NextBillion - An Initiative of the William Davidson Institute at the University of Michigan

Over the past two years, customer complaints about digital lending apps have been surging across several emerging markets, raising serious concerns about predatory digital lending. Indonesia, India and the Philippines are among the countries that are contending with these complaints, which first came to the attention of watchdogs and government agencies between 2018 and 2020.

The complaints are largely focused on two phases of the digital lending process: marketing and repayments. Digital lending platforms and mobile apps are often seen to be using misleading marketing practices, like promising loans within minutes with inadequate disclosure of pricing, terms and conditions. Their loan application requirements include permission to use the borrower’s phone contacts, camera and social media accounts as a pre-condition for loan processing. In cases of client default, this can lead to harassment tactics which may involve shaming clients by sending frequent defaming messages to their relatives and other personal contacts or using social media to post abusive threats.

Developing an appropriate regulatory response to these issues is a challenge. While digitization contributes to greater financial inclusion, it also produces new risks for clients — yet the diversity of fintech models and innovations has made it more complex for regulators to respond to these risks. Meanwhile, the need for a clear regulatory response has only increased during the pandemic year, as economic stress, combined with reticence about face-to-face contact, has likely driven more people to use these apps.

Based on my review of media reports, published articles and regulatory circulars, this article presents some of the common regulatory responses to predatory lending apps across Indonesia, India and the Philippines, along with some thoughts about how these responses can be most effective.

Regulatory Responses to Predatory Lending Apps

Regulators have used four main tactical responses to combat problems with predatory lending in these three countries.

Cautioning the Public: Regulators have issued public caution notices through media channels. This was seen in India, when the Reserve Bank of India (RBI) warned people against sharing their Know Your Customer documents with finance apps that don’t clearly identify the company behind them. It cautioned the public to check for the names of the financial service providers backing digital platforms and to confirm on the RBI website that they are registered with the RBI or state/federal governments. It also urged people to report unauthorized apps to law enforcement agencies through the RBI’s Sachet Portal, an online complaints website.

In the Philippines, the National Privacy Commission (NPC) issued a warning asking prospective borrowers to check the terms and conditions carefully before downloading a mobile application. It warned online lenders not to seek unnecessary information, including phone or social media contacts, from prospective clients without permission, and not to use the information they gather to harass clients. And in Indonesia, the OJK, the government agency that regulates the country’s financial service sector, issued circulars advising the public to carefully select their digital lender. In addition, to help improve transparency, the OJK also listed licensed fintech players on their website.

Registering Digital Lenders and Platforms: Across all three markets, company registration is required to do business, so regulators often use it as a checkpoint to identify substandard fintech. In the Philippines, lending companies are required to register as “online platforms” with the Securities and Exchange Commission (SEC) and to submit an affidavit of compliance with the registration process. Any failure of compliance is treated as a criminal offense that subjects the company to penalties. Indonesia takes a slightly different approach: The OJK has made it compulsory for peer-to-peer lending platforms to undergo a trial registration for the first 12 to 18 months. During the trial period, the OJK closely monitors a company’s adherence to regulations — then, based on a performance review of the company, it decides whether to allot it a full business license. In India, Non-Bank Financial Companies are registered by either the RBI or state governments. But since these entities function independently without any coordination, there’s a risk of dilution of oversight at the point of registration.

Ensuring Data Privacy Regulation for Fintech: With increasing digitization, data privacy is a critical issue that every regulator is trying to address. The Philippines is ahead of both India and Indonesia in the implementation of privacy regulations. Its Data Privacy Act of 2012 is applicable to fintech: It covers data protection (including consent requirements and customers’ right to ask companies to delete their personal data), and requires companies to notify the National Privacy Commission when data from third-party providers is utilized for loan decisions. Also, lenders are required to hire data protection officers to monitor and ensure compliance with the Act. Out of concern over predatory digital lending apps, the NPC is actively ensuring the implementation of the Data Privacy Act by making data protection audits compulsory. Meanwhile, in India, the RBI has set up a Working Group on Digital Lending as an immediate response to irresponsible lending apps and has directed it to provide robust data governance, privacy and security standards for the deployment of digital lending services. And in Indonesia, the OJK is working with the national Parliament to prioritize personal data protection, cybersecurity and cyber resilience bills.

