Search GrowthX Learning Content

RBI’s Digital Lending Guidelines: What Fintechs Must Know

blog

Digital lending has become a cornerstone of India’s evolving fintech industry, offering quick and convenient access to credit for individuals and small businesses. As this sector continues to expand, the Reserve Bank of India (RBI) has introduced the Digital Lending Guidelines (DLG) to establish a structured regulatory environment that ensures transparency, consumer protection, and systemic stability. These guidelines regulate how digital loans are disbursed, managed, and recovered, addressing risks like data misuse, predatory lending, and lack of accountability among platforms.

For fintech companies, compliance with DLG is no longer optional but a strategic necessity. The framework defines the roles of regulated entities, sets standards for data privacy and consent, mandates fair lending practices, and enforces strict reporting obligations. It also governs partnerships, FLDG arrangements, grievance redressal, and cybersecurity norms. By aligning with these guidelines, fintechs can build trust, attract institutional partnerships, and operate legally while contributing to a secure and inclusive digital lending ecosystem.

In this article, CA Manish Mishra talks about RBI’s Digital Lending Guidelines: What Fintechs Must Know.

RBI’s Digital Lending Framework

The RBI’s Digital Lending Guidelines (DLG) mark a significant regulatory step in shaping India’s fast-growing digital credit ecosystem. Introduced in September 2022 and updated in 2025, the framework was designed to address rising concerns over unregulated lending apps, predatory practices, opaque loan terms, data misuse, and borrower exploitation. As digital lending platforms became a preferred source of quick credit for individuals and businesses, the RBI recognised the need to establish a clear regulatory structure to ensure accountability, transparency, and consumer protection.

The guidelines apply comprehensively to all stakeholders involved in the lending process including Regulated Entities (REs) such as banks and Non-Banking Financial Companies (NBFCs), Lending Service Providers (LSPs) who support these entities in sourcing and managing loans, and fintech platforms that facilitate the delivery of credit. They regulate the entire digital lending lifecycle from loan origination, disbursal, and repayment processes to data privacy, disclosure norms, grievance redressal, and compliance reporting. By defining clear roles, responsibilities, and liabilities for each participant, the framework not only enhances consumer trust but also strengthens the integrity and security of India’s digital lending environment.

Definition and Scope 

a) Meaning of Digital Lending: The Reserve Bank of India (RBI) defines digital lending as “the process of extending credit using digital platforms or technologies, either directly by regulated entities or indirectly through third-party service providers.” This definition encompasses the entire lending lifecycle including loan origination, approval, disbursal, repayment, and customer support when conducted through digital channels such as websites, mobile applications, or integrated APIs.

b) Key Participants Covered Under the Guidelines

  • Banks and NBFCs (Regulated Entities - REs): These are the primary financial institutions responsible for issuing loans, ensuring regulatory compliance, managing fund flows, and bearing the associated credit risk. They operate under RBI’s supervision and are ultimately accountable for customer protection and legal adherence.

  • Lending Service Providers (LSPs): LSPs are fintech companies that collaborate with REs to provide services such as customer onboarding, KYC verification, credit scoring, loan sourcing, and collections. They act as technological and operational partners but cannot independently extend credit.

  • Digital Lending Apps (DLAs): DLAs are web-based or mobile applications through which customers apply for and manage loans. They serve as the interface between borrowers and lenders, often owned by REs or LSPs.

c) Restrictions on Unregulated Entities: A provision of the framework is that unregulated fintech platforms cannot lend directly. To legally participate in the lending ecosystem, they must either partner with a regulated entity (RE) or obtain an NBFC license. This ensures that only authorised entities are responsible for credit issuance and regulatory compliance, thereby reducing consumer risks and strengthening the integrity of the digital lending market.

Loan Disbursal and Fund Flow Compliance

One of the most significant provisions under the guidelines is the requirement that all loan disbursements and repayments must flow directly between the borrower’s bank account and the RE’s bank account.

a) Direct Fund Flow Between Borrower and Regulated Entity: One of the most crucial aspects of the RBI’s Digital Lending Guidelines (DLG) is the strict regulation of how loan funds are disbursed and repaid. According to the guidelines, all loan disbursements and repayments must occur directly between the borrower’s bank account and the Regulated Entity’s (RE) bank account. This rule eliminates the involvement of intermediaries in fund handling and ensures a transparent and auditable flow of money throughout the lending process.

