Written by Tarunima Prabhakar
In June 2020, the RBI issued its first notification clarifying consumer protections obligations for digital lending platforms. This followed from media reports on app-based loan providers resorting to aggressive recovery practices during the lockdown. During installation, these apps collected phone contact information stored on the prospective borrower’s phone. When a borrower defaulted, recovery agents would call these contacts or create WhatsApp groups with the borrower, to shame them into paying back the loan.
Unsecured loan apps have been in operation since at least 2016. The lockdown, however, prompted a surge in loan apps that saw a business opportunity in the financial uncertainty in Indian lives. As people lost their livelihoods, there was a need for short-term credit. Lending apps provided “easy” loans. Borrowers in desperation took up these loans despite exorbitant interest rates and short repayment cycles. For entities with capital to spare, the interest rates meant profitability despite default rates of over 7 per cent. While these apps weren’t registered as lenders, inadequate implementation of past RBI guidelines meant that partner Non-Banking Financial Companies (NBFCs) were easy to find. In some cases, lenders operated without one.
By the end of 2020, a number of suicides in the country could be linked to harassment by loan providers. Additional media reports highlighted a Chinese connection to many of these operations. Apps built and bankrolled by Chinese corporations were run in India through Indian companies and NBFCs. These operations point to multiple points of failure. RBI’s June 2020 notification mandated disclosure of partnering NBFCs on the loan app so that people could access grievance redressal mechanisms instituted for NBFCs. Most providers did not adhere to these guidelines. The RBI is a regulator that is stretched thin. While it issued the guidelines, it didn’t have the institutional capacity for monitoring and enforcement. For some, the intermediary platforms that enable this ecosystem also share the blame — the payment gateways through which money is transferred from borrowers’ to lenders’ bank account can institute better checks on their merchants. Finally, Google Play Store has overarching powers in reducing the reach of apps — this is the app market through which most Android phone users in India discover and download lending apps.
Multiple agencies could have controlled some of these lending operations, but digital lending is an evolving sector without explicit delineation of responsibilities. It is this institutional greyness that many lenders have exploited.
Last week, the RBI set up a Working Group on digital lending to evaluate digital lending activities and propose regulatory changes for financial stability and consumer protection. Google Play Store has also removed over 200 lending apps from its platform that were unable to show that they had a valid licence to lend.
The digital lending sector has come into spotlight because of the proliferation of extortionary lending practices. The calls to closely scrutinise the companies and NBFCs providing these loans should be heeded. Illegal operations, lending in absence of adequate licenses, must be squashed. The trickier challenge, however, is defining acceptable practices in digital lending. Collecting contacts from mobile phones, for example, is standard practice in lending apps. In 2019, we analysed prominent lending apps available on Google Play Store. Contrary to the Chinese operations, these app providers were recognised as established lenders in industry reports. Ten of the 11 apps analysed read borrowers’ phone contacts. Apps targeted at college students, for example, relied on parents’ contact details as collateral. When students defaulted, the recovery agents would call parents. From comments on the app on Google Play Store, it is clear that several students felt cheated by these apps.
In another instance, while accepting the terms of service, borrowers would sign over their phone as collateral. If a borrower defaulted, the lender threatened to block the users’ phone, which they could do since the app had collected the phone’s IMEI number.
A broader concern emerging from lenders collecting phone contacts is infringement of borrowers’ privacy. Here again, the standard practice when providing unsecured loans through apps is to access a number of personal data points such as the phone’s location, camera and microphone. In our analysis, more than half the apps read the users’ text messages and four of them requested access to record audio. Despite these excessive data demands, all the apps studied had more than five lakh installs. Many had over 50 lakh installs. A year later, the number of installs for many of these apps had increased tenfold. Apps use these data points not only for debt recovery, but also to make a decision on whether to provide the applicant a loan; and the price at which to provide it. Arguably, assessing creditworthiness is better than unscrupulously providing loans at over a 100 per cent interest rate, as the illegal Chinese lenders did. But for people whose loans are rejected, these established loan providers are also ‘thieves’ who collect personal data but don’t deliver on the service promised. Reviews on the play store make it clear that applying for a loan on a loan app is qualitatively different from applying to a brick-and-mortar lender. While it is difficult to quantify, people ascribe some value to their personal data. They are willing to exchange it for short-term capital but expect certainty of loan approval for that trade.
From our research we concluded that that the goals of rapid financial inclusion, consumer protection and data security are often in conflict. Lending apps and similar fintech innovations have the potential to generate consumer benefits while ensuring data security, but require environments with strong institutions and financial literacy. Despite media warnings in early 2020, digital lending apps proliferated due to inadequate monitoring. From a consumer’s perspective, it can be difficult to distinguish between illegal and legal operators when all apps promise ease of credit access and collect similar data points. Lending apps co-exist in a marketplace with gaming and social media apps. The colourful marketing of many of these lending apps distracts from the seriousness of taking on a loan, however small it may be.
Given existing enforcement capacity constraints, creating new regulation specifically for digital lending is unwise. But there is a need to clarify what existing guidelines, such as non-coercive recovery and disclosure of terms, mean for digital operations. Is it okay for recovery agents to call parents of student borrowers or should the use of phone contacts in recovery be disallowed altogether? Similarly, if users are sharing personal data in lieu of a loan, apps could disclose the probability of loan approval at the time of application. Finally, there can be hard lines on the data points that are collected in service of loans disbursal. While none of this guarantees meaningful consent or a fair contract, it gives borrowers a chance to make a more informed decision about their financial health.
The writer is a non-resident research fellow at Carnegie India