Introduction to LendTech Services in India
LendTech β the intersection of technology, lending, and compliance β has transformed how credit is originated, assessed, and disbursed in India. Digital lending platforms have democratised access to credit, enabling instant loan approvals, paperless onboarding, and AI-driven underwriting at scale. However, RBI has significantly tightened its regulatory norms to protect borrowers and ensure systemic stability.
For NBFCs, fintech startups, digital lending apps, and financial technology companies, understanding the LendTech compliance landscape is not optional β it is critical to survival. RBI's Digital Lending Guidelines (2022 and onwards) have introduced sweeping changes that affect how lending operations are structured, how funds flow, how borrower data is handled, and what disclosures must be made.
This guide provides a comprehensive overview of LendTech services in India, covering business models, the LSP framework, data protection obligations, mandatory disclosures, fund flow requirements, and the compliance setup process.
What is LendTech?
LendTech refers to digital platforms and technology solutions that enable end-to-end lending operations β from customer onboarding and credit assessment to loan disbursement and recovery. It is not a single product but an ecosystem of technology capabilities applied to the lending lifecycle.
Key capabilities enabled by LendTech include:
- Digital loan applications and paperless onboarding
- Automated underwriting using rule-based and AI/ML models
- Instant loan disbursement to borrower accounts
- AI-based credit assessment using alternative data sources
- Digital KYC (Video KYC, Aadhaar-based eKYC, CKYC)
- Automated loan servicing, EMI collection, and recovery workflows
- Real-time reporting and compliance dashboards
In India, LendTech platforms operate within a regulated framework where the Regulated Entity (the NBFC or bank) retains ultimate credit authority, and the fintech or LSP provides the technology layer. This distinction is foundational to how LendTech compliance is structured.
Regulatory Framework for LendTech in India
Digital lending in India is governed by a layered regulatory framework. There is no single βLendTech Actβ β instead, multiple laws and RBI directions apply depending on the nature of your platform and activities.
| Area | Applicable Law / Regulation |
|---|---|
| Lending Regulation | Reserve Bank of India Act / Banking Regulation Act (RBI) |
| Digital Lending | RBI Digital Lending Guidelines 2022 and subsequent circulars |
| Outsourcing of Activities | RBI Outsourcing of Financial Services Directions |
| Data Protection | Information Technology Act 2000 / Digital Personal Data Protection Act (DPDP Act) |
| KYC / AML | RBI KYC Master Directions / Prevention of Money Laundering Act (PMLA) |
RBI's 2022 Digital Lending Guidelines were a watershed moment β they formalised the roles of REs and LSPs, mandated direct fund flows, introduced KFS requirements, and prohibited unauthorised data access. Subsequent circulars have further tightened norms around FLDG arrangements and co-lending.
Who Needs LendTech Compliance?
LendTech compliance obligations apply to a broad range of entities β not just traditional banks and NBFCs, but also technology companies that touch the lending ecosystem in any way.
- NBFCs planning digital lending models β any NBFC moving to app-based or fully digital loan origination must comply with RBI's digital lending guidelines
- Banks outsourcing loan origination β banks that engage fintechs for customer acquisition or digital processing have specific outsourcing compliance obligations
- Fintech startups building lending apps β startups building credit products must structure as LSPs and partner with licensed REs
- Aggregators & loan marketplaces β platforms that connect borrowers with multiple lenders must ensure they are not inadvertently acting as unregulated intermediaries
- BNPL platforms β Buy Now Pay Later products are treated as digital lending and are subject to the full disclosure and fund-flow requirements
- P2P platforms (with RBI registration) β Peer-to-Peer lending platforms registered as NBFC-P2Ps have additional regulatory obligations under separate RBI directions
LendTech Business Models
There are five primary business models in the LendTech ecosystem, each with a distinct regulatory structure and risk profile. Choosing the right model β and structuring it correctly β is the most critical decision for any LendTech venture.
| Model | Structure | Regulatory Risk Level |
|---|---|---|
| NBFC-Owned Model | NBFC owns and operates the digital lending app and all lending activities | Low |
| Fintech + NBFC Partnership | Fintech acts as LSP; NBFC is the RE and retains credit authority | Medium |
| Co-Lending Model | Bank and NBFC jointly extend credit under RBI's Co-Lending Model guidelines | Medium |
| FLDG Model | Fintech provides a First Loss Default Guarantee to the RE β regulated, capped at 5% | High β regulated |
| Marketplace Model | Aggregator connects borrowers with lenders; does not itself lend | Low-Medium |
The model you choose will determine your compliance obligations, the agreements you need, your technology architecture, and your liability exposure. Many regulatory issues in LendTech arise from poorly structured business models β particularly when fintechs attempt to behave like REs without having the corresponding regulatory status.
