2.11.2 Recovery Agent Code of Conduct

Why this page

Recovery-agent conduct is the most-supervised aspect of NBFC operations from RBI’s view. One viral incident — an agent abusing a borrower, calling at midnight, contacting relatives, threatening — can revoke the NBFC’s CoR, attract criminal action against directors, and end the brand. The supervision intensity is justified by the asymmetric power dynamic at the recovery stage and the history of misconduct in the digital-lending app boom of 2020 – 22.

Every operational rule below is enforceable. Every breach is reportable. The platform must make compliance the easiest path, not an after-thought.

Source

RBI Fair Practices Code for NBFCs (part of NBFC – SBR Directions, 2023).
RBI Guidelines on Engagement of Recovery Agents by NBFCs — embedded in the FPC and updated periodically.
RBI Master Direction – KYC (relevant for agent identification).
IIBF (Indian Institute of Banking and Finance) Debt Recovery Agent (DRA) certification — iibf.org.in.
RBI Banking Ombudsman Scheme for NBFCs (escalation mechanism).
RBI advisory on harassment by recovery agents issued periodically in response to specific incidents.

Agent eligibility

An agent (employee or outsourced) engaged for recovery must:

Be trained in fair-practices conduct, debt-recovery techniques, applicable RBI rules. Recommended: DRA certification from IIBF.
Have a valid employment / engagement contract with the recovery agency or directly with the NBFC.
Hold an identity card issued by the NBFC or the recovery agency, displayed to the borrower at every interaction.
Have a clean background check (no convictions for financial fraud, violence, or harassment).
Be at least 21 years old.

For outsourced agencies, the NBFC’s Vendor Due Diligence must verify all of the above for the agency and its personnel.

Time-of-day restrictions

Contact with the borrower (and any reference / guarantor) is restricted:

Permitted hours: 08:00 hours to 19:00 hours (8 AM to 7 PM) local time of borrower.
Sundays and public holidays: only with borrower’s prior consent.
Religious / personal occasions of borrower (if known): avoid.

For outbound automated calls (IVR / WhatsApp / SMS), the same time-of-day rules apply. The platform’s communication scheduler must enforce these hours by default and refuse outbound during restricted windows.

Place of contact

Residence: only at reasonable hours within the permitted window.
Office / business premises: with consideration for the borrower’s privacy and professional environment.
Public places: avoided to prevent embarrassment.
Neighbours, relatives, friends of the borrower: not contacted without the borrower’s express consent. Exception: a co-guarantor or co-applicant of the same loan may be contacted independently as a party to the loan.

Conduct rules

The agent must:

Identify themselves by full name, the agency they represent, and the NBFC on whose behalf they are calling/visiting, at every interaction.
Disclose the purpose of contact (loan account reference, outstanding amount, etc.).
Speak in a respectful tone; no abusive language, threats, or intimidation.
Not misrepresent legal consequences. Statements like “you will be arrested” are illegal absent court order.
Not seek favours, gifts, or hospitality from the borrower.
Not photograph the borrower without consent.
Not impose physical force or attempt repossession of property absent SARFAESI-permitted process (for secured loans only) and proper legal procedure.
Not threaten to publicise the borrower’s default to family, employer, social network, or community.

Communication restrictions (digital era)

The Digital Lending Guidelines and the FPC together require:

No mass-broadcast of the borrower’s default to their contacts (a practice common in early digital-lending apps).
No access to borrower’s phonebook for the purpose of contacting third parties without explicit, purpose-specific consent — and even then, contact must comply with FPC.
No social-media-based shaming.
WhatsApp / SMS / email must respect time-of-day rules and contain proper identification.
Recording mandatory for tele-calls; retained per record-retention.

Documentation requirements

For every recovery interaction:

Date, time, duration.
Channel (call / visit / SMS / WhatsApp / email / IVR).
Agent identity.
Disposition code (PTP, refused, RNR, third-party answered, etc.).
Borrower response (free-text notes).
Recording reference (for calls).
Geo-tag + photo (for visits).
Outcome action (escalation, next attempt scheduled, settlement initiated, etc.).

This is the audit trail during RBI inspection and during borrower grievance investigations.

