Remember the not-so-good-ol' days of being elbow deep into your sofa cushions, hunting desperately for some chillar? Well, we now have a modern-day equivalent.
Joshua, the man behind the experimental robot lawyer, DoNotPay App – helps people use artificial intelligence to contest parking tickets, among other things. Toying around with Open AI's newest tool, Joshua asked ChatGPT to find him some money. To his surprise, ChatGPT asked him to visit an obscure Californian government website, to retrieve unclaimed funds. Joshua followed the lead and found $209.7. Following Joshua's footsteps, many twitteratis asked ChatGPT to help find their unclaimed funds. In fact, Joshua created a feature on the DoNotPay App to help people find their money.
Intrigued, I began my voyage to find my 'unclaimed' money. Perhaps I too had some hidden treasure tucked away in forgotten shores. Sadly, I did not. But in my search I stumbled upon this article, which says that more than Rs. 35,000 crores deposited with public sector banks in India, was unclaimed for the last 10 years. At first I thought, who forgets their own money? But then ironically, I was hopeful I had.
There's a huge problem with unclaimed deposits. On the bank's side, beyond reaching out on registered contact details, it's difficult to establish contact with the depositor. So, they publish a list of unclaimed depositors on their website and expect the depositor to reach out. On the depositor's side, the problem is two-fold. You must scan through multiple lengthy lists (prepared separately by each bank) – which is an excruciating task, if done manually.
Although now, AI algorithms (like ChatGPT) can query these lists and find relevant results. Infact, a few days ago, RBI announced plans to develop an AI-based search portal to help depositors find their money across multiple banks. This will drastically reduce the depositor's efforts.
But the bigger problem is a lack of awareness. You don't actively search the list published by banks – because you don't think you have any unclaimed deposits. How will you find something you aren't looking for? Even RBI's solution does not solve for this. It only makes it easier to search for your money (ifyou are looking for it).
What if there was a hack for this? What if apps prompted their users to find their money. They can introduce a feature – to quickly scan RBI's portal (or the list published by banks) and flag it to their users if they find matches. Ofcourse finding an authentic match is easier said than done.
Okay, enough of lawyers ideating fintech products. Let's move on to this month's FinTales menu.
Main Course: a deep dive on RBI's circular on how lenders can penalise defaulting borrowers, and our take on AI tools being outsourced vendors.
Dessert: bitter-sweet news about credit lines on UPI.
Mints: a refresher about recent fintech developments.
Takeaway: articles to grab and go.
Main Course
RBI tells lenders not to profit from borrowers defaulting
Earlier this April, RBI invited public comments on a draft circular which seeks to change how lenders levy penal charges on unpaid loans. The deadline to submit comments (to the RBI) on the draft circular is 15 May.
Under current law lenders are free to choose how much penalty they charge their borrowers – provided it is fair and transparent. But regulatory audits revealed that some lenders got greedy and charged exorbitant penalties. They levied penal charges to earn revenue over and above the contracted rate of interest. Which is why the RBI stepped in and proposed some key changes in the draft circular on how lenders can penalise defaulting borrowers. Before we get to the merits of the proposals, here are few basic concepts:
What is a penal charge? If a borrower fails to repay her dues on time, a lender can impose a penalty as a flat fee or penal interest. The contractual interest levied on a loan is not however a penalty – it's what a borrower agrees to pay to avail the lending facility.
How do lenders 'capitalise' penalty? They do so by charging interest on unpaid penalty. For example, Bob takes loan of Rs. 1000 for 1 year at a contractual interest of 10% per annum and penal interest of 20% per annum. If he fails to repay after 1 year, both unpaid interest (at 10%) and penalty (at 20%) are added to the outstanding principal amount. For every day Bob fails to repay, the principal amount keeps ballooning. The lender therefore charges interest on unpaid penal charges. By compounding the penal interest, it gains from Bob defaulting.
