The Bar Council of India does not permit advertisement or solicitation by advocates in any form or manner. By accessing this website, www.khaitanco.com, you acknowledge and confirm that you are seeking information relating to Khaitan & Co of your own accord and that there has been no form of solicitation, advertisement or inducement by Khaitan & Co or its members. The content of this website is for informational purposes only and should not be interpreted as soliciting or advertisement. No material/information provided on this website should be construed as legal advice. Khaitan & Co shall not be liable for consequences of any action taken by relying on the material/information provided on this website. The contents of this website are the intellectual property of Khaitan & Co.

Please accept the above


See all results for ""

RBI issues guidelines for digital lending sector


22 August 2022



Digital lending has the potential to make financial products and services accessible to public in a more fair and efficient manner. However, there are certain inherent risks associated with digital lending (like any other lending activity) such as unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices, which if not addressed may erode the confidence of the public in the digital lending. Being cognizant of such risks and to ensure orderly development of digital lending along with preservation of financing stability and protection of depositors’ and customers’ interest, the Reserve Bank of India (“RBI”) on 13 January 2021, issued a press release confirming the constitution of a working group (“Working Group”). The Working Group was set up by the RBI to study all aspects of digital lending activities in the regulated financial sector as well as by unregulated players, so that an appropriate regulatory framework could be put in place for digital lending through online platforms and consumer protection.

On 18 November 2021, the Working Group submitted its report to the RBI and made various recommendations for addressing the existing and potential risks (i.e., inter-alia consumer protection from unethical practices, breach of data privacy, regulation of unregulated entities, enforcement of fair practices code for digital lending entities, data governance) in the digital lending ecosystem without stifling innovation (“Report”). The RBI on the same date (i.e., 18 November 2021) released the Report seeking comments of the relevant stakeholders and members of the public. Further to this, the RBI, on 10 August 2022 issued a press release laying down the preliminary regulatory framework for the relevant entities based on the recommendations of the Working Group (“Press Release”).



As per the Press Release, the Working Group has provided its recommendations based on the following classification of digital lenders:



Recommendation oF THE WORKING GROUP


Entities regulated by the RBI and permitted to carry out lending business

The RBI to consider a regulatory framework focused on the digital lending ecosystem of the entities regulated by it[1] (“REs”) and the lending service providers[2] (“LSPs”) engaged by them to extend various permissible credit facilitation services.


Entities authorized to carry out lending as per other statutory/ regulatory provisions but not regulated by the RBI

The respective regulator/ controlling authority to consider formulating or enacting appropriate rules/ regulations.


Entities lending outside the purview of any statutory/ regulatory provisions

Specific legislative and institutional interventions be undertaken by the Central Government to curb illegitimate lending activity being carried out by such entities.  State money lending statutes may also be applicable.

Based on the above classification, the RBI has considered the recommendations of the Working Group and laid down a regulatory framework for REs and LSPs.



Set out below is our analysis of the RBI’s regulatory framework:


Recommendations for immediate implementation: For certain aspects which needed urgent attention, the RBI has carved out specific recommendations of the Working Group for immediate implementation, as Annexure I of the Press Release. These recommendations inter alia include guidelines on consumer protection, conduct issues, technology and data requirements amongst other regulatory framework changes. Key guidelines are as below:






Consumer protection and conduct issues


Loan disbursals/ repayments should only be executed between the bank accounts of borrower and the RE without any pass-through/ pool account of the LSP/ third party;


Fee/ charges payable to LSPs in the credit intermediation process are required to be paid by RE and not by the borrower;


Prior to execution of a loan contract, the RE must provide a standardized key fact statement (“KFS”) to the borrower. The KFS shall inter alia contain (i) details of the applicable annual percentage rate (“APR”); (ii) terms and conditions of recovery mechanism; (iii) details of grievance redressal officer designated specifically to deal with digital lending/ FinTech related matter; and (iv) cooling-off/ look-up period;


RE’s must upfront disclose all-inclusive cost of digital loans (as APR) to the borrowers, and the APR should form part of the KFS provided to the borrower. For clarity, please note that an APR is based on all inclusive cost and margin including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., except contingent charges like penal charges, late payment charges etc;


Any automatic increase in credit limit without the explicit consent of the borrower is prohibited;


The borrowers are required to be provided provisions of a cooling-off/ look-up period during which they can exit digital loans by paying the principal and the proportionate APR without any penalty. Such provisions are mandatorily required to be incorporated in the loan contract executed with the borrower;


LSPs engaged by RE’s are required to appoint a nodal grievance redressal officer to deal with financial technology/ digital lending related complaints. Such officer is also required to deal with complaints against their respective digital lending applications[3] (“DLAs”).


The details of the officer are required to be indicated on the website of the RE, its LSPs and on relevant DLAs. Further, RE’s need to communicate to the Borrower, the details of the LSP acting a recovery agent both at the time of sanctioning of the loan as well as subsequent change in LSP.


