The Reserve Bank of India (RBI), on Wednesday, 10th August 2022, issued a press release for the implementation of the recommendations of the Working Group on Digital Lending (WGDL). WGDL had submitted its recommendations on digital lending about 9 months before this publication.

RBI has classified digital lending institutions in the country into three groups:

  1. Regulated Entities (REs): entities regulated by the RBI and permitted to carry out lending business like banks, and non-banking financial institutions (NBFCs)
  2. Entities authorized to carry out lending as per other regulatory provisions but are not regulated by RBI, like non-banking non-financial companies (NBNCs) and buy-now-pay-later (BNPL) lenders.
  3. Entities that are not regulated by statutory or regulatory provisions.

RBI’s digital lending regulatory framework focuses on the digital lending ecosystem of permitted Regulated Entities (REs):

  1. Lending Service Providers (LSPs): Agents to carry out lending functions like acquiring customers, paying loans, and recovering loans. LSP acts as a marketplace from where borrowers can source loans. It includes fintech companies like LendingKart and PayTM.
  2. Digital Lending Apps (DLAs): Mobile and web-based applications created by LSPs that facilitate digital lending services. 

Accepting the recommendation of the WGDL, RBI directed the REs and LSPs that all loan disbursals and repayments should be executed only between the borrower’s bank accounts and the REs. RBI has also clarified that loan disbursals and repayments should not be made through a pass-through or pool account of the Lending Service Providers (LSP) or any third party.

Below are the key points to the implementation

Loan Disbursal:

  • All loan disbursals and repayments will be made only between the borrower’s bank accounts and the RE without any pass-through/ pool account of the LSP or any third party. It means that REs will directly transfer loan amounts to the borrower’s account without passing it through the LSP account.
  • Borrowers will not have to pay any fees or charges to the LSPs. REs will pay all charges or fees for the credit intermediation process to the LSPs.


  • REs will provide the borrowers with a standardized Key Fact Statement (KFS) before executing the loan contract. KFS will include important details mentioned in the loan contract, like loan amount, loan period or term in months, annual percentage rate (APR), EMI to be paid, details of recovery mechanism, grievance redressal process, and other relevant details.
  • REs must take explicit consent from the borrowers before increasing the credit limit.

Borrower’s Consent and Informed Decision:

  • REs will provide a cooling-off/ look-up period to the borrowers during which they can exit the digital loan contract. If borrowers decide to cancel the digital loans, they will have to pay the principal and the proportionate APR. There will be no penalty for exiting the loan agreement during the cooling-off/look-up period.  This allows a loan prepayment facility for the borrowers.

Complaint Redressal:

  • REs and the LSPs have to appoint a Nodal grievance redressal officer to deal with FinTech/digital lending-related complaints made against their respective Digital Lending Apps (DLA). These are mobile or web applications used by REs or LSPs for digital lending. The respective grievance redressal officer’s details must be mentioned on REs, LSPs websites, and DLAs.
  • REs have to resolve the complaints lodged by borrowers within 30 days. However, if a complaint is not resolved within the stipulated period, the borrower can complain about the DLA under the Reserve Bank – Integrated Ombudsman Scheme (RB-IOS).

Data Collection, Technology, and Privacy: 

  • DLA can only collect the necessary data of the borrowers after their explicit consent.  DLAs will have to maintain clear audit trails while collecting borrowers’ data. It means keeping track of sources from where the data has been collected.
  • Borrowers will have the option to accept or deny consent for the use of specific data. They will also be allowed to revoke previously granted consent and ask DLAs/LSPs to delete the data collected from respective borrowers.

Reporting to Credit Information Companies:

  • REs will report any lending provided through DLAs to Credit Information Companies (CICs). This will include all loans irrespective of their nature or term. These loans will include short-term credit or deferred payments, also called the buy-now-pay-later (BNPL) model.

The gist of Legal & Institutional Framework Recommendation by WGDL: 

  • Only REs and other entities registered under any other law for specifically undertaking lending business should provide balance sheet lending through DLAs. (Balance sheet lending is a type of financial service in which the lender maintains the loan and the credit risk associated with such a loan on its balance sheet.)
  • The government can pass a law Banning of Unregulated Lending Activities (BULA). This law will regulate all entities of digital lending business that are not authorized by RBI and not registered under any other law to provide public lending. The legislation may also define public lending (which refers to loans/ credit offered to small or medium enterprises (SMEs).
  • An independent body styled as Digital India Trust Agency (DIGITA) might be set up to verify DLAs This will ensure that consumers use only authorized and trusted DLAs.
  • The government can set up a National Financial Crime Record Bureau with a data registry similar to the crime and criminal tracking network and systems in National Crime Records Bureau. REs may have access to this data registry to enhance the diligence process for digital lending.
  • REs can use Financial Intelligence Network (FINNET) channel of Financial Intelligence Unit – India (FIUIND) for doing due diligence before engaging with borrowers and LSPs. FIUIND is the national agency that receives, processes, analyzes, and spreads information to suspect unusual financial transactions.
  • The mobile network operators should strengthen the know-your-customer (KYC) policies for issuing new or replacement SIM cards. The mobile operators should be held accountable if there is any violation of the KYC process or any shortcomings.
  • The following steps can be taken for early identification of shell finance companies and finance companies with proxy directors or opaque beneficial owners:
    1. Registrar of Companies (RoC) can use digital technology and multiple data sources to keep a track of shell companies. The RoC should take suitable legal action or inform the concerned agency about such companies to take further action.
    2. RoC can provide real-time data with RBI on the de-listing (Removal of the name of the company from the Registrar of Companies) of such companies. RBI can then take further action.

Key takeaways

  • PPI or prepaid payment instruments like Paytm and GPay online wallets and credit and debit cards can no longer be used for loan disbursals and repayments. In its initial recommendation, WGDL allowed using PPIs for loan disbursals and repayments. However, the latest recommendation states that only REs or other licensed/authorized entities shall disburse loans or collect loan repayments.
  • Implementing WGDL recommendations will protect customer interests by ensuring transparency, data privacy, and efficient grievance redressal. It will also provide clarity to everyone involved in the digital lending business.