A working group by the apex banking regulator Reserve Bank of India proposed enhanced data localisation norms and creating dedicated self-regulated organisations to combat digital lending frauds. The working group spearheaded by the executive chairman of the apex bank Jayant Dash was constituted in January this year to address issues pertaining to consumer protection. This was against the backdrop of an observed spurt in digital lending activities.
The apex banker stated that it was making the report public to seek comments and suggestions. This can be done via email until December 31. "The comments will be examined before a final view is taken on the recommendations and suggestions made by the WG," RBI said in its press statement.
The proposals submitted by the working group include data collection with prior and exploit consent of borrowers with verifiable audit trials. It further proposes that all data must be stored in servers located in India.
Back in April, RBI had barred card companies Diners International, Mastercard and American Express from onboarding new customers. The apex bank had stated this was on account of their failure to comply with data localisation norms.
RBI's data localisation norms stipulate that entire data relating to payments operated by the companies must be stored in a system only in India. Additionally, the data must be protected with end-to-end encryption. The companies had argued back in 2018 that creating such a digital infrastructure would be cumbersome and expensive.
The ban on Diners International was lifted on November 9.
Further, the working group proposed subjecting the lending apps to a verification process by a nodal agency in consultation with the stakeholders. Additionally, separate legislation and self-regulatory organisation must be set up to monitor the participants in the digital lending space.
The working group further stated that certain baseline standards of technology and compliance must serve as prerequisites to determine entry into the digital lending space.
In order to ensure transparency, the working group proposed a code of conduct to govern the use of unsolicited commercial communications for digital loans. Additionally, a negative list must be maintained by the self-regulatory organisation. This would be accompanied by a standardised code of conduct for recovery to be framed by the self-regulated organisation.