In this blog post, we present our comments to the Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps, November 2021 (the Report) in response to the call for comments from all stakeholders by the Reserve Bank of India (RBI). Our response is accessible here.
We appreciate the Report’s multi-dimensional approach in examining issues and setting out recommendations, as well as its emphasis on consumer protection. Our recommendations focus on creating a strong and uniform consumer protection regulation framework, regardless of the type or size of the digital lender. Our recommendations also present policy alternatives to supplement supervision and enforcement of consumer protection in the country, given the constraints of capacity.
Our response outlines four specific recommendations, which are as follows:
- Activity-based regulation may better complement the objectives of consumer protection. We propose that the RBI define ‘credit’ in a manner that includes products which provide the functionalities of credit. All such activities should be subject to uniform consumer protection regulation. This would do away with the need to regulate different products such as BNPL and STCC differently, as far as consumer protection is concerned. This follows from the growing consensus that activity-based regulation may better meet the objectives of consumer protection while prudential regulation may warrant entity-based regulation.
- Consider bringing Loan Service Providers (LSPs) in the fold of Business Correspondent (BC) regulation. There appear to be significant overlaps between the functions of BCs and LSPs. Therefore, maintaining two separate regulations for these two entities could risk creating both duplication and regulatory arbitrage. Given this, we recommend: (i) activity-based regulation of financial service providers (including BC’s & LSPs) by defining “credit-related activities”. This will help to cast an even regulatory net across different third parties and ensure that they provide uniform consumer safeguards; (ii) bringing the regulation of LSPs within the fold of BC regulations to not risk the creation of regulatory arbitrage and gaps in consumer protection; (iii) a light-touch risk-proportionate registration regime for third party providers (BCs & LSPs) that can be considered in addition to self-regulation. This will help bring visibility to third parties, surface any risks that may be emergent and provide the regulator with a potential pathway to access the third-party provider, directly, if need be; (iv) the application of the Agency Financial Services Regulation (AFSR) to consumer-facing entities that participate in credit-related activities.
- Consider creating a consumer financial protection and enforcement body and a unified grievance redress agency. A financial consumer protection body would help create a system for comprehensive supervision and enforcement of consumer protection. Additionally, a unified redress agency, independent of financial sector regulators and dedicated to the function of grievance redress, would also ensure a comprehensive consumer protection regime.
- Risk proportionate regulation can help strike a balance between the participation of new entities in the ecosystem and stability concerns. We recommend that the quantum and form of credit enhancement, such as the First Loss Default Guarantee (FLDG), should be computed on the basis of the risk that the third party introduces. One criterion that might be used for risk based FLDG includes the role provided by the third party. Further, we suggest that the quantum and modality of credit enhancement should be published in a public register maintained by the body in charge of enforcement of consumer protection. Finally, technology solutions should be mandated to make the algorithmic underwriting processes of LSPs less opaque.
We also perceive that prohibiting LSPs’ access to CICs could impede financial inclusion and the delivery of suitable credit. Unauthorised access to credit information can be solved through the use of Account Aggregators and other mechanisms that allow for the consented flow of data. Besides, if LSPs are regulated as per our recommendations, they would also be subject to the same standards of data protection as other regulated entities.
Finally, we suggest the use of suitability assessments in push marketing to prevent over-indebtedness, instead of ex-post measures such as prudential requirements.
Our full response to the Framework is available here.