The new digital lending guidelines are effective immediately, and have to be implemented within November 30, the RBI has said in a statement.
The Reserve Bank of India has issued guidelines to all lenders, including banks, in order to protect the data of borrowers and customers in general and keep them from being misused. The new guidelines are effective immediately, and have to be implemented within November 30 to facilitate a smooth transition. According to the guidelines, Regulated Entities (RE) cannot store any information of borrowers other than specified ones.
Read More: TCS Says All Experienced Staff Will Be Given Hike During Annual Salary Appraisal
“It is further advised that the instructions contained in this circular shall be applicable to the ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’, from the date of this circular. However, in order to ensure a smooth transition, REs shall be given time till November 30, 2022, to put in place adequate systems and processes to ensure that ‘existing digital loans’ (sanctioned as on the date of the circular) are also in compliance with these guidelines in both letter and spirit,” said the RBI in a press release dated Friday, September 2.
As per the guidelines, REs have to ensure that Lending Service Providers (LPS) or Digital Lending App (DLA) engaged by them do not store any personal information of the borrower, except some basic minimal data. These include name, address, contact details of the customer, etc. “Responsibility regarding data privacy and security of the customer’s personal information will be that of the RE.”
All data should be stored only in servers located within India, while ensuring compliance with statutory obligations/ regulatory instructions.
Read More: RBI Launches Pilot Project to Digitise KCC; Aims at Transforming Rural Credit Delivery
“REs shall ensure that any collection of data by their DLAs and DLAs of their LSPs is need-based and with prior and explicit consent of the borrower having audit trail. In any case, REs shall also ensure that DLAs desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements only, with the explicit consent of the borrower,” as per the RBI guidelines.
Borrowers will get explicit option to exit digital loan by paying the principal and the proportionate APR without any penalty during this period. “The cooling off period shall be determined by the Board of the RE. The period so determined shall not be less than three days for loans having tenor of seven days or more and one day for loans having tenor of less than seven days,” said the RBI.
Regulated Entities are also required to provide Key Fact Statement (KFS) to the borrower before the execution of the contract for all digital lending products. This will contain the details of APR, the recovery mechanism, details of grievance redressal officer designated specifically to deal with digital lending/ FinTech related matter and the cooling-off/ look-up period.
The guidelines are applicable to all commercial banks, primary (urban) co-operative banks, state co-operative banks, district central co-operative banks and Non-Banking Financial Companies, including housing finance companies.
