Explore responsible lending when you borrow from us

DLAI Code of Conduct

1. Introduction and implementation

   Unifinz Capital India Limited (formerly known as Shree Worstex Limited and herein after referred to as “Company” or “UCIL”) is a Non - Finance Company (NBFC) into digital lending operations. The Company operates under the brand name “lendingplate” hence the name used as “lendingplate” shall represent Unifinz Capital India Limited for all purposes.

   Digital Lenders Association of India (“DLAI”) is an esteemed industry representative association of a rapidly growing digital lending industry in India. The primary objective of DLAI has been to bring together digital lenders – MSME & Consumer, marketplace platforms and industry members to create a platform for sharing best practices, conduct research on innovative business models and work with regulators, industry experts & other government bodies to set the broad contours on policy matters beneficial to the entire digital credit industry.

   It is repeatedly felt that there is a need for industry participants to adhere to a strong Code of Conduct to prevent the rise of unscrupulous practices that harm the digital lending ecosystem by reducing the confidence of customers, regulators, and other market participants. Safeguarding the interests of customers provides the industry with trust and legitimacy, which will ultimately benefit the digital lending industry as a whole and the members individually. In furtherance to its commitment towards creating an industry-led self-regulatory body and aligning its values with the applicable regulatory directions, DLAI has introduced its 2nd edition of its code of conduct (“Code of Conduct”) that has come into effect from September 23, 2023.

   The revised Code of Conduct is centred around 8 (eight) core elements. This Code of Conduct sets out the processes and guidelines under each core element to actualize each such element into clear actionable points. The Code of Conduct of DLAI must be viewed as a minimum industry standard and DLAI has made this Code binding on its every member engaged in the business of digital lending, whether such member is regulated or not.

   UCIL, by virtue of being a bonafide member of DLAI and also a Regulated Entity (RE) under the RBI is bound to adopt such Code of Conduct of DLAI and ensure its effective implementation across the organisation. The Board re-affirms that industry self governance, by virtue of being developed by members of the industry themselves, shall lead to more appropriate mechanism for self-regulation with higher compliance rates and higher standards of governance and client protection. Further, self-regulation encourages members to look beyond their immediate short-term goals and internalize the larger impact of their business – such as ensuring effective mechanism for customer protection, furthering financial, digital and frauds related education for customers and employees 2 alike, and striving for the development of its members, the industry, and the ecosystem as a whole, which in turn leads to a healthier and more profitable ecosystem in the long run.

   The Reserve Bank of India (“RBI”) issued the ‘Guidelines on Digital Lending’ dated September 02, 2022 (“Digital Lending Guidelines”), pursuant to which the RBI shifted away from the light touch approach it had traditionally adopted in respect of digital lending and has prescribed a robust regulatory framework for digital lending in India. The Digital Lending Guidelines identify two key participants in the digital lending ecosystem:

   1. regulated entities such as commercial banks, co-operative banks, and non-banking financial companies (including housing finance companies) (“REs”); and
   2. lending service providers/ digital lending applications who enter into arrangements with REs to provide digital lending products to consumer.

   The onus of compliance with the Digital Lending Guidelines is directly on the REs and not on the lending service providers/ digital lending applications. However, the RE is required to ensure compliance by lending service providers/ digital lending applications, which may be achieved by way of appropriate contractual arrangements between REs and lending service providers/ digital lending applications. The introduction of the Digital Lending Guidelines necessitated the current revisions to the Code of Conduct. Each member of DLAI is required to incorporate the Code of Conduct as a part of its fair practices code. This Code of Conduct is required to be displayed by all members at every point of customer interface – especially on the member’s website and/ or the digital lending application through which lending activities may be undertaken by the member. Any concerned person may contact DLAI for any queries, information, or clarifications regarding the implementation of the Code of Conduct at: sro@dlai.in

   In compliance with the requirements of DLAI and as an integral part of corporate governance of the Company, UCIL has adopted this Code of Conduct of DLAI with immediate effect.

2. Applicability

   1. This Code of Conduct is a set of principles, processes, and guidelines that is binding on every ordinary member of DLAI which is an RE, lending service provider, digital lending application, or any other entity offering digital lending products or service to customers or facilitating digital lending as a support service (“Member”) in respect of their digital lending activities.

   2. This Code of Conduct applies to each Member in all its dealings, interactions, communications, arrangements, and transactions in respect of any digital lending product, service or related activity provided, undertaken or facilitated by such Member to any individual, person, or business (“customer”).

   3. Units and functionaries of the DLAI Self-Regulatory Organization (“DLAI SRO”) referenced in this Code of Conduct shall have the meaning ascribed to them in the table below:

      Units and Functionaries	Meaning
      Enforcement Committee	The committee established under the DLAI SRO, which shall act as the first forum for reviewing non-compliances by Members, dispute resolution inter-se Members and for addressing market threats.
      SRO Committee	The committee established under the DLAI SRO, which shall act as the appellate forum to the Enforcement Committee for reviewing non compliances by Members, dispute resolution inter-se Members and for addressing market threats

   4. All Members of DLAI are obligated to follow this Code of Conduct. Compliance with the Code of Conduct is a necessary condition for membership. The DLAI SRO will enforce adherence by Members, to the Code of Conduct.

