Digital Lending: The Way Ahead

The pace at which digital lending is growing, it is no surprise that the number of lenders has increased manifold in the last few years. The overall volume of disbursement through digital mode exhibited a growth of more than twelvefold between 2017 and 2020 (from ₹11,671 crore to ₹1,41,821 crore). Generally, banks and NBFCs operate with a Lending Service Provider (“LSP”) who provides a lending platform and carries out certain functions on behalf of the lender’s such as customer acquisition, underwriting support, pricing support, servicing, monitoring, and recovery of loans. Digital lending involves providing and recovering loans through their LSP via mobile and web-based applications which are known as Digital Lending Apps/Platforms (“DLAs”). With the growth in digital lending, came an increase in the malpractices by lenders leading to an urgent need for regulation. Lenders through digital platforms collect a variety of data from the borrowers including sensitive personal information, spending habits, financial background and access contacts, location, camera through their platforms and occasionally without express consent of the borrowers. Another concern that has been raised is the end use of the data collected by the lenders, its storage, deletion etc. The increase in share of digital lending is only going to escalate these concerns. Thus, the RBI set up a working group on ‘digital lending including lending through online platforms and mobile apps’ which published its report (“Report”) on August 10, 2022.

Pursuant to the Report, the RBI released the guidelines on digital lending on September 02, 2022 (“Guidelines1”), which shall be applicable to existing customers availing fresh loans and to new customers from the aforesaid date. To ensure that existing digital loans are also in compliance with the Guidelines, a deadline of November 30, 2022 has been provided. The guidelines are applicable to commercial banks, certain cooperative banks and NBFCs (“Regulated Entities” / “RE”). REs provide loans through LSPs and DLAs who themselves do not carry the risk of such loans on their books.

The Guidelines have introduced a variety of changes with an aim to streamline the practices followed by REs and protect interests of the borrowers:

Consumer Protection Requirements

  • With respect to flow of funds, REs now have to ensure that all payments in relation to loan servicing and repayment shall be deposited directly in their own bank account without any pass-through account/ pool account of a third party. The disbursements by the RE too shall be made into the bank account of the borrower only. An exemption has been made for disbursals where loans are mandated for a specified end-use. The existing practice where DLAs and LSPs would open accounts in the nature of pooling accounts wherein (i) the RE would deposit amounts meant for disbursal to borrowers and (ii) the borrowers would deposit amounts towards repayment of loan would have to be discontinued. The requirement of transfer of funds directly between lender and borrower accounts without being routed through an escrow will prove to be a huge blow to the ‘buy now pay later’ and the prepaid card industry as their operations relied on the use of escrow/pooling accounts.
  • The onus of grievance redressal has been put on the REs, who shall ensure that they and the LSPs engaged by them shall have a suitable nodal grievance redressal officer to deal with digital lending related complaints/ issues raised by the borrowers. The websites of REs, LSPs and DLAs are required to display details of the grievance redressal officer.
  • The Guidelines prohibit increase in credit limit by the RE without explicit consent of the borrower. The all-inclusive cost of digital loans including cost of funds, operating and processing fees etc., shall be charged as an Annual Percentage Rate (“APR”), which is to be disclosed upfront by REs and any fees payable to LSPs shall be borne by the RE and not by the borrower. Further, borrowers are to be provided a Key Fact Statement (“KFS”) before execution of the contract. Any fees, charge, etc., which is not mentioned in the KFS cannot be charged by the REs to the borrower at any stage during the term of the loan. The KFS, apart from other necessary information, shall contain the following:
    • Details of APR,
    • Terms and Conditions of recovery mechanism,
    • Details of grievance redressal officer designated specifically to deal with digital lending/ FinTech related matter,
    • Cooling-off/ look-up period.
  • A look-up period as per the discretion of the RE is to be given to borrowers for digital loans in case borrower decides to not continue with the loan. It may be noted that this is not a free look-up period and principal along with the proportionate APR shall be payable by the borrower without any penalty.
  • It is the responsibility of the REs to ensure that no personal information of borrowers except for some basic minimal data that may be required to carry out their operations (viz. name, address, contact details of the customer, etc.) is stored by the LSPs. Responsibility regarding data privacy and security of the customer’s personal information will be of the RE.
  • Details of the LSP acting as recovery agent for the loan is to be communicated by the REs to the borrower at the time of sanctioning of the loan and also at the time of passing on the responsibility of recovery to an LSP.


