Digital lending apps extend small amounts at exorbitant rates. Payment delays invite messages to customer or close family members, often with sensitive information such as Aadhaar and PAN Card scans.
The Reserve Bank of India’s (RBI’s) working group on digital lending is expected to recommend measures to rein in excesses by recovery agents, particularly things like damaging the reputation of customers for late payment of small amounts.
Sources familiar with the thinking of the RBI said the central bank was strongly of the opinion that immediate measures be taken to restrain recovery agents from using private messaging apps to send texts to those in the contact list of a late payer or defaulter.
The RBI constituted the working group last week to study "all aspects of digital lending activities in the regulated financial sector as well as by unregulated players so that an appropriate regulatory approach can be put in place".
Digital lending apps lend only a few hundreds or thousands for very high interest rates.
But if there is a delay in payment, the telecallers of such lenders frequently send messages to all those in the contact list of the customer, or to close family members, often with sensitive information such as Aadhaar and Pan card scans.
When a digital lending app is installed, it asks for access to the contact list, gallery, and messages.
After the access is granted, the lender gets hold of virtually all content in the phone.
This is particularly true for the unregulated, shady apps, known as Chinese apps.
Many of these were removed by Google from its Play Store last week following complaints by customers and government agencies.
However, sources dealing with such complaints said the practice was not only employed by just Chinese apps but regulated entities as well.
Often, recovery agents are the same for both sets of entities.
Akshay Mehrotra, founding member of FinTech Association for Consumer Empowerment (FACE) and co-founder and CEO of EarlySalary, said regulated digital lenders needed location access for Video KYC (know your customer) to populate the GPS location, and that was needed by law.
“Regulated entities have access to the bureau data, which means we get access to the alternative mobile numbers of customers.
"Since unregulated entities do not have access to the bureau, they access the contact book and photo gallery of customers," said Mehrotra.
But most regulated entities do not access the photo gallery and the contact book.
Any permission they seek is under the regulatory framework and there is a used case defined and the customer can see why such data is captured.
“They can decide to give permission once, or decline it completely, or give it perpetually.
"The consent has to be given twice; once to us and once to Google Andriod pop-up," Mehrotra said.
According to senior executives of digital lending firms, some apps require access to the customer's gallery and contact list.
These entities claim to use the contact list’s access towards fulfilling their underwriting rule regime, and gallery access to evaluate the borrower’s authenticity.
“It is, however, highly unethical that a lot of apps are not just requesting the contact data access, but also making it available to telecalling recovery agents.
"This leads to harassment of end consumers,” said Madhusudan Ekambaram, co-founder and CEO of KreditBee and another co-founder of FACE.
“Highly compliant lenders like us do not require access to either the contact list or the gallery for collection or underwriting, since they have a robust and highly capable underwriting rule regime and vetted collection processes,” Ekambaram said.
With the current scheme of things, regulators are expected to tighten the screws further, and one can expect further churn among lending platforms.
The expectation is to ensure stringent action against the culprits, so that there is enough respect and fear on the guidelines overall, and at the same time, the same players don’t come back to the market under the garb of different names, according to Ekambaram.
Sources said harassment had reached such a proportion, especially during the nationwide lockdown, that customers piled up complaints against the digital lenders of all hues with the RBI and the relevant authorities.
The working group committee, which will meet for the first time this week, is expected to change the rules of the game for digital lenders, sources close to the RBI said.
“It could be akin to how microfinance institutions changed their practices after the RBI tightened the rules in 2010s.
"Digital lending is here to stay, and there is a need to set the boundaries, including, if possible, on the spread they can charge on their cost of funds,” said a person, who is also advising the RBI on developing a code of conduct for digital lenders and recovery agents.
Sources said that in future, the regulator would demand that tech giants such as Google and Apple hosting such apps deny access to contacts, messages, and emails.
Regulated NBFCs not following the rules on recovery agents and being caught unduly harassing the customers would be heavily penalised.
At the same time, to protect the lenders, the central bank may give them more teeth to recover their dues, probably by tweaking some law, though the exact modalities will be thought through later.
Recovery agents will exist, but they will most likely have to undergo written tests like agents in mutual funds or insurance sectors.
In future, recovery agents may also have to carry identification numbers, according to sources.
This is to ensure that goons are not allowed in the garb of recovery agents.
These can all be part of the fair practices code of the working group panel, which the RBI is likely to approve.
Already, the harassment by the recovery agents is one of the top discussion points in the RBI, and the central bank has stepped up pressure on NBFCs that don’t adhere to its guidelines.
For example, earlier this month, the central bank penalised Bajaj Finance Rs 2.5 crore for excesses related to recovery agents.
Photograph: Altaf Hussai/Reuters