   5. Any non-adherence with the measures set out under this Code of Conduct will trigger the governance and enforcement measures set out in clause 7 (Actions) of Part H (Governance and Enforcement) of Section IV (Code of Conduct) below.

   6. This Code of Conduct aligns with and is in addition to all laws and regulations applicable to digital lending operations and its ancillary services, including all current regulations and directions issued by any statutory, regulatory, or Governmental body, including, without limitation, the RBI, SEBI, Central and State Governments, from time to time and by no means aims to override any applicable law or regulatory guidance. When there is any conflict or inconsistency between this Code of Conduct and any applicable law or regulation in India, such law or regulation will prevail.

   This Code of Conduct is subject to review by the board of directors of DLAI (“Board”) from time to time.

3. Regulatory Framework for Digital Lending
   (Adherence with the Digital Lending Guidelines)

   References to paragraph numbers below are references to the relevant paragraphs of the Digital Lending Guidelines

   1. The fund flow must be directly between the borrower and the RE (except for disbursals covered exclusively under statutory or regulatory mandate). The funds cannot flow 4 through the account of a lending service provider or their digital lending application. Similarly, any fees, charges, etc. payable to the lending service provider shall be paid by the REs and no funds shall flow from the borrower to the lending service provider. (Paragraphs 3 and 4) The RBI has clarified that any payment aggregator also acting as a lending service provider or such RE’s digital lending application will need to comply with the Digital Lending Guidelines.

   2. REs shall provide a key fact statement to the borrower before execution of the contract (which must be in the prescribed format) for all digital lending products. The key fact statement shall contain details of annual percentage rate (which must be disclosed upfront as an all-inclusive cost of digital loan to the borrower), recovery mechanism, details of nodal grievance redressal officer, cooling off period, penal interest or charges (if any, based on outstanding amount of the loan) levied on the borrowers. Fees or charges not mentioned in the key fact statement cannot be charged by the REs at any stage. (Paragraphs 4.2, 5.1, and 5.2)

   3. The REs shall ensure that, in absence of physical documents, the digitally signed documents on the letterhead of the RE shall automatically flow to the registered and verified email/ SMS of the borrower upon execution of the loan contract. (Paragraph 5.3) RE shall ensure that where physical documents are executed, the borrowers shall be delivered a copy of such documents.

   4. The list of lending service providers of the REs, the digital lending applications of the REs, and their lending service providers or any other party (e.g., In-app advertising) shall be prominently published on the website of the REs along with details of activities for which they have been engaged. (Paragraph 5.4)

   5. The digital lending applications of both the REs and their lending service providers shall prominently display information relating to product features, loan limit, cost, etc., at the sign up/on-boarding stage and must also have links to the REs’ website where detailed information about the loan products, the lender, the lending service providers, particulars of the customer care details, link to the RBI’s Sachet Portal, privacy policy, etc., prominently provided at a single place can be easily accessed by the borrower. (Paragraphs 5.5 and 5.7)

   6. The REs shall inform the borrower about the details of the lending service provider and/or any other intermediatory acting as recovery agent and authorised to approach the borrower for recovery, at the time of sanctioning the loan amount and while appointing a lending service provider as a recovery agent or change in recovery agent. (Paragraph 5.6)

   7. REs shall ensure that they and their lending service providers have a nodal grievance redressal officer to deal with fintech/digital lending-related and digital lending application-related complaints raised by the borrowers. The REs’ and their lending service providers’ websites and their digital lending applications and the key fact statement shall prominently display the contact details of the nodal grievance redressal 5 officer. The REs’ and their lending service providers’ websites and their digital lending applications shall provide the facility to lodge complaints. The responsibility of grievance redressal shall remain with the REs and if the complaint is not resolved within 30 days, the borrower can lodge a complaint over the Complaint Management System portal under the RBI Ombudsman Scheme. (Paragraph 6)

   8. REs shall capture the economic profile of the borrowers before extending any loan to assess the borrower’s creditworthiness. REs shall also ensure that the credit limit of the borrower is not increased without explicit consent taken on record. (Paragraph 7) The borrower shall be given an explicit option to exit the digital loan by paying the principal and proportionate annual percentage rate without any additional penalty during the cooling off/looking-up period. The Board of the RE shall determine the duration of the cooling-off period which must be at least three days for loans having a duration of seven days and a maximum of one day for loans having a duration less than seven days. Pre-payment shall be allowed to borrowers continuing after the coolingoff period as per RBI’s extant guidelines. (Paragraph 8)

