Digital Lending

A wise man once said, “Technology is a useful servant but a dangerous master” . As we stand today, at the crossroads of a future that is dominated with Artificial Intelligence, technology proves to be a dangerous thing.

Living in the 21^st century, no person can imagine their life without a smartphone and that clearly shows the dependency of man on technology is only growing with no signs of slowing down. Technology has by far, already entered almost all fields of work and it will only increase, bringing about a need to regulate all these advancements and put the necessary stops in place.

One such field where technology has made its space would be the digital lending field where lending takes place through online platforms and mobile applications. Digital money lending has recently become big enough to have their advertisements and posters. Even well-known apps like Paytm and Cred have started offering the same. However, it comes with ample risks, and to understand that, we should look into digital money lending as a whole.

The concept of digital lending has been introduced by FinTech (financial technology) companies that came up with the idea of making lending easy. Fintech has been defined as “technologically enabled innovation in financial services that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services” by Financial Stability Board.

Keeping this in mind, we can understand that digital lending refers to all the credit activities  facilitated by electronic platforms whereby borrowers are matched directly with lenders. Thus style of lending can be said to include market place lending i.e., lending financed mostly from wholesale sources and non-loan obligations, such as, invoice trading.

Digital Lending has generally been partnered with NBFCs and has thus taken two forms, balance sheet lending (BSL) and market place lending (MPL). Balance sheet lending refers to financial service involving extension of monetary loans, where the lender retains the loan and associated credit risk of the loan on its own balance sheet, while Market place lending refers to connecting financial consumers or businesses seeking to borrow money with investors/ lenders having the same to give on a provided online platform.

BSL and MPL differ from each other in terms of where the lending money comes from and where the credit risks of such loans reside. Balance sheet Lenders provide capital for assets and associated credit risk that exists in their balance sheet, generated organically or non-organically. Market Place Lenders match the needs of the lenders and borrowers without any intention of carrying the loan in their balance sheet.

The digital lending life cycle starts with a user initially discovering the presence of the platform and the curiosity attached with it. The following are the basic steps that are generally followed:

1. The discovery and registration of the money lending platform
2. Loan application submission
3. The processing of the application
4. User verification
5. Loan disbursement
6. Loan repayment

The public sector banks and foreign banks largely depend on their own applications and websites for the disbursal of digital loans, while the private sector banks highly depend on outsourced or third-party applications. The credit offered through digital channels by the public sector banks is more secure and protected as compared to the digital lending portfolio or a third party app of private sector banks and foreign banks.

1. FinTech platform financing, being a mechanism for inter-mediating financing over the internet using an electronic with those who are willing to provide these funds for a financial return. Depending on the type of funding, it is further distinguished between loan crowd-funding and equity crowd-funding. Crowd-funding facilitates establishment of individual contracts between those seeking funds and those seeking to invest/lend, and the platform, by itself, does not undertake risk transformation.

FinTech balance sheet lending can be regulated through the method of applying a mandatory license that would be required by them if they desire to lend money digitally. This license could be a banking license – similar to the one that banks hold, or a non-banking license – such as a non-bank financial intermediary license, or a sort of Alternative Investment Funds Managers license where the entities need a sort of approval to be able to invest.

Crowd-funding platforms can be regulated through registration requirements, a minimum amount of paid-in capital, list of permitted activities, governance norms, business continuity planning, and disclosure agreements.

The digital lending ecosystem requires ample attention and regulations especially taking into account the speed at which they are growing. Some such fields of the digital lending ecosystem that require special attention are:

Lending Service Providers (LSPs): These act as both, core and ancillary service providers and are essentially very technology-centric. They provide services such as providing a marketplace for lenders and borrowers, loan sourcing, underwriting, platform, can be further bifurcated under the following categories:

1. FinTech balance sheet lending: This refers to the use of balance sheets in the ordinary course of business to mediate between borrowers and lenders on online platforms.
2. Crowd-funding: This has been defined as matching persons/ entities needing fund
3. collection services for repayments, data aggregation & analysis, rating services, etc. the LSPs are largely of two types, namely:

• Entities regulated by the financial sector regulators.
• Entities not specifically regulated by any financial sector regulator.
• Fringe lenders: these operate without getting themselves registered for lending activities with the concerned authorities and create an informal market. These lenders act as shadow balance sheet lenders making it difficult to identify and monitor them on real time basis.