Now onto the proposals in the draft circular:
Under the circular, lenders cannot capitalise penalties. Meaning, they cannot charge interest on unpaid penalty. In addition, the penal interest cannot be added to the contracted rate of interest if the borrower defaults. Penalties must also be proportional to the default. For example, penalty on a Rs. 5000 default must be lesser than that on Rs. 50,000 default. Lenders must not discriminate between borrowers while imposing these charges. If Bob and Alice both default on a Rs. 1000 loan (extended on similar terms), the penalties they pay must not vary. To be clear, none of this impacts the usual contractual interest rate charged on loans. That's left to the lender and market forces to determine. This contracted rate of interest can still be charged on a compounding basis. The RBI circular only seeks to avoid compounding penalties charged by the lender.
But what's wrong with capitalising penalties? Why can't lenders use penalties as a revenue enhancement tool?
You see, the interest on loans is meant to compensate lenders for the time value of money – opportunity cost for the inability to use the loan amount while it is parked with the borrower. Here's a classic example of time-value of money: Bob wins Rs. 10,000 in a lottery. He can choose to cash-out right away or accept it in instalments over two years. Choosing the former is obviously better. Bob can invest Rs. 10,000 on day 1 and earn interest for two years. As debauched as it sounds, money now is always better than money later. In exchange for money now, borrowers pay lenders a contractual rate of interest. This is meant to be the lenders 'revenue' source.
Penalties, however, are not meant to compensate lenders for money's time-value. They aren't meant to be an additional source of revenue. They are only meant to deter borrowers from defaulting. A rubber band snap on the wrist reminding borrowers to repay on time. Which is why the RBI circular asks lenders not to profit from the borrower's default. Instead, they must use penalties as reasonable and just tool to dissuade defaults. Lenders can still earn revenue from the contracted interest rate – they can even choose to charge this interest on a compounding basis. But they must not rely on penalties to profit. This principle isn't new. The Indian Supreme Court affirmed it long ago (which the RBI is now reinforcing through the draft circular). We can't help but share Supreme Court's take on penal interest vs. regular interest, as is:
[...] "penal interest" has to be distinguished from "interest". Penal interest is an extraordinary liability incurred by a debtor on account of his being a wrongdoer by having committed the wrong of not making the payment when it should have been made, in favour of the person wronged and it is neither related with nor limited to the damages suffered. Thus, while liability to pay interest is founded on the doctrine of compensation, penal interest is a penalty founded on the doctrine of penal action. Penal interest can be charged only once for one period of default and therefore cannot be permitted to be capitalised.
The circular will undoubtedly make the lending ecosystem more borrower friendly. But there are some kinks that must be ironed out before it becomes a law. The criteria to ensure parity between borrowers of the same category (while imposing penal charges) is not specified. It is also unclear if the circular will apply to loan agreements already executed. And then, it would help if the RBI clarified (by an example) how penal interest can and cannot be charged. The circular still leaves plenty of room for ambiguity in this respect. For instance, it is unclear if penalty can be charged as a simple interest on a loan amount. Hopefully the final guidelines (issued by the RBI after it receives comments from the industry on the circular) will clarify these issues.
Riding the AI wave in Outsourcing
Outsourcing in the financial sector is risky business. Regulated entities (like banks and NBFCs) rely on an outsider's ability to do their job (like host their data, assess borrower creditworthiness, distribute, and market their product etc.). Which is why the RBI (the sun of our fintech solar system) asks its regulated entities (planets) to keep their outsourced vendors (satellites) in their orbits. Earlier this month, RBI released guidelines for REs on outsourcing their information technology (IT) functions. The guidelines set out the usual do's and don'ts of outsourcing. Due diligence, risk management, monitoring the outsourced activities, exit strategy, and so on. All on expected lines.
But with ChatGPT as flavour of the month, we wear our AI enthusiast hat and wonder what happens if REs outsource their functions to generative AI models. Who then, is the outsourced vendor? Is it the developer of the AI model or the AI model itself?
When REs engage outsourced vendors, their relationship is governed by RBI regulations on outsourcing. Let's say a software developer offers a solution for fraud detection to an NBFC. Here, the software developer is the outsourced vendor to the NBFC.
With any software, the developer lays down rules for the tool to operate. "If this.. then that..." rules. For example – if X, Y, Z parameters occur, then flag it as a 'suspicious transaction'. So, the tool does not have autonomy. It follows the developer's original command. But AI tools are not programmed on "if this.. then that..." logic. The tools themselves decide the parameters to flag 'suspicious activity'. The AI model learns and decides the rules itself.