The LSP (Lending Service Provider) Framework
The LSP framework is central to how fintechs legally participate in the digital lending ecosystem. An LSP is a fintech or technology company that supports the lending operations of a Regulated Entity but does not lend directly.
Key roles an LSP can perform:
- Customer acquisition and lead generation
- Digital onboarding and KYC facilitation
- Credit scoring using AI/ML models and alternative data
- Loan servicing and repayment management support
- Collection facilitation (within regulatory limits)
LSP Compliance Conditions:
- Must sign a formal outsourcing agreement with the RE
- CANNOT hold, collect, or disburse customer funds
- CANNOT misrepresent itself as the lender or a Regulated Entity
- Must follow RBI disclosure norms in all borrower communications
- Must not access unauthorised borrower data (contacts, gallery, etc.)
LSPs must also ensure their staff handling digital lending operations are adequately trained on RBI guidelines, and that their technology platforms meet RBI's IT and cybersecurity requirements.
Data Protection & Technology Compliance
Data protection and technology compliance are among the most actively enforced areas of LendTech regulation. RBI has taken strict action against digital lending apps that misused borrower data, and the Digital Personal Data Protection Act (DPDP Act) has further strengthened the framework.
Key Data Protection Obligations:
- Explicit borrower consent before any data collection is mandatory β vague or buried consent clauses are not acceptable
- No unauthorized mobile data access β accessing contacts, gallery, call logs, or location data not necessary for lending is prohibited and was a major RBI enforcement area
- Data storage within permitted jurisdictions β RBI mandates India-based data storage for lending transaction data
- Strong encryption & cybersecurity β platforms must implement robust security measures aligned with RBI's IT Framework for NBFCs
- Audit trails β all lending transactions must have complete, tamper-proof audit trails
Applicable Laws:
- Information Technology Act 2000 and IT (Amendment) Act
- Digital Personal Data Protection Act (DPDP Act)
- RBI IT Framework for NBFCs
- RBI Digital Lending Guidelines (data access provisions)
Mandatory Disclosures in Digital Lending
RBI mandates comprehensive, transparent disclosures to borrowers before any loan is accepted. Failure to make proper disclosures is a compliance violation that can result in regulatory penalties, loan agreement invalidity, and platform shutdown.
Mandatory Disclosure Requirements:
- Loan amount and tenure
- Interest rate β expressed in Annual Percentage Rate (APR) format, not just a flat or monthly rate
- ALL charges β including processing fees, documentation fees, prepayment penalties, late payment charges, and any other fees
- Recovery mechanism β the methods that will be used to recover dues
- Grievance officer details β name, contact, and escalation process
The KFS must be provided in the language the borrower understands. Hiding charges in fine print, using confusing rate expressions, or failing to provide a KFS are among the most common RBI compliance violations in digital lending.
Digital Lending Transaction Flow
RBI has prescribed how funds must flow in a digital lending transaction. Any deviation β particularly routing funds through a fintech's account β is a compliance violation.
- Step 1: Customer Application
The borrower applies for a loan via the digital lending app or website. The LSP's platform captures the application and initiates the onboarding process.
- Step 2: KYC Verification
KYC is conducted using RBI-approved methods β Video KYC, Aadhaar-based eKYC, or CKYC. The RE is responsible for ensuring KYC compliance, even if the process is conducted by the LSP on its behalf.
- Step 3: Credit Assessment by RE
The Regulated Entity conducts credit assessment. While the LSP may provide AI/ML credit scoring inputs, the final credit decision must be made by or under the supervision of the RE.
- Step 4: Loan Approval by RE
The RE approves the loan and provides the borrower with the KFS. The borrower's explicit acceptance of the KFS must be recorded before disbursement proceeds.
- Step 5: Direct Disbursement to Borrower
Loan funds are disbursed directly to the borrower's bank account by the RE. Funds must NOT pass through the LSP's or fintech app's account at any stage.
- Step 6: Repayment Directly to RE
Loan repayments are collected directly by the RE. The LSP may facilitate collection workflows (reminders, payment links) but cannot hold repayment funds in its own account.
