The latest guidelines are for all regulated entities, which include commercial banks, state co-operative banks and NBFCs
The guidelines are an extension of those issued by the RBI last month, and will come in effect from December 2022
One of the major changes that the guidelines bring is that borrowers will have more control over their data and can be selective in sharing their data
Of late, the fintech ecosystem in India has been under the government’s lens, with digital lending facing extra scrutiny. After releasing the much-awaited norms for digital lending last month, the Reserve Bank of India (RBI) has come out with detailed guidelines, which will be applicable from December 2022.
Within the guidelines are pointers that the central bank had earlier said it would be releasing. Among them are some baseline technology standards for lenders and the companies that partner with these digital lending apps.
The guidelines are for registered entities (REs), which include all commercial banks, primary (urban) co-operative banks, state co-operative banks, district central co-operative banks and non-banking financial companies (NBFCs), including housing finance companies.
These entities have outsourcing arrangements with lending service providers (LSPs) and digital lending apps (DLAs). According to the guidelines, outsourcing of digital lending requirements will not diminish the obligations of REs, especially in the age of data concerns and digitisation.
Changes For REs Under RBI’s Digital Lending Guidelines
The RBI has stated that the REs will have to ensure only need-based data collection, with explicit consent from the borrower. Not only that, but the central bank has also asked these entities to desist from accessing mobile phone resources like file manager and media, contact lists, call logs and other telephony functions.
Exceptions include one-time access to the camera, microphone, location or any other facility necessary for onboarding/ KYC requirements only (with the borrowers’ explicit consent).
Several apps today don’t allow users to use applications if they don’t give consent to access specific data. The RBI has also asked the REs to give the borrower the option of consenting to share data.
According to the new guidelines, at any given time, the borrower can also restrict the data retention, revoke data access to third parties and any other consent already granted and even make the app delete the existing data.
With the aim to improve data transparency, the guidelines state that every time a digital lending app asks for permission to access anything, the borrower will have to be given the purpose for obtaining such consent.
Further, as previously mentioned in the guidelines, the lenders that the RE partners with will not be allowed to store the borrowers’ personal information. Exceptions include some minimal data (such as name, address, contact details of the customer and the likes) that may be required to carry out their operations.
Usage Of Tech By Banks, NBFCs & Lenders
The REs will have to ensure that their lending partners have links to the former’s website when talking about loan products.
Other details that any lender has to put up on the website (to ensure that all information is available in one place) include particulars of customer care, link to RBI’s Sachet Portal, privacy policies and more.
Further, the REs will have the duty to provide a nodal grievance redressal officer to borrowers in case of fintech or digital lending-related complaints. His/her contact details will also be displayed on the websites of the REs, its LSPs and the DLAs.
“The regulations are a welcome move to drive customer-centric innovation in the ecosystem – whether it is protecting personal data, addressing customer grievances or reducing asymmetry in information,” Anurag Reddy, vice president of product and chief of staff at Dinero said.
However, Joginder Rana, vice chairman and MD at CASHe, said that customers are at the centre of how a fintech company designs its products and services. “With access to data restricted for regulated entities, gauging customer expectations and building customised offerings will be a challenge,” he said.
The norms will compel the lenders to reveal how they use this data, credit assessment and underwriting techniques, and offer borrowers complete control over their data.