So, have we reached the inflection point at which an AI tool is sophisticated enough to be entity independent of the developer – such that the tool itself (and not the developer) is the RE's outsourced vendor? It does (sort of) fit the definition of 'outsourcing': a third party from outside the RE's ecosystem (say, a chatbot- as an entity distinct from the original developer) performs activities (say, responding to customer queries) that the RE would do on its own.
But AI models are not autonomous, yet. They do not act entirely independently. At least not enough to be entirely de-linked from the developer. So at least for now, we think, AI models/tools are not in themselves the outsourced vendors. Despite the frenzy, we have not achieved AI singularity (where an ultra-intelligent machine designs even better machines, causing an intelligence explosion which outwits human intelligence). Yet.
Even so, REs are finding increasing uses for generative AI models – fraud detection, risk profiling, underwriting, customer service, and so on. Many REs build/ deploy their AI tools in-house. But a lot of them rely on developers (as outsourced vendors) to procure and integrate AI tools into their systems. Here, the outsourced vendor trains the AI tool to perform the outsourced functions, like say creating a risk profile of customers. We put our fintech lawyer's hat back on and think about questions that REs must ask these vendors before engaging them:
- What data was used to train the AI model? Was it relevant geographically? A customer service chatbot trained in France might not work for India.
- How was training data collected? Was it taken from the right channels, with appropriate consent? For reference, Open AI ran into trouble in Italy and the EU for breach of data norms. For scooping-up data from the Internet without a 'legal basis' and for not informing individuals properly.
- Will the RE's customers' data be used to further train the AI model?
- What parameters are used for making a decision? Can the logic of the decision be explained? This is particularly relevant if AI is used to assist in risk profiling/ underwriting.
When we talk of AI governance, we think about concerns around 'black boxes', bias, discrimination. And solutions like explainability, auditability, transparency (see RBI's own Working Group recommendations on Digital Lending, for use of AI/ ML systems in credit risk assessment). Of course, RBI's outsourcing framework doesn't talk about these concerns or solutions. As we're yet to reach the stage where AI systems outsmart their developers. But, over time, cloud services got a separate annexure in the IT outsourcing guidelines – to account for the unique characteristics of cloud computing. As AI models become more sophisticated, autonomous, and ubiquitous, could we see specific outsourcing guidelines for AI tools? Until then, it's upto REs to ask the right questions and gauge whether they're dealing with an autonomous AI in the garb of software.
Dessert
Credit lines on UPI: A partial gift
After allowing credit on UPI through overdraft accounts and credit cards, the RBI has proposed linking credit lines to UPI. We once described UPI as Uber which transports money between two accounts. Earlier, UPI could only pick up money from a current/savings account, overdraft account, prepaid payment instrument or RuPay credit card. Now, UPI can also pick up money from a loan disbursal account maintained by the lender.
Accessing credit lines through UPI has been a long-standing industry demand. The acceptance infrastructure for UPI is much wider than that of credit cards. For example, there are 119 million UPI QR codes in India compared to 5 million PoS machines. Now, customers can directly draw on a credit line and pay a merchant by simply scanning a QR code on their UPI app. They don't have to first transfer the loan amount to their bank account. So, this development is definitely a positive sign. But here's why we still have some reservations.
First, this may not substantially expand access to credit. Accessing credit on UPI through overdraft accounts and credit cards is not an option for most Indians because very few have overdraft accounts and credit cards to begin with. For example, only 5-6% Indians have a credit card. Credit lines on UPI hoped to solve this problem and enable access to credit on UPI in the true sense. Because securing a credit line is easier than securing an overdraft account or credit card. But the RBI has only allowed credit lines issued by banks to be accessed via UPI. The reason seems to be the same as that for not allowing NBFCs to issue credit cards – the RBI regulates banks more strictly and expects them to manage risks better than NBFCs. BNPL products targeted at new-to-credit and thin-file customers often involve a credit line issued by an NBFC, not a bank. So, to promote financial inclusion, the RBI must expand this facility to NBFCs as well.