Eligibility Criteria for LendTech Setup
Whether you are an NBFC looking to digitise your lending operations or a fintech startup building a lending platform, the following eligibility criteria apply.
| Parameter | Requirement |
|---|---|
| Business Model | Digital lending platform or fintech technology company |
| Entity Type | Company, LLP, NBFC, or Fintech incorporated in India |
| Regulatory Tie-up | Mandatory partnership with licensed NBFC or bank (if entity is not itself an RE) |
| Technology Capability | Secure digital infrastructure meeting RBI's IT and cybersecurity standards |
| Compliance Readiness | KYC/AML policies, data protection framework, and grievance redressal mechanism in place |
Documents Required for LendTech Setup
The following documents are required to establish and operationalise a LendTech platform in India:
- Certificate of Incorporation β company or LLP registration certificate
- Business Plan β clearly outlining the lending model, target customer segment, and revenue structure
- Technology Architecture Document β demonstrating platform capability, security measures, and data flow design
- Agreements with NBFC/Bank β formal outsourcing agreement establishing the RE-LSP relationship and compliance obligations
- KYC/AML Policy β documented policy for customer identification, verification, and anti-money laundering compliance
- Data Protection Policy β privacy policy and data handling framework aligned with IT Act, DPDP Act, and RBI guidelines
- Board Resolutions β authorising the digital lending operations and key compliance appointments
Fees & Costs for LendTech Setup
The costs involved in setting up a LendTech platform vary significantly depending on whether you are building technology from scratch, partnering with an existing RE, or obtaining your own NBFC license. The following are indicative ranges:
| Cost Component | Indicative Range |
|---|---|
| Company Incorporation | βΉ10,000 β βΉ25,000 |
| Technology Development | βΉ2 lakh β βΉ25 lakh+ (depending on scope) |
| Legal & Compliance Setup | βΉ50,000 β βΉ3 lakh |
| NBFC Partnership Cost | Case-specific (subject to negotiation with the RE) |
LendTech Setup Timeline
The time required to set up a compliant LendTech platform depends on your starting point β whether you are a new entity or an existing NBFC digitising its operations. The following is a typical timeline for a fintech startup launching a digital lending platform as an LSP:
| Phase | Duration |
|---|---|
| Business Structuring & Model Design | 1β2 weeks |
| Technology Development & Platform Build | 4β12 weeks |
| NBFC/Bank Tie-up & Agreement Execution | 2β6 weeks |
| Compliance Setup (KYC, AML, Data Protection) | 2β4 weeks |
Total estimated timeline for a new LendTech LSP platform: approximately 2β6 months, depending on the complexity of the technology build and the time required to finalise the NBFC partnership.
Common Mistakes to Avoid in LendTech
RBI's enforcement actions in digital lending have consistently targeted a specific set of compliance failures. These are the most critical mistakes to avoid:
- Operating without an RBI-regulated partner β this is illegal and the most common reason for regulatory shutdown of lending apps
- Misleading loan disclosures β hiding charges, expressing interest rates in non-APR formats, or providing incomplete KFS documents
- Charging unauthorized fees β any fee not disclosed in the KFS and agreed to by the borrower is impermissible
- Improper data sharing with third parties β sharing borrower data with collection agents, marketing firms, or other parties without explicit consent
- Weak KYC/AML systems β inadequate customer verification increases risk of fraud and is a regulatory violation
- Using shadow lending structures β creating arrangements that nominally involve an NBFC but where the fintech effectively controls credit decisions and fund flows
Post-Setup Compliance for LendTech Platforms
Launching a LendTech platform is the beginning, not the end, of your compliance journey. RBI expects ongoing compliance management across multiple dimensions:
- RBI Digital Lending Compliance Reporting β periodic reporting obligations for REs and, where applicable, their LSP partners
- Customer Grievance Redressal Mechanism β a functional, responsive grievance redressal system is mandatory; RBI scrutinises grievance resolution rates and timelines
- Data Storage & Localisation Norms β ongoing compliance with RBI's data localisation requirements; regular audits of data storage infrastructure
- Periodic IT & Compliance Audits β regular information security audits and compliance reviews as required by RBI's IT Framework
- Fair Practices Code Implementation β adherence to RBI's Fair Practices Code for NBFCs, including in digital lending contexts
- Loan Disclosure & Transparency Requirements β ongoing KFS compliance, APR disclosures, and transparency in all borrower communications
βIn digital lending, technology is the interface but compliance is the foundation. RBI's scrutiny has shifted from paperwork to practice β platforms that embed compliance into their architecture, not just their documents, will be the ones that scale sustainably.β
Frequently Asked Questions
What is LendTech?
LendTech refers to the use of technology platforms to deliver end-to-end digital lending services, including customer onboarding, credit assessment, loan disbursement, and recovery. It combines technology with lending operations and regulatory compliance.
Can a fintech company lend money without partnering with an NBFC?
No. Under RBI guidelines, a fintech that is not itself a Regulated Entity (RE) β such as a bank or NBFC β cannot lend money independently. Fintechs must partner with a licensed NBFC or bank to legally originate and disburse loans.
What is a Lending Service Provider (LSP)?
An LSP is a fintech or technology company that supports the lending operations of a Regulated Entity but does not lend directly. LSP activities include customer acquisition, digital onboarding, credit scoring, loan servicing support, and collection facilitation.
What is a Regulated Entity (RE) in digital lending?