b) Restriction on Lending Service Providers (LSPs): Fintech platforms or Lending Service Providers (LSPs), which act as technology partners for banks and NBFCs, are strictly prohibited from handling loan funds. They cannot receive, hold, or transfer money on behalf of either party. This measure prevents the commingling of borrower funds, which is a common source of fraud, misappropriation, and operational risks in unregulated lending setups.

c) Prohibition on Escrow or Nodal Accounts: The guidelines also explicitly state that escrow or nodal accounts cannot be used for loan disbursal or repayment. These accounts, often used in payment aggregation, create layers between the lender and borrower, potentially obscuring fund movement. By requiring direct transactions, the RBI aims to maintain a clear and traceable audit trail, ensuring that the flow of funds remains transparent and under regulatory oversight.

d) Payment of Processing Fees: Another key provision is that any processing fees or service charges payable to LSPs or fintech partners must be paid by the regulated entity not by the borrower. This protects borrowers from hidden charges and ensures that the cost of third-party services does not become a burden on consumers.

e) Significance of Fund Flow Regulation: These measures collectively enhance consumer protection, reduce the risk of fund diversion or mismanagement, and ensure that the lending process remains transparent, accountable, and compliant with financial laws. By maintaining a direct fund flow between borrowers and regulated entities, the RBI strengthens oversight over digital lending operations and builds trust in the online credit ecosystem.

First Loss Default Guarantee (FLDG) Regulations

a) Meaning of FLDG in Digital Lending: The First Loss Default Guarantee (FLDG) is a risk-sharing arrangement commonly used in digital lending partnerships, where a fintech platform or Lending Service Provider (LSP) guarantees to cover a portion of loan losses incurred by a Regulated Entity (RE), such as a bank or NBFC. This arrangement enables fintechs to support loan underwriting and encourage lenders to extend credit to new or underserved customer segments. However, due to the potential risks involved, the RBI’s updated Digital Lending Guidelines (2025) have introduced stringent regulatory controls around FLDG structures.

b) Cap on FLDG Coverage: To prevent excessive risk concentration, the RBI has capped FLDG coverage as a percentage of the underlying loan portfolio. This cap ensures that fintech companies do not provide guarantees beyond a reasonable limit, reducing systemic risk and ensuring that credit underwriting remains prudent and sustainable.

c) Mandatory Board-Level Approval: All FLDG agreements must receive board-level approval from the regulated entity before implementation. This requirement ensures that senior management evaluates the credit, legal, and operational risks associated with such arrangements. It also enhances accountability and prevents informal or non-transparent guarantee structures between lenders and fintech partners.

d) Disclosure and Regulatory Reporting: The guidelines mandate detailed disclosure of FLDG agreements to both the RBI and statutory auditors. These disclosures must include the extent of guarantee coverage, nature of the arrangement, and performance metrics. Regular reporting strengthens regulatory oversight and prevents misuse or concealment of risk exposure.

e) Credit Risk Responsibility on Regulated Entities: A provision under the updated framework is that only regulated entities are permitted to bear credit risk. Fintech platforms and unregulated service providers are prohibited from assuming substantial risk exposure, as this could circumvent prudential norms and compromise financial stability. The credit risk must always remain with the licensed lender.

f) Objective and Significance: The revised FLDG regulations aim to enhance credit discipline, ensure responsible lending practices, and prevent uncontrolled risk transfer within the financial system. By limiting fintech exposure, mandating approvals, and enforcing transparency, the RBI ensures that loan portfolios are managed prudently and that lending decisions remain under the control of regulated financial institutions. This balanced approach protects both consumers and the financial ecosystem from potential instability caused by aggressive risk-taking.

Disclosure, Transparency, and Fair Lending Practices

a) Importance of Transparency in Digital Lending: Transparency is one of the fundamental pillars of the RBI’s Digital Lending Guidelines (DLG). As many borrowers may be first-time credit users or lack financial literacy, it is essential that lenders and Lending Service Providers (LSPs) present all relevant loan information clearly and upfront. This ensures borrowers make fully informed decisions, reduces the risk of hidden charges, and builds trust between financial institutions and customers.

b) All-Inclusive Annual Percentage Rate (APR): Before a borrower accepts a loan, the lender must display the Annual Percentage Rate (APR) a comprehensive measure that includes the interest rate as well as all associated charges like processing fees, insurance costs, and service fees. By presenting a single, all-inclusive cost, borrowers can compare loan offers easily and understand the total financial burden involved.