Technology And Data Requirements

  • Collection of any data by DLAs is required to be on a need basis and with prior and explicit consent of the borrower which can be audited, if required. DLAs are required to desist from accessing mobile phone resources such as file and media, contact list, call logs, telephony functions, etc. A one-time access can be taken towards the camera, microphone, location etc. of the borrower, for the purpose of on-boarding/ KYC requirements only with the explicit consent of the borrower.
  • The borrower is to be provided with an option to give or deny consent for use of specific data, restrict its disclosure to third parties, revoke consent already granted to collect his/her/their personal data and if required, make the app delete/ forget the data. These provisions will play a role in mitigating the privacy concerns which have been raised time and again and are in line with global norms such as the General Data Protection Regulation (a regulation in the European Union).

First Loss Default Guarantee (“FLDG”)

  • Agreements in the form of FLDG have become more popular with the increase of LSPs in the digital lending space. As LSPs do not lend themselves and act like more of an intermediary, they are required to onboard REs as their lending partners. Under the FLDG model, once the RE disburses the loan through the LSP, the LSP provides a first loss guarantee to the RE upto a certain percent of the loan disbursed by the RE in case of a default by the borrower. From the LSP’s perspective, offering FLDG exhibits its capability to underwrite the loan whereas from the RE’s perspective, it ensures that the LSP has skin in the game. The Report recommended that RE’s should be prohibited from entering into arrangements such as FLDG with unregulated entities which seems to have been accepted by RBI, as such arrangements have been restricted by the Guidelines. The end goal of RBI seems to be reducing the systematic credit risk in the banking industry however restricting FLDG arrangements will affect the capacity of LSPs to onboard RE’s, which will in turn adversely affect the availability of credit for borrowers.

RBI has tried to address the malpractices that were followed by the lenders and streamline the practices involved in digital lending. Provisions regarding setting up of a grievance redressal mechanism, personal data protection, look up period for digital loans has made it clear that while new financial products and innovation can be carried on by REs, the interest of borrowers is of paramount importance. The Guidelines would go a long way in boosting borrower confidence in availing digital lending.

1 Guidelines on Digital Lending – RBI/2022-23/111 – DOR.CRE.REC.66/21.07.001/2022-23

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Media Coverage

About Dhaval Vussonji

Ask a question

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Legal Disclaimer

User Acknowledgement

By proceeding further and clicking on the “AGREE” button herein below, I acknowledge that I of my own accord wish to know more about Dhaval Vussonji & Associates for my own information and use. I further acknowledge that there has been no solicitation, invitation or inducement of any sort whatsoever from Dhaval Vussonji & Associates or any of its members to create an Attorney-Client relationship through this knowledgesite. I further acknowledge having read and understood the Disclaimer below.


This knowledgesite ( is a resource for informational purposes only and is intended, but not promised or guaranteed, to be correct, complete, and up-to-date. Dhaval Vussonji & Associates (DVA) does not warrant that the information contained on this knowledgesite is accurate or complete, and hereby disclaims any and all liability to any person for any loss or damage caused by errors or omissions, whether such errors or omissions result from negligence, accident or any other cause.

DVA further assumes no liability for the interpretation and/or use of the information contained on this knowledgesite, nor does it offer a warranty of any kind, either expressed or implied. The owner of this knowledgesite does not intend links from this site to other internet knowledgesites to be referrals to, endorsements of, or affiliations with the linked entities. DVA is not responsible for, and makes no representations or warranties about, the contents of Web sites to which links may be provided from this Web site.

This knowledgesite is not intended to be a source of advertising or solicitation and the contents of the knowledgesite should not be construed as legal advice. The reader should not consider this information to be an invitation for a lawyer-client relationship and should not rely on information provided herein and should always seek the advice of competent counsel licensed to practice in the relevant country/state. Transmission, receipt or use of this knowledgesite does not constitute or create a lawyer-client relationship. No recipients of content from this knowledgesite should act, or refrain from acting, based upon any or all of the contents of this site.

Furthermore, the owner of this knowledgesite does not wish to represent anyone desiring representation based solely upon viewing this knowledgesite or in a country/state where this knowledgesite fails to comply with all laws and ethical rules of that state. Finally, the reader is warned that the use of Internet e-mail for confidential or sensitive information is susceptible to risks of lack of confidentiality associated with sending email over the Internet.