This is an audio transcript of The Morning Brief podcast episode: Loans Over Phones: App-solute Menace

BG Sound 0:00  

this is the morning brief from the economic times

BG Sound 0:11  

get an instant loan at a click of a button, register with us, and you will get the loan in your account within minutes. It's hassle free, quick and easy.

Dia Rekhi 0:25  

All of this sounds incredible, doesn't it? Especially when it comes to getting money straight to your bank account when you need it the most. But here's something that made me rethink downloading a loan app.

BG Sound 0:40  

I didn't realize that there was also the permission to give access to my contact book, they started messaging, my contacts and my colleagues, my friends family, that I have taken a loan and I have not paid it on time. It was basically social harassment. 

BG Sound 0:56  

I was late by one day to repay the loan and the harassment. They were gonna call my parents they were gonna call my friends and it was really frightening. 

BG Sound 1:06  

They kept threatening me saying, we have access to the dealers. Maybe we'll hear from you bought the vehicle and we will deposit the vehicle if you try to lodge a complaint against us and we can take legal action against you as well for debunking and it can ruin your credit rating.

Dia Rekhi 1:26  

Horrifying is an understatement. And as we spoke to more people, we realized just how pervasive this issue was, and how much people are falling prey and being victimized by fraudulent loan apps. It is Friday, July 29. You are tuned into the morning brief by the economic times. I'm your host, Dia Rekhi. We are talking about loans over phones an absolute menace. The lure of easy money is enticing. And it's no wonder that hundreds have fallen prey to the modus operandi of these unscrupulous operators who first prey on you then pry into your data and then pressure you into paying exorbitant rates. The big question, though, is how are these apps operational despite the RBIs crackdown? And what can someone who is faced this sort of harassment do what is the recourse available for victims? Beni Chugh, research manager at Dvara research and Rajesh Narain Gupta, managing partner at sng, and partners talk about all of this and more. In a country where financial instruments are highly regulated, how do these apps find the scope to exist and expand? Beni claims that the simplicity of offering these apps is one of the primary reasons.

Beni Chugh 3:02  

as of now, in India, there are several states who even require money lenders to be licensed. But there is no licensing requirement. There is no legal authentication verification of digital lenders who want to hoist apps on platforms or even just plain on the web. The ease of which of all of these kinds of also encourages and makes it easier for fraudulent actors to then kind of set up these outfits and reach out to people. I also think an established kind of track record of the customers inability to differentiate between, let's say fraudulent actors and genuine lenders. And because it's so hard for customers to identify, you know, actors indulging in malpractices it is obviously an encouragement for malafide actors to then kind of enter the space and approach customers. 

Dia Rekhi 3:55  

So the naive Internet user is an easy target. According to a report, one in every two Indians have faced extortion and data misuse via instant loan apps. Moreover, these apps are not operated by a single entity. In the case of a fraud, who can the consumer really hold accountable?

Beni Chugh 4:17  

The problem is slightly nuanced, which is to say that there are two kinds of problem areas if I can call them that. The first one is where there is a regulated entity. And what I mean by that is an entity that has license from let's say, the Reserve Bank of India, they are a bank or an NBFC. And then they partner with something called the lending service providers which are basically just technology service providers who could provide support such as you know, acquiring customers or helping registered entities recollect payments, etc. And sometimes there is a deficiency in their conduct, right. So at the backend there is a regulated entity, but the customer is continuously interfacing with an unregulated entity who is a partner of the bank or the NBFC and deficiencies in their conduct can be reported through the formal RBI channels, to the regulated entities, so on so forth. So that's the more formal, regulated kind of route. So that one is slightly simpler. The case of fraudulent where basically, it's unlicensed entities who are in lending businesses, and their activities are largely unscrupulous. Their things are tricky, because this is then I mean, the harms are of the nature of misuse of personal data, psychological abuse, aggressive recollection, practices, et cetera. And these then fall under the ambit of law enforcement agencies. And there, I think, the recourse that is available to the customer is really to either register a complaint online say, at the National cybercrime portal, or to kind of pay a visit to one of the police stations and lodge a complaint with the Cybercrime department. I mean, for the customer to even figure if they're dealing with a regulated or an unregulated entity is a whole conundrum altogether. And it's not all that apparent right now, given the landscape if the customer is even able to identify if they're dealing with a regulated entity. While tracking these apps remains a challenge. Rajesh outlines a potential solution. 

