3
Jul

Insights from the “Digital Credit Roundtable” hosted by the Future of Finance Initiative

(This post is authored by the Future of Finance Team at the IFMR Finance Foundation).

In the first post of this series on the three Future of Finance Initiative (FFI) workshops hosted in April, we focused on the workshop on digital payments. This blog summarises the key insights from the second workshop on digital credit. The workshop was attended by  providers  from across the credit ecosystem in India. We thank the participants for their frank and open views presented at the discussions.

India is one of the most underserved credit markets in the world, with only 15% of the households borrowing from formal channels.[1] Emerging digital lending models have the potential to address this gap. These models range from online marketplaces and online lenders (originating loans on behalf of traditional institutions or lending themselves) to P2P players (connecting individual lenders to borrowers via a platform). Given the entry of all these new technology oriented providers and intermediaries, we wanted to understand responses to our core questions to players across the digital credit space:

  • How are providers providing solutions relevant to new market segments?
  • Where are the risks and vulnerabilities across the chain of the players and processes in the digital credit ecosystem?

The Growing Role of Non-bank Entities in Digital Credit

An early insight that participants shared at the workshop was that there is no shortage of demand or supply for credit in India today, rather that we lack mechanisms in the market for the appropriate deployment of supply. It was also emphasised that role of fintech providers in India is fundamentally different from markets like the US: while fintechs in US focus on a generally well-banked population often in competition with established banks, Indian fintech firms are also trying to expand the market and provide services to the underserved.

The key question facing the Indian market is whether providers dis-intermediating the chain of credit will partner with banks or compete with them in order to provide services to customers. Two market trends described within this context:

a) P2P lending platforms partnering with banks

Participants reflected that traditional banking is limited by legacy systems and regulations. Some banks have taken a progressive view of the developments, with early trends emerging of P2P platforms tying up with banks to source customers and help with the early stages of the customer verification process. These partnerships are making certain assets classes—such as consumer and SME loans through e-commerce platforms—more accessible to traditional banks.

b) New strategies by digital lenders and P2P platforms to reach customers not previously accessed by traditional lenders

Providers in the digital credit market are also using new strategies to diversify the base of customers to whom they lend such as building partnerships with e-commerce platforms to use their data and advertising and targeting new customers. For instance, some P2P platforms have tie-ups with travel and holiday planning sites to offer loans to vendors listed on the site.[2] These partnerships have opened up access to new customers for SME and consumer loans who may not have been previously accessible to lenders.[3]

New Service Providers in the Chain of Digital Credit

Next the discussion moved on to the range of players in the digital credit scene. To frame the discussion, we presented a list of all the stakeholders involved in the provisions of digital credit to the participants (Table 1) – based on our understanding of the credit ecosystem.

Table 1: Digital Credit Stakeholders

Source: FFI (2017)

The participants observed that the above list is likely to evolve as emerging players involved in providing digital credit and related services are currently discovering and experimenting with different business models.

Despite the changing nature of the industry, participants agreed that the majority of digital credit operations are the same as those in traditional lending. However, certain processes such as risk origination and risk assessment have evolved because of increased access and use of customer data.

Emerging Pain Points for Digital Credit

The discussion moved on to the operational pain points faced by providers and their intermediaries.

Low awareness of data-related risks: The chief concerns of the attendees centred on data protection and privacy. The participants felt that the average Indian consumer’s awareness of data related risks is minimal. Educating customers about privacy and data protection issues is crucial. The providers at our workshop took their own roles in this process very seriously. Participants also believed that customer data should not be shared without explicit consent. However at the same time, they conceded that it is often unclear for consumers to know what they are giving consent for.

Participants also highlighted that risky customer data practices already exist and are not unique to the digital credit space. For instance, participants discussed the large role that Direct Selling Agents (DSAs) have traditionally played in the selling of financial products by contacting potential customers. Currently, DSAs are a weak link when it comes to securing customer data, since there is no clear procedure to monitor and sanction these agents.

