• Summary: Digital Lending WatchTower – Consumer Protection in Digital Lending

    Srikanth Lakshmanan

    @logic

    Hello 👋

    Here is a summary of the panel discussion on Consumer Protection in Digital Lending as part of the Digital Lending WatchTower project . Do join for the upcoming session discussing citizen’s report on BFIL Consent Scam on Feb 12, 2022 4:30 PM. Do share these in your circles to those interested in digital lending! See you soon!!

    Panellists

    • Arti Singh, Fintech journalist
    • Beni Chugh, Dvara Research
    • Prasanto K Roy, TechPolicy Professional
    • Ravi Sethia, Udhaar

    Introduction

    Mobile based digital lending has grown exponentially over the last few years and their practises came under scrutiny after the unfortunate events in 2020. Reserve Bank of India’s report of the working group on Digital Lending came as a study by regulator to deepdive into various issues in the sector. Regulation plays a key role in FinTech. However, the different regulations / lack of it from entities like RBI, Google, etc. has made it tricky.

    The topic of discussion for the panel largely stems from the RBI working group report focussing on the consumer protection aspects in digital lending, but not limited to those mentioned in the report.

    A section of the panel opined that the report looks like the RBI has called for an Self Regulatory Organisation (SRO) format to be adopted, which may be better. Nevertheless, the concern of the SROs becoming a kind of lobbying body remains. More discussions are required, with which better norms can be there, even by 2022.

    Consumer Protection Concerns and How the RBI Report is Looking at Them

    There have been developments from the RBI even after the submission of the report. Two key developments are:

    1. Access to Credit Information Companies (CIC)s by FinTechs
    2. Creation of the FinTech department

    Five categories of key consumer protection concerns:

    1. a. consumer protection risks that come from unsuitable products (for ex. investment cum insurance products)
      b. conduct of the service provider or the financial service provider, which leads to suboptimal financial choices (information asymmetry between the seller of the product and the buyer of the product leads to consumer risks)
      c. deployment of dark patterns in digital loans (screen and choice architecture has been created in a way that nudges the customer towards a choice, which is typically not in their own interest, but that of the lender)
    2. Micro prudential risks when they also become consumer protection problems
    3. Technological vulnerability that comes with increasing digital lenders (internal vulnerability can become systemic vulnerability)
    4. Frauds that are external to the provider-consumer contract (impersonation, SIM swaps)
    5. Transmission of risk

    The whole idea of focusing on risks in just a digital ecosystem might be a slippery slope to begin with as it creates an asymmetric treatment of banks and non-banks. What would have been better is looking at the activity of credit, how it is being performed, and where are the risks that are generated at each point, and then come up with a more wholesome understanding of the problem and solutions.

    Three dimensions of problems and solutions are presented in the report, the regulatory dimension, the data protection dimension, as well as the consumer protection dimension. There is no paradigmatic shift in what the committee is suggesting. The bulk of it still seems to rely on regulations, either new or existing. Additionally, there is no explanation as to why the same regulations would work this time around if they didn’t work until 2021.

    There needs to be a wholesome universal consumer protection framework as opposed to a very product specific consumer protection framework. Otherwise, the onus is being placed back on the consumer to compare an area of products available to them and see which one provides the maximum protection. And that is not ideal.

    The report leans in the favour of an entity based regulation regime, when really an activity based regulation regime is required.

    Light Touch Regulation and SROs

    Light touch regulation is something that has been strongly recommended, discussed, and urged by various entities. There have been some attempts with light touch regulation, and the attempt here is a two tier system where there are the balance sheet lenders, who are directly regulated. A more nuanced approach is needed here.

    It’s very important to bring every entity, including “buy now pay later”, etc. into the system, but not just for regulation and consumer protection. It should be done for reporting and for the larger ecosystem, because if there are defaults or issues outside the system, it doesn’t get back into the system in terms of information. And neither does it add to the consumers’ credit score.

    UI/UX is very significant because many times, the consumer isn’t aware of their APR due to standardisation issues, and their credit score goes for a toss while the lending service provider is covered. Additionally, FinTech’s should make APRs and penalties very simple and clear for the consumer to understand.

    On SROs: If there is going to be an inline process, where apart from the platform itself, every app is being validated, it actually has to go through a government associated entity. It’s not going to work. It needs to be looked at using existing rules, to create a balance in terms of touch regulation.