c) Sanction Letter Requirements: Upon loan approval, lenders are required to provide a sanction letter either in digital or physical form outlining key loan terms. This document must specify the loan amount, tenure, interest rate, EMI schedule, and repayment structure. This step ensures that borrowers have documented evidence of the terms they agreed to and can refer back to them if disputes arise.

d) Key Fact Statement (KFS): The Key Fact Statement (KFS) is a mandatory one-page summary that distills important loan details into an easily understandable format. It must list all charges, processing fees, late payment penalties, foreclosure charges, and any other hidden costs. The aim is to eliminate fine-print surprises and prevent unfair lending practices, particularly by digital platforms targeting vulnerable customers.

e) Grievance Redressal Mechanisms: The guidelines also make it mandatory for lenders and LSPs to provide clear grievance redressal details. Borrowers must have access to a Grievance Redressal Officer (GRO) and a defined escalation matrix. Complaints unresolved within 30 days must be escalated to the RBI Integrated Ombudsman Scheme. This ensures that customer complaints are addressed promptly and fairly.

f) Ensuring Fair Lending Practices: By enforcing strict disclosure norms and standardising the information provided to borrowers, the RBI aims to reduce information asymmetry, eliminate predatory lending, and ensure fair treatment of customers. These provisions also enhance accountability and transparency across digital lending platforms, fostering a more ethical and consumer-centric credit ecosystem.

In essence, these measures go beyond mere compliance they help build a culture of responsible lending and empower borrowers with the knowledge they need to make confident financial decisions.

Data Privacy and Security Compliance 

a) Importance of Data Governance in Digital Lending: With digital lending heavily reliant on personal and financial data for credit assessment, verification, and service delivery, data privacy and security have become central to regulatory compliance. The RBI’s Digital Lending Guidelines (DLG) place significant emphasis on protecting borrower information, preventing misuse, and ensuring that data is collected, stored, and processed responsibly. Strong data governance not only safeguards consumers but also enhances the credibility and reliability of fintech platforms.

b) Mandatory Consent and Limited Data Access: The guidelines mandate that explicit and informed consent must be obtained from borrowers before collecting or processing their personal data. This consent must clearly specify what data is being collected, why it is needed, and how it will be used. Borrowers must also be given the option to revoke consent at any time, and platforms must delete the data upon such a request. Furthermore, access to sensitive mobile resources such as contacts, photos, or call logs is strictly prohibited unless it is directly necessary for the service thereby reducing the risk of misuse and over-collection of data.

c) Compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act): The DPDP Act, 2023 sets the legal framework for data protection in India, and digital lenders must ensure full compliance with its provisions. This includes principles such as purpose limitation (using data only for the stated purpose), data minimisation (collecting only necessary data), and data subject rights (allowing borrowers to access, correct, or delete their data). Lenders must also maintain transparent privacy policies and notify users in case of data breaches.

d) Security Measures and Technical Safeguards: To protect sensitive borrower information, Regulated Entities (REs) and Lending Service Providers (LSPs) must implement robust cybersecurity measures. These include end-to-end encryption, access control mechanisms, and multi-factor authentication to prevent unauthorised access. Regular security audits, vulnerability assessments, and penetration tests (VAPT) are also required to identify and address potential weaknesses in their systems.

e) Significance of Data Privacy Provisions: These provisions ensure that borrower data is handled ethically, securely, and lawfully. By empowering users with control over their information and enforcing stringent security standards, the RBI’s framework significantly reduces risks related to data breaches, identity theft, and unauthorised profiling. In addition, adherence to the DPDP Act aligns Indian fintechs with global data privacy standards, enabling them to build trust with customers, investors, and regulators alike.

Grievance Redressal and Consumer Protection

a) Importance of Consumer Protection in Digital Lending: With the rapid growth of digital lending platforms, ensuring consumer trust and borrower protection has become a key regulatory priority. Borrowers often interact with digital platforms without direct physical contact, which increases the risk of misunderstandings, hidden charges, and misuse of data. To safeguard borrowers’ interests, the RBI’s Digital Lending Guidelines (DLG) mandate a robust and transparent grievance redressal framework that provides quick and effective resolution of complaints while holding lenders accountable.