New data for credit assessments: Next the participants discussed the use of alternative data based assessment for lower income customers – to widen the potential to offer credit products to them since they often do not have more traditional credit scores to support assessments of credit worthiness. It was emphasised that standardised credit products can lead to financial exclusion due to exclusionary eligibility criteria.

In this context, the question of privacy arose – specifically, whether certain types of alternative data could compromise the privacy of individuals and whether this was a valid consideration. Participants’ views were divided on the importance of this question to the end customer – with some musing that privacy could be a “luxury” problem and others priding themselves on placing strong value on their data privacy practice.

Need for standardised borrower assessment, fair lending requirements and front end provider liability: Typically, assessing a borrower’s credit worthiness involves gauging the ability to repay, intent to repay and identity. This process is standardised in countries like the US and the UK. However, in India there is no standardisation of the borrower assessment process. This exacerbates the challenges of evaluating customers.

In the US, the fair lending requirements practised by foreign banks prevent discrimination based on pincode, race etc. Equivalent provisions do not currently exist in India. However, in the US, discrimination is implicit within lending practices — in a black box form. As a result, American lenders do not share their assessment processes.

All the participants agreed that in the case of any customer harm arising, the customer-facing institution must take responsibility and liability — irrespective of the dis-intermediation of the chain of credit in the digital context. There cannot be a situation where the customer’s rights are spread across multiple entities.

Regulators need to factor in market development and stakeholder perspectives: Participants highlighted the need for regulators to let the industry take a meaningful size and shape before introducing guidelines. If regulations supersede the industry’s development, they can shape the formation of industry (instead of market forces).

The attendees also remarked that digital lenders have no formal forum for engagements with key regulators, making it tough for them to feedback ex ante about the possible impact of proposed regulation on the market and on customers. One recent initiative that participants discussed was the Digital Lenders Association of India (DLAI), which seeks to work closely with the government, regulators and policymakers on behalf of those involved in core lending business and facilitators in digital lending.

Overall, the workshop helped us get an insight into the role of the various actors who participate in the digital credit ecosystem in India, and their perceptions on managing risks to customers.


About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect citizens accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.


[1]See: All-India Debt and. Investment survey (2014) http://mospi.nic.in/sites/default/files/publication_reports/nss_577.pdf
[2]See: http://www.business-standard.com/article/companies/alok-mittal-returns-as-entrepreneur-launches-platform-for-smb-lending-115100100047_1.html
[3]See: http://www.amazon.in/b?ie=UTF8&node=8520691031

30
May

Insights from the “Digital Payments Roundtable” hosted by the Future of Finance Initiative

(This post is authored by the Future of Finance Team at the IFMR Finance Foundation).

In April, the Future of Finance Initiative (FFI) hosted a series of closed door workshops with a small set of digital financial service providers focusing on payments, credit and investments. The primary goal of the workshops was to map the “transaction journeys” of individuals using digital financial services in India and identify points of weakness from a supply side perspective. This helped us get a clearer understanding of the emerging customer level vulnerabilities in the Indian digital financial landscape. This blog summarises key insights from the first workshop that we hosted on digital payments. The discussions were held under the Chatham House Rule, so this post is limited to overall themes without attributing comments to participants. We thank the participants for their frank and open views presented at the discussions.

The payments ecosystem in India has undergone rapid evolution in the recent past. Post demonetisation, the big push from Government to scale up digital payments has been front-and-centre on the policy and industry agenda. Given all of this, we wanted to understand:

  • How are providers providing solutions relevant to new market segments?
  • Where are the risks and vulnerabilities across the chain of the players and processes associated with making a digital payment?

We posed some of these questions to the carefully curated set of participants of the digital payments workshop. They reflected players across the payments ecosystem in India including wallets, payment system operators, payment gateways, card payment processors and software developers.

