2.3 Digital Lending Guidelines

Rule summary

RBI’s Guidelines on Digital Lending (DLG-DL), DOR.CRE.REC.66/21.07.001/2022-23, 2 September 2022, set the operating rules for any lending where the customer journey is digital. They apply to all Regulated Entities (REs — banks, NBFCs, HFCs, AIFIs) and to Lending Service Providers (LSPs) and Digital Lending Apps (DLAs) acting on their behalf.

The guidelines were the response to the unregulated digital-lender boom of 2020–22. Compliance is non-negotiable; breach is the most common reason RBI cancels CoRs of digital lenders.

Key requirements

A. Direct flow of funds borrower ↔ RE

Loan disbursement must flow directly from the RE’s bank account to the borrower’s bank account. No pass-through accounts held in the name of the LSP or any third party.
Repayments must flow directly from the borrower to the RE. Same rule, reverse direction.

Exception: pass-through is permitted for disbursement of loans co-originated by an RE and a regulated co-lender, and for disbursements to third-party service providers / merchants on the borrower’s instruction (e.g., paying a vendor directly), in which case the borrower’s consent must be explicit and recorded.

B. Fees only to RE, not LSP, from borrower

Borrower pays all loan-related charges only to the RE.
LSP is paid by the RE, not by the borrower.

C. Key Fact Statement (KFS) before loan

Standard-format KFS in the vernacular language of the borrower’s choice before loan execution.
Must include: APR (computed per RBI formula), loan amount, tenure, EMI, all fees, penal charges, cooling-off period, recovery agent details, grievance contact.
Borrower must explicitly acknowledge KFS receipt.

D. APR disclosure

All-in cost of credit must be expressed as Annual Percentage Rate (APR).
APR computation per RBI’s specified formula (broadly: total cost of credit / loan amount, annualised over tenure, including all upfront and recurring fees).
Displayed prominently on KFS and on every borrower communication.

E. Cooling-off period

For loans with tenure >= 7 days, borrower has a cooling-off period (board-approved, at least equal to the cooling-off period specified by RBI) during which they may exit the loan by paying principal and proportionate APR — no penal charges.
Cooling-off must be explicitly offered and disclosed.

F. No automatic credit limit increase

Credit limits cannot be increased without explicit borrower consent for each increase.
Pre-approved offers must be opted into.

G. Lender disclosure and LSP transparency

The borrower must always know who the lender is. The DLA / LSP UI must prominently show the RE’s name throughout the journey.
If multiple lenders are presented (loan aggregation), all must be shown transparently, with KFS for each, without preferencing.

H. Grievance redressal

Single point of grievance contact (the RE’s grievance officer) disclosed at every step.
LSP can route grievances but cannot be the final resolution authority.

All data collection from the borrower (or via APIs / SDKs in the DLA) must be need-based, with explicit consent, and stored within India.
LSP / DLA cannot retain borrower data beyond what is needed for the specific loan purpose.
Borrower has the right to delete data and revoke consent.

J. Recovery

Recovery agents must be governed by board-approved policy; LSP / DLA cannot delegate recovery to unregulated third parties.
Borrower must be informed of the recovery agent in advance, including name, contact, and identity proof.

K. Standard report on the DLA

Each RE must publish on its website a list of DLAs / LSPs it engages, with contact details.

Applicability

All REs lending digitally — own DLAs, partner DLAs, embedded lending in third-party apps, web lending. The guidelines apply regardless of the loan ticket size or tenure.

Product implications

Pre-KFS screen in every journey — show KFS, capture acknowledgement.
Cooling-off banner during the cooling-off window with one-click exit.
Lender brand prominently shown in every screen.
Vernacular language toggle — KFS must be available in the borrower’s chosen language.
APR displayed on every offer screen.
No “auto-renew” or “auto-increase” flags by default — opt-in required.

System implications

APR computation service — implement RBI’s APR formula; unit-tested against RBI’s worked examples.
KFS generation service — standard template, multilingual, PDF + e-record.
Consent ledger — every data collection point, every increase consent, every cooling-off acceptance / waiver — timestamped, with version of T&C, IP, device fingerprint.
Borrower data storage — within India; if any vendor stores abroad, validate.
Borrower data deletion API — must be implemented for revocation requests.
Recovery agent assignment — recorded against each loan, communicated to borrower before agent contact.

Documents that must be generated

KFS (pre-loan, every loan).
Acknowledgement of KFS receipt.
Cooling-off exercise document (if borrower exits).
Recovery agent intimation letter / SMS.
Annual data privacy disclosure.

Workflow that must exist

Pre-disbursement KFS sign-off — system blocks disbursement until KFS is acknowledged.
Cooling-off cancellation — if exercised, refund principal × 0 + proportionate APR; close loan.
Borrower consent ledger — every consent timestamped and queryable per borrower.
Grievance log — every complaint logged, with SLAs and resolution.
LSP / DLA list maintenance — kept current on company website.

Reports that must be produced

Periodic regulatory submissions on grievance volume, resolution time, repeat complaints.
Recovery agent activity log (for inspection).
Data privacy compliance report.

Audit evidence required

KFS evidence for every loan.
Consent artefacts.
DLA / LSP onboarding due diligence files.
Recovery agent training and conduct records.

Sources

RBI Guidelines on Digital Lending, DOR.CRE.REC.66/21.07.001/2022-23, 2 September 2022. Available at rbi.org.in.
RBI FAQs on Digital Lending Guidelines (updated periodically). Available at rbi.org.in.
RBI Key Fact Statement for Retail and MSME Loans, RBI/2023-24/61 DOR.STR.REC.40/13.03.00/2023-24, 15 April 2024 — standardised KFS format for retail and MSME loans.