Understanding RBI’s New Digital Lending Framework

I. Introduction

On May 8, 2025, the Reserve Bank of India (“RBI”) issued the comprehensive Reserve Bank of India (Digital Lending) Directions, 2025 (“Directions”) to regulate digital lending activities in India. The Directions consolidate previous guidelines while introducing new measures to address concerns in the digital lending ecosystem. This piece analyzes the key provisions of these Directions, their implications for stakeholders, and how they differ from the earlier regulatory framework.

II. Background and Scope

The Directions emerge from concerns regarding unbridled third-party engagement, mis-selling, data privacy breaches, unfair business conduct, exorbitant interest rates, and unethical recovery practices in digital lending. The Directions apply to all digital lending activities of regulated entities (“REs”), including commercial banks, co-operative banks, NBFCs (including HFCs), and All-India Financial Institutions.

III. Key provisions of the Directions

RE-LSP ArrangementsThe Directions mandate that digital lending involving a Lending Service Provider (“LSP”) must be governed by a contractual agreement clearly defining the roles, rights, and obligations of each party. REs must conduct enhanced due diligence before entering into agreements with LSPs, factoring their technical capabilities, data privacy policies, past conduct with borrowers, and compliance history.

A significant new provision, effective from November 1, 2025, addresses arrangements where LSPs partner with multiple lenders. In such cases:

·      LSPs must provide borrowers with a digital view of all matching loan offers;

·      LSPs must follow a consistent approach for similarly placed borrowers and products; and

·      The digital view must include the RE’s name, loan amount, tenor, APR, monthly repayment obligation, and applicable penal charges to enable a fair comparison between various offers.

 

Customer Protection MeasuresThe Directions strengthen borrower protection through several key provisions:

·      Prohibition of dark patterns in digital lending interfaces;

·      Mandatory provision of a Key Fact Statement (“KFS”) as per RBI’s April 15, 2024 circular;

·      Automatic delivery of digitally signed documents to borrowers upon loan execution;

·      Mandatory cooling-off period (to be determined by the RE) allowing borrowers to exit digital loans by paying only the principal and proportionate APR without penalties, subject to a one-time processing fee; and

·      Designation of nodal grievance redressal officers by both REs and LSPs and appeal mechanism to be duly communicated to the borrower.

 

Fund Flow and Fee StructureThe Directions establish strict controls on fund flows in digital lending:

·      Loan disbursements must flow directly from the RE’s account to the borrower’s account without passing through any third party (with certain exceptions);

·      All loan servicing and repayments must be executed directly between the borrower and the RE without any pass-through accounts; and

·      Third parties, including LSPs, cannot control fund flows directly or indirectly; and

·      Fees payable to LSPs must be paid directly by the RE and cannot be charged to or collected from borrowers separately.

 

Data Privacy and Technology StandardsThe Directions mandate establishing a robust data protection practice:

·      Need-based data collection with explicit borrower consent;

·      Borrowers must have options to give or deny consent for specific data use, restrict third-party disclosure, and revoke previously granted consent;

·      All data must be stored on servers located within India;

·      If data is processed outside India, it must be deleted from foreign servers and brought back to India within 24 hours; and

·      REs and LSPs must maintain comprehensive privacy policies compliant with applicable laws.

 

Reporting RequirementsThe Directions establish two key reporting requirements:

·      Mandatory reporting of all digital lending to Credit Information Companies (“CICs”), regardless of nature or tenor;

·      Reporting of all Digital Lending Apps (“DLAs”) to RBI’s Centralised Information Management System (“CIMS”) portal by June 15, 2025; and

·      The Chief Compliance Officer or Board-designated official must certify that the DLA data submitted is correct and compliant with regulatory requirements.

 

Default Loss Guarantee (“DLG”) ArrangementsThe Directions introduce a comprehensive framework for Default Loss Guarantee arrangements:

·      Eligibility criteria for DLG providers, including minimum net worth requirements

·      DLG cover capped at 5% of the total disbursed loan portfolio

·      DLG must be maintained in specified forms: cash deposits, fixed deposits with lien, or bank guarantees

·      DLG must be invoked within 120 days of overdue status

·      DLG agreement tenor must not be less than the longest tenor of loans in the underlying portfolio

 

The Directions explicitly prohibit DLG arrangements for revolving credit facilities, credit cards, and loans covered by specified credit guarantee schemes. NBFC – P2P is also prohibited from entering into DLG arrangements for loans facilitated over its platform.

