back Back

Ensuring Regulatory Compliance in Digital Lending in the aftermath of the Data Protection Act

May 30, 2024

  • customer data management
  • Data Privacy
  • Data protection bill

Gaurav Sharma, Chief Compliance Officer, ​F​incfriends
Gaurav Sharma, Chief Compliance Officer, ​F​incfriends

By Gaurav Sharma, Chief Compliance Officer, ​F​incfriends

India has been at the forefront of leveraging the advantages of sequential technological advancements whilst keeping an eye on its rampant penetration. As it moves towards becoming a robust economy, the interplay between technology and lending presents both opportunities and risks. In a major move to address the risks concerning data privacy and security, the RBI has introduced a series of strategic imperatives to bring greater clarity over the correspondence of data sharing and a layer of transparency in digital lending operations.

The foundational branches of the data-centric regulatory requirements had emerged in the form of RBI’s guidelines on digital lending, prioritising data protection and privacy. While these guidelines were successfully able to highlight and address the non-uniformity in lending practices by bringing unregulated lenders into a regulated space, its limited scope failed to cover non-lending digital entities. This, in return, created the need to add a layer of data protection, further paving the way for India’s first Digital Personal Data Protection Act.

Privacy with Digital Personal Data Protection Act (DPDPA)

Capitalising on the need to build a comprehensive data governance framework for digital lending entities, the Digital Personal Data Protection Act symbolises a significant leap in achieving complete data protection and privacy. With an increased focus on empowering lenders, the DPDPA takes into account the security of customer data and is moving towards developing impactful privacy governance programs for effectively mitigating businesses and reputational risks.

The financial services industry stands a chance to offer greater authority to lenders in data handling by simply being compliant with these stringent guidelines. Furthermore, these guidelines also act as a bridge to address the inconsistencies of the present lending framework and build a network of transparent and future-ready digital lenders. While this sudden transition may seem tedious at the present, but is key to creating a customer-centric digital lending ecosystem.

Interplay between Digital Lending Framework and DPDPA Guidelines  

Being driven by favourable socio-economic factors and an increased proliferation of digital lending platforms, the Indian digital consumer lending market is expected to surpass the $720 billion mark by 2030. This growth is further aggravated by the lucrative opportunity pool and simplified access to credit, which can be accredited to digital lending platforms that have helped the underserved segment gain timely funds without rigorous documentation and processing. However, this also means negligence of customer data privacy, which makes the DPDPA a strategic imperative.

The introduction of DPDPA guidelines in the digital lending space marks the beginning of a refurbished regulatory framework in consideration of data privacy, customer protection, information security, and outsourcing activities, amongst many others. The implementation of these guidelines requires lenders to adopt a well-nuanced approach and reflect on the experience gained from the previous RBI guidelines. At the very core, to embrace these guidelines, digital lenders need to capture data only on a need basis after the procurement of proper consent.

Implications of the Data Protection Act

In the aftermath of the Data Protection Act, all digital platforms collaborating with regulated lending entities will be addressed as ‘Data Processors’ and will have to comply with the DPDPA standards. As the digital lending process works on assessing customer data to grant credit and reduce fraud risks, the DPDPA has mandated all lenders to procure customer consent before undertaking credit accessibility assessments for more transparent risk management.

In addition, the DPDPA standards have put a hold on outsourcing activities of customer management. They can be continued further only upon the subjection of these outsourcing arrangements as per the stringent framework. Further, digital lending players are also required to ensure that the customer data management cycle complies with DPDPA’s rules, which may affect different vertices of the lending process, including onboarding and building customer relations.

Final Thoughts

Given the Digital Lending industry’s potential to propel further, it is significant that lending platforms adhere to the DPDPA guidelines as the bedrock for ethical customer data management. While the implementation may not be easy, the benefits of data security and enhanced trust make this move paramount. With the potential to create a digital lending ecosystem characterised by the pillars of data protection and security, the Data Protection Act is the key to nurturing a tamper-proof and inclusive economy in the long run.           

Previous Article

May 22, 2024

How can eCommerce businesses benefit from instant settlements?

Read More
Next Article

June 03, 2024

Is Compliance the New Key to Disruptive Tech?

Read More

IBSi News

July 19, 2024

customer data management

Ecommpay & Mastercard partner to deliver Click to Pay in Europe

Read More

  • Daily insightful Financial Technology news analysis
  • Weekly snapshots of industry deals, events & insights
  • Weekly global FinTech case study
  • Chart of the Week curated by IBSi’s Research Team
  • Monthly issues of the iconic IBSi FinTech Journal
  • Exclusive invitation to a flagship IBSi on-ground event of your choice

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

July 11, 2024

AI in Accounting: Moving Beyond the Hype

Read More

July 10, 2024

When cyber criminals log in, but don’t break in, is your data still data secure?

Read More

July 05, 2024

From self-governance to sustainable growth: how the SRO-FT empowers India’s FinTech revolution

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q2 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More