing the protection to customers. Some of these necessitate changes to lending models and the underlying fund flows, while others
are introduced to bring in increased transparency, protection of customer data, and effective grievance redressal. This discussion focuses on the former, and existing models will need to be restructured to allow the lending to continue in a compliant fashion:
- Use of pool or pass-through accounts of DLAs/ LSPs to RE accounts only:
For fund flows, the DL guidelines now mandate that no pool or pass-through accounts can be used, requiring disbursals and collections to flow straight from the RE’s bank account to the borrower’s bank account. For this, a common practice of creating pool accounts
in the name of the LSP/ DLA, where RE funds were pooled to facilitate disbursal to and eventually collections of the loans from the borrowers will need to be discontinued. Instead, flows will need to be restructured to allow the creation and use of accounts
in the RE’s name alone.
- Using payment aggregators: The DL guidelines do not take an express position on the use of payment aggregators (PAs) by the REs or LSPs. PAs use an escrow account to pool payments before disbursing to end-beneficiaries (of the RE’s loan to the borrower
or the borrower’s repayments to the lender). The use of PAs by various entities is governed under separate regulations, the
PA Guidelines, which also mandate the use of the escrow account. It is unclear whether the current DL guidelines intend to exclude the use of PAs given that payment aggregation is a
separately regulated activity with mandated checks and balance in place. A recent
Ministry of Finance press release discusses illegal loan apps, and directs that the ongoing licensing process for PAs be completed within a timeframe to put an end to misuse of unregulated
PAs. This indicates that the use of an authorised PA may continue, but further clarifications are needed. In case of an impact, options are that use of PAs is covered under the first exception, which discusses allowing disbursals ‘covered exclusively under
a regulatory mandate’ (given that the use of the PA’s escrow is a regulatory mandate). Alternative flows can also be taken up here, like payment gateway or BaaS driven flows.
- Direct disbursals to merchants allowed for specific end-use: Even with the mandate to disburse only to borrower accounts, direct disbursal to the end-beneficiary of the loan has been allowed under the DL guidelines in case of loans for ‘specific
end-uses’. These cover lending use-cases like invoice discounting, supply chain financing, consumer durable financing, and even BNPL. In fact, even apart from the exception drawn under the DL guidelines, other RBI guidelines like those
applicable to term loans mandate that the loan be remitted directly to the end-beneficiary, that is, the supplier of the goods or services in question. This exception allows
such practices to continue, which double as a risk measure allowing closer monitoring by the RE of the use the loan is put to by the borrower.
- BNPL models relying on prepaid cards to be discontinued: BNPL models which were working on disbursal to prepaid payment instruments (PPIs) like prepaid cards or mobile wallets are nevertheless impacted, given the DL guidelines require disbursals
directly to the ‘bank account’ of the borrower. Here adaption of new models such as using term loans from the lending partner and disbursal straight to the merchant under the specific end-use exception will need to be turned to. This adds to recent restrictions,
where the RBI through a guideline put an end to the
loading of PPIs through credit lines, another common model that was in use to offer BNPL.
- Co-lending models are an exception: Yet another exception under the DL guidelines is for co-lending models, allowing the use of pool accounts for the flow of money between multiple co-lending REs here to continue. This allows some flexibility with
structuring here. Regardless, the co-lending must comply with other applicable norms, such as the
RBI norms on co-lending by banks and NBFCs, which require the funds to be routed through an escrow account with the bank.
- FLDG: The use of FLDG is one of the issues that is still being examined by the RBI, and on which further feedback will be invited. In the meantime, the RBI has asked to ensure FLDG arrangements adhere to its
securitisation norms.
Measures to protect customers
Apart from the impact on fund flows and lending models, many other requirements protect customers in a variety of ways. These include:
- More transparency in fees charged through an upfront disclosure of the annualised percentage rate or the all-inclusive cost of the loan for the borrower.
- Providing the borrower with all key information related to the loan at the onboarding stage itself, via a ‘Key Fact Statement’ providing the APR, recovery, grievance redressal, requiring DLAs/ LSPs to prominently display all product details at the time
of sign-up.
- Sharing details of recovery agent at the time of sanctioning the loan.
- Ensuring proper disclosure to the borrower of the RE behind the lending, via use of its letterhead on digitally signed documents and requiring REs to publish names of the their DLAs/ LSP on their website.
- Improved grievance redressal through an appointed grievance redressal officer, ensuring resolution within stipulated timelines of 30 days..
- Greater data protection by limiting access to data smartphone features to a consent and need-based access alone, providing the borrower the option to deny or revoke consent given, ensuring no storage of biometric data with the DLAs/ LSPs.
- Requiring lending through DLAs/ LSPs to be reported to credit bureaus.
Innovation has allowed new ways for credit delivery to be fashioned, and the RBI guidelines now ensure that any abuse by the players involved is prevented and the borrower is secure. It is clear that the same will apply for any kind of fintech innovation,
and the customer’s protection will need to be placed at the centre of all decisions being made.
The new guidelines need to be complied with for existing loans by the end of November, and immediately for new loans or new customers. Along with these, the RBI has also listed multiple issues for the next round of discussions with stakeholders.
For a full discussion on the latest policy developments each month, do check out
Cashfree Payments’ Policy Radar.