Navigating the Digital Lending Boom in India: Balancing Innovation and Regulation

Siddh Sanghavi & Sameer Rahman

Introduction

Digital lending refers to a remote and automated process that allows people to apply for loans and other credit services online through digital platforms and channels. It involves using mobile applications and websites to streamline the lending process. Using these methods, loans are being disbursed in less than 10 minutes without any collateral.

The growth of digital lending in India has been phenomenal. India’s digital lending market showed growth with a CAGR (Compound Annual Growth Rate) of 132% in the period 2017- 2022. It is further predicted that India’s digital lending market will likely grow to USD 515 billion by 2030. Of course, with such rapid growth, there are many challenges that have been brought to the table.

This blog attempts to thoroughly analyse the concept of digital lending and the regulations surrounding the same; it scrutinizes the need to regulate digital lending and the current framework for regulation and thereafter suggests changes and tweaks in the framework to enhance its growth in India.

How Does Digital Lending Work

The Reserve Bank of India (RBI) refers to the abovementioned applications and websites as Digital Lending Apps (DLA) and Lending Service Providers (LSP). Another important term to know is Regulated Entity (RE). An RE is either a Bank or Non- Banking Financial Company (NBFC) which is engaged in the business of providing loans and is, therefore, under the purview of the RBI. DLA’s are usually operated by an LSP or an RE Directly.

DLA can be used directly by an RE, or an LSP will act as an intermediator between the two. To give an example, HDFC Bank offers a variety of digital loan products through its mobile app “HDFC Bank MobileBanking”. Users can apply for loans, check loan status, and make repayments directly within the app. In this case, the bank acts as both the lender and the platform provider, managing the entire digital lending process.

On the other hand, lending through LSP can be seen in the example of Bajaj Finserv partnering with the LSP Paisabazaar for its online loan platform. Paisabazaar helps Bajaj Finserv with customer acquisition. Potential borrowers can search for loan options on Paisabazaar’s platform, compare rates, and pre-qualify for a Bajaj Finserv loan.

Therefore, RBI is tasked with regulating digital lending in both scenarios, and any comprehensive guidelines would be needed to regulate DLAs, LSPs and REs.

Need to Regulate Digital Lending

India is currently in its honeymoon phase for digital lending. While Digital lending is currently in a boom in India, there’s an initial focus on the positive aspects (convenience), but any long-term success, like in a relationship, will require addressing the underlying issues.

RBI’s recent guidelines in digital lending are in light of the increase of digital financial services and the risks accompanying it. With the emergence of numerous online lending services, several issues have arisen regarding the transparency of the services as well as the protection of borrowers. To address these problems, the guidelines are expected to provide borrowers with fully transparent loan offers, which will help them make fair comparisons of other loan offers available in the market.

This transparency helps in avoiding practices like ‘predatory lending,’ which is aimed at misleading borrowers and getting them to agree to unfavourable loan terms and conditions. P2P (person-to-person) lending programs are usually alleged to contain concealed fees and unreasonable loan interest rates.

Many borrowers have complained of falling for lucrative interest rates only to meet high hidden charges. The RBI expects loan offers to contain a holistic digital view, accompanied by the KFS, to avoid any such predatory practices and enable the borrower to make informed decisions. The Key Facts Statement (KFS) presented for each loan offer contains the necessary information to help the borrower make the decision.

The guidelines also address the misuse of penal charges as a revenue source by setting clear rules for penal charges, ensuring they are reasonable, transparent, and treated separately from interest. This prevents lenders from putting very high penalties on borrowers, and therefore, it protects borrowers from being given huge and unfair charges and, hence, protects predatory lending.

There have been instances where digital lenders have exploited the lack of regulation on digital lending to impose unfair terms on vulnerable borrowers. For example, the emergence of many loan apps during the COVID-19 lockdown period escalated cases of harassment and coercive recovery activities. These guidelines are essential measures to prevent exploitation, as mentioned above.

