There is a need for data protection law, especially considering alternative credit appraisal models and customer confidentiality. 

Proposed amendments in the IT Act – 

1.Addition of “applications & social media platforms” to the definition of intermediaries 

2.Section 79 provides exemption of liability and changes the same to limited liability for intermediaries under certain instances. An intermediary shall not be liable for any third-party information or data made available by it or hosted by it, if it is not having actual knowledge, i.e. only through a court order or on being notified by the appropriate government or its agency and not otherwise. This section needs to be amended to recognize the request made by the financial institution and the intermediaries to be made responsible for directly or indirectly allowing, promoting or abetting instances of wrongful conduct by persons.  

3.Recognition of loan records in digital platforms by extending the provisions of Banker Book’s Evidence Act. 

4. Moneylenders to adhere to their respective territorial jurisdictions

Digital loan platforms fall within the definition of “intermediaries” as per IT Act, 2000 and should therefore be made to follow all the rules applicable to the intermediaries, including those which require them to display the name, contact details and address of the nodal officers and cooperate with law enforcement. Indian Personal Data Protection Law to cover all issues related to general data security and consent for data processing  . 

Risk of Perjury – The NBFC/bank that refinances the Digital Lending App (DLA) must be required to provide a certificate of good governance on the part of DLA at the riskof perjury. Similarly, both Google and Apple must insist on a set of declarations of ethical business practice from the DLA, again, at the risk of perjury. Regardless of enforcement, insistence of such declarations and self-certification will, in and of themselves, act as a deterrent. 

Lending Apps to be registered as NBFC-Digital Money Lenders:


Restrict foreign ownership 

Minimum paid up capital and NOF to be prescribed 

Only Indian directors (resident in India) 

Maintain a lien marked FD 

Processes and Products

Only personal unsecured loans to be offered 

Maximum loan size to be INR 5 lacs 

Loan tenor of 3 – 36 months 

Mandate to be members of CIC with regular credit reporting 

Daily reporting to CICs regarding loan inquiry 

Full KYC process (as approved by RBI) to be followed, irrespective of ticket size .

Licensing for non-regulated digital lenders or internet based financial and nonfinancial companies, with light touch regulation and prescription of entry point norms such as minimum capital and reporting requirements Prescribe organization governance standards for digital lenders.Clear reporting framework and improve coverage of reporting to credit bureaus.

Credit Reporting to Bureaus 

1.Credit Bureaus should enhance their infrastructure to update near-real time 

information on weekly basis. 

2.Sharing of negative information on non-payment of very small loans may again push the first-time borrowers towards informal or unorganized channels of lending. In this context, regulators must come out with guidelines on what all positive and negative information should be shared and how the information should be used as a component of credit assessment. 

Responsible Underwriting 

Transparency and responsible sourcing of customer has been a critical area where lenders and regulator need to focus. In this regard, there may be a requirement to prescribe minimum tenure, maximum interest rate, the maximum number of lenders from which a borrower can borrow etc.