Skip links

Update on Digital Lending Guidelines, 2022


Digital lending is one of the fastest growing fintech sectors in India. Initially, the sector largely comprised of fintech start-ups and neo banks with commercial banks slowly venturing into this space. Digital lending, as opposed to conventional lending practices, has fewer requirements and is much easier to obtain. Digital Lending Applications (“DLAs”) also process loans of much smaller, everyday amounts, unlike conventional lenders. So, it comes as no surprise that this form of credit has found its way to a large portion of the population. However, as with most new advances in tech, digital lending is not without its risks. The guidelines released on September 2, 2022, aim to address these risks.

In January 2021, the Reserve Bank of India (“RBI”) had constituted a Working Group on ‘digital lending including lending through online platforms and mobile apps’ (“WGDL”). On August 10, 2022, the RBI released its plan for implementing some of the Recommendations made by the WGDL. This was followed by the release of the Guidelines on Digital Lending on September 2, 2022.

The guidelines address certain key issues surrounding digital lending practices, including, unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices. The guidelines cover both existing customers as well as new customers. REs shall have time till November 30, 2022 to implement these guidelines.

Scope and Applicability:

The guidelines are applicable to digital loans extended by the following RBI Regulated Entities (REs) and Lending Service Providers (LSPs) engaged by them:

  1. All Commercial Banks
  2. Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks; and
  3. Non-Banking Financial Companies (including Housing Finance Companies)

The guidelines broadly cover:

  1. Customer Protection and Conduct requirements;
  2. Technology and Data Requirements; and
  3. Regulatory Framework.

Some of the key compliances introduced are:

  1. Customer Protection and Conduct requirements:
    1. Loan Disbursal, Servicing and Repayment.
      1. REs to ensure that all loan servicing, repayment, etc., are executed by the Borrower directly in the RE’s bank account without having to pass through any third-party accounts.
      2. REs shall ensure that no disbursals are made to a third-party account, including the accounts of LSPs and their DLAs, except as provided for in the guidelines.
    2. Disclosures to borrowers.
      1. “Annual Percentage Rate” (APR) to be disclosed to borrower. This must be the final interest rate, including all costs.
      2. Key Fact Statement (KFS) to be provided to borrower on all digital lending products. The format of KFS can be accessed here.
      3. REs to publish a list of DLAs and LSPs engaged by them and the DLAs of such LSPs with details of the activities for which they have been engaged, on their website.
      4. At the time of sanctioning the loan as well as at the time of passing on recovery responsibilities to an LSP, the details of the LSP acting as a recovery agent shall be provided to the borrower.
    3. Grievance redressal.
      1. REs to ensure that they and the LSPs that they engage have a suitable grievance redressal officer to deal with digital lending complaints. Contact to be displayed on the websites of all stakeholders. The responsibility of grievance redressal to remain with RE.
      2. Any issue must be resolved in 30 days failing which a customer can pursue the same with RBI’s Complaint Management System.
    4. Assessing borrower’s Creditworthiness.
      1. Capture economic profile of borrowers to assess creditworthiness in an auditable way before extending any loan.
      2. Ensure that that any increase in credit limit has to be with borrower’s consent.
    5. Cooling off/Look-up period.
      1. To provide borrower an explicit option to exit digital loan by paying principal + proportionate APR without any penalty during said period.
      2. Cooling off period to be: i) not less than 3 days for loan tenure of 7 days or more; ii) not less than 1 day for loan tenure of less than 7 days.
    6. Due diligence requirements with respect to LSPs.
      1. REs to conduct enhanced due diligence before engaging LSPs wherein, technical abilities, data privacy policies and storage systems, fairness in conduct with borrowers and ability to comply with regulations and statutes to be taken into account.
      2. Periodic review of LSP conduct to be carried out.
      3. Ensure that recovery agents engaged by REs are compliant with ‘Outsourcing of Financial Services - Responsibilities of regulated entities employing Recovery Agents’ dated August 12, 2022, among other instructions issued from time to time.
  2. Technology and Data Requirement
    1. Collection, usage and sharing of data with third parties.
      1. Borrower's data can be collected by Digital Lending Applications (DLAs) only i) on a need basis; ii) with clear audit trails; iii) with clear and explicit consent of the borrower.
      2. Borrower to have the option of specifically consenting to or denying consent for specific sets of data, revoking previously provided consent as well as the right to request deletion of data already collected.
      3. Purpose of obtaining consent must be disclosed at each stage.
      4. Explicit consent to be taken before sharing personal information with any third-party.
    2. Storage of data
      1. REs to ensure that LSPs and DLAs do not store data unless necessary.
        1. REs to set out clear policy guidelines for data storage and disclose the same to LSPs and DLAs.
        2. REs to ensure that all data is stored only on servers located in India.
    3. Comprehensive Privacy Policy.
      1. REs to ensure that their DLAs and LSPs engaged by them have a comprehensive privacy policy and the same is made available when personal information of borrowers is collected or accessed.
  3. Regulatory Framework
    1. Reporting to Credit Information Companies (CICs). REs shall ensure that any lending done through their DLAs and/or DLAs of LSPs is reported to CICs irrespective of its nature/ tenor.

The digital lending niche of fintech has thusfar been unregulated. The newly issued guidelines aim to reduce certain inefficiencies and potential misconduct in this space through these regulations. Companies which are regulated by these guidelines are advised to become compliant with these guidelines within the stipulated deadline.


As per rules of the Bar Council of India, legal practitioners are not permitted to solicit work or advertise their services. By clicking on the “I agree” button below and accessing this website, the user acknowledges that:

  • The user is seeking information relating to Quasar Legal of their own accord and there has been no form of solicitation, advertisement, or inducement by Quasar Legal or any of its members; and
  • This website does not seek to create or invite any lawyer-client relationship; and
  • The user has read and accepted this website’s Privacy Policy.

Any content on the website is for information purposes only and shall not be construed as legal advice. No warranty or promise is made that this website is correct, complete, and up to date. Without prejudice, Quasar Legal shall not be responsible for any reliance placed by the user on such content.