    Concerns with Audits and Regulations

    While digital lending platforms resort to bad practises such as over leveraging off customers, some consumers too try to take advantage of loopholes to not pay back loans. There are some apps that are not really going through the Non Banking Financial Company (NBFC) channels and are having direct integration with the payment gateway, which start collecting and disbursing money. Payment gateways need to be regulated.

    Additionally, FinTech platforms are not regulated and they cannot be tracked and audited by the RBI but Fintech is no longer a small industry. So, RBI needs to come up with some proper auditing mechanism. No matter how small the NBFC is, they need to be audited at regular intervals. RBI needs to set a clear agenda about the FinTech department, and how they are going to look into everything associated with FinTech and NBFCs, and also on how the functioning of FinTech will be traced and tracked.

    Recommendations for Financial Regulation

    Financial regulation has 2 objectives:

    1. Systemic stability
    2. Consumer protection

    When all regulation including consumer protection regulation was tethered to the idea of size, those smaller units, unfortunately, turned out to be the ones that took advantage of this regulatory vacuum and indulged in malpractices. While regulation based on size makes sense for systemic stability, consumer protection risks don’t really depend on the size of the entity and therefore consumer protection regulation needs to be uniform. Consumer protection mandate is better when it rests with a separate agency, which is dedicated only to supervising and enforcing consumer protection.

    For enforcement to work well, it needs to be guided by supervision that looks out for potential violations. Both supervision and enforcement for consumer protection need not be guided by the same criteria that guide prudential regulation. The enforcement department could well do it if,

    1. they’re not deploying the same criteria as prudential regulation, because consumer protection requires a different logic, and
    2. it was supported by a supervisory ex-ante arm that was doing the market monitoring and already surfacing problems for it.

    There are 2 fears when we don’t get a systematic understanding of what the enforcement department is doing. One is that industry participants are not deterred enough when penalties are slapped as there is no transparency. Second is there is no check on the powers of the enforcement department itself.

    Dvara Research suggests the need for an agency that’s able to perform both ex-ante and ex-post functions, and share market intelligence with relevant actors in time before they become systematic issues.

    Views on DIGITA’s Role

    The role is more of parallel tracking for market monitoring and intelligence, than being part of the inline regulatory process. There is enough possible regulation, including what the platforms are doing through antitrust, and they should be responsible as intermediaries.

    If data has to come up, then the compliance burden should not be there and it should be more of detect and then request further compliance information. Additionally, not enough is being done on consumer awareness.

    Solving Grey Areas in FinTech

    There are a lot of grey areas in FinTech that RBI can solve in a transparent manner with feedback from the industry, such as:

    1. There’s no regulation that bans FLDG, there’s no regulation that supports it.
    2. Consumer awareness needs to be improved.
    3. Too many regulations can hamper innovation and experimentation by start-ups. The system should be such that as start-ups grow, they gradually adapt to more regulations.
    4. In the case of frauds, it is a lack of implementation and enforcement by relevant bodies, since everything can be traced these days.
    5. Another aspect that is working wrongly is advertising, wherein the advertiser has no liability if someone misuses their platform.

    Tracing Chinese Loan Apps

    Chinese companies use certain routes like the Singapore or Mauritius route to come to India. Some general research on these companies would show you that there are chains of companies with the same director. They don’t operate just one app. They are also not going to the payment gateway as there is a lot of scrutiny from the media, they just give out UPI links to consumers. So it is much more difficult to track and trace such companies.

    Problems with FLDGs

    FLDG (first loan default guarantee) is an arrangement where a third party compensates a lender if the borrower defaults. In this setup, the loan service provider (LSP) bears the credit risk without maintaining any regulatory capital. FLDGs serve the function of a proof of concept for the NBFCs so they wouldn’t really put faith in the start-up if the FLDG was not provided equally, which is a kind of moral hazard. The other problem is exorbitant FLDGs and that leads to a concentration risk because it’s off balance sheet lending happening on somebody else’s balance sheet who is not caught by Prudential Regulation. Lending service providers promise FLDGs to everyone but it’s not known if they have the capacity to make good on it. The solution would be to regulate FLDGs instead of banning it. FLDGs can be complemented by technological implements and even be published. One suggestion that was mooted was transparency around FLDG agreements to solve the moral hazard problem.

Hosted by

CashlessConsumer is a consumer collective working on digital payments to increase awareness, understand technology, produce / consume data, represent consumers in policy of digital payments ecosystem to voice consumer perspectives, concerns with a goal of moving towards a fair cashless society more