Rajesh Narain Gupta 6:24  

The issue is that most of these apps are being created and put on system from overseas countries, there are lapses in our system also, perhaps, and if not lapses, at least a lot of corrections can happen. For example, if we are able to put up a dedicated monitoring team with the cyber cell, if we have a dedicated monitoring team with the RBI, we're doing nothing but tracking all these kinds of applications and taking corrective actions. This menace could perhaps be corrected more easily and also in the efficacious manner. So I think there is a need to overhaul the system and accountability of regulator and accountability of cyber self Fraud Unit is to be created to address this. And perhaps that could function a little more easy and better.

Dia Rekhi 7:12  

Even platforms like Play Store are very well aware of this issue. In a response to et a Google spokesperson said that the company has reviewed hundreds of personal loan apps in India, for compliance with relevant policies, based on flags submitted by users and government agencies. The spokesperson said and I quote, for apps that remain non compliant past the deadline, as is done for any policy non compliance, we have been taking necessary enforcement action as part of our ongoing policy compliance sweeps, including removal of apps from the Play Store. But here's the thing, our response is often damage control. And what I mean by that is that once the damage is done, we're scurrying to set things, right? Prevention is better than cure. And I asked Beni if we're doing enough in the prevention stage,

Beni Chugh 8:07  

one thing that we need to appreciate and address right away as a system is that right now, the mechanism is very much user feedback driven. So once users complained to the RBI or to the law enforcement agencies, they act upon that intelligence and they kind of launch investigations inquiries, to you know, crack down on these rackets that are operating out there. But the system is not really ex-ante, it's very much after the fact it kicks in after the fact, right. And that itself kind of expands the canvas of customer protection violations. Because there is no ex ante system that's filtering out these unscrupulous players in the first place. How effective is the recourse mechanism. So it's specifically just focusing on fraudulent players, the customer can typically do one of the two things, I believe they should do posts. The first is report to the platform. If the app has been downloaded from a platform, right, then flag to the platform that this is an unscrupulous player. That is kind of an ethical thing to do. But that does not have any immediate gains for the customer. Because the platform, of course, is not a law enforcement agency. But what that does is it prevents other people from falling prey to that app. So that's one kind of step that you can do. And the second step is going to the law enforcement agencies and filing complaints. It's a bit hectic and bit onerous for the customer to do that, because most of these violations are tracked the Criminal Procedure Code. And what that means is that there is a very set procedure under law that even the investigating agencies the law enforcement agencies must follow. So essentially, they will launch an inquiry and if they're able to kind of crack down the perpetrators, and if they're able to recover money, even then the customer would have to go to a court of law to kind of establish that that money belongs to them. And then only the court of law can actually compensate or make the customer good.

Dia Rekhi 10:10  

But it isn't like there's been no action that's been initiated by the regulators. In fact, the RBI constituted a working group on digital lending, including lending through online platforms and mobile apps as early as January of 2021. The group through its report highlighted an active ecosystem of fringe lenders who operate without getting themselves registered for lending activities with the concerned authorities, thus creating an informal market. But even as they recognize the existence of these digital sharks, they also acknowledge that the anonymity and velocity that's provided by technology makes it a challenging task to identify and monitor such fraudulent platforms.

