IAS Gyan

Daily News Analysis

RBI’s Guidelines on Digital Lending and First Loss Digital Guarantee

6th December, 2022 Economy

Disclaimer: Copyright infringement not intended.



  • Two months after the Reserve Bank issued guidelines on digital lending, banks, non-banking financial companies and fintech players are still awaiting clarity on many aspects, including the First Loss Default Guarantee (FLDG) system.


RBI’s new guidelines on the backdrop of illegal lending

  • The RBI came out with guidelines on digital lending aimed at protecting customers from unethical business practices, such as mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, adopted by digital lenders.
  • As per the findings of an RBI Working Group, released in November 2021, as many as 600 out of 1100 lending apps currently available for Indian Android users across 80 application stores are illegal apps.
  • The working group set up by the RBI has proposed stringent norms for digital lenders, including a separate legislation to prevent illegal digital lending activities.
  • The RBI asked the regulated entities like banks to ensure that Lending Service Provider (LSP) and Digital Lending App (DLA) comply with the guidelines. 


RBI Guidelines on Digital Lending

  • The guidelines explicitly state that digital lending apps cannot access mobile phone resources such as file and media, contact lists, call logs, telephone functions, etc. One-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of onboarding/ KYC requirements only, with the explicit consent of the borrower.
  • The borrowers must be informed about the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc. The information must be provided on their website and the apps at all times.
  • At the time of disbursing the loans using digital apps, a key Fact Statement (KFS) to the borrower before the execution of the contract in a standardized format for all digital lending products.
  • The borrower must be informed about the all-inclusive cost of digital loans and should also be a part of the Key Fact Statement.
  • The penal interest/charges levied, if any, on the borrowers shall be based on the outstanding amount of the loan. Further, the rate of such penal charges shall be disclosed upfront on an annualized basis to the borrower in the Key Fact Statement.
  • Any fees charges etc. payable to lending service providers must be paid by the regulated entities and borrowers must not be charged for this.
  • The Key fact statement should contain the details of the annual percentage rate, the recovery mechanism, details of grievance redressal officer designated specifically to deal with digital lending/FinTech-related matters and the cooling-off/ look-up period. The cooling-off/look-up period is the amount of time given to the borrower for exiting digital loans, in case a borrower decides not to continue with the loan.
  • Any charges that are not mentioned in the Key Fact Statement are not chargeable to borrowers at any stage during the loan term.
  • The information shall be sent to the borrowers on their verified email/SMS on the successful execution of loan contract/transaction. The information must be sent on the letterhead of the regulated entity (bank) and must contain a Key Fact statement, a summary of loan product, sanction letter, terms and conditions, account statements, privacy policies of the LSPs/DLAs with respect to borrowers data, etc.
  • At the time of the sign-up/onboarding stage, information related to product features, loan limit and cost, etc., must be informed to the borrowers.
  • The banks, and NBFCs must publish the list of their digital lending apps, and lending service providers, engaged by them on their websites.
  • Details of nodal grievance redressal officer must be displayed on the websites of banks, NBFCs, lending service providers, digital lending apps and also on the key fact statement.
  • Digital lending apps and websites must allow a borrower to lodge their complaint.
  • If the complaint lodged by the borrower is not resolved within 30 days, then he/she can lodge a complaint on the Complaint Management System (CMS) portal under the Reserve Bank-Integrated Ombudsman Scheme (RB-IOS). For entities currently not covered under RB-IOS, a complaint may be lodged as per the grievance redressal mechanism prescribed by the Reserve Bank.
  • The banks, NBFCs must capture the economic profile of the borrowers covering (age, occupation, income, etc.), before extending any loan over their own Digital Lending Apps and/or through Lending Service Providers engaged by them, with a view to assessing the borrower’s creditworthiness in an auditable way.
  • There shall be no automatic increase in credit limit unless explicit consent of the borrower is taken on record for each such increase.
  • During the cooling-off/look-up period, the borrower shall be given an explicit option to exit the digital loan by paying the principal and the proportionate APR without any penalty during this period. The cooling-off period shall be determined by the Board of the bank, NBFC. The period so determined shall not be less than three days for loans having tenor of seven days or more and one day for loans having tenor of less than seven days. For borrowers continuing with the loan even after look-up period, pre-payment shall continue to be allowed as per extant RBI guidelines.
  • The borrower shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data.
  • Explicit consent of the borrower shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirements.
  • No biometric data is stored/ collected in the systems associated with the Digital Lending Apps of regulated entities / their Lending Service Providers unless allowed under extant statutory guidelines.
  • The banks and NBFCs shall ensure that any lending done through their Digital Lending Apps and/or Digital Lending Apps of Lending Service Providers is reported to Credit Information Companies (such as CIBIL) irrespective of its nature/ tenor.
  • Any extension of structured digital lending products by banks, NBFC and/or Lending Service Providers engaged by them over a merchant platform involving short-term, unsecured/ secured credits or deferred payments, need to be reported to Credit Information Companies.
  • The regulated entities shall ensure that all loan servicing, repayment, etc., shall be executed by the borrower directly in the regulated entities’ bank account without any pass-through account/ pool account of any third party. The disbursements shall always be made into the bank account of the borrower except for disbursals covered exclusively under statutory or regulatory mandate (of RBI or of any other regulator), flow of money between regulated entities for co-lending transactions and disbursals for specific end use, provided the loan is disbursed directly into the bank account of the end-beneficiary. Regulated entities shall ensure that in no case, disbursal is made to a third-party account, including the accounts of Lending Service Providers and their Digital Lending Apps, except as provided for in these guidelines.

