Devious menace: The Hindu Editorial on predatory loan apps Politics & News

In the case of Nithin Raj, the first-year dental student in Kannur who died last week after falling from atop a five-storey building, the police have identified harassment over a loan that he secured via an app as a contributing factor. His death is the third high-profile suicide linked to loan apps in Kerala within four months. Since January, over 35 complaints related to these apps have been registered in Thiruvananthapuram Rural alone. In Raj’s case, parallel investigations are also probing allegations of caste-based discrimination at his college and the National Commission for Scheduled Castes has sought a report from the State police in under a week. Once installed, these apps extract contact lists, photo galleries, and GPS data from the user’s device and export them to servers often located in North India or overseas. If repayment is delayed, recovery agents steadily ramp up harassment, including repeated abusive calls to the borrower, harassing persons listed as references on the loan application, and inflicting reputational damage. Kerala in particular has high smartphone penetration and digital literacy, but not necessarily financial literacy, and a large student population with urgent small-credit needs. Despite the RBI’s Digital Lending Guidelines, predatory apps lend without regulated status, fabricate Non-Banking Financial Company (NBFC) partnerships, route funds through opaque gateways, conceal fees and disbursal deductions, and provide no grievance mechanism.

The apps are able to operate because while the RBI regulates financial entities, the harmful entity operates in the app and data layers. As a first step, smartphone makers must consider an OS-level sandbox in which any app categorised as “financial” is technically barred from accessing contacts, photos, etc., even if the user grants permission. The apps’ call centres are also often traced to other States or countries, beyond the reach of local police. Second, India needs to enact legislation with prison sentences and heavy fines for illegal digital lending. When an app is removed from a store or directory, its developers relaunch immediately under new names. Third, the government can mandate all financial apps to have a cryptographically signed certificate of association from a regulated bank or NBFC and app stores to check listings against a Reserve Bank of India whitelist. This is also why the Kerala government is mulling new legislation to regulate digital lending platforms and empower local police to act against apps operating from outside the State. Fourth, the country needs rigorous disclosure standards on effective interest rates and fees, strict rules on recovery conduct, stricter KYC (Know your Customer) obligations on payment aggregators, and risk flags on UPI IDs associated with lending operations associated with a high complaint rate.