   9. REs shall conduct enhanced due diligence with respect to technical abilities, data privacy policies and storage systems, fairness in conduct with borrowers, and ability to comply with regulations and statutes, before entering into partnership with a lending service provider for digital lending. REs shall carry out periodic review of the conduct of their lending service providers and impart necessary guidance to the lending service providers acting as recovery agents to discharge their duties responsibly and in compliance with extant instructions. (Paragraph 9)

   10. REs shall ensure that any collection of data by the REs’ or their lending service providers’ digital lending applications is need-based and on explicit prior consent of the borrower having an audit trail. REs shall ensure that the digital lending applications desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc. A one-time access for camera, microphone, location, etc., necessary for on-boarding/KYC requirements may be taken with the explicit consent of the borrower. (Paragraph 10.1)

   11. The borrower shall be provided with an option to give or deny consent for the use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data, and make the application delete/forget the data. (Paragraph 10.2)

   12. The purpose of obtaining borrowers’ consent needs to be disclosed at each stage of interface with the borrowers. (Paragraph 10.3)

   13. Explicit consent of the borrower shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirements. (Paragraph 10.4)

   14. REs are also required to ensure that (a) the lending service providers they engage with do not store the personal information of borrowers except some basic minimal data 6 (viz., name, address, contact details of the customer, etc.) that may be required to carry out their operations; (b) clear policy guidelines regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc., are put in place; (c) the data sets that are collected by a lending service provider or a digital lending application is disclosed prominently on its website and application at all times; and (d) each lending service provider that it partners with has a comprehensive privacy policy in place that is in compliance with applicable laws, rules, and regulations. (Paragraph 11)

   15. REs must ensure that all data is stored only on servers located in India. Further, REs must also ensure that no biometric data of any customer is stored by any lending service provider or any digital lending application. (Paragraph 11)

   16. REs shall ensure that their digital lending applications and lending service providers engaged by them have a comprehensive privacy policy (including details of third parties allowed to collect personal information through the digital lending applications) compliant with applicable laws, associated regulations, and RBI guidelines. For access and collection of personal information of borrowers, digital lending applications of REs/ lending service providers should make the comprehensive privacy policy available publicly. (Paragraph 12)

   17. REs shall ensure that they and their lending service providers comply with various technology standards/requirements on cybersecurity stipulated by RBI and other agencies, or as may be specified from time to time, for undertaking digital lending. (Paragraph 13)

   18. REs shall ensure that any lending done through their digital lending application and/or digital lending applications of their lending service providers is reported to credit information companies irrespective of its nature/ tenor. REs shall ensure that lending service providers associated with such deferred payment credit products shall abide by the extant outsourcing guidelines issued by the RBI. (Paragraph 14)

   19. REs must ensure adherence with the extant regulatory guidelines while entering into loss sharing arrangements in case of default. (Paragraph 15)

4. Code of Conduct
   (The Code of Conduct is centered around 8 (eight) core elements)
   1. Transparency and Disclosures

      1. Every Member must ensure to display the Code of Conduct as part of their fair practices code (similar to Banks and NBFCs) at the point of customer interface in English– including on the Member’s website (if any) and the digital lending application through which the lending activities are undertaken by the Member. In addition to English, each Member must ensure that the Code of Conduct is made 7 available in a language understandable by its target customer group, given their geographical and regional location.

      2. Members must offer products and services that are not misleading, deceptive, or unclear. Members must ensure that their marketing and advertising material 7 and outreach to customers is not false, misleading, or deceptive.

      3. Members must provide relevant information in a key fact statement in a standardized format and in a language that their customers would reasonably understand.

      4. Members must ensure that detailed terms and conditions of the financial product and services offered, loan limits and cost, etc. are made available to the customer at the onboarding/ customer engagement stage.

      5. Members must ensure that digitally and/or physically signed copies of the key fact statement, summary of loan product, sanction letter, loan agreement, and terms and conditions, applicable to the credit products being availed by a borrower are automatically provided to the borrowers on their registered and verified email address or over SMS, on or before disbursement of the loan, in a language which is reasonably understood by the borrower.

      6. All RE Members must prominently publish, on their website, a list of their digital lending applications, their active lending service providers (LSP), and the latest version of digital lending applications of their lending service providers, their authorised recovery agents and any other party (for example, in-app advertisers), along with the details of the activities for which each entity has been engaged and whether each entity is a member of DLAI. Every Member must ensure that their names and contact details of active LSPs with customer interface appear on the website of each of the REs they are engaged with.

      7. It must be clearly disclosed to the customers that they are taking a loan and that this will have consequences in terms of credit bureau reporting and potential legal action in case of an event of default.

      8. The customer must understand that they have an obligation to repay the loan and the exact consequences of non-payment or delayed payment.