Another model for digital lending that has been adopted by lenders is “First Loss Default Guarantee” (FLDG). The LSP bear credit risk without having to maintain any regulatory capital. Through this model, the LSP, a non-banking non-financial company (NBNC), may undertake balance sheet lending in partnership with a bank/NBFC or on stand-alone basis, without satisfying the principle business criteria to remain outside regulation. This leads to higher operational risks due to increasing reliance of lenders on third-party service providers.

Another such model for lending is Shadow Lending. Under this, the conduct of financial service is done under digital anonymity and layering under regulated entities. This creates a major cause for concern as there is anonymity provided by the internet, the country of origin, different entities involved in the loan life-cycle, no clear differentiation between balance sheet lending and LSP, and the lack of registration requirement with a financial regulator.

Need for consumer protection

A key concern for the consumers through the digital lending lifecycle is the request for access to various apps and services on the consumer’s phone.  The analysis of several consumer complaints shows that the digital lending apps misuse the high-risk data that has been shared with them.

Things like e-KYC require access to the user’s camera to verify their identity, and location data is required to confirm the location of the user to prevent fraud. Since the trend is now flowing towards cashless and paperless, there will be hike in the number of apps asking for such critical permissions.

With such technological advancements at such a fast pace, the issues that may arise in this field increase with the haste. There are numerous privacy lapses that have been observed across the digital lending platforms. Some of the major prevalent problems that have occurred include:

• Deficient transparency regarding why the information is collected, what all information has been collected, and how it is to be used.
• There is no option available with the users to update, manage, export or delete their data after their loan amount has been paid off.
• Often, the money lending apps do not disclose the banks or NBFCs that they partner with, which can become a major concern for the users.
• The access to the user’s contact list, photos, or any other sensitive data is often misused by the recovery agents as a way to harass the users and their friends and family.
• Threat actors can gain access to customer’s information through unsecured cloud servers, misconfigured applications, open ports and exposed API keys.
• Due to the major use of personal information of the users including their financial data and other sensitive information, there is a high risk of data breaches involved. Many reports have shown that financial services companies are 300 times more likely to be targeted by cyber-attacks.
• More than half of the apps that are available as digital lending platforms are illegal or fake and are basically just scamming platforms.
• There has been an increase in the number of scammers who call as customer care and end up using the personal information to scam and perform theft.
• Synthetic identities are created using valid but stolen aadhaar numbers with accompanying false personal information. The method used by the fraudsters to compose the fake identity decides the complexity in its detection and its potential financial harm.
• Often, the customers do not have the most basic information with them which is essential before entering into the loan agreement. This leads to over-indebtedness.
• Since the credit checking of a potential customer is performed by AI machines, there is a major lapse in their potential to payback the loan amount along with the interest on the same.

Conduct Aspects of Digital Lending in India

Digital lending has few conduct loopholes that need to be properly addressed and regulated by the appropriate body. There has to be a Code of Conduct established for the digital lending platforms that defines their ambit and scope along with their appropriate way of functioning. The principle of ‘caveat emptor’ shall not be treated as the only way of going forward.

