top of page
  • Writer's pictureRFMLR RGNUL


Updated: Nov 18, 2023

The September edition of Au Courant feature Mr. Harshit Dasad, a Senior Associate at JSA, focusing on banking and finance laws wherein he discusses guidelines on digital lending to banks and non-banking finance companies which disburse loans through digital lending platforms.

Harshit Dusad is a Senior Associate at JSA and his focus areas are banking & finance, project finance and trade finance. His experience includes work on matters pertaining to foreign currency lending, rupee financing and security creation in relation thereto. He has played an instrumental role in structuring and strategizing transactions pertaining to shipping finance, construction finance and real estate financing. He has also advised banks, financial institutions and corporates on structuring and strategizing security arrangements in relation to charge over movables, immovables, tangible and intangible assets.

Disclaimer: All opinions presented in the interview are the personal opinions of Mr. Dusad

On 2 September 2022, the Reserve Bank of India (RBI) issued the 'Guidelines on Digital Lending' (Guidelines) to banks and non-banking finance companies (NBFCs) which disburse loans through digital lending platforms. This followed the press release issued by the RBI on 10 August 2022 on the implementation of the recommendations of the Working Group on Digital Lending (Press Release).

(Q1) In the Press Release, the RBI had mentioned that it was examining the recommendation suggested by the working group to prohibit First Loss Default Guarantee (FLDG) arrangements in the market, and that in the interim, banks and NBFCs entering into FLDG arrangements must adhere to the Master Direction - Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 (Securitisation Guidelines). Now with the released guidelines, the RBI is intending to completely restrict any FLDG Arrangements in the market. Even though it is a step in the right direction to protect the borrowers, this could drastically affect the access to capital for fintech companies who are working towards designing new-age credit products, and increasing offerings to new-to-credit borrowers. What do you think about such restriction on FLDG Arrangements? Do you think that the RBI could have come up with some other less restrictive approach in this regard, while also protecting the borrowers?

In a typical FLDG transaction, a third party enters into an arrangement with a bank / NBFC whereby such third-party requests the bank / NBFC to extend loans to the customers on its platform and in case of default by the customer, the third-party guarantees to makes the repayment to the RE. In simple terms, FLDG is a loan insurance. These third parties may be both, regulated as well as unregulated by a financial sector regulator.

While such an arrangement may look attractive for consumers and it may result into easy credit access, however, it is also highly volatile. There is a requirement to strike a balance between the prevailing economic conditions and the new-age credit products.

Given that these third-party entities may fall out the purview of the RBI or other financial services sector regulator, the actual risk falls on banks / NBFCs which are actually undertaking the lending operations. If any default is committed by the borrower and the third-party which would have offered FLDG is also not able to offer guaranteed amounts to the bank / NBFC it will be a huge loss for the bank / NBFC, as they may not be able to recover their amounts. It will ultimately create stress on the financial situation of such bank.

Also, given that these third-party entities are unregulated, it may also put the borrower and their confidential information in jeopardy.

With this step, RBI has made it clear that if any entity wants to undertake lending operations, it can approach RBI for a license and upon such license is issued, the entity may directly undertake lending operations. In my view, this is a correct approach to secure both regulated lenders as well as borrowers.

(Q2) The new Guidelines reduce the interference of Lending Service Providers (LSPs) and dictate that all loan disbursals and repayments be executed directly between the borrowers’ bank accounts and the bank accounts of lenders. Certain exceptions have been provided to this general rule. However, the exceptions do not specifically cover any repayments made by borrowers through digital payment methods offered by payment service providers / payment aggregators (under which the funds would be routed through the escrow accounts required to be maintained by such payment aggregators). Further, the RBI has not generally permitted digital lending platforms to enter into escrow account arrangements. Would this create increased operational complexities for both lenders as well as fintech platforms in managing the disbursement and repayment fund flows?