The guidelines aim to standardize practices across the digital lending ecosystem, fostering a more trustworthy environment. This is particularly important as the sector includes many players, from well-established financial institutions to smaller, less regulated entities. By requiring Lending Service Providers (LSPs) to present loan offers consistently and transparently, the RBI is helping to level the playing field and build consumer confidence.

Current Guidelines to Regulate Digital Lending

To identify and address the challenges in the process of Digital Lending, the RBI chose to examine the functioning of the digital lending apps. The RBI Working Group was set up in January 2022, which identified three major issues: Conduct, technology and charges. Based on the recommendations of the working group, the RBI released the Digital Lending Guidelines (DLG) under the Banking Regulations Act 1949 and the RBI Act 1934.

The Digital Lending guidelines covered and regulated all three parties: the DLAs, LSPs as well and REs. RBI stated that the lenders will have to disburse the loan amount into the borrower’s account directly, and no third party can be involved in the transaction. Further, the lending platform was mandated to create a key fact statement, which would include important information regarding the loan in a simple and easy-to-understand format.

A cooling-off or look-up period of 3 days is also mandated to be mentioned in the KFS. A borrower is given the option to exit the digital loan without penalty during this period, during which the principal and proportionate annual percentage rate is repaid. This provision can also be traced to the Truth in Lending Act of the USA, which provides for a period of 3 days during which the customer can withdraw from the loan process in case they change their minds.

Another notable aspect of the guidelines is data protection. There have been several instances of misuse of data collected by LSPs. Reports suggest that cybercriminals misused more than 300 DLAs to exfiltrate data and harass borrowers. To overcome such issues, the guidelines mandate that LSPs collect data only when required and with the expressive consent of the borrower. The personal information of the borrower should not be stored; only the “basic-minimal data” like name and contact information can be stored. The borrower’s access to the software has also been minimized by these guidelines, which impose restrictions on access to files, messages, phonebooks, media, etc. However, the necessary actions for conducting KYC have been permitted. The collection and storage of any borrower’s biometric data have also been prohibited.

The guidelines further mandate that the information of the third parties that are allowed to collect personal data via DLAs, as well as the express consent of the borrower, should be made available by the REs. The usage and duration of storage of such data should also be disclosed by the REs. Most importantly, the storage location of the data that has been collected must be in India.

Issue with the Framework for Digital Lending in India and Suggestions

Challenges posed by the 5% FLDG Gap and Solutions

Providing credit in itself is a risky deal. In 2020, about 10-15% of bad loans were registered in the books of REs. The recent Financial Stability Report of the RBI shows that the amount of NPAs arising from slippages from retail loans increased by 40% in FY24. It suggests that the share of slippages from retail loans is increasing at an alarming pace, leading to new additions in NPAs.

To save their health in these conditions, the REs enter into a First Loss Default Guarantee (FLDG) or Default Loss Guarantee agreement with fintechs. An FLDG is an agreement entered into between a fintech LSP and an RE. Under this agreement, the LSP promises to cover the non-repayment of the loan by the borrower to a certain extent. In simple terms, An FLDG is a risk-sharing arrangement between an RE and an LSP in which the LSP guarantees defaults on loans extended to borrowers that originated through the RE.

The FLDG arena was previously untapped by regulatory authorities. The REs previously misused this loophole as they used to enter into such arrangements with LSPs, in which they used to take almost a 100% default guarantee since there was no cap on the upper limit for such guarantees. However, the 2022 guidelines mandated the REs to follow the provisions of the RBI Master Direction on Securitisation of Standard Assets. According to the provisions related to synthetic securitization, REs were not allowed to transfer risk to third parties in connection with lending. This complete prohibition deteriorated the financial health of small REs in case of default.

However, via 2023 FLDG guidelines, the RBI has allowed a default guarantee of up to 5% of the total outstanding amount of the loan. This guarantee is minimal and is not sufficient to secure the interest of the REs, especially the smaller ones, given the high risk associated with the credit market.