Expanding the Role of Associations and Codes of Conduct: Regulators have often relied on microfinance associations to ingrain codes of conduct within that industry. Based on the success of this approach, regulators are now relying on fintech associations to help improve practices among digital lenders. For instance, in Indonesia, the OJK created the Association of Fintech Lending Players (AFPI) and granted it self-regulatory status to help maintain regulatory oversight. The AFPI issued a code of conduct with guidelines for consumer protection, such as limiting data collection and usage, and prohibiting harassment — to that end, member companies are required to obtain certification for compliance with appropriate debt collection practices. Additionally, the AFPI has capped interest rates for lending platforms at 0.8% per day. To ingrain ethics, the AFPI also interacts with fintech investors even before a lending app is registered, to determine whether they have a reputation for prioritizing quick returns, even at the expense of responsible practices. Additionally, the OJK helped set up an ethics commission of independent individuals from outside the AFPI to review customer complaints.

In India, the RBI cautioned banks and Non-Bank-Financial-Companies to follow the existing Fair Practices Code for Lenders, after which the Digital Lenders Association (DLAI) increased its efforts to encourage its members to promote its code of conduct. Given that the Fair Practices Code does not cover digital lending explicitly, the RBI’s Working Group on Digital Lending will likely need to help define new regulatory guidelines and pave the way for a more befitting code. The DLAI and other industry associations will also need to enhance their capabilities to guide members in implementing the code. In the Philippines, the Securities and Exchange Commission and the Department of Trade and Industry were involved in creating the Fintech Alliance, which created a code of conduct for its members. Though most members have been slow to adopt this code, several responsible members of the Fintech Alliance have shown adherence and compliance with the code, and with regulations on consumer protection, security and data privacy. The SEC has supported the code of the Fintech Alliance by including its tenets, such as prohibiting borrower harassment, in regulatory directives. The Alliance has also forged partnerships with multiple regulators to ensure that the code of conduct is accepted with consistency.

Optimizing Regulator Responses to Digital Lending

Regulatory responses to digital lending in India, Indonesia and the Philippines are still evolving, but there are already some emerging lessons on which tactics are most effective:

• Periodic public cautions against irresponsible apps using media channels, while needed, have at best a short-term impact, and they place a burden of investigation on prospective borrowers that many people will not be equipped to carry out. With the prolonged COVID-19 situation, digital lending has increased, and regulators need to set up more long-term systems.
• An effective way for regulators to improve customer outcomes is by creating initiatives that work with fintech associations to strengthen market conduct regulations — and mandating that these associations take up a policing role. Since these associations have local industry knowledge, they can use peer pressure tactics to monitor and drive responsible behavior. Also, as with microfinance associations, digital lender associations can be nurtured by regulators and multilaterals as conduits to promote consumer protection.
• The effective implementation of data privacy acts, including making privacy audits compulsory, can help in improving compliance with these regulations, which could curb some abusive collections practices.
• Multiple registration bodies raise the risk of dilution of oversight. Given the scale at which the fintech industry is growing, greater scrutiny at the entry point of registration can help identify companies that are predatory in nature. Also, the practice of assessing the reputations and intentions of fintech investors, as done in Indonesia, seems to be pragmatic if implemented with candor.

Like their counterparts across emerging (and developed) economies, regulators in India, Indonesia and the Philippines are facing new challenges brought on by the burgeoning growth of the fintech sector. Their evolving responses can provide insight into how regulators around the world can help ensure responsible, app-based digital lending that boosts financial inclusion while minimizing the risks for customers.

Hema Bansal is an independent consultant in Financial Inclusion and Consumer Protection.

Photo (cropped from the original) courtesy of USAID Digital Development.