News report

A Dark Underbelly: Digital Loans, Real-World Extortion

When Nanda Kumar, 52, took his own life late last month in Bangalore following allegations of harassment by loan collectors, he left a disturbing picture of the measure in his death note. which digital lending platforms could go to to ensure repayment. Kumar, a co-operative bank employee, was targeted for his pending loan payments – of around Rs 40,000, borrowed through various digital lending apps – with threats over the phone that included the alleged turning of his images into pornographic content.

Before jumping in front of a moving train, he called for a ban on unregulated digital lending apps via his note.

Read also | Calls for digital literacy

The threats Kumar faces fit a pattern of coercion embraced by many unregulated digital lenders across the country. July had already seen Pratyusha, a 23-year-old woman from Guntur in Andhra Pradesh, end her life after running into trouble with online lenders. Police reportedly said she was also harassed and threatened to have her private photographs made public.

The theme is becoming increasingly familiar – easy personal loans offered without collateral or detailed documentation, lenders with access to data stored on the borrower’s phone, interest rates significantly higher than originally promised, loan defaults and subsequent debts, followed by aggressive collection tactics that include threats of public humiliation.

Earlier this month, the Reserve Bank of India (RBI) firmed up a new regulatory framework in the first concerted step to address a host of issues related to unfair digital lending practices. The rise in the number of unregulated lenders run by faceless promoters and the sheer volume of easy-to-process loans they offer, however, is a long way to compliance.

On a difficult path

The wide distribution of standalone cases recorded under digital lending, coupled with the lack of transparency in the ownership of unregulated lending companies, makes police intervention difficult, said Raman Gupta, Deputy Commissioner of Police (Crime), Bengaluru City. “The leaders of these companies have no local presence and are often a front for Chinese promoters. The bases of these companies are spread across multiple states, which limits the scope of tracking,” Gupta said.

The National Crime Records Bureau, in its compilation of cybercrime cases in 2020, ranks Karnataka top in cases of fraud as a motive. The state has reported 9,680 such cases, followed by Uttar Pradesh (4,674) and Telangana (4,436). Online lending is a major category of cybercrime.

The RBI received 7,813 complaints against banks and non-banking financial firms in the financial year 2021-22.

These numbers are just the tip of the iceberg. Analysts estimate that only 20-25% of grievances become formal police complaints.

A report compiled by an RBI Task Force on Digital Lending, published in November 2021, concluded that approximately 30% of digital lending apps request permission to access the location and camera of the user and 21% requested access to contacts.

The report also revealed that around 600 of the 1,100 loaner apps available to Android users at the time were “illegal” and posed the risk of compromised user accounts, phishing attacks and spoofing. of identity.

The RBI classifies digital lending platforms into three categories: lenders that fall under its regulatory framework, legally authorized lenders not regulated by the bank, and lenders that operate outside of all regulatory provisions.

On August 10, the bank, in an important move to address issues such as uncontrolled third-party engagement and data privacy breaches, released the recommendations of the task force it had set up.

One of the key recommendations accepted for immediate implementation requires that all loan disbursements and repayments be executed between the bank accounts of the borrower and the regulated entity, without going through a third-party account.

RBI-regulated platforms are required to disclose the all-inclusive cost of the loan to the borrower, in the form of an annual percentage rate (APR). Without such disclosure, many fall prey to hidden costs.

Bharat*, a software engineer residing in Marathahalli, Bengaluru, for instance, availed around Rs 45,000 in loans from five different digital lenders, between January and February this year.

Lenders only asked for copies of his PAN and Aadhar cards to process loans which were approved within one or two hours on average.

It has closed three loans, so far, and spent more than Rs 2 lakh on repayments. “There were times when payment was not reflected in the app; I had to deal with hostile calls multiple times on the same day,” he said. Hostile calls soon began flooding into his contacts as well.

The guidelines specify that the loan agreement should incorporate a cooling-off or research period during which the borrower can exit digital loans by paying the principal and proportional APR, without penalty.

Many cases involving late repayment have seen debt collectors misuse personal data accessible through apps, including photographs, to harass borrowers, as in the cases of Bharat and Kumar. The RBI has therefore made it clear that data collection should also be needs-based, carried out with the explicit consent of the borrower and have clear audit trails.

New regime, regulation

The new regulatory framework is expected to push for greater accountability among digital lending platforms and redefine their terms of engagement with Lending Service Providers (LSPs). It is still too early to tell how lenders without a bank or non-bank financial company license are preparing to comply with the new regulatory regime.

Harshvardhan Lunia, CEO and Founder of Lendingkart, said the RBI guidelines could put an end to bad practices, including the scraping of data from consumers’ phones. “In addition, the RBI is also seeking to establish a self-regulatory organization covering regulated entities and digital lending applications/LSPs in the digital lending ecosystem to combat bad practices and bring an additional layer of code of conduct,” he said.

The RBI task force, as one of its main recommendations to the Union government, said the government could consider drafting legislation to ban unregulated lending activities. The legislation could cover “all entities not authorized by the RBI and not registered under any other law to specifically undertake public lending”, the task force said.

As lenders and fintech players falling within the scope of regulation rework their operating conditions to ensure compliance, checks on unregulated entities will critically depend on the Union Government’s response to the recommendations of the RBI, including legislation.

The rise in the number of unregulated entities has left credible companies operating in digital lending spaces fighting a battle of perceptions. Many of these actors have responded by taking action such as providing useful information to the public.

Not the call of the citizen

While public caution is important, it cannot be cited as a solution in place of policy. Mumbai-based cybersecurity expert Ritesh Bhatia said diligent citizens need to be diligently supported by the platforms that host the apps and the governments that proactively address their concerns. “The problem here is that the platforms only tighten their systems when 100 citizens are concerned and the government only acts when there are more cases involving these apps. Victims are humiliated by lenders, but there there are also cases where they are humiliated by our system (by suggesting that they have been duped),” Bhatia said.

Law enforcement sources said the reluctance of consumers to report cases of excesses by loan collectors was a concern. Analysts have argued that administrative pressure for the ease of doing business has also contributed to the rise of unverified digital lending platforms that benefit from “gaps” in the ecosystem.

The new RBI guidelines also contemplate police surveillance to check for unauthorized call center operations. A senior Bengaluru police official said the new mechanisms recommended under the RBI could help further regulate digital lenders, but tracking faceless lenders operating outside the legal provisions was still a difficult task.

The RBI said the new regulatory framework is based on the “principle” that lending activities can only be carried out by entities regulated by the RBI or other lenders authorized to operate under any other law.

(*Name has been changed to protect identity)