      9. The customer must understand who the exact loan provider on record is (The RE) and who will be collecting repayments in connection with the loan. In the event the Member is not the lender on record, the customer should understand the role and responsibility of the Member in the process and transaction relating to the provision of financial products and services.

      10. Members must ensure that an annual percentage rate is clearly mentioned in the key fact statement which lists all costs and fees applicable to the financial product or service offered, including all upfront fees, processing fees, interest costs, insurance costs, registration fees, provisions, re-arrangement fees, late fees, pre-payment fees or penalties and any other costs charged to the customer.

      11. The illustration of all costs, including any contingent or default costs and expenses, must be explicit and clear and provided in a manner that can be understood by the customer.

      12. Members must provide illustrative examples of the costs to the customer, including any contingent or default costs, in INR format specific to the financial service or product offered, so that the customer understands all such costs. Members may provide such illustrative examples to the customers in a separate annexure or document set, shared along with the documents in clause 5 above.

      13. Members must provide a repayment schedule with detailed repayment information and due dates in a clear manner. The Member must provide timely information about loan payments due and outstanding loan amounts in a format that the customer clearly understands.

      14. Members must inform the borrowers of such look-up period offered to customers in accordance with clause 5 (Look up period) of Part B (Responsible Lending) of this Section IV to repay the digital loan on their websites/ digital lending applications at the time of execution of the loan contract/transactions.

      15. RE Members must publish detailed information regarding their financial products – namely about the loan products, the lender, the lending service provider, particulars of customer care, link to the RBI’s Sachet portal, privacy policies, etc. Non-RE Members must provide a link on their website/ digital lending application to direct customers to the webpage of the concerned REs they are engaged with.

      16. Members must promptly supply DLAI (SRO) with all other information that may be required by the DLAI (SRO) to ensure compliance with applicable laws, adherence to the Code of Conduct, and higher standards of governance amongst the Members.

   2. Responsible Lending

      1. Members must follow the principle of ‘suitability of product’. The onus is always on the Member to make fair income and affordability assessments of customers and ensure that financial products and services, including the loan and all charges and fees, are not in excess of a customer’s capacity to pay.

      2. Members must ensure that an economic profile of each borrower (covering age, occupation, income, etc., or any other borrower data collected which has a direct and tangible link with the economic profiling of the borrower) is captured, to enable credit decision-making by the REs, before extending any loan to any borrower to assess the borrower’s creditworthiness. Members must ensure that the credit decision-making rationale is auditable and the data collected is subject to the conditions contained in Part D (Data Security and Privacy) of this Section IV below.

      3. Members cannot increase the credit limit of its borrowers automatically. An explicit consent of the borrower must be taken on record for each such increase in the credit limits.

      4. Members will not design pricing models that could ever be considered “predatory” or “usurious”, including but not limited to:

         1. any element of deception in the presentation of costs or fees;

         2. cost or fee structures that are needlessly confusing, complex, and designed to extract maximum revenue without consideration of customer understanding.

      5. Look up period:

         1. Members must (in accordance with the timelines decided by their board of directors or the board of directors of their associated REs, as applicable) give the borrowers an exit opportunity – to exit the digital lending product availed by paying the principal amount and the proportionate annual percentage rate (without any penalty);

         2. Such look-up period provided by each Member must not be less than 3 (three) days for a loan of tenor exceeding than 7 (seven) days and not be less than 1 (one) day otherwise if the loan is of tenor less than 7 (seven) days;

         3. Members must inform the borrowers of such look-up period to repay the digital loan on their websites/ digital lending applications at the time of execution of the loan contract/transactions; and

         4. In any case, the Members must allow prepayment of the digital loans even beyond the look-up period as per extant RBI guidelines.

      6. Members must clearly mention an annual percentage rate in its key fact statement which includes and lists all costs and fees arising from the financial product or service offered, including cost of funds, credit cost and operating cost, processing fee, verification charges, maintenance charges, etc., and excludes contingent charges like penal charges, late payment charges, etc. charged to the customer.

      7. Members must provide clear information related to the amount and mechanism of imposing fines in the event of a delay. Such information should be disclosed upfront to the customer in the key fact statement. A Member cannot impose on the customers any fines, charges, costs, etc. which are not disclosed in the key fact statement.

      8. Members must ensure that the late payment penalties levied are reasonable and transparent, non-compounding, and must be levied only on the remaining outstanding value of the loan, in accordance with the policies of the Member framed in this regard.

      9. Members must have a system and process of verification and assessment of the financial condition of the customer to assess the eligibility and suitability for the loan or other financial product offered.

      10. Members must have a system to ensure the accuracy of the data and information provided by a customer.

   3. Fair Interactions

      1. Members shall either perform the recovery function in-house or engage a recovery agent

      2. Members must ensure that borrowers are not unfairly discriminated against on grounds such as religion, caste, gender, marital status, sexual orientation, etc.