New customer segments need new products tailored to their needs

The workshop kicked off with a discussion on broad trends and considerations emerging for those working in the payments industry in India. A key observation was that new segments of customers are being brought into the digital payments ecosystem who are different in their capacity to absorb any losses, compared to existing customers. This opens up new opportunities and responsibilities for providers, including on product design and innovation.

Specifically, financial services tailored for low income consumers, have not evolved in the Indian financial market — unlike other sectors such as telecommunications (where for e.g. different levels and durations for phone recharges are available). As an illustration, most credit cards are set up for 45 days cycles as they are aimed to cater to “salaried’ employees who earn once a month. However, there are no cards with 20 days cycles for people earning twice a month or at more frequent intervals (such as those in part-time work or the informal sector). In the future, such a segment could be served by small finance banks and payment banks, potentially in partnership. Some participants felt that this approach to banking could be a more effective for fostering financial inclusion than recent government schemes which scale-up inflexible products (such as no-frills bank accounts).

Services providers in the chain of payments

The FFI’s focus to date has been understanding customer-level risks in digital finance. We wanted to use this opportunity to test our concerns with providers involved in payments transactions. To frame the discussion, and locate the various parties in the chain of a payments transaction, we presented a simplified schematic of our understanding of the payments ecosystem to the participants.

Figure 1: Card Not Present[1]: Online Payment Schematic


Source: The Future of Finance Initiative (2017)

The black arrows track transaction data flows and the green arrows tracking funds flows in the back end of a typical payments transaction. Participants agreed that this reflected the flows of a standard payments transaction. This schematic has remained broadly the same at the back-end for most forms of payments, but the challenges from the push towards newer forms of digital payment methods arise mainly due from (1) the variance among front-end customer-facing applications (2) increases in volumes of transactions and (3) the related data. 

Pain Points include security, transaction failures and policy uncertainty  

Discussions then followed through the afternoon about the operational aspects of completing payment transactions and pain points in the current scenario.

Data protection and data security: Payment services providers generally include clauses in their terms and conditions regarding customer data use. However the practices around this vary vastly. A key concern with direct impact on customers relates to data security, given the amount of data collected, stored and transmitted digitally in the payments process. ISO 27001 is the key global standard to which players in the payments industry generally aspire to. It was observed that full compliance with the standard was unaffordable for most providers, though the majority of them complied to the best extent possible.

Issues with the Payment Card Industry Data Security Standard (PCI DSS) — the industry standard for policies and procedures aimed at protecting data in card and payment transactions –- were also discussed. Adherence to all aspects of the PCI–DSS was patchy across industry participants. The standard does not have an enforcement body (being an industry standard with compliance driven by the requirements of other payment brands and acquirers). Concerns were raised that certain payment gateways and services were falling foul of the requirements without being censured –for example, by storing CVV for extensive periods of time in contravention of PCI-DSS.[2] It was pointed out that the PCI DSS provisions are from a pre-mobile era, and tend to be web-focussed. This results in gaps arising even in these standards with respect to data security for mobile transactions.

With regard to future regulation, participants stressed the need to balance the costs of compliance to be measured against evaluations of risk carefully when regulations are being formulated.

Hardware security: Hardware security is often overlooked in discussions around payments security. Participants discussed the absence of hardware checks for mobile phone handsets or regulations limiting pre-installed applications on mobile phones. This opens up the possibility of phones manufactured in other countries being sources of data theft and spyware. For instance, in 2016 firmware was found on Chinese manufactured smartphones being sold in the US which transmitted personally identifiable information (PII) to servers in China via a back door.[3]

To raise consumer awareness of security vulnerabilities and to drive providers to adopt better security practices, one idea suggested was to develop standardised indicators on apps and webpages to give usersSource: hostcats.com (2016) an immediate indication of the level of security. An existing example of this is the green lock HTTPS URL marker (right) currently used to indicate that a web browser holds a Secure Socket Layer (SSL) certification.