b) Appointment of Grievance Redressal Officer (GRO): Every Regulated Entity (RE) including banks and NBFCs must appoint a dedicated Grievance Redressal Officer (GRO) to handle borrower complaints. The contact details of the GRO must be clearly displayed both on the company’s website and within the digital lending application. This ensures that borrowers have a direct point of contact to report issues such as incorrect loan terms, hidden fees, harassment during recovery, or data privacy violations.

c) Escalation to RBI Integrated Ombudsman Scheme: If a borrower’s complaint is not resolved within 30 days of filing, it must be escalated to the RBI Integrated Ombudsman Scheme. This mechanism provides borrowers with a neutral and accessible platform to seek redressal directly from the regulator. It also ensures that lenders take complaints seriously and resolve them promptly to avoid regulatory scrutiny and penalties.

d) Responsibilities of Lending Service Providers (LSPs): Lending Service Providers (LSPs), which often manage customer-facing functions such as onboarding, KYC, or collections, must also establish robust internal complaint-handling systems. Moreover, they are required to coordinate closely with their partner REs to ensure that borrower grievances are addressed swiftly and effectively. This joint accountability prevents situations where borrowers are caught between a fintech platform and the lending institution.

e) Strengthening Borrower Confidence: The grievance redressal framework plays an important role in promoting transparency, accountability, and borrower trust in the digital lending ecosystem. It ensures that customers have clear channels to voice their concerns and guarantees that their issues will be resolved within a defined timeframe. Moreover, the escalation mechanism acts as a safeguard against unethical practices, strengthening regulatory oversight and improving the overall credibility of digital lenders.

Reporting and Audit Requirements

a) Importance of Reporting and Audit Compliance: Robust reporting and auditing are integral to the regulatory oversight of digital lending operations. The RBI’s Digital Lending Guidelines (DLG) emphasise transparency, accountability, and systemic stability, making it mandatory for regulated entities (REs) and their partners to regularly disclose key operational data. These obligations help the RBI monitor industry practices, assess emerging risks, and ensure that digital lenders operate in a secure, compliant, and consumer-centric manner.

b) Periodic Regulatory Reporting to RBI: Digital lenders must submit periodic reports on various aspects of their operations, including:

  • Loan Portfolio Performance: Details on disbursements, repayments, defaults, and delinquencies to monitor credit quality.

  • FLDG Exposure: Disclosure of First Loss Default Guarantee (FLDG) arrangements, including percentage coverage, partner details, and board approvals.

  • Borrower Grievances: Summary of complaints received, resolved, and pending, along with escalation statistics.

Such reporting allows the RBI to identify high-risk lending practices, detect early signs of stress in loan books, and intervene promptly if required.

c) IT and System Audit Obligations: To ensure data integrity, cybersecurity, and operational resilience, regulated entities must conduct independent IT system audits periodically. These audits examine the security of digital lending platforms, review access control mechanisms, assess encryption and data protection protocols, and verify compliance with the Digital Personal Data Protection Act (DPDP Act), 2023. They also evaluate the reliability of digital lending apps (DLAs), ensuring they operate without vulnerabilities that could compromise borrower data or financial transactions.

d) Third-Party and LSP Compliance Audits: Where digital lending functions are outsourced to Lending Service Providers (LSPs), third-party compliance audits become mandatory. These audits assess whether LSPs are adhering to contractual terms, maintaining data confidentiality, following KYC/AML norms, and operating within the regulatory perimeter. Regular third-party assessments also help REs detect and mitigate operational or reputational risks arising from vendor non-compliance.

e) Strengthening Transparency and Risk Management: Reporting and audit requirements enhance the transparency, credibility, and risk management capabilities of digital lenders. They ensure that regulatory authorities have real-time visibility into market practices and enable fintech companies to detect gaps in their systems before they escalate into legal or operational issues. For fintechs, timely compliance with audit and reporting obligations not only avoids penalties but also builds trust with investors, partners, and consumers an important factor for long-term sustainability in the digital credit ecosystem.

