The Consent Template CT003 finalized by the Lending Use Case Council provides a structured framework for obtaining consent from borrowers to monitor their financial activities, ensuring alignment with industry best practices.
This consent template also requires the implementation of the following Codes of Conduct and Technical Guardrails to promote consumer privacy. The Technical Guardrails recommended by the Use Case Council are as follows:
Technical Guardrails for Consent Template CT003 and CT035
| Technical Guardrail | Responsibility |
|---|---|
| FIU to provide disclosure (as a part of the purpose text) that monitoring consent will be activated only if the loan is disbursed and collection consent will be activated only if the loan is under default | FIU will implement the standardized Purpose text as per the CT003 and CT035 in their consent requests, and later this would be automated as a part of Sahamati’s Fair Use System |
| FIU to ensure, technically, that data against monitoring consent will get pulled only if a loan is active and collection consent will get pulled only if the payment under the loan (EMI) is overdue for more than a day. | FIU will be responsible for configuring their back-end systems to ensure this |
| At the end of the journey of a rejected/prepaid customer (purpose fulfilled), the customer shall compulsorily be provided an option to revoke monitoring consent and collection consent, as the purpose is no more valid. | FIU to present a redirection link to the AA page/app for the customer to revoke consent live (as a best practice) or through any other communication channel (in case of non-STP journeys) |
| To ensure that customers are informed about their data being accessed due to monitoring or collection consent, consumers should be regularly notified of data pulls and active consents. | AA to provide regular notifications to consumers via appropriate communication channels. Frequency to be discussed/decided with the AA Steering Group |
| Last published | 17th May 2024 |
What should be the consent validity for short-term loans, under CT003 and CT035 templates
The Council has clarified that for short-term loans, i.e., loans for less than one year, the validity of consent shall not be more than 3 months beyond the tenure of the loan. The council has recommended this to enable lenders to continue monitoring a borrower’s account and optimise their collection strategies in case a borrower delays his/her repayment. Lenders that offer short-term loans, especially unsecured, are at higher risk of default and need flexible collection strategies because of the limited ageing of the particular loan account.
For instance, if the loan tenure is two months, the consent validity can be up to five months and not be coterminous with the loan tenure.
Please find below the parameters for AA Consent Template ID CT003 as finalized by the Lending Use Case Council:
Consent Template Information - CT003
| Consent Template Information | Description | Further Explanation |
|---|---|---|
| Consent Template ID | CT003 | For Sahamati's internal records and explanation to the community |
| Status | Active | For Sahamati's internal records and explanation to the community |
| Use Case Category | Account Monitoring | For Sahamati's internal records and explanation to the community |
| Use case | Monitoring a borrower’s account to verify loan repayment capability | to build early warning signals, to adjust the credit limits based on change in financial strength or to activate the collection strategies for a borrower incase the EMI payment is overdue (overdue by a day) |
Consent Template Information / Attributes - CT003
| Consent Details (Attributes) | Values | Rationale |
|---|---|---|
| Purpose Text | As agreed by FIUs to show to the customer: To monitor the borrower’s account to verify the repayment capability, subject to activation of (loan / credit card / credit line) | To ensure that the purpose explains the underlying use case explicitly and is easy to understand for the customer. FIUs agreed that if the consent for loan monitoring is taken before the loan is sanctioned, the customer should explicitly be informed that this consent will be used for customers data fetch only is the loan is activated or disbursed |
| As per ReBIT: Explicit consent for monitoring of the accounts | ||
| Purpose Code | 104 | In line with existing code of conduct PC001 - https://sahamati.org.in/aa-community-guidelines-v1-2/purpose-codes/ |
| Purpose Code Category Name | Financial Reporting | |
| FI Types | DEPOSIT, TERM_DEPOSIT, RECURRING_DEPOSIT, SIP, CP, GOVT_SECURITIES, EQUITIES, BONDS, DEBENTURES, MUTUAL_FUNDS, ETF, IDR, CIS, AIF, INVIT, REIT, GSTR1_3B | To be able to do a continuous assessment of the repayment capacity and risk profile of the borrower based on a holistic financial assessment |
| Consent Types | Profile, Summary, Transactions | To be able to do a continuous assessment of the repayment capacity and risk profile of the borrower based on a holistic assessment of any changes in profile or transactions information across different FI Types |
| Fetch-type | Periodic | This requires a recurring data fetch to be able to continuously monitor a borrower's financial health |
| Maximum Frequency | 5 times per month | Deemed as sufficient by FIUs to be able to monitor a borrower's financial health and also implement/define their collection strategies in case of default |
| Maximum FI Data Range | 6 months | While the Maximum FI Data Range if 6 months, the FIUs agree that they will do only incremental pulls over and above their last date of fetching data |
| Maximum Consent Validity | Coterminous with loan tenure | The FIU needs to ensure that the data is fetched only for the period of loan tenure. In case the loan tenure is not fixed at the time of taking monitoring consent from the customer, FIUs will show the maximum loan tenure values for that product or customer segment. The FIU will also clearly mention that the consent expiry data will be subject to the upper cap of the sanctioned loan tenure of the borrower. |
| Maximum Data Life | 1 Month | Based on the average time required to complete risk assessment or collection as agreed by the FIU council as sufficient |
| Last published on: | 17th May 2024 |
Note: Loan underwriting and Loan monitoring are two different purposes, and hence, two distinct consents should be sought for these two processes. (Code of Conduct on the same is published here)
Please note that the parameters of the individual consent templates in the Consent Template Library represent upper bounds for the respective use cases, as decided in the relevant User Councils. The parameters in the consent templates should be treated by participant(s) as outer limit(s) and not be construed as legal advice in any manner. Participants are encouraged to review their use case(s) and ensure compliance with applicable laws, including the RBI Master Directions on NBFC-AA and the DPDP Act.
Sahamati will publish additional consent templates as the AA ecosystem evolves based on discussions in the relevant Use Case Councils and the Fair Use Committee. Existing consent templates may also be revised based on statutory and regulatory guidance, including the DPDP Act and the Rules issued thereunder.