Transaction failures and frauds: Participants noted that the payments industry needs to improve on the failure rates for transactions to avoid affecting consumer confidence and usage. There was consensus that the regulator could play a constructive role in publishing aggregated information about transaction failure rates to incentivise higher data security standards. Providers themselves would shy away from publishing this kind of data individually. However, aggregated data published by a neutral third party or regulator could drive the providers to measure themselves against this benchmark and aspire to better rates.

Regulatory uncertainty and intervention: Participants discussed concerns about the impact of regulatory uncertainty along with how prescriptive regulatory standards had the potential to stifle innovation. Providers were concerned about competing with Government sponsored payments products and services and were anxious about Government subsidies and price caps that could put pressure on market prices, and introduce uncertainty for providers who were seeking to be commercially viable. There was also discussion on the need for having a level-playing field for new payment service providers as against established providers like banks.

Overall, the workshop was a fascinating deep dive into the perspective of the various actors who participate in making a payment transaction possible – while keeping the customer’s experience and concerns at the heart of the discussions.

—-

About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect citizens accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.


[1] Card not present (CNP) refers to a purchase a consumer makes without physically being present or presenting his or her credit or debit card at the time of purchase.  CNP transactions often occur online and are conducted by consumers without the actual in-store credit card swipe – which is likely the major direction of travel, as more digital payments are made over mobile/internet to pay for goods and services.

[2] For more see: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

[3] For more see: http://gadgets.ndtv.com/mobiles/news/chinese-firm-installed-back-door-on-thousands-of-smartphones-says-it-was-a-mistake-1626136

26
Apr

Comments on the RBI Draft Master Directions on Issuance and Operation of Prepaid Payment Instruments in India

By Bhusan Jatania, IFMR Finance Foundation

The Reserve Bank of India (RBI) released the Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India (Draft Circular) on 20 March 2017. The IFMR Finance Foundation’s Future of Finance Initiative has provided its response to the Draft Circular.

While the Draft Circular builds upon a series of PPI related circulars issued by the RBI, it proposes significant changes such as:

  • increasing a PPI issuer’s net-worth requirement to Rs. 25 crores (from the existing Rs. 1 crore),
  • allowing PPI issuers to access payment systems in the future (without providing details),
  • requiring comprehensive system audit of PPI issuers on an annual basis (and before granting licenses to new applicants), and
  • compulsory conversion of existing PPIs (which hold minimum information about the user) to full KYC PPIs (this has to be achieved within 60 days of the Draft Circular coming into force).

In our comments to RBI we have recommended that the Draft Circular:

  • provide a higher standard of customer data protection,
  • create a more level-playing field for bank-led and non-bank led PPI issuers, and
  • clarify customer liability for unauthorised / fraudulent transactions involving PPIs.

In our response we have also compared the Draft Circular to the recent draft rules for security of prepaid payment instruments released by the Ministry of Electronics & Information Technology on 8 March 2017 (to which we also provided a response, available here).

We believe that the proposed regulatory revamp of wallet providers is driven by the principle that emergence of dominance should lead to greater supervision. The RBI appears to have taken a view that the digital payments sector, characterised by significant user expansion, has emerging customer abuse, data security and systemic risk considerations. And while the industry has raised some concerns of regulatory extravagance around the Draft Circular, it should largely be seen as a step in the right direction.

Our response to RBI’s public consultation is available here.


About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect citizens accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.

27
Mar

Comments on the Ministry of Electronics & Information Technology’s Draft Rules for Security of Prepaid Payment Instruments

By Malavika Raghavan, IFMR Finance Foundation

On 8 March 2017, the Ministry of Electronics & Information Technology (MeitY) released a set of draft rules for security of prepaid payment instruments (Draft Rules), inviting comments by 20 March 2017.[1] The IFMR Finance Foundation’s Future of Finance Initiative has provided its response to the Draft Rules.

The Draft Rules propose new requirements for pre-paid payment instrument (PPI) issuers, requiring them to:

  • put in place information security policy and privacy policies, and undertake risk assessments to assess risks associated with the security of their payment systems, and
  • institute a range of measures on customer identification, authentication, awareness, and education, and separately, a set of security practices.