      3. Members must ensure that there is no undue harassment or intimidation (physical or verbal) of customers, including practices such as calling (or threatening to call) any family member of the customer or any person associated with the customer sending inappropriate messages either on mobile or through social media, making threatening and/ or anonymous calls, etc. The Members must ensure that there is no coercion in the recovery process.

      4. Members must ensure that their staff, agents, and representatives are adequately trained to deal with the customers with care and sensitivity, particularly in aspects such as soliciting customers, hours of calling, privacy of customer information and conveying the correct terms and conditions of the products on offer and that their staff, agents and representatives are not rude or humiliating in their dealings with the customer. Members must ensure compliance with the extant RBI guidelines.

      5. Members must ensure that their staff, agents, and representatives use respectful language, maintain decorum, and show respect to social and cultural sensitivities. Further, their staff, agents, and representatives must not contact borrowers at odd hours or at inappropriate times such as bereavement, illness, or social occasions such as marriages and births.

      6. Members must ensure that their staff, agents, and representatives contact their borrowers only during normal hours (between 8:00 a.m. and 7:00 p.m.) and avoid persistently calling the borrower for recovery of overdue loans.

      7. Non-RE Members must ensure that the recovery agent contacts the customer for recovery only after the associated RE has at the time of sanctioning the loan and at the time of allocating the recovery responsibilities and in any case, before the recovery agent contacts the borrower for recovery, shared the name and details of such Member/ the recovery agent with the customers through email/ SMS.

   4. Data Security and Privacy

      1. Members must have a board-approved comprehensive data privacy policy compliant with applicable laws, associated regulations, and RBI guidelines disseminated publicly on its website / digital lending application and further, at every stage where consent of the borrower is taken to access the data of the customer. Such privacy policy must inter 11 alia clearly outline the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breaches, and the details of third parties (if any) who are allowed to collect personal information of the customers through the digital lending application of such Member.

      2. Members must follow a consent-based architecture for data capture with informed consent provided by the customer following a detailed explanation of the data being captured and used (including sharing of such data with third parties). The Member shall preserve such digital records of customer consent(s) as proof of informed consent.

      3. Members are required to practice good faith in the collection, storage, use, and sharing of personal data of customers in respect of their digital lending activities.

         Without limiting the generality of the above, Members shall not:

         1. intentionally request personal data from a customer even though there is no service that can be provided to a customer;

         2. intentionally collect personal data that is not relevant to the services that will be provided to the customer by the Member;

         3. collect personal data outside the data that has been agreed to be given by the customer;

         4. use personal data for purposes that have not been notified or purposes that are different from what was previously notified to the customer;

         5. collect and store customer’s personal data even though the Member or any person authorized by the Member to collect, process or store such personal data does not yet have a reliable system or processes to carry out such activities or protect such data;

         6. sell personal data of customers to third parties without explicit consent from the customer;

         7. share such personal data with third parties other than for purposes consented to by the customer or where it is required under applicable law;

         8. use a customer’s contact list for contacting any third parties, family members of the customer, or persons associated with the customer for any communication related to the customer’s loan;

         9. use the personal data in any manner which is likely to cause physical harm or injury to any customer, their family member, or any person associated with the customer; and

         10. refuse to provide any digital lending products or services or any related support services, solely on account of a customer denying or withdrawing their consent 12 for collecting, processing or storing any of their personal data which is not necessary for the provision of such products or services by the Member.

      4. Members may access, store, and utilize the personal information of the borrower in respect of their digital lending activities, provided that:

         1. Member can justify that a certain data set is needed in connection with its operations or to perform a certain function for and on behalf of the associated RE (under the terms of its partnership agreement);

         2. the data is collected with the explicit consent of the borrower. Such borrower consents must be recorded by the Member in a manner that is auditable.

         3. the user interface of the digital lending application of a Member must not facilitate ‘umbrella consent’ or ‘consent fatigue’. Instead, the Member must obtain informed consent of the borrowers whereby the borrower is clearly made aware of the data points that will be accessed. The Member must obtain upfront consent of its customers for the collection, storage, utilization, and sharing of any borrower information.

         4. Members must not obtain over-arching access to a borrower’s mobile phone resources like files and media, contact list, call logs, or telephony functions. Any such access must be strictly need-based and related to the products or services proposed to be provided to the customers.

         5. the purpose of the collection of data and taking the consent of the borrower is clearly disclosed by the Member to the borrower at each stage.

         6. the borrower is given the option to both give and deny consent for the use of specific data, restrict disclosure of such data to third parties by Member, revoke previously granted consent to access personal data, limit the time period for which such data can be stored by the Member and require the Member to delete the data collected from the borrower.

         7. the data collected is only processed and used for the limited purposes, as disclosed to the borrower.

         8. only minimal customer data that is personal in nature is stored by the Member, which is critical for the Member to carry out its operations and functions or as required by the associated RE under the terms of the partnership arrangement (as applicable).

