In September 2022, the Reserve Bank of India issued its digital lending guidelines — a framework designed to bring transparency and consumer protection to a sector growing faster than oversight could follow. The rules covered mandatory disclosure of lending partners, direct disbursement requirements, data access restrictions, and borrower cooling-off periods.

Two and a half years later, the picture is mixed. Large banks and well-funded NBFCs have largely adapted. But a significant portion of the fintech-NBFC partnership ecosystem still operates in a grey zone, and enforcement has been inconsistent.

Where Compliance Falls Short

The most persistent gap is in the lending service provider (LSP) partnership model. Many fintech companies operate as LSPs — they originate loans, handle customer acquisition, and manage collections, while an NBFC or bank provides the actual lending licence.

The RBI’s intent was clear: LSPs should be transparent intermediaries, not de facto lenders hiding behind a licence. But in practice, many LSP arrangements still leave borrowers confused about who they’re actually borrowing from.

A RBI supervisory report from late 2025 noted that a significant number of NBFCs had inadequate oversight of their LSP partners. Some couldn’t provide complete lists of active LSP relationships or demonstrate that they were monitoring LSP compliance with the guidelines.

The direct disbursement rule has been mostly followed by larger players, but workarounds exist. Some fintech platforms route disbursements through partner banks in ways that technically comply but still reduce transparency.

The AI Disclosure Challenge

An emerging dimension is how AI-driven lending decisions interact with disclosure requirements. Banks and NBFCs increasingly use machine learning models to assess creditworthiness, set interest rates, and determine loan amounts.

The guidelines require that borrowers understand the basis for lending decisions. But when those decisions are made by opaque AI models, meaningful disclosure becomes difficult. Telling a borrower “your loan was approved at 18% interest based on our proprietary model” doesn’t satisfy the spirit of transparency.

Some institutions are working with firms offering AI strategy support to build explainable lending models — systems that can provide clear, human-readable reasons for their decisions. This matters not just for regulatory compliance but for fair lending practices. If a model systematically charges higher rates to certain demographics, the institution needs to understand why.

Enforcement Remains Selective

The RBI has taken action in some egregious cases — shutting down unregistered lending apps and issuing supervisory directions to non-compliant NBFCs. But enforcement has been selective rather than systematic. With over 9,000 registered NBFCs and hundreds of fintech LSPs, the RBI doesn’t have the bandwidth for comprehensive auditing.

This creates a two-tier compliance environment. Well-capitalised institutions facing regular RBI inspections have invested in compliance infrastructure. Smaller NBFCs in the micro-lending segment often treat the guidelines as aspirational.

The Digital Lending Association of India has pushed for self-regulation and voluntary compliance standards, but voluntary frameworks only work when there are genuine consequences for non-compliance.

The Borrower Experience

From the borrower’s perspective, the most visible change has been in disclosure. Most legitimate digital lending apps now show the lending entity’s name and provide a key fact statement before disbursement. That’s genuine progress.

But the areas that matter most to borrowers — fair interest rates, transparent fees, and non-coercive collections — remain problematic in parts of the market. Borrowers in tier-3 and tier-4 cities, with limited financial literacy and few alternative credit sources, remain vulnerable to platforms that technically comply with disclosure requirements but still charge effective interest rates above 100% annualised through processing fees, insurance charges, and penalty structures.

Several state governments — Maharashtra, Tamil Nadu, Kerala — have introduced or are considering their own regulations for digital lending, creating a fragmented regulatory landscape on top of the RBI’s central framework.

What Needs to Happen

Three changes would significantly improve effectiveness:

Systematic LSP audits. The RBI should require annual compliance certifications from NBFCs regarding their LSP partnerships, backed by independent audits above a certain lending threshold.

A public LSP registry. Borrowers should be able to verify that the app they’re borrowing through is a legitimate, registered lending service provider. The RBI has discussed this but hasn’t implemented it.

Standardised complaint mechanisms. The RBI Integrated Ombudsman Scheme handles complaints against regulated entities, but many borrowers don’t know how to access it. A simple, app-based complaint mechanism for digital lending issues would help.

The digital lending guidelines were the right intervention at the right time. But guidelines without consistent enforcement become suggestions. The RBI needs to move from a framework that relies on good-faith compliance to one that includes regular monitoring, meaningful penalties, and better borrower education. Getting this right isn’t just about protecting individual borrowers — it’s about maintaining trust in digital financial services as a whole.