The Draft Rules seek to broaden the category of customer information that is considered “personal information” for the purposes of the Information Technology Act, 2000 (IT Act), improper disclosure of which can be penalised by a fine up to Rs. 5 lakhs or imprisonment up to 3 years (or both). It also seeks to give transaction history data held by PPI issuers a higher degree of protection as “sensitive personal data and information” under the IT Act.[2]

The Draft Rules are an important and progressive step towards highlighting customer data protection and privacy concerns of customers using PPIs. However, MeitY has taken the interesting position of making rules for a particular institution type (PPIs here), which makes it akin to a sectoral regulator. It is also interesting to note that the Draft Rules traverse areas in which Reserve Bank of India (RBI) regulation already exists. In this regard we note that on 20 March 2017, the RBI released its updated “Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India”, inviting comments by 31 March 2017.

In our comments to MeitY we have sought to highlight that the Draft Rules:

  • dealing with privacy and data protection, while incorporating some of the key (and internationally recognised) data protection principles can benefit from a more complete coverage of these principles,
  • while certainly taking the lead in customer data protection, should, keeping in tune with several other jurisdictions, go a step further and consider a broadening of the scope of Sensitive Personal Data and Information (SPDI) by covering any “personally identifiable financial information that any institution collects about an individual in connection with providing a financial product or service (unless that information is otherwise publicly available) – We characterise this as “Non-Public Personal Information (NPI), and make a case for treating NPI as SPDI for the purposes of the Information Technology Act, 2000
  • should attempt consistency with the existing framework of the Information Technology Act, 2000 (particularly the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules, 2011) so as to avoid multiplicity of legal standards.

We consider MeitY to be best placed to continue its role as the overarching standards setting body for issues relating to security and integrity of electronic transactions, and we see the actual monitoring and enforcement of such standards to be delegated to sector specific and specialised regulators (such as RBI, SEBI, IRDA, PFRDA, TRAI, Airports Authority of India, Registrar of Companies, All India Council for Technical Education, others. Therefore, in the context of PPIs, it would be wise to take note of existing regulations and monitoring systems already present within the RBI, as further described in our response document.

Our response to MeitY’s public consultation is available here.

About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect citizens accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.


[1] The deadline has since been extended to 5 April 2017.

[2] For an explanation of these categories, see our blog on Electronic Financial Data and Privacy in India (published December 2016).

21
Mar

The P2P Lending Market in China: A Parable for Indian Policymakers – Part 2

By Varun Aggarwal, IFMR Finance Foundation

In the first post of this two-part series, we tracked the explosive rise of the P2P lending market in China, which took place in the absence of any regulations. In this post we look at the series of regulatory measures introduced by the Chinese authorities in the wake of high profile platform failures and mounting outstanding debt levels.

Changes in the Regulatory Environment  

The China Banking Regulatory Commission (CBRC) first began addressing the issue of P2P regulation in official speeches in 2014. The speeches marked “red lines” lenders should not cross and outlined principles for the industry.[1] However, it was not until July 2015, with outstanding P2P loans at 200 billion RMB that the first intentions to regulate the industry were articulated. The People’s Bank of China (PBOC) (the Central Bank) along with the China’s State Council and other key financial regulators such as the China Securities Regulatory Commission and China Insurance Regulatory Commission jointly issued the Guiding Opinions on Promoting the Healthy Development of Internet Finance [2] to encourage financial innovation, promote the healthy development of Internet finance, clarify the regulatory responsibilities, and regulate market order. The CBRC was officially made responsible for formulating and administering policies on the behavioural supervision of P2P lending platforms. Some of the key proposals included the following:

  • P2P platforms were to become “information intermediaries” and not financial intermediaries as was the prevalent industry practice.
  • In order to put a stop to fraudulent platform operators stealing funds, all client accounts were to be parked at custodian banks.
  • Platforms were also precluded from offering “credit enhancement” or guaranteed returns by covering losses themselves.