         9. the data is collected and stored by the non-RE Member only in the capacity of a lender service provider/ digital lending application for its associated RE, and not 13 in any other capacity (such as for the purpose of providing value-added services to borrowers, which services are not directly linked to digital lending);

         10. the Member shall not store any biometric information of any customer, other than as permitted under extant statutory guidelines.

         11. all data collected by the Member is stored only on servers located in India.

         12. the technology deployed by the Member complies with the technology standards/ requirements on cybersecurity stipulated by the RBI and other agencies, from time to time, for undertaking digital lending; and

         13. Members may, in the capacity of the agent of the customer, seek the credit information of the customer from the credit information companies, by providing the satisfactory identification along with the consent of the customer to obtain such information on the customer’s behalf.

   5. Customer Grievance Redressal

      1. Each Member should have a board-approved policy for addressing customer complaints in a fair, and prompt manner covering the process to register, resolve and escalate the complaints, internal and external escalation mechanism, turnaround time, complaint categories, review/audit of redressal system, and reporting to the board and top management. Each Member shall put into place an efficient mechanism for the implementation of such customer complaint policy and for the resolution of customer complaints in compliance with the contractual and statutory rights of the customer.

      2. Each Member must appoint a suitable nodal grievance redressal officer to oversee the customer grievance redressal function. Every Member must prominently display the contact details of such nodal grievance redressal officer and the customer grievance redressal mechanism on their website, the website of the RE/ the lending service provider, the digital lending application, and in the key fact statement.

      3. Each Member shall provide to customers, including by publishing on its website, details of how the customer can contact customer service / concerned compliance officer at the Member or seek redressal of customer complaints. Each non-RE Member should also provide details of how customers can contact the REs, which are involved in providing the relevant financial product or services to the customer.

      4. Each Member must also publicize the following details of the customer grievance redressal mechanism set up by DLAI:

         1. DLAI’s email ID for customer grievances: cgrm@dlai.in

      5. Members should provide details in respect of the right of a customer to raise complaints in consumer forums, under the Reserve Bank-Integrated Ombudsman Scheme (“RBI Ombudsman”), RBI’s Sachet Portal, etc. and guidance on how a customer can approach such authorities.

      6. Members must have a mechanism as part of their grievance redressal framework for the redressal of recovery-related grievances, the details of which must be provided to the borrower in the key fact statement. It shall be sufficient compliance if the Member can re structure/re-organize its existing redressal system to identify and promptly address recovery related grievances.

      7. Members must record and analyse individual and aggregate level data for the grievance redressal system capturing the nature of complaints, action taken, and turn-around time. Report on grievances received, resolved, and pending along with the nature of complaints should be reported quarterly to DLAI within 15 (fifteen) days of the end of each quarter. Members are also encouraged to present the same before their boards as a good governance practice.

   6. Employee Training

      1. The Members must give comprehensive induction training to the employees on policies, processes, and regulations. Emphasis should be given to Code of Conductrelated aspects on borrower-interface aspects such as fair treatment, the privacy of data, service quality, customer grievance redressal system, prevention of sexual harassment, relationship management, conveying the correct terms and conditions of the products on offer, assessing repayment capacity of a customer, dealing with difficulty in repayment, performance, and recovery targets etc.

      2. The Members must regularly assess employees’ understanding of the above elements and conduct refresher training to address the gaps in understanding.

      3. The Members must train their employees on understanding and dealing with gender issues including appropriate interaction with women colleagues and customers.

      4. The Members must necessarily orient their employees on professional conduct and integrity issues including expected behaviour and not indulging in any unlawful and anti-social activities.

      5. The Members must engage new employees in the business operations who will have direct interface with customers only after completion of their induction training.

      6. The Members must ensure that employees directly responsible for the grievance redressal system receive detailed training about the system, processes, and soft skills required for resolving complaints.

      7. The Members must set targets (if any) for the recovery agents based on a reasonable object criterion including an understanding of the repayment capacity of the customer.

      8. The Members must ensure that the compensation matrix for the recovery staff should not solely be dependent on the quantum of recovery by an individual, and rather, it must be designed in a manner to align their behaviour with fair interaction practices as mentioned in Part C (Fair Interaction) of this Section IV of this Code of Conduct.

   7. Customer Awareness

      1. Each Member must take measures to ensure that borrowers fully understand the products, process, and terms of the contract. Such measures must be provided to the borrowers free of cost.

      2. Each Member must provide a receipt/acknowledgement for every payment, including the digital payments, received from the borrower.

      3. Each Member must give emphasis to educating customers on the importance of timely repayment for good credit history with the credit information companies, benefits, risks, and necessary safeguards of digital financial transactions and grievance redressal mechanism including internal and external escalation mechanism.

