On September 2, 2022, the Reserve Bank of India issued the Guidelines on Digital Lending (“Guidelines”) that mandate significant changes in how fintechs (LSPs) and Regulated Entities (banks and NBFCs) are supposed to manage their digital lending operations.
In this article we will look at 1 key new aspect - the new requirement for digitally signed documents and how Leegality can help fintechs/Banks/NBFCs comply.
I don’t want to skim through this entire thing - can you give me a summary of what you’ve written?
Ok - here’s the lowdown:
- Lenders (Banks and NBFCs) will need to mandatorily digitally sign loan documents with IT Act compliant digital signatures in digital lending flows - even if the flow is via a fintech platform
- Lenders will need to obtain customer consent on loan documents - either via digital signature or via Secure Digital Consent. Such consent will need to be accompanied by a secure audit trail
- Existing click-wrap consent methods in digital lending flows appear to be non-compliant with RBI’s new guidelines. Digital lenders using click-wrap will need to change
- Lenders will need to provide digitally signed loan document kits to borrowers upon execution
- Lenders will need to execute digitally signed documents for EXISTING loans as well
And finally - Leegality can help digital lenders comply with these requirements in less than 28 days. We’re already helping 400+ BFSI organizations digitize lending paperwork flows in a compliant way.
Want to read more in detail - with our legal analysis? Scroll down
First things first - Are the Guidelines mandatory or merely recommendatory in nature?
The Guidelines are mandatory in nature.
Paragraph 3 of the introductory note to the Guidelines states:
“3. It is further advised that the instructions contained in this circular shall be applicable to the ‘existing customers availing fresh loans’ and to ‘new customers getting onboarded’, from the date of this circular. However, in order to ensure a smooth transition, REs shall be given time till November 30, 2022, to put in place adequate systems and processes to ensure that ‘existing digital loans’ (sanctioned as on the date of the circular) are also in compliance with these guidelines in both letter and spirit.” (emphasis supplied)
This paragraph makes the expectations of the RBI very clear - that they expect REs and digital lending fintechs to comply with the Guidelines in both letter and spirit, within the deadlines mentioned in the paragraph above.
By when do we need to start complying with these Guidelines?
All loans sanctioned after September 2, 2022 must be in compliance with this new regulatory framework.
For existing loans (that have been sanctioned on or before September 2, 2022) the RBI has given time till November 30, 2022 to ensure that they are also compliant with the Guidelines.
What documents need to be digitally signed under the guidelines?
Guideline 5.3 Digitally signed documents – REs shall ensure that digitally signed documents3 (on the letter head of the RE) viz., KFS, summary of loan product, sanction letter, terms and conditions, account statements, privacy policies of the LSPs/DLAs with respect to borrowers data, etc. shall automatically flow to the borrowers on their registered and verified email/ SMS upon execution of the loan contract/ transactions.
Digitally signed means a document signed using digital signature.
The following documents will need to be digitally signed (on the letterhead of the RE):
i) Key Fact Statement
ii) Summary of loan product
iii) Sanction letter
iv) Terms and conditions
v) Account statements
vi) Privacy policies of the LSP/DLA with respect to borrower’s data
The final digitally signed document kit must be sent to the borrower’s email/SMS after it has been executed.
Who needs to digitally sign the loan documents?
There are 2 interpretations:
1. Both borrower and RE need to digitally sign
The RBI has specified that digitally signed documents need to be sent to the borrower AFTER execution of the loan contract. Since an execution of a loan contract would involve at least 2 parties - with one of them being a borrower - it would be reasonable to assume that any execution via digital signature would also need to happen by the borrower as well.
Further, non-digital loans also follow an approach where the borrower(s) sign the loan document kit. Given the RBI issued the new digital lending guidelines to bridge the compliance and consent gap between digital lending and conventional lending - it would be reasonable to assume that the borrower would also need to digitally sign loan documents in a post-Guidelines digital lending flow.
2. Only RE needs to digitally sign
A more liberal interpretation would be that ONLY the RE (i.e the Bank or NBFC) would need to digitally sign loan documents.
However even under this interpretation, you would need to collect explicit auditable consent from borrowers. You can use eSign for this OR you can use methods like Secure Virtual Signatures/Digital Consent
Which interpretation you choose to follow depends on the risk appetite of the legal and compliance teams at your organisation.
Does the LSP (i.e the Fintech Partner) need to digitally sign the loan documents?
No. The RBI Guidelines do not mandate digital signatures by LSPs.
However LSPs need to ensure that any flow happening through their app or platform is compliant with these rules.
What does “digitally sign” mean? What digital signatures can be used?
Digital signatures are governed by the Information Technology Act (IT Act). They are defined as being a subset of electronic signatures.
Further, under Section 5 of the IT Act, if any law or regulation (like the RBI guidelines) specifically requires a document to be signed then such document can be signed digitally ONLY via IT Act electronic signatures.
Thus, it is evident that ONLY digital signatures under the IT Act can be used to fulfil the digital signing requirements under the guidelines.
