Digital financial transactions need a safety net

Amandeep Singh Kapoor

The digital lending and payment landscape is peppered with both unscrupulous as well as genuine entities. There is and always will be pressure to balance regulation with innovation. There is increasingly a clamour for self-regulation, which is easier said than done. The reason unauthorised lending platforms have mushroomed is the existing asymmetry faced by lenders vis-a-vis borrowers. This could have been set right long back.

The Prime Minister recently called for a FinTech revolution with a security shield. The RBI’s working group on digital lending has submitted its recommendations, making it an opportune time to analyse the current digital ecosystem, not only in the lending domain but also in payments, and what it will take to address the trust issues. The disruptiveness of these domains of digital lending and digital payment was waiting to happen, considering the colossal gaps in financial inclusion and lessons from JAM (Jan Dhan-Aadhaar-Mobile) and UPI (Unified Payment Interface) experience of the Indian economy. The accentuated angularities of the present ecosystem need to be rounded off.
The Indian digital landscape has seen the emergence of new models of digital lending due to the demand-supply matrix, accentuated partially by the distress caused by the Covid situation: (a) NBFC/bank-owned digital platforms in which the RBI has direct regulatory oversight (balance sheet lenders, as they lend their own money); (b) Digital platforms working in partnership with NBFC/banks, acting as intermediaries, and hence, not registered with the central bank but vicariously regulated by RBI regulations applying to banks/NBFC (marketplace lending, where others are allowed to lend); (c) Peer-to-Peer (P2P) lending platforms, new but majorly unregulated entities, laced with digital tools, closest to the needy borrower. The RBI has mandated these retail lenders to seek regulation as P2P-NBFC. ‘Payday lending’ platforms and ‘Buy now pay later’ provisions also fall in this category.
Loans without credit-worthiness and without KYC make entry easy. Unethical and unauthorised use of personal data to mitigate lethal and coercive methods of repayment of exorbitant and unregulated interest rates make exit impossible.
At present, genuine P2P platforms connect lenders (cash-rich investors looking for attractive returns) with borrowers of poor credit score or out of conventional financial outreach. In future, India Stack is going to help private players to enable disruption. India Stack is a set of APIs (Application Programming Interface), which allows the government and private companies to deploy cashless and paperless technology products, independent of their owners to transform India into a cashless economy.
This would enable even the street vendor who does not have a bank account to make all his transactions digital and use this information to grow business. Through the Open Network for Digital Commerce, the government is seeking to replicate the success of the Open Network for
E-commerce, hoping to put in place a backbone on which sellers and logistics service providers can connect with the buyers, no matter what platform they use through open APIs.
A large part of digital retail payments in India is processed by the National Payment Corporation of India (NPCI), incorporated as non-profit in which various national banks are shareholders. The UPI, Immediate Payment Service (IMPS), Bharat Bill Pay, Aadhaar Enabled Payment Service (AEPS) and RuPay are some retail payment platforms operated by the NPCI.
The RBI had invited expressions of interest last year under a plan to allow new entities to create new digital payment platforms other than NPCI, called New Umbrella Entities (NUEs). These were to be for-profit platforms (charging fees for transactions, say utility bill etc), presumably to cut concentration risks and also for more options in the market. Six consortiums, including Amazon, Facebook and the Tata group, applied in partnership with Reliance, ICICI etc.
But the RBI has put this plan on hold, realising the risks involved in allowing the private sector manage payment platforms till the Data Protection Law is in place, learning its lessons from Master Bank’s non-compliance of data localisation and data breaches in MobiKwik etc.
The landscape is peppered with both unscrupulous players as well as genuine entities. There is and always will be pressure to balance regulation with innovation. There is increasingly a clamour for the oft-heard ‘Soft Touch Regulation’, a euphemism for self-regulation. But self-regulation is easier said than done. The reason unauthorised lending platforms have mushroomed is the existing credit information asymmetry faced by lenders vis-a-vis borrowers. This could have been set right long back. The RBI has proposed a Public Credit Registry (credit information database), accessible to all stakeholders and Open Credit Enabled Network (infrastructure protocol for lending based on consent-based operations), which will promote legit players and curb unauthorised lenders.
The existing digital lending landscape is governed by the existing Fair Practices Code for NBFCs and banking directions issued by the RBI from time to time, including the most recent Master Direction NBFC-P2P lending platform (Reserve Bank) Directions, 2017. The Money Lenders’ Act (Sahukar Act, as it is called in some states), in most places of jurisdiction, has been obfuscated and has lost teeth because of poorly regulated and supervised rules and bylaws. States such as Telangana have stringent and non-bailable clauses which have come in handy for tackling instant loan app-related frauds. Industry associations also suggest that there should be a law not allowing short-term loans (less than 60 days). Data Protection Act in place is the necessity for both digital lending and digital payment domains to function smoothly and securely.
The working group has suggested a nodal agency to verify all digital lending apps. It has also suggested tighter norms for ‘Buy now, pay later’ loans and government notification to bring them on a par with traditional credit facilities. In all correctness, it suggests the regulated entities to take the onus of adherence to standard protocols of business conduct of attached entities. Similarly, emphasis on protection of data privacy of citizens is a sine qua non.
Similar brainstorming is underway in the sphere of digital payments. No doubt a well thought out strategy by the central bank with last mile connectivity by law enforcement agencies will help to resolve the issues being faced today.