The RBI Digital Lending Guidelines 2022 were issued to address malpractices in the fintech lending ecosystem including predatory lending, unauthorised use of customer data, and harassment by recovery agents. The guidelines mandate that all loan disbursements and repayments must flow directly between borrower bank accounts and regulated entities' accounts, prohibiting pass-through accounts operated by Lending Service Providers (LSPs). They establish the Digital Lending App (DLA) framework requiring all such apps to disclose LSP details, ensure transparent pricing through a Key Fact Statement (KFS), and comply with data privacy norms including specific consent requirements and restrictions on accessing mobile phone resources.

• Eliminates pass-through bank accounts operated by third-party LSPs, ensuring borrowers deal directly with regulated entities and reducing fund diversion risks
• Mandates standardized Key Fact Statement (KFS) disclosure in vernacular languages showing APR, processing fees, and total cost, enabling borrowers to compare offerings transparently
• Prohibits automatic increase in credit limits without explicit customer consent and restricts LSP access to sensitive mobile data like contact lists and call logs
• Establishes nodal grievance redressal officer requirement and cooling-off/look-up period for first-time borrowers, reducing predatory lending practices
• Requires RBI-regulated entities to conduct due diligence on all LSPs in their lending value chain, creating accountability throughout the ecosystem

• Enforcement challenges persist as many illegal lending apps continue operating by frequently changing names, domains, and using offshore servers beyond RBI jurisdiction
• Ambiguity in defining 'legitimate business need' for data access allows certain LSPs to justify excessive mobile permissions under operational requirements
• No explicit cap on interest rates or processing fees, allowing some platforms to charge effective APRs exceeding 40-50% while remaining technically compliant
• Limited regulatory clarity on Buy-Now-Pay-Later (BNPL) products, creating grey areas where some fintech players classify loans as 'deferred payment arrangements' to avoid guidelines
• Weak verification mechanisms for LSP disclosures on lending apps; borrowers rarely verify if disclosed LSPs match RBI records or check regulated entity partnerships

• In December 2022, Google removed over 2,200 lending apps from Play Store following RBI pressure after complaints showed Chinese-linked illegal apps like 'Cash Master' and 'Rupee Fast' were charging 60-100% interest and harassing borrowers using morphed photos from contact lists.
• Paytm faced RBI scrutiny in 2023 when its Paytm Postpaid BNPL product was found routing transactions through Paytm Payments Bank accounts rather than directly from the NBFC (Paytm Digital Credit Limited), violating the pass-through account prohibition under the guidelines.
• IIFL Finance was penalized in 2023 for inadequate due diligence on its LSP partners when borrowers complained that recovery agents engaged by third-party collection agencies were accessing personal phone data and morphing photographs for harassment, violating the data privacy norms mandated under DLG 2022.

• Implement real-time API integration with RBI's verified LSP registry allowing borrowers to validate LSP credentials instantly within lending apps before proceeding with applications
• Establish dedicated digital lending compliance teams with technological capabilities to monitor app versions, SDK integrations, and actual data access patterns rather than relying solely on policy documentation
• Conduct quarterly third-party audits of all LSP arrangements including mystery shopping exercises to verify KFS accuracy, data access permissions, and actual customer experience against policy commitments
• Deploy automated surveillance systems scanning app stores and web domains for clone apps, trademark violations, and fraudulent use of regulated entity names in unauthorized lending platforms