RBI DIGITAL LENDINGGUIDELINES 2025

Pre-Sanction Disclosure:

• • Complete APR calculation and breakdown
• • All fees, charges, and penalties upfront
• • Loan terms and conditions in vernacular
• • Repayment schedule with due dates
• • Consequences of default clearly stated
• • Cooling-off period of 3 days minimum

Documentation Rights:

• • Loan agreement in preferred language
• • Digital copy of all signed documents
• • Sanction letter with complete terms
• • Repayment schedule and amortization
• • Contact details for grievances
• • Rights and obligations summary

Data Collection Rights:

• • Explicit consent for data collection
• • Purpose limitation for data usage
• • Right to know data sources
• • Consent withdrawal option
• • Data portability rights
• • Third-party sharing disclosure

Data Security Rights:

• • Secure data storage and transmission
• • Data breach notification within 72 hours
• • Right to data correction and deletion
• • Access to personal data held
• • Data retention period disclosure
• • Grievance mechanism for data issues

Lending Practices:

• • Non-discriminatory lending decisions
• • Reasonable assessment of repayment capacity
• • No coercive or unethical practices
• • Respectful communication standards
• • Fair and transparent pricing
• • Appropriate loan products for needs

Collection Practices:

• • Dignified and respectful collection
• • No harassment or intimidation
• • Reasonable contact hours (8 AM - 7 PM)
• • Privacy of family and workplace
• • No public shaming or defamation
• • Structured settlement options

Hidden Charges:

• • No undisclosed fees or charges
• • No surprise deductions from loan amount
• • No bundled services without consent
• • No charges for mandatory services
• • No fees for basic account operations
• • No charges for grievance handling

Misleading Practices:

• • No false or misleading advertisements
• • No bait-and-switch pricing tactics
• • No incomplete fee disclosures
• • No complex fee structures to confuse
• • No promotional rates without full terms
• • No comparison with unrealistic scenarios

Included in APR:

• • Base interest rate (annualized)
• • Processing fees and charges
• • Documentation and legal fees
• • Verification and assessment charges
• • Insurance premiums (if mandatory)
• • GST on all applicable fees
• • Any other mandatory charges

APR Display Requirements:

• • Prominent display in all communications
• • Larger font size than other rates
• • Consistent across all platforms
• • Updated in real-time for changes
• • Available in vernacular languages
• • Comparison with market rates
• • Historical APR trends (if applicable)

Permitted Entities:

• • Scheduled Commercial Banks
• • Non-Banking Financial Companies (NBFCs)
• • Housing Finance Companies
• • Small Finance Banks
• • Payment Banks (for specific products)
• • Cooperative Banks (with RBI approval)

Platform Obligations:

• • Direct lending relationship only
• • No intermediary lending models
• • Technology service provider agreements
• • Clear role demarcation
• • Regulatory compliance responsibility
• • Customer relationship ownership

Permitted TSP Services:

• • Customer acquisition and onboarding
• • Credit assessment and underwriting support
• • Loan management system services
• • Payment processing and collection
• • Customer service and support
• • Data analytics and reporting

TSP Restrictions:

• • Cannot hold customer funds
• • No direct lending activities
• • Cannot make credit decisions independently
• • No customer data ownership
• • Cannot charge customers directly
• • Must comply with data protection norms

Regular Reporting:

• • Monthly digital lending portfolio reports
• • Quarterly compliance certificates
• • Annual third-party audit reports
• • Incident reporting within 24 hours
• • Customer complaint statistics
• • Data breach notifications

Audit & Assessment:

• • Independent system audits
• • Cybersecurity assessments
• • Fair lending practice reviews
• • Customer protection compliance
• • Data privacy impact assessments
• • Business continuity planning

Internal Grievance System:

• • Dedicated grievance officer appointment
• • 24/7 complaint registration facility
• • Multiple communication channels
• • Acknowledgment within 24 hours
• • Resolution within 30 days
• • Escalation matrix for delays

External Redressal Options:

• • RBI Ombudsman scheme coverage
• • Consumer forum jurisdiction
• • Industry association mediation
• • Regulatory complaint mechanisms
• • Legal remedies availability
• • Class action suit provisions

Permitted Practices:

• • Respectful communication only
• • Contact during reasonable hours
• • Written notice before action
• • Structured settlement options
• • Professional collection agencies
• • Documented collection activities

Prohibited Practices:

• • Harassment or intimidation
• • Public shaming or defamation
• • Contact with family/employers
• • Threatening language or behavior
• • Excessive contact frequency
• • Misrepresentation of consequences

Digital Access Rights:

• • Platform accessibility standards
• • Multi-language support
• • Offline service alternatives
• • Digital literacy support
• • Assisted digital services
• • Alternative communication methods

Cybersecurity Protections:

• • End-to-end encryption standards
• • Multi-factor authentication
• • Regular security updates
• • Fraud monitoring systems
• • Incident response procedures
• • Customer security education