 

IV. Key changes from earlier framework

The Directions represent a significant evolution from the earlier digital lending guidelines issued in 2022. Key differences include:

  1. Multi-lender LSP Arrangements: The Directions introduce specific requirements for LSPs partnering with multiple REs, ensuring transparency and consistency in loan offers.
  2. Detailed DLG Framework: The earlier provision on DLG 2022 directions provided limited guidance, primarily cautioning REs to adhere to the synthetic securitisation norms when offering arrangements like first loss default guarantee. In contrast, the Directions introduce a detailed and prescriptive framework: they set eligibility criteria for DLG providers (including minimum net worth), cap the DLG cover at 5% of the disbursed loan portfolio, mandate the form of DLG (cash deposit, fixed deposit with lien, or bank guarantee), require invocation within 120 days of default, and specify that the DLG agreement must match the longest loan tenor in the portfolio.
  • Enhanced Reporting Requirements: The Directions establish a more structured reporting system for DLAs through the CIMS portal, with certification requirements.
  1. Clarification on Applicability: The Directions provide clearer guidance on their applicability to various credit products, including EMI programs on credit and debit cards.

V. Implications for Stakeholders

 

 

For Regulated Entities

 

The Directions significantly impact REs’ digital lending operations:

·      Enhanced Due Diligence: REs must implement robust due diligence processes for LSPs and conduct periodic reviews of their conduct.

·      Accountability: REs remain fully responsible for LSPs’ actions, with no dilution of obligations under any statutory or regulatory provision.

·      Compliance Burden: REs must ensure comprehensive reporting to CICs and the CIMS portal, with certification requirements.

·      System Modifications: REs need to modify their systems to ensure direct fund flows between RE and borrower accounts without third-party involvement

 

 

For Lending Service Providers

 

LSPs face significant operational changes:

·      Transparency Requirements: LSPs working with multiple REs must provide transparent digital views of all matching loan offers.

·         Revenue Model Adjustments: LSPs cannot charge borrowers directly; all fees must be paid by the RE.

·         Data Handling: LSPs must comply with strict data collection, storage, and processing requirements.

·         Grievance Redressal: LSPs must designate nodal officers for handling borrower complaints.

 

 

For Borrowers

 

Borrowers gain significant protections:

·         Enhanced Transparency: Borrowers receive comprehensive information through KFS and other disclosures.

·         Greater Control: Borrowers can exit loans during cooling-off periods and have greater control over their personal data.

·         Grievance Mechanisms: Borrowers have access to designated grievance officers at both REs and LSPs.

·         Protection from Excessive Charges: Direct fund flows and prohibition on LSPs charging borrowers protect against hidden fees.

 

VI. Practical Recommendations for Compliance

i. For Regulated Entities

  • Review and Update Agreements: Review existing agreements with LSPs to ensure compliance with the new requirements, particularly for multi-lender arrangements effective November 1, 2025.
  • Enhance Due Diligence: Develop robust frameworks for LSP due diligence, including assessment of technical capabilities, data privacy practices, and compliance history.
  • Implement Monitoring Mechanisms: Establish systems to monitor loan portfolios originated through LSPs and conduct periodic reviews of LSP conduct.
  • Prepare for DLA Reporting: Begin collecting required information for reporting all DLAs to the CIMS portal before the June 15, 2025 deadline.
  • Review DLG Arrangements: Ensure all DLG arrangements comply with the new framework, particularly regarding eligibility, caps, and forms.

ii.            For Lending Service Providers

  • Develop Transparent Interfaces: Modify digital interfaces to provide transparent views of all matching loan offers when working with multiple REs.
  • Revise Revenue Models: Adjust business models to receive fees directly from REs rather than borrowers.
  • Enhance Data Protection: Implement robust data protection measures, including consent mechanisms and data localization.
  • Establish Grievance Mechanisms: Designate nodal officers and establish effective grievance redressal systems.

VII.         Conclusion

The Reserve Bank of India (Digital Lending) Directions, 2025 represent a significant evolution in the regulatory framework for digital lending in India. By consolidating previous guidelines and introducing new measures, the RBI aims to address key concerns while promoting responsible innovation in digital lending.

The Directions establish a more comprehensive, transparent, and borrower-friendly digital lending ecosystem while clarifying the responsibilities of REs and LSPs. As the digital lending landscape continues to evolve, stakeholders must adapt their operations to ensure compliance with these new requirements.

For regulated entities and LSPs, early preparation for the phased implementation deadlines—particularly the November 1, 2025 deadline for multi-lender LSP arrangements and the June 15, 2025 deadline for DLA reporting—will be crucial for ensuring smooth compliance with the new regulatory framework.

Categories

Service Offerings

Contact Us

    burgeon law white logo

    Disclaimer

    As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise.

    By clicking the “Agree” button and accessing the website www.burgeon.co.in, the visitor fully understands and accepts that the contents herein are solely for informational purposes and should not be interpreted as solicitation or advertisement. The firm is not liable, in any manner, for the consequences of any action taken by a visitor relying on materials/ information provided on the website. The firm urges visitors to seek independent legal advice for any legal issues.

    Agree