Currently these are the IT Act digital signatures available in India:
- Aadhaar eSign (via any mode)
- DSC Token eSign (conventional USB based signatures)
- PAN eSign
- DocSigner
Either of these signatures would meet the digital signing requirements under the guidelines. “Virtual signature” impressions or click-wrap would not be compliant.
Do I need to get the KFS etc. signed for old loans (disbursed before the guidelines) as well?
YES. The RBI has clearly stated in Paragraph 3 of the introductory note to the Guidelines that lenders have “to put in place adequate systems and processes to ensure that ‘existing digital loans’ (sanctioned as on the date of the circular) are also in compliance with these guidelines in both letter and spirit.”
This means that by November 30, 2022 you need to get the Key Fact Statement and other documents mentioned in Guideline 5.3 for all your existing open loans (fully or partially disbursed) digitally signed and sent to your customers’ email/SMS.
How do I get my backlog of KFS/loan docs signing cleared? It seems like a massive compliance burden.
The idea of sending out thousands of Key Fact Statements and other loan summary documents can seem like a logistics nightmare.
With Leegality Excel Journeys you can clear this backlog in a few days WITHOUT any tech/IT team involvement.
More than 30 top lenders - like Tata Capital, Axis Finance, IIFL Finance, Paisabazaar, Hero Fincorp UGRO and others have deployed Leegality Excel Journeys more than 3000 times in the last 3 months to bulk sign documents in a fast and compliant way.
Here’s how Excel Journeys works:
In case you opt to skip borrower signatures - you can modify Step 3 accordingly.
Will Leegality help me build a digital signature process for new loans going forward as well?
Yes. Leegality is a complete Document Infrastructure Platform - used by 400+ BFSI organisations to digitally manage execution of documents in a compliant way at scale.
You can quickly configure and deploy a complete digital loan document workflow in your digital loan platform in less than 28 days,
Some key features that you’ll need:
1. Lender/RE Signatures
Using Leegality’s DocSigner Plugin - RE signatures can be affixed on loan documents at scale in a compliant way without any manual intervention at any stage of the process.
2. Borrower Signatures
If you want borrowers to affix digital signatures you can use Leegalty’s built-in Aadhaar eSign Connection. Aadhaar eSign has become the most preferred and secure digital signature for BFSI lenders across the country.
In case you just want to collect consent - you can use Leegality Secure Virtual Sign or Leegality Secure Click-wrap.
3. Borrower Consent
With Leegality Secure Digital Consent - you can collect explicit, auditable consent from borrowers for loan documents, disbursals and other key authorizations - backed by a Secure Audit Trail
4. Borrower Intimation
A key requirement under the guidelines is sending digitally signed documents to the borrower via email/SMS upon execution. Leegality Borrower Notifier will automatically send fully executed loan documents to the borrower immediately upon execution. You won’t need any manual intervention from your end.
5. Tracking and Audit
Ultimately any process is useless if it can’t be traceable and auditable - both by REs and by the RBI. Leegality sends a Secure Audit Trail to all parties upon execution of documents and/or collection of consent.
Secure Audit Trail is designed to ensure 100% enforceability in Courts – and meet 100% satisfaction in RBI audits.
It captures key details like:
✅ Time-stamp of signing and intimation events
✅ Consent language captured
✅ Signer email ID and/or phone number
✅ Type of eSign used
✅ eSign Certificate Details
✅ Geo-location and Face Capture (if switched on)
Will my existing click-wrap process work for fresh customer consent for loan documents and authorizations?
Clickwrap processes suffer from serious compliance issues - which seem to go against RBI’s intent:
❌The identity of the person who actually clicked the “I agree” or “Yes” button can never be
conclusively ascertained.
❌Anything can be added or deleted to a document that has been click-wrapped as there
are no technical safeguards.
❌Easy for customers to deny their acceptance of the terms and conditions at a later stage.
In our view, true compliance would be met only via an auditable form of secure consent like a digital signature or a Secure Virtual Signature.
However the final call will need to be taken by you - and would depend on the risk appetite of your compliance teams AND your organisation’s customer consent policies.
Will the Leegality workflow be too complicated for my customers?
Not at all. Leegality will fit in seamlessly into your digital lending flows. Here’s how the flow will look:
In case you opt to skip borrower signatures - you can modify Step 2 accordingly.
Will the Leegality workflow be too complicated for my organization to setup and integrate?
Not at all. Leegality is easy to setup and integrate:
- For clearing KFS backlog you WON’T need to integrate at all. You can go live straight out of the box
- For integration of digital signing in your app/platform - you can setup, integrate, test and go-live in less than 28 days. You need minimal tech intervention
- You will get a dedicated Leegality success manager who will help you with solutioning and ensure you meet your go-live timelines
One of my existing tech vendors claims to provide an eSign tool. Why should I go with Leegality?
RBI isn’t asking you to merely add an API to your flow. They require a robust and trackable end to end system for digital document execution and compliance.
That’s where Leegality Document Infrastructure comes in.
Interested in exploring whether we’d be a good fit? Book a demo call with us. In 45 minutes we will:
- Discuss your use case and give you a basic action plan
- Show you how Leegality works
- Give you a FREE testing account