Second, credit lines on UPI may not be a functional equivalent to credit cards for unserved and underserved customers. The economics of credit lines on UPI is murky. The fees earned by banks on payments made through credit lines on UPI is uncertain because the operational guidelines are yet to be issued. If the fees are too low, banks may not be able to provide interest-ree periods and rewards on credit lines. Of course, banks will also save costs on issuing cards, onboarding merchants, distributing PoS machines, etc. But will the payment fees and savings be enough to make the numbers work? We'll have to wait and watch. Further, as we've explained before, credit card payments through UPI lack the convenience and trust associated with those processed through card networks. UPI based payments require a PIN unlike card network-based tap-and-pay payments. UPI's grievance redressal is also not as effective as a card network's grievance redressal. So, credit cards may still have an advantage over credit lines.
Mints
Aadhaar e-KYC aggregator platform in the works
The UIDAI and NPCI are reportedly planning to set-up an aggregator platform to ease the process of Aadhaar e-KYC authentication. At present, entities regulated by a financial sector regulator (like RBI or SEBI) can avail Aadhaar e-KYC facility but they must receive a license from UIDAI to do so. The proposed aggregator platform will allow regulated entities to skip the time-consuming licensing process and register with the platform directly. The platform will ensure data privacy and security by only sharing the last four digits of the Aadhaar number with the entity requesting verification. The platform will be rolled-out in the next few months.
CBDC pilot likely to be extended
The RBI is likely to extend the CBDC pilot due to low adoption rate. There are several reasons behind low adoption of CBDC among consumers and merchants. First, consumers prefer UPI and are reluctant to switch to a different payment method without any apparent benefits. Second, merchants don't want to deploy separate QR codes for CBDC in addition to existing QR codes for UPI. Third, consumers lack awareness about which merchants accept CBDC. Since the pilot has not witnessed sufficient volumes yet, the RBI is likely to delay the full-scale roll-out of retail CBDC which was originally scheduled for end of FY22-23.
RBI eases regulatory approval process
The RBI has proposed launching a new online portal – PRAVAAH (Platform for Regulatory Application, Validation and Authorization) – to obtain regulatory approvals. The launch of the portal is in line with the Union Budget's vision to make the regulatory approval process simpler and time-bound.
RBI penalises NBFCs
The RBI has penalized two NBFCs for regulatory violations. It levied a Rs. 6.77 crore penalty on Mahindra & Mahindra Financial Services Limited for failing to inform borrowers about the annualised interest rate at the time of loan sanction and provide notice of changes to the loan's terms and conditions. It also levied a Rs.10.5 lakh penalty on Muthoot Money Limited for delayed reporting of frauds to the RBI.
Payments self-regulatory body faces roadblocks
In 2020, the RBI notified a self-regulatory framework for the digital payments industry. But the industry with diverse constituents is struggling to come together and receive RBI approval for a self-regulatory organization. The RBI only wants regulated entities like payment aggregators, prepaid payment instrument issuers, payment banks, etc. to be a part of the self-regulatory organization. And it does not want tech players to be involved. It has reportedly rejected the Payments Council of India's application to act as a self-regulatory organization because the Council's members include unregulated entities.
Google Play Store revises policy for loan apps
Google has revised its Play Store policy for financial services apps. The updated policy will be effective from 31 May 2023. Basis the revised policy, 'personal loan apps' including those apps that connect borrowers and lenders are prohibited from accessing user contacts and photos.
Takeaways
- The European Union's Artificial Intelligence Act, explained [ World Economic Forum]
- Disney Versus DeSantis: A Timeline of the Florida Feud [Time Magazine]
- Coinbase files petition to push SEC for regulating crypto [Reuters]
- Why you can't ignore Bajaj Finance's 'Do you want a loan?' call [The Ken]
- SEBI's more is better fallacy on ESG disclosures [The Morning Context]
That's it from us. We'd love to hear from you. Write to us at contact@ikigailaw.com. Or sign up for Ikigai Fintech Office Hours to chat with our team about all things fintech regulation and policy.
See you next month.
If you enjoyed this edition of FinTales, do share it.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