• The KYC process is a critical and trustworthy process that ensures that the consumer’s needs and circumstances are met with appropriate solutions. This process involves sufficient and verifiable information for customer segmentation. The human and technical resources then further use this to ensure that the offered service/gift is appropriate for the prospective consumer’s needs, expectations and risk profile.
• The DLAs often aggressively advertise their schemes, coupled with instant disbursements which lure many customers into borrowing recklessly for consumption/ life-style needs. This ends up leading to over-indebtedness and non-repayment. Placing a restriction on loanable amount based on the income and monthly expenditure of a person can help in regulating the high loans into small amount loans. This reduces the indebtedness on a person and makes it easier to get out of this cycle.
• Any unilateral restrictions on access imposed by the platforms can lead to situations where the customer may get locked out of the system due to the dependence of lenders on third-party platforms.
• The new model of “Buy Now Pay Later (BNPL)” is a form of sale credit where buyers/ purchasers are typically given a 15-30 day interest free repayment period. Such transactions are often labelled as a product for enhanced customer engagement and seamless user-experience with a potential replacement for credit cards, but not a credit product and are thus not reported to credit bureaus. If the user fails to repay the same in the stipulated time, then a penalty and fees are charged and the outstanding amount may be converted into an EMI.
• Over-indebtedness is usually the consequence of lending/ borrowing above the levels of consumers’ credit worthiness. There is also major under-reporting of outstanding loans of the borrowers as the information about loans extended by money lenders or companies other than NBFCs is not submitted to credit information companies.
• Consumers often miss key information that is required by them for making any financial decisions due to the lack of knowledge and resources available with them to comprehend the same.
• The customers should be able to make informed decisions by providing them fair and simple disclosures that enable them to compare different loan products. An informed borrower would become a means to enhance competition, that could lead to lowered interest rates and the quality of services provided by the service provider could also improve greatly.
• The consumers have very poor understanding with regard to the purpose for which their information is being used and the persons with whom their data is being shared.
• Certain sections of customers get discriminated against because the algorithms that are used by the DLAs become systematically prejudiced due to the erroneous assumptions in the machine learning process.
• The loan agreements must follow a standardized format which erases the barrier for accessing small ticket loans from conventional lenders. The transparency and standardization of loan agreements will make the process easier and have more sustainability.
• Statutory caps such as margin caps on the interest rates help in keeping the interest rates in check which in turn, reduces the burden upon the most vulnerable customers. However, such cap also limits the high-risk borrowers from obtaining credit or developing a credit history, as lending to them becomes unprofitable.
• The customers should be treated fairly and ethically at all times. There should be an implication of reasonable selling practice and the customer’s information should be treated carefully. The usage of technology in digital lending creates a greater data footprint. The algorithm-based underwriting models which rely on AI and ML are fed with data-points on personal details and social behaviors. Over time, the outcomes of these models unwittingly develop bias and deprive a certain section of borrowers the access to credit by discriminating them.
• The real-time need to have a Code of Conduct for the recovery agents has only grown stronger with the misuse of signed agreements as reported by the digital lenders who have access to the mobile phone data and contacts of the borrowers and often adopt strong-arm inducements to ensure repayment.
• There should be an effective grievance resolution mechanism that answers the most basic questions of the consumers namely, ‘how, when and where?’ The lack of such mechanisms proves to be a violation of extant guidelines and consumer rights along with endangering the adoption, acceptability and trustworthiness of digital lending amongst the masses in the long run.

Consumer protection methodologies         

Seeing all such problems that arise with digital lending, the need for the protection of such consumers is only rising and this will continue to grow in the future. There are multiple different methodologies that are being applied to protect the consumer from scams on the digital platforms.

The RBI, vide its circular titled ‘Loans Sourced by Banks and NBFCs over Digital Lending Platforms: Adherence to Fair Practices Code and Outsourcing Guidelines’ dated June 24, 2020 that reiterates the responsibilities and the guidelines that must be adhered to by all regulated entities. The aforementioned guidelines on consumer protection are also applicable to all regulated entities and/ or their agents engaged in digital lending.