Penalties and Enforcement Actions

a) Importance of Regulatory Compliance: The RBI’s Digital Lending Guidelines (DLG) are not mere recommendations they are legally binding requirements designed to safeguard borrowers, maintain financial stability, and ensure the integrity of the lending ecosystem. Non-compliance, whether deliberate or due to negligence, can result in significant regulatory action. Fintech companies, Lending Service Providers (LSPs), and even Regulated Entities (REs) are held strictly accountable for violations, making it essential to establish strong internal controls and governance frameworks from the outset.

b) Monetary Penalties Under the Banking Regulation Act, 1949: Violations of the DLG can attract substantial monetary fines under the Banking Regulation Act, 1949, the Reserve Bank of India Act, 1934, or the Payment and Settlement Systems Act, 2007, depending on the nature of the violation. These fines can run into crores of rupees, particularly for repeated or systemic breaches, such as mishandling borrower data, failing to report transactions, or conducting lending operations without proper licensing.

c) Suspension or Cancellation of Licenses: For more severe or persistent non-compliance, the RBI has the authority to suspend or cancel NBFC licenses, revoke Payment Aggregator (PA) or Prepaid Payment Instrument (PPI) authorisations, and prohibit regulated entities from undertaking new lending activities. This enforcement tool is used in cases where companies repeatedly ignore regulatory directives or pose a systemic risk to the financial ecosystem.

d) Prohibition of Partnerships with Non-Compliant LSPs: To curb regulatory arbitrage, the RBI can direct banks and NBFCs to terminate relationships with non-compliant Lending Service Providers (LSPs) or digital platforms. This measure ensures that unregulated fintech companies cannot bypass compliance requirements by partnering with regulated entities. Such prohibitions can severely impact a fintech’s business model and reputation, often leading to loss of market access and investor confidence.

e) Civil and Criminal Liability for Data Misuse or Fraud: In cases involving data breaches, misuse of personal information, fraud, or predatory lending practices, entities may face civil or criminal proceedings under various laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Indian Penal Code (IPC). Penalties under these laws can include heavy fines, compensation claims, and even imprisonment of key officials for willful misconduct.

f) Ensuring Compliance to Avoid Enforcement Action: Given the severity of enforcement powers at RBI’s disposal, fintechs and their partners must adopt a compliance-first approach implementing robust internal audits, legal reviews, board oversight, and real-time monitoring mechanisms. Timely reporting, proper data governance, and adherence to consumer protection standards not only prevent regulatory action but also enhance credibility and foster trust in the digital lending ecosystem.

Future Outlook and Global Alignment 

a) Evolution of Digital Lending Regulations: The regulatory landscape for digital lending in India is still evolving, and the RBI is expected to introduce more stringent norms in the coming years to keep pace with rapid technological advancements and emerging risks. As digital lending models become more complex involving AI, cross-border partnerships, and embedded finance regulatory priorities will shift toward greater transparency, consumer protection, and systemic resilience.

b) AI-Driven Credit Scoring and Accountability: One of the key focus areas for future regulation will be AI and machine learning-based credit assessment models. While these tools improve credit decisioning, they also pose risks related to bias, discrimination, and lack of transparency. RBI is likely to introduce norms requiring fintechs to explain automated decisions, disclose credit-scoring methodologies, and implement governance frameworks that ensure fairness and accountability in algorithmic lending.

c) Cross-Border Lending and Foreign Participation: As global fintech players enter India and Indian platforms expand overseas, the RBI is expected to issue specific guidelines on cross-border lending, foreign direct investment (FDI), and international data flows. These may include stricter due diligence requirements, enhanced capital adequacy norms for foreign players, and compliance with foreign exchange laws under the Foreign Exchange Management Act (FEMA), 1999. This will ensure that foreign participation in India’s digital credit ecosystem remains transparent, secure, and compliant.

d) Oversight of BNPL and Embedded Credit Products: The rapid growth of Buy Now Pay Later (BNPL) services and embedded credit models integrated into e-commerce and fintech platforms has drawn regulatory attention. Future updates are expected to introduce consumer disclosure norms, interest rate caps, risk assessment standards, and repayment transparency requirements to prevent over-indebtedness and ensure responsible lending practices.

e) Alignment with Global Best Practices: India’s regulatory approach is increasingly converging with global standards to support cross-border operations, foreign investment, and interoperability. The incorporation of GDPR principles on data privacy, ISO 27001 standards on information security, and PCI DSS protocols on payment data handling reflects a broader commitment to aligning with international compliance frameworks. This not only enhances investor confidence but also strengthens the global competitiveness of Indian fintech companies.

f) Preparing for the Next Phase: Fintech companies must anticipate these regulatory shifts and proactively adapt their business models, governance practices, and technology infrastructure. By investing in explainable AI, robust data governance, transparent credit practices, and international compliance certifications, digital lenders can future-proof their operations.