In 2016, a PBOC-led group of regulators began a rectification campaign for the Internet finance sector. Local governments were given orders to survey the online lenders, crowdfunding platforms, private equity funds, and more complex financial firms operating in their jurisdiction to get a clearer picture of what regulation is needed. Major cities stopped registering new firms in this field, stricter rules on advertisements came out, and reports even circulated of internet finance firms being ordered to vacate office buildings in busy districts due to fear that they would become targets for protests staged by defrauded investors if the platforms failed.[3]

Based on the 2015 Principles, on 24 August 2016, the CBRC, the Central Ministry of Industry and Information Technology (MIIT) and the Cyber Administration of China (CAC) jointly released the Interim Measures on Administration of the Business Activities of Peer-to-Peer Lending Information Intermediaries (the “Interim Measures”).[4] The Interim Measures comprise the first comprehensive legal framework specifically regulating peer-to-peer lending activities in China.[5]

Under the new rules, an “internet lending information intermediary” – namely a P2P lending platform – means a validly established company that specialises in acting as an intermediary provider of online lending information – “online lending” means direct lending made amongst individuals through an Internet platform. Individuals include natural persons, legal persons, and other organisations.[6] [7]

Some of the key requirements of the Interim Measures included:

  1. The capping of the total amount that an individual can borrow on a single platform at RMB200,000 (~29,000 USD), and RMB1 million (~143,000 USD) on multiple platforms. The respective caps for a corporate entity are RMB1 million and RMB5 million (~718,000 USD).
  2. P2P lending platforms must now hold borrower and lender funds in custodian accounts with ‘registered financial institutions’ instead of in the platform itself. The custodian account acts as the fund transfer mechanism between lenders and borrowers, and serves as an escrow account for all transactions between both sides.[8]
  3. Other operational obligations on platforms included filing with local financial supervisory authorities[9], obtaining permits from relevant telecommunications authorities and releasing of, for public record, information on direct lending and borrowing transactions.
  4. The scope of operations was demarcated — prohibiting P2P lending platforms from selling asset-backed securities or financial instruments such as insurance, trust products and wealth-management products and the prohibition of conducting offline promotion of financing projects.
  5. Standards for data management were put in place — focusing on proper KYC and data protection.[10]

The Interim Measures provide a 12-month transitional period for existing P2P lending platforms to achieve compliance.

The new rules also set out authority among Chinese regulatory agencies — financial regulators at the provincial and city level will be primarily responsible for registering and overseeing P2P lending platforms. This offers the benefit of more direct supervision; however China experts[11] highlight graft and fraud among mid-level bureaucrats as being still relatively common at the local level.

Other major criticisms of the measures centered on the absence of reporting requirements to a centralised database which records all P2P lending information (or an equivalent credit bureau).[12] This makes enforcing the borrowing cap impractical, as platforms cannot ascertain the aggregate outstanding debt of a borrower across multiple platforms.[13] [14]

Nonetheless, in the long run, regulators believe that the ‘Interim Measures’ should help to ensure a healthier and a more sustainable market. These measures may likely bring about a reshuffling and consolidation of market players.

Lessons for Indian Policymakers

The P2P lending industry in India is tiny compared to China. At the end of 2015, for instance, there were 38 P2P lending platforms operating in India — compared to 2200 in China. But 20 of the new online P2P lending platforms were launched in 2015, suggesting that the market is starting to take off in India. In fact, projections expect India’s P2P lending market to swell to USD 4-5 billion in the next 5-6 years.[15]

On April 28, 2016, The Reserve Bank of India (RBI) issued a public consultation paper on P2P lending regulations in India. Though the paper only states the proposed rules and solicits feedback/comments, it does give an idea about the RBI’s stance towards P2P lending — IFMR Finance Foundation conducted a detailed analysis in their response to the RBI’s consultation paper.

