The Reserve Bank of India has published guidelines that it intends to enforce for digital lending firms, recommending more transparency and control to customers as the South Asian nation’s central bank moves to take further steps to crack down on sketchy practices and creditors.

The guidelines, released Wednesday (PDF), spell out who all can lend to borrowers in India, what all data they can glean from them, and mandates expanding the disclosure requirements in a move that can rattle many fintech startups in the world's second largest internet market.

Lenders will not be permitted to increase a customer’s credit limit without obtaining their consent and will be required to disclose the annual loan rate in explicit terms. Digital lending apps will also be required to take prior explicit consent from customers before collecting any data and all such requests should be "need-based," the guidelines added.

"In any case, DLAs should desist from accessing mobile phone resources such as file and media, contact list, call logs, telephony functions, etc. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements only with the explicit consent of the borrower," the guidelines added.

The guidelines, some of which have received in-principle approval, were first proposed last year, follow scores of sketchy lending apps and non-banking financial institutions charging exorbitant amounts from customers in India in recent years. Some of these firms have been raided by the Indian agencies and found to have links with China, the authorities have said.

The prevalence of sketchy practices prompted Google to pull some personal loan apps from Play Store in India last year and enforce stronger measures to prevent abuse.

"The Reserve Bank is statutorily mandated to operate the credit system of the country to its advantage. In this endeavour, the Reserve Bank has encouraged innovation in the financial system, products and credit delivery methods while ensuring their orderly growth, preserving financing stability and ensuring protection of depositors’ and customers’ interest,” the central bank said in a statement.

“Recently, innovative methods of designing and delivery of credit products and their servicing through Digital Lending route have acquired prominence. However, certain concerns have also emerged which, if not mitigated, may erode the confidence of members of public in the digital lending ecosystem. The concerns primarily relate to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices.”

The central bank also suggested that consumers should be provided with an option to accept or deny consent for use of any specific data and also the ability to revoke any previously granted consent and delete historic collected data. Regulated entities will also be required to ensure that loan service providers they engage with have appointed a nodal grievance redressal officer to address complaints lodged against fintech startups or other digital lending firms, the guidelines add.

Any lending sourced through digital lending apps must be reported to credit information companies by regulated entities irrespective of its nature or tenure, the guidelines say.

Key recommendations below: