Recently, the Reserve Bank of India ("RBI") has issued the Frequently Asked Questions1 ( "FAQs") dated February 15, 2023, as a step towards addressing some of the issues faced by the relevant stakeholders in furtherance to the Guidelines on Digital Lending2 ("Guidelines") as published by the RBI in September 02, 2022. The RBI released the Guidelines to primarily impose compliance requirements on the regulated entities3 ("RE(s)") with the intent to also pass the compliance down to the lender service providers ("LSPs") commercially and/or contractually.

The issuance of the FAQs and the Guidelines has transpired in furtherance to RBI's mission towards regulating the growth of fintech and related financial services. Fintech is the bedrock on which the idea of digital lending is built on. The RBI has defined fintech as a broad category of different digital technologies and software applications deployed by service providers that provide innovative financial services competing with or supplementing traditional financial services.4

In order to establish a balanced approach toward the growth of fintech and related financial services, the RBI had earlier constituted a working group on January 13, 20215 with an aim to regulate digital lending, identify risks, recommend a fair practices code, enhancing consumer protection, data governance among others. The working group submitted its report which was published by the RBI on November 18, 20216. In furtherance to this, on August 10, 20227, the RBI issued a press release dealing with implementation of the recommendations of the working group on digital lending and subsequently, the Guidelines came into being.


2.1. Scope of 'Digital Lending'

The definition of 'Digital Lending' as per the Guidelines is applicable on the mobile and web-based applications that facilitate digital lending services, which include the apps and platforms of both REs as well as the LSPs ("DLAs"). Thus, any lending activity that is 'largely' based on the 'use of seamless digital technologies' would qualify as a digital lending activity under the Guidelines. In light of this definition, the RBI has now clarified in the FAQs that the phrase 'largely by use of seamless digital technologies' has been used to accord operational flexibility to REs in 'Digital Lending'. Even a certain extent of physical interface with the ultimate borrower will also fall under the definition of 'Digital Lending'.

2.2. Activities performed by LSP

The regulator has also provided clarification on the definition of an LSP. LSPs are those 'agent' entities engaged by the REs for providing support activities such as: (i) customer acquisitions; (ii) underwriting support; (iii) pricing support, (iv) servicing, monitoring, or recovery of loans (hereinafter "Permitted LSP Activities"). The Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs dated November 09, 2017,8 mandate that the REs cannot outsource functions such as internal audit, determining compliance with know your customer ("KYC") norms for opening deposit accounts, providing sanction for loans (including retail loans) and management of investment portfolio.

The LSPs are barred from performing any core lending management functions, strategic and compliance functions, and decision-making functions, by virtue of the extant guidelines on outsourcing. However, there was uncertainty on whether all entities engaged in Permitted LSP Activities would qualify as LSP even if the RE does not engage in 'Digital Lending'. The RBI has now clarified that given that the Guidelines are applicable only to 'Digital Lending', an entity will be designated as a LSP only if the relevant lending transaction it facilities qualifies as 'Digital Lending'.

2.3. Safeguards for the borrowers

The prime focus of the Guidelines was to safeguard the ultimate borrowers and regulate the manner in which lending is undertaken on the DLAs. The Guidelines place the onus upon the REs to ensure that the LSPs are compliant with the extant norms. Upon the occurrence of any breach, only contractual obligations can be enforced upon the LSPs, and the REs remain liable for any penalties that might be imposed upon such breach. Essentially the LSPs are not liable themselves under the Guidelines. Accordingly, the RBI has brought forth certain checks by mandating that:

  1. the annualized cost required to be borne by the borrowers to avail digital loans from the lenders, is disclosed to them upfront, leaving minimal room for any ambiguities in the overhead charges;
  2. the borrowers are well-informed about the terms of their engagement with the REs when the LSPs act as the facilitators in the entire process, by providing a key fact statement9 ("KFS");
  3. an explicit option be provided to the borrowers, for exiting digital loans when they do not wish to continue with the same within a fixed time period, termed as 'cooling-off period';
  4. LSPs are prohibited from charging any fees, charges, from the borrowers;
  5. digitally signed documents, including the KFS, summary of loan products, sanction letters, terms and conditions, privacy policies with respect to the borrowers' data be shared with the borrowers directly to the registered and verified e-mail or SMS of the borrowers, once the loan documents have been executed; and
  6. all relevant details of the RE and the LSP are provided on the DLAs including the role of LSP as a recovery agent.

Noticeably, the customer facing compliances for the weighty concepts like data privacy and consent mechanism have been explicitly ordained to vest with the REs, such that the REs are required to undertake compliances to ensure that the LSPs (i) have a comprehensive data privacy policy that is publicly available along with a comprehensive customer grievance redressal mechanism; and (ii) take clear consents from the borrowers prior to collecting and processing any data among other things. The FAQs also clarify that only such LSPs which have an interface with the borrowers would need to appoint a nodal grievance redressal officer. However, the RBI has once again reiterated that the REs remain responsible for ensuring resolution of complaints arising out of actions of all LSPs engaged by them.

2.4. Handling of funds

The Guidelines had ruled out the presence of any third-party in the transfer of loan amounts between the accounts of the lenders and the borrowers (or end beneficiaries), either at the time of disbursal of loans, or at the time of repayments of their installments. Neither the LSPs, nor their applications or their platforms can be used to pool the loan amounts (directly or indirectly), which are disbursed by the REs. The FAQs once again clarify and reiterate that the flow of funds between the bank accounts of borrower and lender in a digital lending transaction cannot be controlled directly or indirectly by any third-party including an LSP.