   8. Governance and Enforcement

      1. Each Member is obligated to adhere to all applicable regulations in letter and spirit.

      2. Each Member will comply with all provisions of all applicable laws and regulations, including, but not limited to:

         1. Applicable laws and regulations concerning financial services and consumer protection, including without limitation all directions, guidelines, circulars, and notifications issued by RBI and other relevant statutory, regulatory, or government bodies;

         2. Applicable laws and regulations in the field of communication and informatics related to the protection of personal data in electronic systems;

         3. Any other applicable law and regulations relating to business, operations, and practices of such Member.

      3. All provisions in this Code of Conduct are complementary and in addition to the obligations of each Member under laws and regulations applicable to the Member. Each Member is individually and solely responsible for its compliance with applicable laws, regulations, and this Code of Conduct.

      4. Obligation to adhere to this Code of Conduct

         1. At the time of availing membership with DLAI, the Members must affirm in writing, backed by a resolution of the board of directors (or equivalent governing body) of such Member, to adhere to the Code of Conduct.

            Provided that existing Members must within 1 (one) month from the Effective Date, affirm in writing, backed by a resolution of the board of directors (or equivalent governing body) of such Member, to adhere to the Code of Conduct.

         2. At the time renewal of membership with DLAI, the Members must affirm in writing to adhere to the Code of Conduct.

         3. Each Member will nominate a designated officer from within their organisation, who will be the point of contact for all correspondence (including reporting) with DLAI (“Designated Compliance Officer”). The name and correspondence details of the Designated Officer must be intimated to DLAI immediately upon nomination, and in any case, not later than 3 (three) days.

         4. Each member shall follow advisories/ Directives any other communication of sectoral importance, issued time to time by DLAI.

         5. Each member institution shall share with DLAI, the data and information requested time to time for sectoral publications, research and/ or as may be required by any Government agency/ Law.

         6. The Designated Officer must ensure that the fair practices code of the Member, (which incorporates this Code of Conduct), is disseminated within the organization of the Member after any update to this Code of Conduct and in any case, at least once every calendar year.

      5. Reporting

         1. Ad-hoc:

            1. In the event of any non-adherence by a Member of the Code of Conduct or any applicable law, such Member may voluntarily self-report such non-compliance to the DLAI (SRO) immediately and in any case within 7 (seven) business days of such non-adherence.

            2. In the event of the occurrence of any cyber security incidents affecting any Member, such Member must (and in any case within 6 (six) hours of noticing such incidents or being brought to notice about such incidents) report such incidents to Cert-In, the RBI and the DLAI (SRO) Secretariat.

         2. Quarterly:

            1. Each Member must record and analyse individual and aggregate level data for a grievance redressal system capturing the nature of complaints, action taken, and turn-around time. Report on grievances received, resolved, and pending along with the nature of complaints should be reported on a quarterly basis to the CGRM Unit of DLAI, within 15 (fifteen) days from the end of each quarter.

         3. Annually:

            1. Each Member must submit an annual confirmation to the DLAI (SRO), in writing, on its compliance with the Code of Conduct, in such form as the DLAI (SRO) may require from time to time (“Annual Submission”). The Annual Submission will include a certification by a director, company 17 secretary, or other key managerial personnel of the Member that it is in compliance with the Code of Conduct, the Digital Lending Guidelines, and other applicable laws/regulations. The Annual Submission will be required from each Member to continue their membership and participation in DLAI activities.

      6. Dispute Resolution

         1. The dispute resolution mechanism prescribed under this clause 6 will only apply to disputes inter se Members in respect of the interpretation, applicability or any other aspect relating to this Code of Conduct or in respect of the terms and conditions of their membership to DLAI.

         2. Consultation:

            1. The Members hereby agree to first afford adequate opportunity for bilateral consultation regarding any representations made by another Member.

            2. If a request for consultation is made, the Member to which the request is made shall, unless otherwise mutually agreed, reply to the request within 10 (ten) working days after the date of its receipt and shall enter into consultations in good faith within a period of no more than 30 (thirty) days after the date of receipt of the request, with a view to reaching a mutually satisfactory solution.

            3. If the Member does not respond within 10 (ten) working days after the date of receipt of the request or does not enter into consultations within a period of no more than 30 (thirty) days, or a period otherwise mutually agreed, after the date of receipt of the request, then the Member that made the initial request for consultation may proceed directly to request the Enforcement Committee to decide such matters.

            4. Consultations shall be confidential, and without prejudice to the rights of any Member in any further proceedings.

         3. Enforcement Committee:

            1. If the consultations fail to settle a dispute within 60 (sixty) days after the date of receipt of the request for consultations, the dispute will be decided by the Enforcement Committee. The Enforcement Committee will notify a fair procedure for the settlement of disputes inter se Members.

            2. If any Member is aggrieved by the decision of the Enforcement Committee, an appeal may be filed before the SRO Committee, which must act in consultation with the Board. The SRO Committee will notify the timelines for filing such appeals and a fair procedure for settlement of disputes inter se Members. The decision of the SRO Committee shall be final and binding on the Members.

