Introduction
Digital lending has taken off in a big way in India, with digital loans making up more than 55% of total loans disbursed by private sector banks in 2020 and over 52% of loans provided by NBFCs in 2021.
Despite this general uptick, lax customer protection and data privacy regulations have left a shroud over digital lending. To clear up these ambiguities and increase overall customer trust, the Reserve Bank of India (RBI) has released a series of Digital Lending Guidelines to be followed by all commercial & co-operative banks and NBFCs with immediate effect, i.e September 2, 2022.
These guidelines are applicable from the date of the circular to all fresh loans for both new and existing customers. Existing digital loans must be brought under this purview by November 30, 2022.
The digital lending guidelines lay out new custom protection regulations which include new disclosures to be made to the borrower, such as the Annual Percentage Rate (APR), and digitally signed copies of documents such as the Key Facts Statement (KFS), sanction letter, terms and conditions, and more.
Additionally, the guidelines mandate stringent new protocols for customer data collection, consent, processing, and storage; and formalize channels for grievance redressal.
RBI Tightens Up Customer Protection Protocols
Banks and NBFCs must ensure that all money that flows between the borrower and the financial institution (FI) must occur along a single channel, i.e from the borrower’s account to the FI or from the FI’s account to the borrower’s.
This means that no loan-related capital can be transmitted through third-party accounts, except in the case of co-lending.
FIs must also make sure that any fees or charges are paid directly to them and not charged by their fintech partners to the borrowers. Any penal charges must be based on the outstanding loan amount.
With respect to new disclosures, the Digital Lending Guidelines 2022 lay out a number of instructions.
- Annual Percentage Rate
All banks and NBFCs must disclose the loan’s APR to the borrower. This number will indicate the all-inclusive annual interest rate of the loan – this is the total annual cost of the loan to the borrower.
- Cooling-off / Look-Up Period
Borrowers will now be given an option to exit digital loans without paying any penalties. If a borrower exits a loan within the cooling-off period, they will only have to pay the loan principal and the proportionate APR. These periods will be determined by the board of the FI. The look-up period for a loan with a tenor greater than seven days must be more than three days.
- Product, Partner & Recovery Information
Details regarding the loan features, limit, cost & more must be prominently displayed on the FI’s digital lending app and by its fintech partners. All the partners the FI works with for its digital lending operations, along with the details of the loan recovery agent must also be displayed on the user interface.
Additionally, the digital lending guidelines 2022 have introduced new documentation to be included as part of the loan process.
Key Fact Statement Mandatory For Loan Disbursal
Key Fact Statement (KFS), a standardized document detailing all the key details of the loan must be provided to the customer before the loan agreement is signed.
The KFS will contain the following information –
- Loan amount
- Total interest
- Insurance, processing & other charges
- APR
- Amount to be paid by the borrower
- Cooling off period
- Loan tenor & other essential details
- Grievance redressal information
The KFS will provide borrowers with a clear view of the various charges & fees involved in the loan. Any fee not mentioned in the KFS cannot be charged to the borrower.
Additionally, the digitally signed KFS must be sent to the borrower. However, this isn’t the only document that needs to be disclosed to the borrower.
Digitally Signed Disclosures To Borrowers
According to the RBI Digital Lending Guidelines 2022, certain loan documents must be signed using digital signatures.
These documents must then be sent to the borrower’s email address or mobile phone as part of the loan disclosures that digital lenders are required to make.
The following digitally signed documents must be sent to the borrower before executing the loan.
- The KFS
- The summary of the loan product
- Loan sanction letter
- Terms and conditions of the loan
- Account statements
- Privacy policies of the FI & any fintech lending partners
FIs must also note here that all these documents are to be created on the letterhead of the FI, and that the process of sending digitally signed copies of these documents to borrowers must be automatic.
Digital signature solutions with pre-programmed loan document templates are immensely useful for banks & NBFCs in this case.
SignDesk’s eSign solution enables FIs to create documents in bulk using our template libraries and invite multiple internal signers for instant digital signatures.
Once eSigned, these documents are automatically sent to the borrower’s email ID and the entire process is completed within minutes
An audit trail is maintained on the system for all documentation activities, and every client profile along with loan documents is managed smoothly on our smart dashboard.
New Rules For Data Processing
The major part of the digital lending report is concerned with data protocols for digital lending. RBI lays out data collection, storage & processing guidelines to be followed by FIs and their lending partners.
Here’s a quick summary of what FIs can and can’t do with customer data.
- Any customer data collected by FIs or their lending partners must be need-based. Explicit customer consent must be obtained for all data collected with an audit trail maintained for transparency.
- The purpose of obtaining consent from the borrower must be communicated at every stage. Borrowers must also be given an option to provide or revoke consent for the usage of specific data, restrict third-party disclosure, retain data, and wipe all data from the app.
- FIs must ensure that they only store a minimal amount of customer data (name, address, contact details, etc) required for operations. A clear privacy policy must be disclosed to the customer in this regard. This policy must cover security breach protocols, data destruction protocols, data storage periods, restrictions on data usage, and more.
- All biometric data must be stored by the FI itself and not with their lending partners. Additionally, all data must be stored on servers located within the borders of India.
Digital Lending In 2022 – Key Takeaways For Banks & NBFCs
RBI’s digital lending report 2022 aims to increase customer confidence in the digital lending ecosystem by establishing clear data collection & processing rules, and by introducing new disclosures to keep borrowers informed about what they’re signing up for.
The onus is now largely on FIs to adhere to these stringent protocols and make the digital lending process more transparent and secure for borrowers.
Here’s what digital lenders must keep in mind going forward.
- Collect only the data you need & keep borrowers in the loop
FIs are to collect data on the basis of needs, with strong data controls for borrowers to restrict or retain data, and to revoke consent for data sharing.
Digital lenders cannot collect mobile phone data such as on-device media, contact lists, call logs, etc. One-time access must be taken to collect data from a borrower’s camera, microphone, or GPS for KYC verification and onboarding.
- Integrate with eSign capabilities for accelerated loan execution
Loan documentation including KFS, sanction letter, loan summary, loan terms & more must be digitally signed. These eSigned documents must then be automatically sent to the borrower before executing the loan.
Banks & NBFCs will need to integrate with digital signature providers to expedite this process and include it in their loan disbursal workflow. Previously, digital lenders would send out unsigned copies of these documents. Henceforth, all such loan documentation must be eSigned.
- Define clear boundaries for lending partners and third parties
The RBI requires all digital lenders to conduct proper due diligence before partnering with a fintech lending partner. All lending partners must adhere to various cybersecurity standards and must also have a comprehensive privacy policy in place.
No cash flow is to take place through the bank accounts of partners or third parties, and FIs must ensure that they do not store customer data and process the same according to the guidelines laid out.
Start eSigning Loan Documents Today
SignDesk’s award-winning eSign workflow solution is leveraged by 80+ private banks and NBFCs to expedite document signatures.
We offer bulk document upload options and custom template libraries to create sanction letters & other documents instantly. Once documents are uploaded, invite multiple signers to digitally sign these documents.
Signers are invited in sequence or in parallel, and document status is tracked & managed on our smart dashboard. After digital signatures, eSigned copies of the loan documents are sent to all the stakeholders for download. Every activity is recorded to create an audit trail for loans.
Book a free demo now to cut your signature cycles by over 50% and get loans out faster!