A Regulated Entity (RE) is a bank, NBFC, or other financial institution directly regulated by the RBI that has the legal authority to extend credit. Under RBI's digital lending guidelines, ultimate responsibility for all lending decisions and compliance rests with the RE.
What is the co-lending model in LendTech?
The co-lending model involves a bank and an NBFC jointly extending credit to a borrower, typically with the NBFC handling origination and the bank funding a majority of the loan. This is regulated under RBI's Co-Lending Model (CLM) guidelines.
What is the FLDG model and is it regulated?
FLDG (First Loss Default Guarantee) is an arrangement where a fintech provides a guarantee to the RE against borrower defaults up to a certain percentage. RBI has regulated this model, capping the FLDG at 5% of the loan portfolio. It carries a high regulatory risk level and must be structured carefully.
What is a Key Fact Statement (KFS)?
The KFS (Key Fact Statement) is a standardised document mandated by RBI that must be provided to borrowers before loan acceptance. It discloses the loan amount, tenure, interest rate in APR format, all charges, recovery mechanism, and grievance officer details.
What disclosures are mandatory in digital lending?
Mandatory disclosures include: loan amount and tenure, interest rate expressed in APR format, all fees and charges (processing fees, penalties, etc.), recovery mechanism details, and grievance officer contact information. All of this must be included in the KFS provided before loan acceptance.
Can loan funds flow through the fintech app's account?
No. RBI mandates that loan disbursements must go directly to the borrower's bank account β not through a pass-through or nodal account maintained by the LSP or fintech. Similarly, repayments must flow directly to the Regulated Entity.
What is RBI's stance on mobile data access by lending apps?
RBI has taken strong enforcement action against digital lending apps that accessed unauthorized mobile data such as contacts, gallery, and location. Lending apps are prohibited from accessing any mobile data not strictly necessary for the lending function. Explicit borrower consent is mandatory before any data collection.
What is the NBFC-Fintech partnership model?
In this model, the fintech acts as an LSP β sourcing customers, conducting digital onboarding, and providing credit scoring β while the NBFC retains full credit decision authority and funds the loans. This is a medium-risk model and requires a formal outsourcing agreement.
What is an outsourcing agreement under RBI guidelines?
Under RBI's Outsourcing of Financial Services Directions, any RE that engages an LSP must execute a formal outsourcing agreement. This agreement must define the scope of services, data sharing restrictions, compliance obligations, audit rights, and accountability for grievance redressal.
What are common RBI enforcement actions in digital lending?
RBI enforcement in digital lending has included cancellation of NBFC licenses, app store takedowns, regulatory warnings, and public advisories. Key triggers include unauthorized lending, misuse of borrower data, improper disclosures, and routing funds through fintech accounts.
How does BNPL (Buy Now Pay Later) fit into LendTech compliance?
BNPL platforms are treated as digital lending products and are subject to the full suite of RBI digital lending guidelines. BNPL operators must either be REs themselves or partner with an NBFC/bank, provide KFS disclosures, and ensure fund flows comply with RBI directions.
How is P2P lending different from LendTech?
P2P (Peer-to-Peer) lending platforms are regulated separately under RBI's NBFC-P2P Directions and require their own RBI registration as NBFC-P2Ps. General LendTech platforms β operating as LSPs or digital lending apps β are regulated under the Digital Lending Guidelines but do not require P2P registration.
What are data localisation requirements in LendTech?
RBI mandates that data related to digital lending transactions must be stored within India. Platforms must ensure that borrower data, loan data, and related transaction records are not stored on servers outside permitted jurisdictions without regulatory approval.
What are the credit assessment requirements for digital lenders?
Credit assessment must be conducted by or under the supervision of the Regulated Entity. While LSPs can provide AI/ML-based credit scoring inputs, the final credit decision authority must remain with the RE. The RE cannot delegate its credit approval function to a fintech.
What is the direct assignment model in LendTech?
Direct assignment is a model where an NBFC originates loans and directly assigns (sells) them to a bank or investor without a Special Purpose Vehicle (SPV). This model is used for balance sheet management and liquidity and is regulated under RBI's securitisation and assignment guidelines.
Can a startup launch a digital lending product?
Yes, but not independently. A startup can build a lending platform and act as an LSP by partnering with a licensed NBFC or bank. The startup must ensure its technology meets RBI standards, a formal outsourcing agreement is in place, and all compliance obligations β including KFS, data protection, and disclosure norms β are met.
When should I engage a professional for LendTech setup?
You should engage a compliance professional before launching any digital lending product. Key moments include: structuring your business model, drafting NBFC partnership agreements, building your technology architecture, establishing KYC/AML policies, and setting up grievance redressal mechanisms. Early professional guidance prevents costly regulatory mistakes.