A dark underbelly: Digital loans, real-world extortion

When 52-year-old Nanda Kumar ended his life late last month in Bengaluru, following alleged harassment by loan recovery agents, he left in his death note a disturbing picture of the extent to which digital lending platforms could go to ensure repayment. Kumar, a cooperative bank employee, was being targeted for his pending loan payments — of about Rs 40,000, borrowed through various digital lending apps – with threats over the phone that included alleged morphing of his images into pornographic content.

Before throwing himself in front of a moving train, he requested a ban on unregulated digital lending apps through his note.

Also Read | Calls for digital literacy

The threats faced by Kumar are consistent with a pattern of coercion adopted by many unregulated digital lenders across the country. July had already seen Pratyusha, a 23-year-old woman from Guntur in Andhra Pradesh, end her life after facing trouble from online lenders. The police were quoted as saying that she was also being harassed with threats about her private photographs being made public.

The theme is becoming increasingly familiar – easy personal loans offered without collateral or detailed documentation, lenders provided with access to the borrower’s phone-stored data, interest rates that are significantly higher than originally promised, defaulting and subsequent debts, followed by aggressive recovery tactics that include threats of public shaming.

Earlier this month, the Reserve Bank of India (RBI) firmed up a new regulatory framework in the first concerted step to address a host of issues related to unfair digital lending practices. The rise in the number of unregulated lenders fronted by faceless promoters and the sheer volume of easy-process loans they offer, however, make this a long road to compliance.

On a tough trail

The wide distribution of standalone cases that are registered in connection with digital lending, coupled with the lack of transparency in the ownership of unregulated lending firms, make police intervention difficult, Raman Gupta, Joint Commissioner of Police (Crime), Bengaluru City, said. “The directors of these companies have no local presence and are often a front for Chinese promoters. The bases of these firms are spread across multiple states, making the scope of tracking limited,” Gupta said.

The National Crime Records Bureau, in its compilation of cybercrime cases in 2020, lists Karnataka at the top for cases with fraud as motive. The state reported 9,680 such cases, followed by Uttar Pradesh (4,674) and Telangana (4,436). Online lending is a major category under cybercrime.

The RBI received 7,813 complaints against banks and non-banking financial corporations during the 2021-22 financial year.

These numbers are just the tip of the iceberg. Analysts estimate that only 20% to 25% of the grievances become formal police complaints.

A report compiled by an RBI working group on digital lending, released in November 2021, concluded that about 30% of digital lending apps requested permission to access the user’s location and camera and 21% asked for access to contacts.

The report also found that about 600 of the 1,100 lending apps available for Android users at the time were “illegal” and posed the risk of compromised user accounts, phishing attacks and identity theft.

The RBI classifies digital lending platforms into three categories — lenders that come under its regulatory framework, statutorily authorised lenders not regulated by the bank and lenders who operate outside of all regulatory provisions.

On August 10, the bank, in a significant move to address issues including unchecked third-party engagement and breach of data privacy, released the recommendations of the working group it had constituted.

One of the key recommendations that have been accepted for immediate implementation requires all loan disbursals and repayments to be executed between the bank accounts of the borrower and the regulated entity, without passing through a third-party account.

The RBI-regulated platforms are required to disclose to the borrower the all-inclusive cost of the loan, in the form of an Annual Percentage Rate (APR). Without such a disclosure, many fall prey to hidden costs.

Bharat*, a software engineer residing in Marathahalli, Bengaluru, for instance, availed about Rs 45,000 in loans from five different digital lenders, between January and February this year.

The lenders sought only copies of his PAN and Aadhar cards for processing the loans that were approved within one or two hours on an average.

He has closed three loans, so far, and spent in the excess of Rs 2 lakh as repayment. “There were times the payment was not reflected in the app; I had to handle hostile calls multiple times on the same day,” he said. Hostile calls soon started flooding his contacts too.

The guidelines specify that the loan contract is required to incorporate a cooling-off or look-up period during which the borrower can exit digital loans by paying the principal and the proportionate APR, without penalty.

Many cases that involve delayed repayment have seen the recovery agents misusing personal data accessed through the apps, including photographs, to harass the borrowers– like in the instances of Bharat and Kumar. The RBI, therefore, made it clear that the collection of data should also be need-based, done with the explicit consent of the borrower and have clear audit trails.

New regime, regulations

The new regulatory framework is set to push for greater accountability among digital lending platforms and redefine their terms of engagement with the Lending Service Providers (LSPs). It is still too early for a stock-taking on how lenders without banking or Non-Banking Financial Company licences are preparing for compliance under the new regulatory regime.

Harshvardhan Lunia, CEO and founder of Lendingkart, said the RBI guidelines could put a stop to malpractices including data scraping from consumers’ phones. “Additionally, the RBI is also looking to set up a self-regulatory organisation covering regulated entities and Digital Lending Apps/LSPs in the digital lending ecosystem to curb malpractices and bring in an added layer of code of conduct,” he said.

The RBI working group, as one of its key recommendations to the Union government, said the government could consider framing legislation to ban unregulated lending activities. The legislation could cover “all entities not authorised by RBI and not registered under any other law for specifically undertaking public lending,” the working group said.

While lenders and fintech players under the regulatory scope rework their operating terms to ensure compliance, checks on unregulated entities will depend decisively on the Union government’s response to the RBI recommendations, including on the legislation.

The rise in the number of unregulated entities has left credible companies operating in the digital lending spaces fighting a battle of perceptions. Many such players have responded with measures like providing information that helps the public.

Not the citizen’s call

While public caution is important, it cannot be cited as a solution in place of policy. Mumbai-based cyber security expert Ritesh Bhatia said diligent citizens need to be backed with diligence from platforms that host the apps and governments that proactively address their concerns. “The problem here is that the platforms tighten their systems only when 100 citizens raise concern and the government acts only when there are more cases involving these apps. The victims are shamed by the lenders but there are also cases in which they are shamed by our system (by suggesting that they let themselves be duped),” Bhatia said.

Police sources said the consumers’ reluctance in reporting cases of excesses by loan recovery agents was a concern. Analysts argued that the administrative push for ease of doing business has also contributed to the rise of unverified digital lending platforms that benefit from ‘loopholes’ of the ecosystem.

The new RBI guidelines also envision police surveillance to check unauthorised call centre operations. A senior police official in Bengaluru said new mechanisms recommended in the RBI framework could help further regulate digital lenders but tracking faceless lenders operating outside of legal provisions was, still, a tough task.

The RBI has stated that the new regulatory framework is based on the “principle” that lending business could be carried out only by RBI-regulated entities or other lenders permitted to operate under any other law.

(*Name has been changed to protect identity)