Conclusion

The RBI’s Digital Lending Guidelines represent a pivotal moment in the regulation of India’s fintech industry, aiming to create a secure, transparent, and accountable credit environment. By addressing key concerns such as fund flow transparency, FLDG risk, data privacy, consumer protection, and reporting obligations, the framework ensures that digital lending operates under strict regulatory discipline. This not only protects borrowers from predatory practices but also strengthens the credibility and resilience of the financial system as a whole.

For fintech companies, compliance is now the cornerstone of sustainable growth. Adhering to these guidelines builds trust among consumers, investors, and regulators, reduces legal and reputational risks, and enhances market competitiveness. As digital lending continues to evolve, proactive compliance and strong governance will enable fintechs to scale responsibly, attract institutional partnerships, and contribute to India’s vision of a safe, inclusive, and technology-driven financial ecosystem.

Frequently Asked Questions (FAQs)

Q1. What are the RBI Digital Lending Guidelines, and why were they introduced?

Ans. The RBI Digital Lending Guidelines, introduced in September 2022 and updated in 2025, are a comprehensive regulatory framework governing the online credit ecosystem. They were introduced to curb predatory lending practices, ensure consumer protection, improve data privacy, and establish clear accountability among banks, NBFCs, and fintech platforms. The guidelines define the roles of Regulated Entities (REs), Lending Service Providers (LSPs), and Digital Lending Apps (DLAs), while laying down rules for fund flows, disclosures, data handling, and grievance redressal.

Q2. Can fintech companies lend money directly under these guidelines?

Ans. No. Only Regulated Entities (REs) such as banks and NBFCs are allowed to extend credit directly. Fintech companies without an NBFC license cannot lend on their own. Instead, they must partner with an RE as a Lending Service Provider (LSP) to assist in activities like sourcing borrowers, performing KYC, underwriting, and managing collections. This ensures that credit risk and regulatory responsibility remain with licensed financial institutions.

Q3. What is the rule on loan disbursement and repayment under the new guidelines?

Ans. All loan disbursements and repayments must be made directly between the borrower’s bank account and the RE’s bank account. This means fintech platforms or LSPs cannot handle funds, use escrow accounts, or route money through intermediaries. This rule enhances transparency, prevents fund diversion, and reduces the risk of fraud. Processing fees payable to LSPs must also be paid by the RE, not the borrower.

Q4. What are the new regulations around First Loss Default Guarantee (FLDG)?

Ans. FLDG an arrangement where fintechs guarantee a portion of loan losses is now tightly regulated. RBI has capped the guarantee amount as a percentage of the underlying loan portfolio, requires board-level approval, and mandates detailed reporting of all such arrangements. Additionally, unregulated entities cannot assume significant credit risk, ensuring that the primary responsibility for loan performance stays with regulated lenders.

Q5. What are the key borrower protection measures under the guidelines?

Ans. RBI’s guidelines emphasise transparency and borrower rights by requiring:

  • Disclosure of the Annual Percentage Rate (APR) before loan acceptance.

  • Issuance of a Key Fact Statement (KFS) detailing loan terms, charges, and penalties.

  • Clear sanction letters and repayment schedules.

  • Availability of a Grievance Redressal Officer (GRO) and escalation to the RBI Ombudsman if issues remain unresolved.

These measures ensure borrowers are fully informed and protected from hidden charges or unfair practices.

Q6. How do the guidelines address data privacy and consent?

Ans. Fintechs must comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and adhere to strict data governance norms. They must:

  • Obtain explicit user consent before collecting or processing any personal data.

  • Avoid accessing mobile data like contacts or photos unless essential.

  • Provide users the right to withdraw consent and request data deletion.

  • Secure all data with strong encryption and conduct regular cybersecurity audits.

Violations can lead to penalties, regulatory action, and loss of licenses.

Q7. What are the grievance redressal requirements for digital lenders?

Ans. Every regulated entity must appoint a Grievance Redressal Officer (GRO) whose contact details are available on the website and mobile app. Complaints must be addressed promptly, and if unresolved within 30 days, they should be escalated to the RBI Integrated Ombudsman Scheme. LSPs must also maintain effective complaint-handling mechanisms and coordinate with their partner REs to resolve disputes.

CA Manish Mishra is the Co-Founder & CEO at GenZCFO. He is the most sought professional for providing virtual CFO services to startups and established businesses across diverse sectors, such as retail, manufacturing, food, and financial services with over 20 years of experience including strategic financial planning, regulatory compliance, fundraising and M&A.