Beni Chugh 10:57  

The issue has been on RPS radar ever since 2020, there are a bunch of circulars to suggest that but it was really in 2021 that an RBI working group was constituted to look deeper into the problem after a spate of unfortunate events and you know, a surge in complaints of harassment and even suicides. That's when the committee came together to really think about a regulatory framework. I think the committee released its report late last year and invited public consultations. And we should hear on final formal guidelines anytime soon. But to give you a flavor of at least that proposed framework is again, they say that unlicensed entities who are basically illegally lending should be declared illegal and should be outlawed. And that the RBI perceives the government to take lead and initiative on that one and kind of draw up legislative instruments that would outlaw such activities by unlicensed players. The bigger part of the puzzle is that those entities with which are within the RBIs regulatory perimeter, the RBI has proposed a supervisory structure in the form of a self regulatory organization, which essentially means that the industry comes together draws the codes of conduct to the satisfaction of the regulator, and then abides by them. A second and very interesting kind of measure that the RBI has also proposed is something called Digita which is really digital trust agency. And the job of that institution or that body would be to really accredit apps, right. So then they could verify apps and the ones who are not verified by Digita basically stand out as entities who are not good enough to meet digita's accreditation standards and therefore, are perhaps less trustworthy. So it kind of gives customers an instrument to distinguish between scrupulous and unscrupulous players

Dia Rekhi 13:01  

RBI governor shaktikanta das also caution people about unregistered digital loan lending apps, and said that if they have complaints, they should lodge Police Complaints. Das also went on to say that if there are complaints against lending platforms, which are registered with the RBI, then the central bank will take action. The regulator also said that it will likely put out guidelines to regulate digital lending as well. We seem to be managing the situation well from all sides. So where is the loophole?

Rajesh Narain Gupta 13:32  

I think there are enough laws and regulations to control these winners. We have the ITA, we have got the cyber Cell. We got the RBA policies and regulations, which clearly define what can be done but cannot be done. So, we have got the money lenders in various states, we have got the NB FCS, we have got the banks who are authorized and permitted to lend. The problem arises when there are intermediaries who want to play around and who don't want to become a bank or NBFC or or acquire a license or moneylenders and create a platform to provide as an intermediary these services. So, if you are able to control these intermediaries, and put in black and white that nothing except for what is permitted is allowed in any form, shape or size and no innovative circles structures are permitted. This could be addressed to a great extent, I think we have got enough machinery only the will which is the regulator will and the political will to address this is witnessing. And lastly, the players like for example, I'm not saying they're responsible players like Google and all that those who are facilitating this launching of these portals or websites or whatever. If a strict penalty is put on them, which is enforced immediately that if falling tick marks do not happen. You can't allow these to function. Even so even those measures could help significantly

Dia Rekhi 14:56  

from what is being done to what should be done. Here are our guests handing some suggestions that the regulators could add to their playbook, 

Beni Chugh 15:03  

I think the one big missing piece in the puzzle of supervision is really the capability to harvest ex ante intelligence, because we are currently reacting after customers have expressed grievances. So we need to kind of Institute ways in which we are able to diagnose, predict, prevent these events from happening some ways in which we could do that, for instance, you know, could develop a toolkit of ex ante supervision, for instance, something like mystery shopping, where some of the RBIs personnel or even trusted you know, researchers, customer advocate organizations, personnel can take those customer journeys, understand where the fragilities are, and report back. That's one way of gathering ex-ante intelligence. But also, because all of this is so digital, there are also lots of technological ways processing of, you know, natural language, or even using AI MLS to just kind of routinely understand the presence of digital lenders on let's say, app stores and platforms and understand which of those are licensed, which of those are unlicensed, just gathering that market intelligence in the first place, I think is very important, then a second thing that I think the RBI could think of is merely harmonizing the definition of credit itself, right? Because so many times what happens is that a product has on ofcredit, or loans features, but it still doesn't qualify as loan. For some reason, we're seeing that kind of asymmetry even buy now pay later products where they have properties similar to a credit card, but they continue to be called as pay products, which then kind of creates a gap in customer protection, right? So I think just harmonizing and coming up with a definition of credit, and then saying that either you're a lender or your you're a party who is supporting the lender, doesn't matter. If you are in the business of credit, then minimum customer protection obligations apply to them. Right. Very recently, for instance, Kenya passed a similar law where all these digital lender providers, their names are maintained in a public registry. And that's a great transparency tool as well, right, because if your name is in the registry, then I as a customer can quickly look up the registry and see that this is an entity that has the blessing of the regulator, and therefore they're safe for me to contract with.

