A dark side: digital loans, real blackmail

When 52-year-old Nanda Kumar died in Bengaluru late last month after allegedly being harassed by loan collection officers, his obituary left a disturbing picture of just how far digital lending platforms could go to ensure repayment. Kumar, a co-operative bank worker, has been threatened over the phone with threats over the phone, including allegedly turning his images into pornographic content, over his outstanding loan payments – some Rs 40,000, which he borrowed through various digital lending apps.

In his note, before throwing himself in front of a moving train, he called for a ban on unregulated rental digital apps.

Also read | Calls for digital literacy

The threats Kumar faces align with a coercive pattern employed by many unregulated digital lenders across the country. In July, Pratyusha, a 23-year-old woman from Guntur, Andhra Pradesh, died after facing problems from online lenders. Police were quoted as saying they were also harassed with threats that their private photos would be made public.

The issue is becoming more and more familiar – easy personal loans offered with no collateral or detailed documentation, lenders gaining access to the borrower’s details stored on the phone, interest rates significantly higher than originally promised, defaults and back demands, followed by aggressive collection tactics and threats involve public shame.

Earlier this month, in the first concerted move, the Reserve Bank of India (RBI) committed a new regulatory framework to address a variety of issues related to unfair digital lending practices. However, the proliferation of unregulated lenders pitted against faceless promoters and the sheer volume of easy-to-process loans they offer makes this a long road to compliance.

On a hard track

The prevalence of individual cases being registered related to digital lending coupled with the lack of transparency of ownership of unregulated lending firms make police intervention difficult, said Raman Gupta, Joint Commissioner of Police (Crime), Bengaluru City. “The directors of these companies have no local presence and are often a front for Chinese promoters. These companies have bases spread across several states, which limits the scope of the prosecution,” Gupta said.

The National Crime Records Bureau ranks Karnataka at the top for fraud-motivated cases in its 2020 compilation of cybercrime cases. The state reported 9,680 such cases, followed by Uttar Pradesh (4,674) and Telangana (4,436). Online lending is a major cybercrime category.

In the 2021/22 financial year, RBI received 7,813 complaints against banks and non-bank financial companies.

These numbers are just the tip of the iceberg. Analysts estimate that only 20% to 25% of complaints become formal police complaints.

A report by an RBI digital lending working group released in November 2021 concluded that about 30% of digital lending apps asked for permission to access the user’s location and camera, and 21% asked for access to contacts .

The report also found that about 600 of the 1,100 credit apps available to Android users at the time were “illegal” and posed risks of compromised user accounts, phishing attacks and identity theft.

The RBI classifies digital lending platforms into three categories – lenders that fall under its regulatory framework, legally authorized lenders that are not regulated by the bank, and lenders that operate outside of any regulatory framework.

On August 10, in an important step to address issues such as unaudited third-party engagement and data breaches, the bank released the recommendations of its working group.

One of the key recommendations accepted for immediate implementation requires that all loan disbursements and repayments be made between the borrower’s bank accounts and the regulated entity without going through a third party account.

RBI regulated platforms are required to disclose the total cost of the loan to the borrower in the form of an Annual Percentage Rate (APR). Without such disclosure, many hidden costs fall victim.

Bharat*, a software developer based in Marathahalli, Bengaluru, for example, took out loans of about Rs 45,000 from five different digital lenders between January and February this year.

Lenders only requested copies of his PAN and Aadhar cards to process the loans, which were approved within an hour or two on average.

He has closed three loans so far and spent more than Rs 2 lakh in repayment. “There were times when the payment didn’t show up in the app; I had to deal with hostile calls multiple times in the same day,” he said. Hostile calls soon flooded his contacts too.

The guidelines state that the loan agreement must include a cooling-off period, or grace period, during which the borrower can exit digital loans by paying the principal and prorated APR without penalty.

In many late repayment cases, debt collectors have misused personal data accessed through the apps, including photos, to harass borrowers — as in the Bharat and Kumar cases. The RBI therefore made it clear that the collection of data should also take place as required, with the express consent of the borrower and with clear audit trails.

New regime, regulations

The new regulatory framework aims to push for greater accountability among digital lending platforms and redefine their terms of engagement with lending service providers (LSPs). It is too early to take stock of how lenders with no banking or non-banking licenses to financial firms are preparing to comply with the new regulatory regime.

Lendingkart CEO and founder Harshvardhan Lunia said RBI policies could put an end to abuses, including data scraping from consumer phones. “Furthermore, RBI also aims to establish a self-regulatory organization covering regulated entities and digital lending apps/LSPs in the digital lending ecosystem to curb mispractices and introduce an additional code of conduct,” he said.

The RBI working group said as one of its key recommendations to the Union government that the government might consider enacting legislation to ban unregulated lending activities. The legislation could “cover any entity not authorized by the RBI and not registered under any other law to specifically provide public lending,” the working group said.

As lenders and fintech players in the regulatory arena revise their terms and conditions to ensure compliance, the controls of unregulated companies will depend critically on the union government’s response to the RBI recommendations, including legislation.

The rise in the number of unregulated companies has led to a perception battle as to credible companies operating in the digital lending spaces. Many of these actors have responded with actions such as providing information that helps the public.

Not the citizen call

While public caution is important, it cannot be cited as a solution in place of politics. Ritesh Bhatia, a cybersecurity expert in Mumbai, said conscientious citizens must be supported by platforms hosting the apps and governments proactively addressing their concerns. “The problem with this is that the platforms don’t tighten their systems until 100 citizens raise concerns, and the government doesn’t act until there are more cases involving these apps. Victims are being shamed by the lenders, but there are also instances where they are being shamed by our system (by suggesting they are being fooled),” Bhatia said.

Police sources said consumers’ reluctance to report instances of excess by credit enforcement agencies was worrying. Analysts argued that the administrative push to simplify doing business has also contributed to the rise of unverified digital lending platforms that capitalize on ecosystem “loopholes.”

The new RBI guidelines also provide for police surveillance to check for unauthorized call center operations. A senior law enforcement official in Bengaluru said the new mechanisms recommended under the RBI could help further regulate digital lenders, but prosecuting faceless lenders operating outside of the law is still a difficult task.

RBI has explained that the new regulatory framework is based on the “principle” that lending operations may only be conducted by RBI-regulated entities or other lenders authorized to operate under a different law.

(*name has been changed to protect identity)

Comments are closed.