Lack of clarity regarding FLDG

What is FLDG?

  • First Loan Default Guarantee (FLDG) is a lending model serviced between digital-lending fintechs, and their partner banks and NBFCs. Under these agreements, the fintech originates a loan and promises to compensate the partners up to a pre-decided percentage in case customers fail to repay.
  • The bank/NBFC partners lend through the fintech but from their own books. FLDG helps expand the customer base of traditional lenders but relies on the fintech's underwriting capabilities. A report by an RBI-constituted working group on digital lending has laid down risks of FLDG agreements with unregulated entities. The other concern is that FLDG costs are often passed on to customers.


Lack of clarity

  • Banks, NBFCs and fintechs have sought clarification from the RBI on First Loss Default Guarantee (FLDG), on which RBI has advised the regulated entities to follow its directions on securitisation, especially, synthetic securitisation.
  • FLDG is a lending model between a fintech and a regulated entity in which a third party guarantees to compensate up to a certain percentage of default in a loan portfolio of the regulated entities (RE).
  • Synthetic securitisation means a structure where credit risk of an underlying pool of exposures is transferred through the use of credit derivatives or credit guarantees to hedge the credit risk of the portfolio. This is an issue on which RBI needs to give more clarity as the guidelines just refer to the earlier issued securitisation norms.
  • According to fintech firms, the RBI has been vague about FLDG and there is no clarity on what is permissible and what is not permissible as far as these partnerships are concerned.


Significance of RBI’s guidelines in general

  • The most significant or favourable change as per the new guidelines is the direct disbursal of the loan amount, i.e., from the lender’s account to the beneficiary’s account, without any third-party involvement.
  • The revised digital lending guidelines aim to smoothen the digital lending process and also protect consumers from unusually high-interest rates from the lenders. The new guidelines will keep a tab on unethical loan recovery practices. 
  • The revised RBI's guidelines on digital lending pave the way towards a secure, inclusive, and accessible digital lending ecosystem. It empowers customers with full transparency about the information & data that is being accessed by the lenders, giving them control over their own personal information. The RBI has also standardised disclosures, therefore, enabling customers to make more informed decisions. 
  • The guidelines aim to tackle concerns like unscrupulous lending practises and involvement of third parties, misselling, and data privacy. 
  • For the unregulated entities classified as LSPs (Lending Service Providers), there is almost an equal burden to abide by these rules. 
  • The systems of banks and fintech have to be aligned for co-lending.