RE’s are required to ensure that digitally signed documents supporting important transactions through DLAs of REs/LSPs, such as KFS shall automatically flow from the lender to the registered/ verified email/ SMS of the borrower upon execution of the loan contract/ transactions;


All complaints lodged by the borrower are to be resolved within 30 days. If not resolved, the borrower may lodge a complaint under the RBI’s “Integrated Ombudsman Scheme”.


Technology and data requirements


DLAs are permitted to gather data on a needs-basis only after obtaining prior explicit consent of the borrower which can be audited, if required. Further, DLAs are required to have clear audit trails for such data collected by them.


The borrower shall be provided an option to accept/ deny consent for use of specific data (including the option to revoke previously granted consent and deletion of the data collected) by the DLAs/ LSPs.


REs’ are to ensure that DLAs have a comprehensive privacy policy (to be made available in public) compliant with applicable laws for access and collection of personal information of borrowers.


Credit bureau reporting


Lending sourced through DLAs (either of the RE or of the LSP engaged by RE) is required to be reported to credit information companies by the REs, irrespective of its nature or tenor.


New digital lending products extended by REs over merchant platforms involving short term credit/ deferred payments are required to be reported to credit information companies by the REs.


Onus of implementation: The REs are required to ensure that the LSPs/ DLAs also implement the requirements set out above (recommendations for immediate implementation), as applicable. The onus of ensuring implementation of the requirements rest with the REs.


Recommendations for further examination: Certain recommendations of the Working Group on consumer protection & regulatory conduct requirements, technology & data requirements, first loss default guarantees (“FLDGs”) and regulatory framework have been accepted by the RBI in-principle but remain subject to further examination. These recommendations have been listed down in Annexure II of the Press Release.

Specifically, in context of FLDGs, the RBI has stipulated that in the interim, banks and NBFCs must ensure that FLDG arrangements (which involve offering of financial products backed by contractual agreements to compensate the lender for up to a percentage of the default in the underlying loan portfolios) adhere to the existing guidelines issued by the RBI for securitisation of standard assets both in letter and spirit. The securitisation guidelines prescribe conditions for issuance of credit enhancement facilities in the context of securitisation exposures – such conditions include the requirement that the providers of such credit enhancement to be regulated by a financial sector regulator, failing which they must hold capital equivalent to the full value of the underlying exposure. This may now apply to FLDG arrangements as well in connection with loan exposures of banks / NBFCs. Directionally, it appears that the RBI is not inclined to permit regulated entities to avail FLDGs from DLAs and the matter is under further consideration.


Recommendations that require wider engagement with the Government of India and other stakeholders: Lastly, the RBI has determined certain recommendations of the Working Group that require consideration of the Indian Government prior to their implementation. These recommendations inter alia include the framing of legislation(s) for banning unregulated lending activities, setting up of an independent body to monitor DLAs, recommendations for the Registrar of Companies, etc.




The Working Group had identified several issues regarding the digital lending business and allied-service providers that needed to be addressed. The guidelines issued by the RBI are a welcome step towards creating a specific regulatory framework, and methodological growth of the lending business in the digital era. While the slew of consumer protection/ conduct measures provides additional credibility and validation to digital lenders/ FinTech companies, they also put sectoral players in the regulatory eye.

It remains to be seen how the RBI proceeds with the recommendations that are yet to be implemented and are being examined/require further consideration from the Indian Government.

-         Moin Ladha (Partner), Smita Jha (Partner), Charu Singh (Associate), Rohitesh Tak (Associate) and Tanish Prabhakar (Associate)

For any queries please contact: editors@khaitanco.com

[1] Note: The term “regulated entities” refers to entities in the digital lending sector that are regulated by the RBI. Some examples of a regulated entity in this context can include non banking financial companies and banks.

[2] Note: The term “lending service provider” refers to entities that are engaged by the regulated entities to undertake the digital lending business. Typically, a regulated entity such as an NBFC engages with financial technology companies to set up their digital presence, provide online contracts to its customers, etc.

[3] Note: “Digital lending applications” refers to technology-based applications to perform lending services. Regulated entities set up digital lending applications to perform lending services online. For instance, banks set up their digital lending applications to offer online banking services, provide loans, etc.

Moin Ladha (partners) , Smita Jha (partners)

We have updated our Privacy Policy, which provides details of how we process your personal data and apply security measures. We will continue to communicate with you based on the information available with us. You may choose to unsubscribe from our communications at any time by clicking here.

For private circulation only

The contents of this email are for informational purposes only and for the reader’s personal non-commercial use. The views expressed are not the professional views of Khaitan & Co and do not constitute legal advice. The contents are intended, but not guaranteed, to be correct, complete, or up to date. Khaitan & Co disclaims all liability to any person for any loss or damage caused by errors or omissions, whether arising from negligence, accident or any other cause.

© 2021 Khaitan & Co. All rights reserved.


One Forbes
3rd & 4th Floors, No. 1
Dr. V. B. Gandhi Marg
Fort, Mumbai 400 001


119/65, First Floor
Dr Radhakrishnan Salai
Chennai 600 004,


Max Towers
7th & 8th Floors
Sector 16B, Noida
Gautam Buddh Nagar
201 301 India


Ocean Financial Centre
#37-02 10 Collyer
37th Floor Quay
Raffles Place 049315,