How RBI Guidelines Can Address Data Privacy Issues in Digital Lending

The banking industry has undergone a major digital transformation and has implemented cutting-edge technology after the Covid-19 pandemic. As a result of the recession and barriers to in-person channels, financing requirements have changed dramatically.

A better client experience, faster turnaround time, and the use of artificial intelligence and machine learning have all contributed to the transformation of the lending landscape. The lending landscape is evolving rapidly toward automation and digitisation, and traditional banks are being transformed into digital lenders by enhancing the lending process.

Although digital lending is the way forward, it comes with some concerns, particularly data privacy issues. This requires the FinTech sector to focus on governance, business conduct, regulatory compliance, and risk mitigation.

What Is Data Security & Why Should You Care?

In simple terms, preventing unwanted access, corruption, or theft of digital data across all stages of its life is known as data security. It can be helpful in-

• stopping identity theft, hacking, phishing, and other illicit actions
• avoiding the unapproved sale of data to unaffiliated companies
• preventing issues with India’s economy, national security, and data privacy and data governance on a larger scale

What Is Data Security in Digital Lending?

Data, especially financial data, is considered extremely valuable. Therefore, it carries the risk of theft and misuse, which every organisation must guard against to protect the interests of both public and private users. These are some of the prevalent data-related concerns-

• Preventing unwanted threats from accessing users’ mobile devices, including financial and credit information.
• Safeguarding identifiable financial information exchanged in several phases, from loan application to disbursal.
• Ensure privacy regulations are maintained so that digital lending to expand effectively.

Data Protection Guidelines for Digital Lenders in India

The proliferation of digital lending platforms prompted the Reserve Bank of India (RBI), India’s banking regulator, to issue the Digital Lending Guidelines, which introduced many changes aimed at streamlining Regulated Entities’ (REs) practices and protecting borrowers’ interests. It is crucial regarding data security, privacy, confidentiality, and consumer protection.

The major points of the guidelines are as follows:

Data collection based on the need

According to the guidelines, REs must ensure that:

• Any data collected by the DLAs (Digital Lending Applications) should be need-based and should be collected with the borrower’s prior express approval and an audit record.
• DLAs must refrain from accessing additional data stored in devices: media, contact information, call logs, phone features, etc.
• A borrower must expressly authorise one-time access to the camera, microphone, location, or other facility intended for the onboarding/KYC procedure.

Data sharing with third parties

Any user information collected by an entity that does not directly relate to that use is considered third-party data. Guidelines state that Before sharing personal information with any third party, the borrower’s explicit consent is required.

• Third-party data is any information collected by an entity that has no direct relationship with that use.
• The borrower must give explicit consent unless otherwise required by law.
• A legal document should outline the how, what, and why of a data-sharing agreement with a third party.
  

Data preservation

• LSPs (lending service providers) and DLAs should not store any information about borrowers other than what is necessary to carry out their business (name, address, customer contact information, etc.)
• The DLAs have to establish a clear policy regarding customer data storage. Guidelines should include what type of data can be stored, how long it can be stored, restrictions on its use, data destruction protocols, and standards for handling security breaches.
• Unless permitted by existing statutory guidelines, no biometric data is stored or collected in systems associated with the DLA of REs/ their LSPs.
• All data is stored only on servers in India, following statutory obligations/regulatory instructions.

Privacy Approach

A DLA and LSP’s privacy policy must also comply with applicable laws, regulations, and RBI guidelines for REs to ensure compliance. Comprehensive privacy policies should be made public to access and collect borrowers’ personal information.

Additionally, the privacy policy must specify which third parties have permission to collect personal information via the DLA.

Data privacy and security of customer information are the responsibility of the REs, and they must ensure that the LSPs and DLAs they work with follow the above guidelines.

To engage in digital lending, REs and the LSPs they employ must also comply with various technical standards and cybersecurity requirements stipulated by the RBI and other agencies.

Summing It Up

According to Inc42’s report ‘State Of Indian Fintech Ecosystem Q4 2022,’ the market size of digital lending in India is expected to grow exponentially in the coming years, reaching $1.3 trillion by 2030.

As a result, these guidelines take a borrower-centric approach while empowering people with emerging technology and data privacy.

The government has withdrawn the Data Protection Bill 2021. Therefore these Guidelines are a necessary step toward closing the legal gap regarding credit institutions’ collection, handling, and storage of borrower data.

Not surprisingly, digital lending is gaining popularity due to its convenience to the entire lending ecosystem, including borrowers, lenders, and regulators.

However, technology can also have some drawbacks, so regulatory guidelines are essential to any regulation to protect the general public from fraudulent activities and data breaches.

Due to its impact on productivity and increased ROI, fintech platforms like Precisa are taking over the entire lending process, offering cutting-edge tools like credit risk analysis, automated bank statement analysis generating financial data more accurately with the help of account aggregators etc.

To know more, book a free trial today!