Nonetheless, the risk-ridden rise of the Chinese P2P lending market — characterised by explosive growth and spectacular platform failures — and the consequent attempts to regulate it, are relevant and timely parables for Indian regulators. Some of the key lessons from the Chinese experience are:

  1. Clarifying the definition of a P2P lending platform and demarcating the scope of its business activities. For instance, the China regulations clarify internet finance to include incorporated businesses as lenders, besides individuals. Furthermore, P2P lending platforms were prohibited from taking deposits from members of the public or creating asset pools, selling wealth management products and transferring debts by issuing asset – backed securities.
  2. P2P platforms should not be allowed to promise guaranteed returns to its lenders (as envisaged already in the RBI consultation paper). Chinese regulators have prohibited platform guarantees for borrowers (unless facilitated through a third party, such as a bank).
  3. Proactive supervision of platforms’ lending activities and practices — by utilising mystery shopping and periodic filings with relevant authorities.
  4. Need for implementing public disclosure of characteristics of the assets under management (AUM) such as number of loans, outstanding amounts, NPA ratios. In China, platforms are required to publically disclose information on direct lending and borrowing transactions; although it is unclear whether there is a requirement to disclose asset quality numbers.
  5. Need for prudential requirements (in some form of a backstop) for systemically important platforms proportional to the total volume of lending activity being conducted. Chinese regulations have not incorporated such a requirement while UK has this for its loan-based crowd-funding platforms.[16] The RBI consultation paper considers a leverage ratio but it is unclear how the ratio will be applied since neither liabilities nor assets reside on the platform’s balance sheet.
  6. Retail borrowers and retail lenders need to be provided with additional protections against being missold unsuitable products (loans and debt investments respectively). While the Chinese authorities require platforms to offer financial consulting services, it is unclear what these services involve. The UK’s FCA has taken steps to ensure suitability requirements on P2P platforms:
    • For Borrowers: The FCA’s Handbook on Responsible Lending specifies that “a firm, with respect to operating an electronic system in relation to lending in relation to a prospective borrower under a P2P agreement”, “must undertake an assessment of the credit-worthiness of the prospective borrower[17]. Furthermore, providers have to highlight[18] key risks to the borrower such as the consequences of missing payments or under-paying.
    • For Lenders: FCA specifies that where lenders have the choice to invest in specific P2P agreements, platform providers should provide information regarding the details of the creditworthiness assessment of the borrower carried out.[19] Moreover the FCA has mandated platforms to disclose[20] all relevant information to enable potential investors to make informed decisions on whether or not to invest.
  7. Ensuring that all loan disbursements and loan performance details are reported mandatorily to credit bureaus. This requirement is currently absent in China.
  8. Allowing P2P platforms to have access to credit bureaus records. Chinese P2P platforms have access to records of existing personal or business credit from traditional and non-bank financial institutions, including credit information from the central bank’s national credit-registry system.
  9. In order to facilitate secured lending on platforms, there is a need to provide access to platforms to the CERSAI asset registry, potentially include them under the ambit of SARFAESI Act; Chinese P2P platforms have access to the central bank’s national ‘movable assets’ registry information for accounts receivables.[21]
  10. As Platforms store and handle sensitive datasets there is an urgent need for proper data protection and security standards. Currently China’s regulations are focused solely on the accuracy of data being collected; however more detailed implementing rules are expected to be issued on data privacy and technological standards.[22]
  11. Platforms should be stopped from using misleading promotions of services — UK[23] authorities, for instance, actively monitor financial promotions on platform websites and take action where firms do not meet their standards. The FCA has also released a guide on financial promotions in social media.[24] Chinese regulators have prohibited the offline publicising or recommending of projects that need funding (only electronic channels such as internet, fixed-line telephones, and mobile phones or via entrusting or authorizing a third party, are permitted), although the rationale behind this prohibition is ambiguous.[25]

 —

About the Future of Finance Initiative:

The Future of Finance Initiative (FFI) is housed within IFMR Finance Foundation and aims to promote policy and regulatory strategies that protect individuals accessing finance given the sweeping changes that are reshaping retail financial services in India – including those driven by Indiastack, Payments Banks, mobile usage and the growing P2P market.



