The Consent Template CT003 finalized by the Lending Use Case Council provides a structured framework for obtaining consent from borrowers to monitor their financial activities, ensuring alignment with industry best practices.

This consent template also requires the implementation of the following Codes of Conduct and Technical Guardrails to promote consumer privacy. The Technical Guardrails recommended by the Use Case Council are as follows:

Technical Guardrails for Consent Template CT003 and CT035

Technical GuardrailResponsibility
FIU to provide disclosure (as a part of the purpose text) that monitoring consent will be activated only if the loan is disbursed and collection consent will be activated only if the loan is under defaultFIU will implement the standardized Purpose text as per the CT003 and CT035 in their consent requests, and later this would be automated as a part of Sahamati’s Fair Use System
FIU to ensure, technically, that data against monitoring consent will get pulled only if a loan is active and collection consent will get pulled only if the payment under the loan (EMI) is overdue for more than a day. FIU will be responsible for configuring their back-end systems to ensure this
At the end of the journey of a rejected/prepaid customer (purpose fulfilled), the customer shall compulsorily be provided an option to revoke monitoring consent and collection consent, as the purpose is no more valid.FIU to present a redirection link to the AA page/app for the customer to revoke consent live (as a best practice) or through any other communication channel (in case of non-STP journeys)
To ensure that customers are informed about their data being accessed due to monitoring or collection consent, consumers should be regularly notified of data pulls and active consents.AA to provide regular notifications to consumers via appropriate communication channels. Frequency to be discussed/decided with the AA Steering Group
Last published17th May 2024

What should be the consent validity for short-term loans, under CT003 and CT035 templates

The Council has clarified that for short-term loans, i.e., loans for less than one year, the validity of consent shall not be more than 3 months beyond the tenure of the loan. The council has recommended this to enable lenders to continue monitoring a borrower’s account and optimise their collection strategies in case a borrower delays his/her repayment. Lenders that offer short-term loans, especially unsecured, are at higher risk of default and need flexible collection strategies because of the limited ageing of the particular loan account.

For instance, if the loan tenure is two months, the consent validity can be up to five months and not be coterminous with the loan tenure.

Please find below the parameters for AA Consent Template ID CT003 as finalized by the Lending Use Case Council:

Consent Template Information - CT003

Consent Template InformationDescriptionFurther Explanation
Consent Template IDCT003For Sahamati's internal records and explanation to the community
StatusActiveFor Sahamati's internal records and explanation to the community
Use Case CategoryAccount MonitoringFor Sahamati's internal records and explanation to the community
Use caseMonitoring a borrower’s account to verify loan repayment capabilityto build early warning signals, to adjust the credit limits based on change in financial strength or to activate the collection strategies for a borrower incase the EMI payment is overdue (overdue by a day)

Consent Template Information / Attributes - CT003

Consent Details (Attributes)ValuesRationale
Purpose TextAs agreed by FIUs to show to the customer: To monitor the borrower’s account to verify the repayment capability, subject to activation of (loan / credit card / credit line)To ensure that the purpose explains the underlying use case explicitly and is easy to understand for the customer. FIUs agreed that if the consent for loan monitoring is taken before the loan is sanctioned, the customer should explicitly be informed that this consent will be used for customers data fetch only is the loan is activated or disbursed
As per ReBIT: Explicit consent for monitoring of the accounts
Purpose Code104In line with existing code of conduct PC001 - https://sahamati.org.in/aa-community-guidelines-v1-2/purpose-codes/
Purpose Code Category NameFinancial Reporting
FI TypesDEPOSIT, TERM_DEPOSIT, RECURRING_DEPOSIT, SIP, CP, GOVT_SECURITIES, EQUITIES, BONDS, DEBENTURES, MUTUAL_FUNDS, ETF, IDR, CIS, AIF, INVIT, REIT, GSTR1_3BTo be able to do a continuous assessment of the repayment capacity and risk profile of the borrower based on a holistic financial assessment
Consent TypesProfile, Summary, TransactionsTo be able to do a continuous assessment of the repayment capacity and risk profile of the borrower based on a holistic assessment of any changes in profile or transactions information across different FI Types
Fetch-typePeriodicThis requires a recurring data fetch to be able to continuously monitor a borrower's financial health
Maximum Frequency5 times per monthDeemed as sufficient by FIUs to be able to monitor a borrower's financial health and also implement/define their collection strategies in case of default
Maximum FI Data Range6 monthsWhile the Maximum FI Data Range if 6 months, the FIUs agree that they will do only incremental pulls over and above their last date of fetching data
Maximum Consent ValidityCoterminous with loan tenureThe FIU needs to ensure that the data is fetched only for the period of loan tenure. In case the loan tenure is not fixed at the time of taking monitoring consent from the customer, FIUs will show the maximum loan tenure values for that product or customer segment. The FIU will also clearly mention that the consent expiry data will be subject to the upper cap of the sanctioned loan tenure of the borrower.
Maximum Data Life1 MonthBased on the average time required to complete risk assessment or collection as agreed by the FIU council as sufficient
Last published on:17th May 2024

Note: Loan underwriting and Loan monitoring are two different purposes, and hence, two distinct consents should be sought for these two processes. (Code of Conduct on the same is published here)

Please note that the parameters of the individual consent templates in the Consent Template Library represent upper bounds for the respective use cases, as decided in the relevant User Councils. The parameters in the consent templates should be treated by participant(s) as outer limit(s) and not be construed as legal advice in any manner. Participants are encouraged to review their use case(s) and ensure compliance with applicable laws, including the RBI Master Directions on NBFC-AA and the DPDP Act.

Sahamati will publish additional consent templates as the AA ecosystem evolves based on discussions in the relevant Use Case Councils and the Fair Use Committee. Existing consent templates may also be revised based on statutory and regulatory guidance, including the DPDP Act and the Rules issued thereunder.

<- Back to AA Consent Template Library