Even the working group suggested that the FDLG limit should lie between 15% to 20% of the total amount. The limit provided by the guidelines is also arbitrary since the financial position of all the LSPs is not the same. In the financial year (FY) 2021-22, for instance, Paytm and PhonePe generated revenue of INR 4,974 crores and INR 1,797 crores, respectively, while Chqbook managed to generate revenue of INR 13 crores.

The idea of keeping all the LSPs on the same pedestal is not justified since their risk-taking abilities are very different from each other. In such a scenario, a sub-characterisation of the FDLG limit is advocated, keeping in mind their risk-taking abilities. Different factors such as the cash flow, liquidity and revenue of the LSPs can be considered while making such delineation.

Easing Data Localization Requirements and Reducing Compliance Costs

One of the main differences between the DLG and the DPDP Act is in the approach towards data localization and cross-border data transfer. The DLG take a more stringent approach towards data localization, mandating the REs to store data within India and also ensuring that LSPs and DLAs engaged by them do the same. On the other hand, DPDP takes a more flexible approach and allows cross-border data transfer and storage of data in other countries as well. (Except those specified by the Central Government).

The issue arises since the DLA’s and LSP’s now have to comply with both the DLG as well as DPDP. The authors suggest that the DLG guidelines be eased to make them in consonance with DPDP. This would, most importantly, help ease the stringent mandate for complete data localization for all lending entities.

Many DLAs and LSPs use global cloud service providers to store the data of customers. The issue with complete data localization is that it forces global companies to pivot from their traditional uniform approach to data management. Many Digital lending entities that have excelled globally must now think locally. This results in increased regional compliance costs for these global companies since they now have to comply with the strict data localization mandate of the RBI. It is important to understand that these increased compliance costs will be passed down to the consumers themselves in the form of increased interest rates and fees.

Striking a Balance between Data Privacy and Innovative Credit Assessment Methods

Credit assessment is the process to determine your ability to repay the loan and how risky it is for the lender to grant you that loan. When talking about this concept in the context of digital lending, many financial institutions use advanced analytical techniques and data-driven strategies to determine credit worthiness of the borrower.

One such example is CreditVidya, a Hyderabad-based company which uses alternative data and artificial intelligence-based algorithms to compute credit scores. The ‘CV Score’ uses 10,000 data points from applicants, such as utility bill payments, e-commerce transactions and phone-related location data. The score determined by this data is then used to provide loans.

These metrics are important for financial institutions for granting loans. Whether you pay your electricity, gas, and internet bills on time goes directly to your credibility to pay the loan on time.

However, the issue arises due to the complex data protection regulations, which restrict the lender from accessing important data to determine creditworthiness. One of the principles of RBI’s regulations and DPDP is Data Minimization. This means only data necessary for purposes of lending should be collected. While no DLA or LSP would disagree with this principle, however, the practicality is that innovative credit assessment models often rely on large volumes of diverse data which involve alternative data sources. As mentioned above, while Utility bills may be important for credit assessment, however, it may not align with the principle of data minimization. This makes it difficult for lenders to analyse data to grant loans.

Impact of Guaranteed NPA’s on Market Attractiveness of RE’s

The DLG also provides for the characterisation of the defaulted loans made good by the third-party guarantor (fintech LSP) to be labelled as an NPA only. This NPA, although guaranteed to some extent, would wholly go to the books of accounts of the REs as bad loans, which could hamper its attractiveness in the credit market as it would appear that the RE is in bad financial condition.

Conclusion

In order to foster the digital lending landscape in India, a nuanced and balanced approach is required in which the interests of both the borrowers and lenders are considered. However, the current guidelines seem to be pivoted more towards catering to the needs of the borrowers and appear to brush aside the concerns of lenders. RBI should focus on easing the regulations for fintech players to ensure a conducive environment is created for the growth of the sector in the country.

The authors are third year students at National Law University, Odisha (NLUO)