1. Fair Practices Code: A Fair Practices Code (FPC) grants the banks and NBFCs the freedom to draft their own regulations and guidelines without limiting the scope of the guidelines prescribed to them. The FPC provides for:

• guidelines for loan application processing, transparency in interest rates/ fees/ penalty, general terms and conditions, non-discriminatory practices, post disbursement supervision etc. The banks also have a duty to inform the consumer of the “all-in-cost” of credit so as to enable them to compare the rates with other sources of finance.
• providing a copy of loan agreement (with all enclosures) to the borrower
• blockage of undue harassment in the matter of recovery of loans by constantly bothering the borrower at odd hours, use of muscle power etc.
• a board approved grievance redressal mechanism
• all communication to the borrower should be in a language understood by the borrower.

1. Managing Risks and Code of Conduct in Outsourcing of Financial Services: Reserve Bank has laid down structured guidelines for banks and NBFCs following the principle that the actions of the outsourced service providers are the responsibilities of the Board and Senior Management as well. Some clear indications of the code to address the consumer protection risks are:

• Data privacy and security of consumers should be ensured by regulated entities against security breaches by service providers.
• The regulated entity and their agents shall not resort to any intimidation or harassment of any kind, including verbal or physical in their effort of debt collection that could cause humiliation or defame the persons intended for this.

1. All service providers need to adhere to a Code of Conduct (as approved by Board/ prescribed by IBA). The Fair Practices Code must be strictly adhered to by the recovery agents and they must follow all the instructions that are given under it.
2. Code of Recovery: recovery agents for banks and NBFCs have to follow the prescribed guidelines that provide for due diligence, information to the borrower about recovery agents, adherence to FPC, and a code of conduct, etc.
3. Ombudsman Scheme: Ombudsman Scheme was operationalized in 1995 to establish a system of expeditious and inexpensive resolution of ‘bank’ customer complaints. The Banking Ombudsman Scheme has grown over the last two decades and a comprehensive Ombudsman Scheme has also been introduced for NBFCs in 2018 and for digital transactions in 2019. An integrated Ombudsman Scheme has been rolled out to further enhance the simplicity, effectiveness, and responsiveness of the Ombudsman framework adopting a ‘One Nation One Ombudsman’ approach.
4. Key Fact Statement (KFS): Banks are mandated to provide a clear, concise and accurate one-page statement holding the key points or amendments as and when they arise. It may also be included in the credit agreement. It is mandatory for the loan agreement to always be in the language of the customer’s choice.
5. Charter of Customer Rights: A Charter of Customer Rights was released by Reserve Bank in 2014 which enshrines broad, overarching principles for protection of customers of all scheduled commercial banks, regional rural banks, and urban co-operative banks. It details the five basic rights of as bank namely:

• Right to Fair Treatment,
• Right to Transparency, Fair and Honest Dealing,
• Right to Suitability,
• Right to Privacy, and
• Right to Grievance Redress and Compensation.

1. Risks associated with Information Technology: The banks and NBFCs have been issued guidelines that suggest appropriate measures to be undertaken in order to ensure stability and security of their IT systems so as to prevent any cyber breaches that have have their effects upon the consumer protection.
2. Consumer Protection Act, 2019: The new Act has brought e-commerce and electronic service providers within its ambit making it applicable on digital lenders and their agents. It explicitly prohibits false and misleading advertisements and unfair trade practices.

Along with the aforementioned regulations, the RBI also added a few more mandatory rules that are to be followed for each transaction, namely:

• Names of digital lending platforms engaged as agents shall be disclosed on the website of banks/ NBFCs.
• Digital lending platforms engaged as agents shall be directed to disclose upfront to the customer, the name of the bank/ NBFC on whose behalf they are interacting with him.
• The sanction letter must be issued to the borrower on the letter head of the bank/ NBFC concerned immediately after the approval of sanction and before the loan agreement is executed.
• The borrowers shall receive a copy of the Loan agreement along with all enclosures mentioned in it at the time of loan sanction/disbursement.
• The digital lending platforms engaged by banks/ NBFCs shall ensure that there is effective oversight and monitoring over them.
• There should be creation of awareness regarding the grievance redressal mechanism and there must be ample efforts made for the same.