      7. Actions

         1. The DLAI (SRO) will monitor compliance with the Code of Conduct by Members. Additionally, an anonymous peer complaints system will also be set up by DLAI whereby Members can bring forth instances of non-adherence (details to be submitted with evidence to DLAI) with the Code of Conduct or applicable law by other Members to the notice of DLAI.

         2. The Enforcement Committee will notify a fair procedure for the admission of complaints against any Member for the violation of the Code of Conduct, investigation, and determination of a violation of the Code of Conduct, and the decision on an application of Actions (defined below) against the non-compliant Member after giving reasonable opportunity to such Member to make representations in such a process.

         3. Any decision taken by the Enforcement Committee on non-compliance with the Code of Conduct will be binding on the relevant Member but will be subject to an appeal to the SRO Committee. The decision of SRO Committee will be final and binding.

         4. The Enforcement Committee will be entitled to take the following actions (“Actions”) for non-compliance by a Member with the Code of Conduct or other applicable law, after providing an opportunity of hearing to such Member(s), and while the non compliance still persists:

            1. issue warning letter(s) to a Member;

            2. bar the non-compliant Member from future membership of DLAI participating in its events, and/or from forming part of the Board or any of the committees of DLAI for such a period of time as the Enforcement Committee may deem fit;

            3. notify all other Members of the abeyance of the membership and debarment of the non-compliant Member, and to also publish the fact of such abeyance and debarment in a ‘grey list of non-compliant digital lending entities’ maintained by DLAI in its records which may or may not be publicly available. This grey list will be revised periodically by the DLAI (SRO) acting in accordance with the directions of the Enforcement Committee. The placement of the Member in the grey list will be seen as having an adverse impact on the reputation of such removed Members;

            4. Upon receiving a formal request from an entity placed in the grey list, Such grey list will be reviewed periodically by the Enforcement Committee (EC) of DLAI and those entities which are in the list, if demonstrate compliance to the satisfaction of EC & SROC, may be removed from the list after three months, with the approval of SRO Committee on case-to-case basis;

            5. report any serious violation of the Code of Conduct to the appropriate authorities, including the RBI;

            6. pass such other directions as the SRO Committee upon recommendation of the Enforcement Committee may consider fit for ensuring compliance with the Code of Conduct, including obtaining a binding commitment from the Member to take necessary remedial steps for compliance with the Code of Conduct; and

            7. may terminate their membership with DLAI, after an adequate opportunity has been given to the Member to rectify such non-compliance. At least two written warning letter(s) shall have been issued by DLAI to such Member prior to cancellation of membership.

         5. Within 21 (twenty-one) days of receipt of the decision of the Enforcement Committee, the managing director of the Member has two options, either they are required to duly acknowledge the Enforcement Committee’s action with a commitment letter or they may appeal to the SRO Committee in accordance with clause 8 (Appeal) below. The commitment letter must outline the corrective steps which the Member proposes and undertakes to fulfil, to remedy the nonadherence to the Code of Conduct. The Member must also commit to undertake required steps to prevent (to the extent reasonably practicable) to address the occurrence of such non-compliance in the future (except due to factors beyond its control/ force majeure). Evidence of corrective action, wherever necessary, must also be taken from the Member. Provided that the Actions above may be vacated by the Enforcement Committee if within 21 (twenty-one) days of receipt of the decision of the Enforcement Committee, the non-adherence, and its consequences are, in the opinion of the Enforcement Committee, remedied pursuant to such corrective action. f) g) 8. Appeal a) b) c)

         6. If no response is received from the managing director of the Member within 21 (twenty-one) days of receipt of the decision of the Enforcement Committee, the matter must be reported to the SRO Committee for further action, which may include reporting to RBI by DLAI (SRO).

         7. The Enforcement Committee shall consider the following parameters in its decision:

            1. regulatory and industry standards violated.

            2. the impact on customer protection.

            3. the systemic impact of such violation on the industry.

            4. the nature of the violation (procedural/policy, severity, magnitude, first time/repeat);

            5. the response of the Member, including whether the Member self-reported such non-compliance;

            6. age and size of the Member and duration of membership with DLAI to determine if the lapse is due to limited capacities and resources; and

            7. any other factor that the Enforcement Committee considers relevant.

      8. Appeal

         1. If the Member is aggrieved by the decision of the Enforcement Committee, an appeal may be filed before the SRO Committee, within 21 (twenty-one) days from the date of receipt of the communication from DLAI (SRO) regarding the decision of the Enforcement Committee.

         2. If no appeal is filed within the above period, the order of the Enforcement Committee shall attain finality.

         3. The decision of the SRO Committee taken in appeal will be final and binding on the Member. The SRO Committee can levy any Actions and must take into account the factors mention in sub-clause (g) of clause 7 (Actions) above, in its decision.