Rajesh Narain Gupta 17:26  

I very strongly believe that the first leg of defense here is communication, and that communication should be made by way of media where the regulator there what is possible, what is not possible, how the people should be borrowing, not borrowing, that communication should be there. Number two, whichever bank and non Banking Finance Company and moneylenders have been authorized, their names could be put in some kind of website by the Reserve Bank of India. So that people know that barring those people, they don't have to go to any person. And if then they are going, they're taking a calculated risk. So that kind of information will be made public. And since our cyber cell is already functional, if some more dedicated resources could be put to only monitor and track such websites, there are some key words like borrowing, private borrowing and all that against those keywords. If the more organized management could be done, of these websites and timely action are introduced, then, to a great extent, this can be addressed at all possible levels. 

Dia Rekhi 18:26  

And finally, we have not forgotten you, our dear listeners, what can you do, if you are considering downloading a loan app, here are both our guests giving you some super helpful pointers.

Beni Chugh 18:39  

The first one is that if the app is actually not asking for any documentation, ie KYC. And if you're not receiving any messages from your credit bureau, or from you know, e KYC, authorities that an E KYC has been conducted for you, that's suspicious, because then this is unregulated unlicensed entity, because a licensed entity would not be able to lend to you in the absence of KYC. So if there is no KYC check, then that's kind of a big red flag. The second thing that they could perhaps do is, and this is again, quite onerous for the customer. But if they are willing to go through the hassle, then reading the terms and conditions to understand, which is the regulated entity at the back end, if they're not able to identify a bank or NBFC in the terms and conditions very clearly, then that's also a red flag, because then potentially that dealing with an unlicensed entity. And I think the third red flag should be when there are excessive requests for data. So for instance, if the app wants access to your contacts, your location, your photo gallery, then I would say that's also a red flag because that's pretty much the modus operandi that they get access to all of that and then once the person defaults, they use all of that information to psychologically abuse the person.

Rajesh Narain Gupta 20:02  

first of all more and more people should go to only organize setup as authorized by the government of India and Reserve Bank of India, they should look for bank non banking finance companies or money lenders who are authorized. Today even for small loans microfinance companies are there which are authorized by this bank of India. So they don't have to try out something which is not otherwise available in the market. problems are occurring because people want to get smarter and try for loans, which they know are not easily available. Since they don't have the details on KYC, or the assets to mortgage or some other details to be furnished. They tend to go to this disorganized sectors and that is how they fell prey to the greed of getting money. And number two, if any site is offering something extraordinary, some extraordinary benefits, cheapest loan interest, and that against no security, the money is available, they all should get very, very wary of that. The third most important is that if any site is asking for money in advance, before actually giving the loan, they should not have put any advance on the loan. And lastly on these apps, if there is a way that they can go back to the website of reserve bank or India and see whether they are falling within the category of authorized lenders or not. That is very, very, very critical. Any disorganized players should be completely avoided. And if we can put this kind of communication to the people in all vernacular languages, that will be quite helpful.

Dia Rekhi 21:27  

It boils down to this. If it's too good to be true, it probably is. Quick money is a big draw. And the temptation of having it without any major checks is even more appealing. But it is exactly this tendency that fraudsters play on - our need or greed. So the next time you see something that seems fantastical, be suspicious. Ask questions. And if you face an issue, don't be afraid to file a complaint or seek help. On that note, just two more days for salary day. Phew... I won't have to look out for loan apps not this month at least. Thank you, Beni and Rajesh, you were listening to loans over phones an absolute menace on the morning brief with me Dia Rekhi 

Producers for this episode are Vinay Joshi from the economic times and Soundarya Jayachandran from Aawaz Sound Editors Indranil Bhattacharjee from the economic times and Swati Joshi from Aawaz, executive producers Anupria Bahadur and Arijit Barman. If you liked this episode, please make sure to share it on your social media. The morning brief airs every Tuesday, Thursday and Friday. do tune in to ET play our latest platform for all audio content, including the morning brief. That's all from me for today. Thank you and have a great weekend.

This transcript has been automatically generated. If by any chance there is an error please send the details for a correction to: themorningbrief@timesgroup.com We will do our best to make the amendment as soon as possible.