Recording and retention

All outbound recovery calls must be recorded (with the standard “this call is recorded” disclosure if required by jurisdiction).
Recording quality must be sufficient for compliance review (clarity, full audio, no edits).
Storage per record-retention rules — typically 5 – 7 years minimum.
Sampling for QA: at minimum 5 – 10% of calls reviewed by a compliance / QA team for FPC adherence. High-risk segments (NPA buckets) at higher sampling rates.

Field visit protocol

Agent presents identity card.
Agent does not force entry; visit is from the doorstep or in mutually agreed location.
Geo-tag + photo captured at start and end of visit via the field-agent app.
Witness present where required (e.g., in some legal-notice servings).
Visit form completed with borrower’s signature (or refusal noted).
Photo of any document handed to borrower (notice, receipt) captured.

Pre-contact intimation

Per the Digital Lending Guidelines, borrower must be informed in writing of the recovery agent / agency engaged for their account before the agent makes first contact. The intimation includes:

Name and contact of the agent / agency.
Identity proof reference (employee ID).
Reason for engagement (loan account reference, overdue status).
Borrower’s grievance contact at the NBFC.

Format: typically SMS + email, plus an addendum to the loan agreement disclosing this process generically.

Escalation paths

The borrower may escalate complaints through:

NBFC’s grievance officer — first level.
NBFC’s Internal Ombudsman (where applicable).
RBI Banking Ombudsman Scheme for NBFCs — cms.rbi.org.in.
Consumer courts for specific grievances.
Police / criminal complaint for harassment, threats, criminal misconduct by agent.

The platform must surface the grievance contact prominently in every borrower communication, including the recovery intimation and every agent interaction.

Agent and agency monitoring

The NBFC’s compliance / vendor management function must:

Maintain an agent master with training, certifications, ID, status, performance.
Periodic refresher training (annual) on FPC and any updates.
Quarterly performance review per agency — collection rate, complaint rate, conduct rate.
Complaint investigation with documented disposition.
Agency-level QA of recordings + visits.
Conduct audit — independent review (often by internal audit or external consultant) annually.
Material breach triggers — termination of agent / agency, RBI reporting if material, board notification.

Specific banned practices (RBI advisories)

Calling at odd hours (before 8 AM, after 7 PM).
Repetitive harassment calls in short time windows.
Contacting borrower’s family, friends, neighbours without consent.
Publishing borrower’s default on social media or to their contacts.
Threats of physical harm or criminal action without legal basis.
Demanding payment in cash from borrower (against record-keeping policy).
Charging recovery fees directly from the borrower (banned — fees flow to the NBFC, not the agent).
Coercive repossession without legal process for secured loans.

Platform implementation

The platform’s Collections module must enforce:

Communication scheduler that refuses to send / dial outside the 08:00 – 19:00 window in borrower’s local time.
Agent master integrated with training / certification status; agent assignment requires active status.
Recording integration at the dialer level — every call recorded; metadata captured with the call event.
Field-app workflow that enforces geo-tag + photo + signature capture.
Disposition codes required on every interaction; free-text optional.
Pre-contact intimation automatically sent when agent is assigned to a case.
Grievance link included in every outbound communication.
QA queue for compliance review of sampled recordings / visits.
Complaint tracking with SLAs.

Audit evidence

For every loan that enters collections:

Recovery agent intimation sent to borrower (timestamp).
Every interaction (call recording, visit log) accessible by loan reference.
Agent training records.
Agent active status at the time of each interaction.
QA review records (sampled).
Complaint records (if any).

Common audit findings

Calls outside permitted hours. Critical.
Recordings missing or low quality. Material.
Agent without current training certification. Material.
Borrower’s reference contacted without consent. Critical.
Borrower’s grievance not escalated within SLA. Material.
Pre-contact intimation not sent. Material.

Sources

RBI Fair Practices Code for NBFCs (part of NBFC – SBR Directions, 2023).
RBI Guidelines on Engagement of Recovery Agents.
RBI Digital Lending Guidelines — recovery section.
IIBF DRA certification programme — iibf.org.in.
RBI Ombudsman Scheme — cms.rbi.org.in.
RBI advisories on recovery-agent conduct (periodic).