This article explores the unique compliance requirements that distinguish digital lending for NBFCs. It covers the guidelines applicable to Digital Lending Apps, encompassing regulated entities, lending service providers and financial institutions. Authorization is restricted to RBI-regulated entities or those authorized under relevant laws. IT compliance, document security, and operational changes are highlighted, along with the role of digital lending software in managing regulatory obligations. The article provides a concise overview of the RBI’s 2022 Digital Lending Guidelines, emphasizing customer protection, data processing, governance, and disclosure.
Factors that Differentiate Compliance Requirements for Digital Lending
Scope: The guidelines are applicable to any digital loans provided through platforms that meet the criteria of ‘Digital Lending Apps.’ This includes regulated entities, lending service providers, co-lending banks, and non-bank financial companies.
Authorisation: Only entities regulated by the RBI and those authorised to engage in lending activities under other laws are permitted to operate digital lending platforms.
IT Compliance: The guidelines require the use of digital signatures that comply with the IT Act and necessitate customer consent on loan documents through a secure audit trail.
Security of Documents: To prevent risky lending practices, all loan documents must be digitally signed. This entails securely storing digital signatures.
Operational Changes: The guidelines enforce significant operational changes for fintechs, banks, and NBFCs in managing their digital lending operations. These changes include implementing stricter measures to prevent risky lending practices.
How can digital lending software help you manage regulatory compliance for the NBFC?
There are two important aspects to consider regarding compliance and digital lending for NBFCs.
In order to ensure compliance, an NBFC requires a robust Management Information System (MIS) software that provides all the necessary data for timely filings. It’s important to note that the digital lending component falls under separate master directions. These guidelines are applicable only if an NBFC utilizes a digital lending software, whether it’s developed in-house or outsourced. Regarding outsourcing, the RBI has provided specific directions to be followed.
The digital lending directions primarily focus on enhancing transparency for customers. Their purpose is to improve transparency between the NBFC and the borrower, ensuring that borrower data is safeguarded against misuse.
Two commonly used software types in NBFCs are Customer Relationship Management (CRM) software for maintaining borrower records and managing borrower acquisition and Loan Management System for backend loan management tasks such as loan reporting, bureau reporting, issuing NOCs, foreclosures, and more.
RBI 2022 Digital Lending Guidelines in a Glimpse
These guidelines, divided into four components, cover various aspects of digital lending operations to ensure customer protection, secure data processing, robust governance, and transparency in the NBFC sector.
This component focuses on ensuring fair treatment of customers in digital lending, safeguarding their rights and interests.
This component emphasizes the secure and compliant handling of customer data by digital lending entities.
Governance and Oversight
This component ensures digital lending entities have robust systems and processes for safe, sound, and compliant operations.
Disclosure and Transparency
This component focuses on providing sufficient information to stakeholders regarding digital lending activities.
The customers are provided with clear and transparent information about the terms and conditions of the credit products and services offered by the Regulated Entities (REs) or their Loan Service Providers (LSPs)/Digital Lending Apps (DLAs), including the interest rates, fees, charges, penalties, etc.
The customers are given a copy of the loan agreement along with a repayment schedule before disbursing the loan amount.
The customers are given the option to give their consent for accessing their personal and financial data from various sources, and such consent is obtained in a verifiable manner.
The customers are given a grievance redressal mechanism to lodge their complaints and queries, and such a mechanism is responsive and effective.
The customers are not subjected to any harassment or coercion by the REs or their LSPs/DLAs or their agents for recovery of dues.
The guidelines require that:
The data collected from the customers is relevant and necessary for the purpose of providing credit products and services and is not used for any other purpose without the consent of the customers.
The data processed by the REs or their LSPs/DLAs is accurate, complete and up-to-date, and any errors or discrepancies are rectified promptly.
The data stored by the REs or their LSPs/DLAs is protected from unauthorized access, modification, disclosure or destruction and is retained only for as long as it is required for the purpose of providing credit products and services or as per the applicable laws and regulations.
The data shared by the REs or their LSPs/DLAs with any third party is done only with the consent of the customers or as per the applicable laws and regulations, and such third party is bound by the same standards of data security and confidentiality as the REs or their LSPs/DLAs.
Governance & Oversight
The guidelines require that:
The REs have a board-approved policy on digital lending that covers all aspects of customer protection, data processing, governance and oversight, disclosure, transparency, etc.
The REs have a robust internal control and audit mechanism to monitor and mitigate the risks associated with digital lending, such as cyber risk, operational risk, credit risk, etc.
The REs have a designated nodal officer who is responsible for ensuring compliance with the digital lending guidelines and liaising with the RBI and other authorities.
The REs have a comprehensive outsourcing policy that covers all aspects of engaging with LSPs/DLAs, such as due diligence, contractual terms, service level agreements, performance monitoring, etc.
The REs ensure that their LSPs/DLAs comply with all the digital lending guidelines and report any non-compliance or violation to them.
Disclosure & Transperancy
The guidelines require that:
The REs disclose their digital lending platforms (whether owned by them or by their LSPs/DLAs) on their websites and other communication channels.
The REs disclose their outsourcing arrangements with LSPs/DLAs on their websites and other communication channels.
The REs disclose their key financial indicators (such as loan portfolio size, growth rate, delinquency rate, etc.) on their websites and other communication channels on a periodic basis.
The REs disclose any material events or developments (such as cyber incidents, regulatory actions, customer complaints, etc.) on their websites and other communication channels on a timely basis.
The world of digital lending for NBFCs presents unique challenges and requirements. Adhering to the guidelines, implementing a robust software solution like CloudBankin, and prioritizing transparency and customer protection are key. By embracing these measures, NBFCs can confidently navigate the regulatory landscape and contribute to a safer and more transparent digital lending ecosystem.