Opinion
RBI should step up efforts to control illegal loan apps
Summary
Controlling the menace of illegal online lending calls for a holistic approach rather than the piecemeal KYC-like process reportedly mooted, and RBI will have to play a more active role.
Officials from the ministry of electronics and information technology (MeitY) recently met with their counterparts from the ministry of finance and Reserve Bank of India (RBI) to strategize on curbing illegal loan apps. As reported, MeitY mooted an additional KYC-like procedure for regulated entities (REs) such as banks and non-bank finance companies (NBFCs) to administer on their business partners for digital lending. The discussion was precipitated by the rising threat posed by illegal loan apps. A BBC documentary reveals the social engineering and aggressive recovery tactics they employ. At least 60 suicides are directly linked to predatory lending. It merits immediate intervention.
Yet, a holistic approach may prove more effective than piecemeal efforts like KYC, and there should be no ambiguity about RBI’s nodal role in supervising digital finance. Last year, an RBI Working Group on Digital Lending proposed the creation of an independent multi-stakeholder body named the Digital India Trust Agency, whose primary role would be to verify digital lending apps. It would also maintain a public register of verified apps and wield the authority to monitor and, if necessary, revoke their authorization. Yet, this body never saw the light of day. RBI did, however, draw from another proposal of the Working Group in rolling out digital lending guidelines. The central bank also engaged app stores in a bid to eliminate illegal lenders. But these actions shifted the responsibility of oversight onto other players, distancing RBI from direct supervision.
Banks and NBFCs, serving as the primary loan sources for these app-businesses, undeniably are natural allies for RBI in financial regulation. In the same vein, mainstream app stores, equipped with computing power and tools to monitor cybersecurity and privacy, can collaborate in digital supervision. In an ideal world, ‘unauthorized-to-lend’ entities should not show up on app stores. But RBI needs to step up to the plate and play a more direct role to enable these actors.
Foremost, RBI must mandate a standardized and comprehensive proof-of-partnership between digital lenders and REs. The current direction wherein REs need to publish lists of (partner) apps on their websites is vague at best. Consequently, app stores shoulder more responsibility than they ought to. Given the sheer volume of apps, achieving perfect screening is a tall order. For instance, Google Play discloses that it scans an astounding 125 billion apps daily for security risks. Equally worrisome is the potential for app stores to make mistakes in their vetting process and disallow valid apps.
Second, RBI must ensure that proof-of-partnership cannot be tampered with. Simple KYC procedures for digital lending apps won’t deter savvy bad actors from mimicking the good ones. And app stores cannot authorize or unilaterally authenticate the legality of a lender-to-be. All manner of certificates and identities can be forged. With over 10,000 banks and NBFCs, the scope for misrepresentation of lender-app partnerships is vast.
This is where blockchain technology can come into play. Blockchain, at its core, is a decentralized ledger of transactions that is transparent and immutable. This inherent security is an ideal solution for sharing and validating partnership certificates. The basic idea is that REs can issue standard certificates to their partner digital apps and an identity can then be assigned to each certificate. This identity can be tagged and traceable in the blockchain network. RBI can operate such a private blockchain and allow REs to serve as active participants or nodes in this network. It can provide more but limited access to actors like app stores notified by MeitY.
Further, RBI must broaden its perspective and invite other entities to participate in this exercise. Specifically, public bodies that derive their authority from statutory instruments, distinct from the RBI Act, should join. Several state-level institutions permit lending and should also contribute to the blockchain network if they have anything to do with digital apps.
Lastly, while these steps may work for notified app stores, consumer awareness is crucial too, as borrowers may side-load apps from the open web. True digital safety demands a collective societal effort, bolstered by institutional mechanisms. Building on the importance of consumer awareness, the Working Group on Digital Lending emphasized the need to foster a “responsible borrowing culture" alongside promoting responsible lending. There’s indeed a pressing need to spotlight the mechanics of financial fraud through public awareness campaigns on the scale of ‘Jago Grahak Jago’.
As we reflect on the challenges of digital lending, it’s essential to recognize the strides India has taken in the digital financial domain under RBI’s watch. The country’s retail payments growth has been phenomenal, with 46% of all real-time payments made globally in 2022 originating in India. The digital lending sector too has seen remarkable growth, with close to 73 million loans disbursed in 2022-23. While these achievements spotlight remarkable progress in financial inclusion, RBI cannot afford to shy away from regulating new digital services. It must give up inertia and assert itself as the nodal regulator to protect Indian citizens.
These are the authors’ personal views.
