Loan Documentation in light of Digital lending guidelines

In recent times, it is seen that Banks have started lending directly to borrowers through the platform of a website or mobile application, which does not require any physical interaction between the borrower and the Bank for document verification or for disbursement of the loan.

In this regard, the RBI has issued guidelines on digital lending in order to regulate this segment of digital loans. The term ‘digital lending’ as per the notification has been defined to mean “a remote and automated lending process, largely by use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery, and associated customer service.”

Hence, where a Bank determines that the loan being issued by it falls within the purview of ‘digital lending’ as defined by the RBI, then it would be required to follow the RBI guidelines on digital lending.

Accordingly, the loan documentation (which includes all the documents issued to borrowers in connection with the loan such as key fact statement, sanction letter, terms and conditions etc as well as agreements with service providers) used by the Banks for issuing regular loans may be required to be modified when it comes to digital lending. In this article, we have covered the points which in the event not covered in regular loan documentation of a Bank, shall be required to be covered in the documentation for its digital lending segment.

Disclosures by the Bank

The Bank is required to make certain disclosures to the borrower in the loan documentation:

  • Key Fact statement (KFS) is required to be provided before the execution of the loan agreement as per the format prescribed by the RBI (the prescribed format requires the bank to disclose net disbursed amount, all charges, penal charges, cooling off period etc.)
  • Full disclosure of all expenses in connection with the loan such as cost of funds, processing fees, verification charges etc. Further, any charge or fee not stated in KFS cannot be charged to the borrower
  • Details of service provider in charge of loan recovery
  • Details of the grievance officer for dealing with any complaints of borrowers pertaining to digital lending

Document execution

The documents are required to be on the letter head of the Bank and are required to be digitally signed. However, the mode of digital signature has not be specifically stated.

Robust privacy policy

As per the guidelines, issued by the RBI:

  • The Borrower is required to be informed regarding the purpose of obtaining his consent for his data
  • The borrower is required to be provided with an option to:
    • give or deny consent for use of specific data
    • give or deny consent to restrict disclosure to third parties
    • give or deny consent for retention of data
    • revoke consent already granted to collect personal data
    • make the lending portal to delete/ forget the data
  • Explicit consent of the borrower is required to be obtained before sharing the personal data of the borrower with any third party. The exception to this is where the Bank is sharing the personal data of the borrower under any legal requirement.
  • The purpose of obtaining borrowers’ consent needs to be disclosed at each stage of interface with the borrowers.

Furthermore, on implementation of the Digital Personal Data Protection Act 2023 (which is expected to be implemented in the near future) the Banks would be required to ensure that the privacy policy is prepared as per the provisions of the said Act which requires that the consent of the Borrower is freely given, specific , informed, unconditional and unambiguous or notice is given where the data is being collected for certain legitimate purposes as prescribed. Further, the privacy notice should provide the details of personal data, the purpose for which it is processed and manner in which the borrower can exercise its rights such as right to grievance redressal, right to nominate, right to correction and erasure of date.

Hence, to capture the above details, a privacy policy should to be formulated by the Bank.

Agreements with DLA and LSP

  • In the agreements of the Banks with the Lending service providers (‘LSP’) or the Digital lending app (‘DLA’), the Banks shall be required to insert clauses to ensure that the collection of data by the LSP and DLA is need based and with consent of the borrower.
  • Banks will also need to ensure that the agreement with DLA or LSP covers language to ensure that they do not obtain data from the mobile phone of the borrower such as accessing media, contacts of the borrower, etc.

Explicit option of a cooling off period

A borrower shall be given an explicit option to exit digital loan by paying the principal and the proportionate APR without any penalty during the cooling off period as determined by the Bank.

Delivery of documents

Bank is required to ensure that all documents such as KFS, summary of loan product, sanction letter, terms and conditions are delivered to the Borrower on his registered email and through SMS on registered phone number on execution of loan documentation.


Accordingly, Banks should take the various guidelines issued by the RBI into consideration and review their loan documentation and make any changes to the said documentation in the digital lending sector.

Furthermore, currently Banks may not have a robust privacy policy regarding obtaining, managing and transferring any personal data of the Borrower and may only have a condition in the loan documentation that it can use the personal data of the Borrower. However, in light of the RBI guidelines and the Digital Personal Data Protection Act 2023, it is advisable for Banks to implement a robust privacy policy which shall govern the collection, use and processing of personal data of borrowers