[1] See:https://piie.com/blogs/china-economic-watch/p2p-series-part-2-regulating-chinas-plethora-p2p-players
[2] See:http://hkmb.hktdc.com/en/1X0A34J5/hktdc-research/China-Issues-Guidelines-on-Development-of-Internet-Finance
[3] See:https://piie.com/blogs/china-economic-watch/p2p-series-part-2-regulating-chinas-plethora-p2p-players
[4] For an English translation of the measures see: http://en.pkulaw.cn/display.aspx?cgid=278756&lib=law
[5] See:www.linklaters.com/pdfs/mkt/shanghai/A32461989.pdf
[6] See: www.linklaters.com/pdfs/mkt/shanghai/A32461989.pdf
[7] See: https://hk.lexiscn.com/law/law-english-1-2917482-T.html
[8] The CBRC recently issued the Guidelines for Online Lending Fund Depository Business; for more see: http://hkmb.hktdc.com/en/1X0A99GT/hktdc-research/CBRC-Issues-Guidelines-for-Online-Lending-Fund-Depository-Business
[9] For the purpose of these Measures, “local financial regulatory authorities” means the departments of all provincial people’s governments which undertake the functions of local financial regulation. See more: http://en.pkulaw.cn/display.aspx?cgid=278756&lib=law
[10] See: https://hk.lexiscn.com/law/law-english-1-2917482-T.html
[11]See: http://www.nasdaq.com/article/new-rules-for-chinese-p2p-lenders-designed-to-minimize-fraud-slow-industry-growth-cm719480
[12] Although there have been suggestions that the CBRC will build a centralised database on the online lending industry. See more: https://www.nri.com/~/media/PDF/global/opinion/lakyara/2016/lkr2016235.pdf
[13] See: www.linklaters.com/pdfs/mkt/shanghai/A32461989.pdf
[14] See: http://www.globaltimes.cn/content/1003315.shtml
[15] See: http://www.business-standard.com/article/pti-stories/startup-sees-peer-to-peer-lending-market-growing-big-in-india-116020700125_1.html
[16] See: https://www.fca.org.uk/publication/policy/ps14-04.pdf
The volume- based financial resources requirement calibration placed by FCA on P2P platforms is the sum of:

  1. 0.2% of the first £50 million of the total value of the total loaned funds outstanding
  2. 0.15% of the next £200 million of the total value of the total loaned funds outstanding
  3. 0.1% of the next £250 million of the total value of the total loaned funds outstanding
  4. 0.05% of any remaining balance of the total value of the total loaned funds outstanding above £500m

[17] See: 5.5, https://www.handbook.fca.org.uk/handbook/CONC/5.pdf
[18] See: https://www.handbook.fca.org.uk/handbook/CONC/4/3.html?date=2016-07-01
[19] See COBS14.3.7A (4) in: https://www.handbook.fca.org.uk/handbook/COBS/14/3.html
[20] See: https://www.fca.org.uk/publication/thematic-reviews/crowdfunding-review.pdf
[21] See: http://www.accaglobal.com/content/dam/ACCA_Global/Technical/manage/ea-china-p2p-lending.pdf
[22] See: www.linklaters.com/pdfs/mkt/shanghai/A32461989.pdf
[23] The FCA highlights concerns regarding promotions that compare P2P lending in equivalence to holding money on deposit –as investors should understand that there are greater risks involved and they may lose some or all of their money. For more see: https://www.fca.org.uk/publication/thematic-reviews/crowdfunding-review.pdf
[24] See: https://www.fca.org.uk/publication/finalised-guidance/fg15-04.pdf
[25]A plausible reason could be the prevalence of offline-online business models in China, where providers would promote their online services to customers through offline means.