Separately, the services of payment aggregators for handling the funds, has been kept outside the purview of the Guidelines, as long as they do not step into the role of an LSP10 . The FAQs echoed the principle underlying the Guidelines that an LSP should not be involved in handling of funds flowing from the lender to the borrower or vice versa. Any payment aggregator also performing the role of an LSP must comply with the Guidelines.

2.5. First loss default guarantee

The first loss default guarantee ("FLDG") structure continues to be a major hornet's nest for the RBI and remains to be confronted head-on by the regulator. This FLDG structure is generally based on contractual arrangements between the lenders and the LSPs, wherein the eventual credit risk gets passed on to the LSPs, who in turn are not regulated by the RBI directly. The LSPs undertake to atone for the defaults of the borrowers and compensate the REs for up to a certain percentage of the unpaid loan amount. This leads to a large part of the loan book risk resting with the LSP, while the LSP is not bound by any of the traditional requirements applicable to lenders under law such as maintaining net owned fund, debt equity ratio, etc. On a practical level, the FLDG structures have taken various shapes and forms in the market. While some models rely on contracts between the LSPs and REs only, in others tripartite contracts have been executed between the LSPs, REs, and the borrowers. While some of these contracts provide for direct reimbursement by the LSPs to the REs for any and all defaults incurred by the borrowers, up to an agreed percentage, there are others which rely on the service deficiency by the LSPs towards the REs, as the cause for triggering the compensation mechanism.

The RBI is yet to give explicit directions on FLDG models that have proliferated in the market. Further, the Guidelines merely regulate the structure by treating it akin to 'synthetic securitization'11 and mandate that in case of any arrangements involving an LSP compensating the actual lenders in relation to the default in a loan, the lending banks / non-banking financial companies must comply with the Master Direction - Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 ("Securitisation Guidelines"). If one had to go by the recommendation of the working group on digital lending, regulatory framework may be put into place to ban the FLDG model in the near future. However, the RBI has maintained that the FLDG model is subject to further scrutiny and review and in that spirit the FAQs have remained noticeably silent on the FLDG structure in entirety.


Given the increase in the number of unregulated players, the RBI has cautioned the public against such DLAs promoted by unregulated entities and continued to prescribe the framework for regulation of REs and indirectly the LSPs.21 In relation to the activities being provided by an LSP, the DLAs of LSPs often collect KYC data (including PAN, bank statements and Aadhar ID), and even the phone number for providing access to the DLAs and further, store such user records. Such activities are now being strictly reviewed by the relevant stakeholders including the LSPs to adhere to the Guidelines. Additionally, undertaking core activities such as assessing credit-worthiness basis such KYC checks, making the decision to lend and the process in relation to the same have also been highly regulated under the Guidelines.

The FAQs have also attempted to clarify the nuances of physical interference in the space of 'digital' lending by clarifying that there may be instances such as physical recovery of delinquent loans wherein the Guidelines may be read more loosely. The FAQs have prescribed that in such instances, the requirement of re-payment directly into the account of the REs may be disregarded. Further, in relation to the requirement of disclosure of details of the recovery agent at the time of sanction of the loan by the REs, the RBI has in its FAQs clarified that if the REs engage a recovery agent only after a borrower has turned delinquent, then such borrowers will need to be provided with the details of the recovery agent via email/SMS prior to such recovery agents contact the relevant borrower for recovery.


The FAQs and Guidelines, while being a welcome move to help in the regulation of the REs and creating an ecosystem for digital lending that focuses on consumer protection, still leaves definite aspects of these financial arrangements in a lurch. In the pursuit of being compliant with the Guidelines, several stakeholders have overhauled the underlying commercial agreements. The revised commercial arrangements in this regard are devised to ensure that the LSPs are not a party to the contracts between the REs and their borrowers, the costs of LSP's service is not passed on to the borrowers, the loan book risk is maintained with the lender itself, among other things. Despite such measures, many of these practices continues to subsist in the industry. The Guidelines have had a huge impact on the digital lending ecosystem and altered the relationship between the LSPs, REs, and the borrowers in many ways.

While the RBI has not expressly prohibited the FLDG model yet given the practice in the market, the fact that it did not favour with the working group or that prohibition or regulation of such structures is under consideration, there is a lack of clarity on the definite aspects which apply as such to the industry practice of LSPs providing performance guarantee in the form of a security to the lenders.

On the other hand, the working group's recommendations on such digital lending models indicate that the RBI may be moving in the direction of completely restricting models akin to that of FLDG. In our view, there is a strong need for a detailed regulatory framework on the FLDG model, in a manner that does not hamper the players rising up to address the widespread credit needs in India.



2 5BB3.PDF

3 As per the Guidelines, REs include: (a) all the commercial banks; (b) primary (urban) co-operative banks, state co-operative banks, district central co-operative banks; and (c) non-banking financial companies (including housing finance companies). 4





9 The KFS shall apart from other necessary information, contain the details of APR, the recovery mechanism, details of the grievance redressal officer designated specifically to deal with Digital Lending/ Fintech related matters and cooling-off/look-up period.


11 as defined under the Securitisation Guideline accessible at Reserve Bank of India - Master Directions (, 'synthetic securitization' means a structure where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or credit guarantees that serve to hedge the credit risk of the portfolio which remains on the balance sheet of the lender.


The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.