Blog

On May 8, 2025, the Reserve Bank of India (RBI) introduced the Digital Lending Directions, 2025, replacing the 2022 Guidelines on Digital Lending and the 2023 Guidelines on Default Loss Guarantee. These updated directions are designed to enhance transparency, strengthen accountability, and improve consumer protection within India’s digital lending landscape.

Applicability

The directions apply to a broad spectrum of Regulated Entities (REs), including:

• Commercial Banks
• All-India Financial Institutions
• Urban, State, and Central Co-operative Banks
• Non-Banking Financial Companies (NBFCs), including Housing Finance Companies

Key Definitions

• Digital Lending Apps/Platforms (DLAs): These are mobile or web-based applications—either standalone or part of a broader suite—that offer digital lending services through a user interface. DLAs include applications operated directly by Regulated Entities (REs) as well as those run by Lending Service Providers (LSPs) engaged by REs, in line with the RBI’s prevailing outsourcing guidelines.

• Lending Service Providers (LSPs): An LSP is an agent of an RE (which may also be another RE) that performs one or more digital lending functions on the RE’s behalf. These functions may include customer acquisition, underwriting support, pricing-related services, loan servicing, monitoring, and recovery—carried out in accordance with the RBI’s outsourcing norms.

• Default Loss Guarantee (DLG): DLG refers to a contractual arrangement—regardless of the name—between an RE and another entity, wherein the latter agrees to compensate the RE for losses arising from loan defaults, up to a pre-specified percentage of the RE’s loan portfolio. This also includes any other upfront-defined, performance-linked implicit guarantees of a similar nature.

Core Provisions

1. RE-LSP Arrangements and Consumer Protection

• Contractual Agreements: REs must formalize agreements with LSPs, ensuring that LSPs comply with RBI guidelines. REs remain fully accountable for LSP actions.
• Multi-Lender LSPs: LSPs working with multiple REs must display all loan offers matching a borrower’s request, including unmatched lender names. Each offer should clearly present details like RE name, loan amount, tenor, APR, repayment terms, and a link to the Key Fact Statement (KFS).
• Disclosures to Borrowers: Borrowers should receive digitally signed documents via email or SMS post-contract. REs and LSPs must maintain updated websites detailing products, LSPs, grievance mechanisms, and policies. Recovery agent details must be shared with borrowers before contact.
• Loan Disbursal and Repayment: Loans must be disbursed directly into the borrower’s bank account, with repayments credited only to the RE’s account. LSP fees are to be paid by the RE, not the borrower. Cash recoveries are permitted if credited the same day.
• Grievance Redressal: REs must designate Nodal Grievance Redressal Officers to address digital lending complaints. Their contact details should be prominently displayed on RE, LSP, and DLA websites, as well as in the KFS.

2. Data Protection and Privacy

• Data Collection: Only necessary borrower data should be collected, with explicit consent and maintained audit trails.
• Access Restrictions: DLAs are prohibited from accessing personal phone resources like contacts or call logs, except for one-time KYC verification with borrower approval.
• Data Rights: Borrowers can restrict data sharing, revoke consent, and request data deletion. All data must be stored within India, and any externally processed data should be deleted within 24 hours.
• Security Measures: REs must implement robust data protection policies, prohibit biometric data storage, and comply with RBI’s cybersecurity standards.

3. Default Loss Guarantee (DLG) Arrangements

• Risk Management: REs must ensure that DLG arrangements do not undermine prudent risk management practices. DLGs should not be used to circumvent asset classification and provisioning norms.
• Transparency: All DLG arrangements must be disclosed to the RBI, and REs should not rely solely on DLGs for credit risk mitigation.

4. Reporting and Compliance

• REs report to DLAs: REs must report all DLAs to the RBI by June 15, 2025. Third-party DLAs should not misrepresent their inclusion as RBI approval.
• Multi-Lender Arrangements: Provisions related to multi-lender LSP arrangements will come into effect from November 1, 2025.
• Documentation: The KFS must be presented to borrowers before loan acceptance, detailing loan terms, charges, privacy policies, and repayment obligations. Borrowers must digitally sign the loan contract, which should be sent to them via email or SMS post-signing.

These directions aim to create a transparent, accountable, and borrower-friendly digital lending ecosystem. REs must ensure strict compliance, mandatory reporting, and responsible partnerships, while the RBI strengthens oversight to maintain financial stability and market integrity.

Disclaimer: This article provides general information existing at the time of preparation and we take no responsibility to update it with the subsequent changes in the law. The article is intended as a news update and Affluence Advisory neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this article. It is recommended that professional advice be taken based on specific facts and circumstances. This article does not substitute the need to refer to the original pronouncement.