Definitely, it would have been very convenient for consumers if they were permitted to using the platform of the LSP availing utilisations of loans and for making repayments thereof. It would have created a single-window mechanism for all the parties.

However, we need to understand that LSPs may include small players as well. If the amounts are routed through LSP accounts, all end-use related compliance will be required to be completed by such LSPs, which they may not be able to undertake properly. Also, given that loans are being actually extended by one entity (i.e., the banks) however the disbursal of the same to the borrowers is by another entity (i.e., the LSP), it will unnecessarily create multiple layers. It will make difficult to trace such loans.

(Q3) The Guidelines mandate that the banks and NBFCs must undertake comprehensive due diligence of the LSPs to ensure that they comply with the laws and regulations. What are the aspects that the lenders would need to keep in mind while conducting the due diligence process in this regard?

Banks / NBFCs will be required to conduct due diligence to ensure that LSPs have technical soundness, data storage arrangements, cyber-security policies and measures, KYC policies, privacy policies, disclosure policies, grievance redressal mechanisms etc. in place.

(Q4) The RBI has stipulated that the Guidelines will be effective from the date of the notification, i.e., 2 September 2022 for 'existing customers availing fresh loans' as well as 'new customers getting onboarded'. With respect to existing digital loans sanctioned prior to the date of the notification, the RBI has provided a transition period until 30 November 2022 for banks and NBFCs to put in place adequate systems and processes for compliance. Would the absence of a general transition period create some problems in implementation? In your opinion, would the stakeholders be able to effectively implement them?

The RBI has been releasing draft papers and recommendations since quite some time now on digital lending. Therefore, the market participants where already aware that these guidelines could come any time. Therefore, few of the banks / NBFCs had already started ensuring that the digital lending platforms with whom they undertake transactions are in compliance with extant regulations. Therefore, I do not think that there should be any problem. However, if multiple Banks / NBFCs still face issues in implementation, they have an option to approach RBI for seeking an extension. RBI has provided such extensions (on different subject matters) in the past and if the concern of banks / NBFCs is genuine, RBI may consider an extension for these guidelines as well.

(Q5) The Guidelines also have various provisions for the protection, storage and localisation of data collected by the lenders and the digital lending platforms. The borrower is required to be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect his personal data and if required, make the app delete/ forget the data. Further, all data is required to be stored in servers located within India while ensuring compliance with statutory obligations/ regulatory instructions. What is your opinion on the data protection provision in the guidelines?

Today, everything is there on the internet. Unlike the previous times where physical documents were required to be submitted to banks for undertaking financing activities, it can now be done at a single click. Also, given the nature of operations of digital lending players, everything happens online.

Therefore, it is crucial to safeguard the confidential data of all the persons using such digital platforms. In case of a data breach / leak, it can put such persons in jeopardy.

As regards storage of data within India, it is one of the functions of the RBI to protect the personal data of Indian citizens which are availing any banking function. Therefore, the RBI introduced a data localization policy in April 2018, whereby it had directed all payment firms to store all data pertaining to payment systems on servers in India. The data protection and storage provisions under the digital lending guidelines are also in line with the aforesaid April 2018 guidelines of the RBI.

(Q6) The Guidelines mandate that the digital lenders must provide Key Fact Statement (KFS) and provide it to the borrower before execution of the loan contract. Could you please shed a bit more light on KFS and how this will benefit the consumers?

Key Fact Statement (KFS) is a statement which will contain summary of the offer terms (such as loan amount, tenure, interest rate, penal interest rate, prepayment penalties, repayment schedule, etc.) which is being made to the users of the digital lending platform users. The is important as it ensures transparency between the digital lending platforms and their users.

In the past, is has been seen that digital lending platforms have imposed arbitrary fees, interests and penalties on their borrowers. In case borrowers didn’t agree to pay these amounts, few of the platforms have even used harassment techniques. Therefore, in order to address this, the RBI has imposed this requirement on regulated entities so that there is no after-shock to the users of digital lending platforms


bottom of page