Recommendations by RBI and the Government of India

The Reserve Bank of India and the Government of India have made various recommendations on how the digital lending platforms should be regulated and the consumers could be protected from scams and frauds through the same. The following suggestions are some of the most eminent ones.

• For the balance sheet lenders, the bank accounts should be the primary medium for all transactions and all the functionalities should be executed directly without any pass-through account/ pool account of any third party.
• There should be a uniform model for all LSP Agreements as proposed by the SRO.
• The outreach of established or formal digital channels needs to be expanded so as to eliminate fringe lenders, and other such scamming websites.
• An independent body styled as Digital India Trust Agency (DIGITA) should be set up that discharges the function of verifying the digital lending apps (by extension, in future, other FinTech apps where the customers interact with a regulated financial system) before such apps are made available to the public.
• A separate National Financial Consumer Protection Regulation under the Act may be developed by all financial sector regulators which would enable the dispute resolution or grievance redressal bodies that handle all the service and financial disputes and complaints in a more assertive and speedy manner.
• The issuance of new or replacement SIM cards should be a more comprehensive and stricter process so as to reduce the amount of frauds or illegal marketing of digital lending products.
• All payment transactions should have an SMS or email system that lets all the customers know the basic details of all transactions that take place in relation to digital lending.
• Bank accounts that are regularly operated from a different/ overseas IP address and are not consistent with KYC profile of the account holder, should be monitored by banks for suspicious activities.
• The basic technology standards/ requirements that would be stipulated by the RBI in relation to cyber-security must be followed rigorously as a pre-condition before digital lending can be offered to clients.
• All the documents that are digitally signed before loan disbursement must be automatically shared with the consumer on their emails.
• The baseline technology standards for DLAs should include secure application logic and secure application code, keeping a log of every action that the users perform along with their geolocation, IP address, and device information. There should also be multi-step approval process for all critical activities and monitoring of transactions passing through the App in an auditable manner.
• There should be reasonable restrictions on the data sharing by the FinTech apps as the misuse of consumer data starts there.
• The user interfaces should not use “trick consent” for collecting consumer data and the consumers must be informed prior to such collection with an explicit consent being obtained from them. There should be an option with the borrower allowing them to revoke all the data that they shared with such platforms.
• No data of any user should be left with the fintech platforms after such consumer has uninstalled the app.
• The permissions by the FinTech asking access to system resources must be as limited as possible and be completely need based. The consumers should also have the option of denying the same.
• There should be a standardized format for loan agreements that are in the vernacular language of the consumer so as to make all terms and conditions understandable to them. All such agreements should be in consonance with the applicable laws, regulations and FPC.
• Each lander has to formulate and publicly display an Anti-Predatory Lending Policy.

Conclusion

Digital Lending can be a revolution to the financial sector and could change the way loans are disbursed. Since technology has been growing faster and reducing the strain on humans, with reasonable restrictions in place, financial lending through digital platforms could be the next boon for humanity.

The people need to, however, be made aware of all the pros and cons of digital lending so that they can make informed decisions if they intend to enter the same. It is also the duty of the FinTech leaders to make sure that the proper codes and regulations are followed.

To sum up, the main issues that need to be looked into are the lack of transparency, data leaks and breaches, fake customer care scams, and improper checks on credit policy.

The focal steps that the Reserve Bank of India plans on taking in order to regulate the digital lending platforms are the establishment of Fair Practices Code, a Code of Conduct for recovery, Key Fact statement and a regulatory body to keep a check on the functioning of digital lending platforms.

The consumer protection is the most important aspect for consideration when it comes to digital lending and hopefully this field can become more regulated as times change and technologies upgrade.