The Reserve Bank of India (RBI) has shared a whitelist of 442 unique digital lending applications with the IT Ministry which has resulted in a review of listing of such apps for customers, a top Finance Ministry official said. The government is looking at more follow-up measures amid concerns over rising instances of financial frauds. A second review meeting on cybersecurity and financial frauds is scheduled to be held on February 9, Department of Financial Services’ (DFS) Secretary Vivek Joshi said in an interaction with The Indian Express on Wednesday. He had chaired the first such meeting of the regulators and payment aggregators last November. “RBI has shared a whitelist of 442 unique digital lending apps to MeitY, which has been shared with Google. Around 3,500 lending apps were reviewed,” Joshi said. “List of licensed entities are there on the website of the RBI. Google checks that before uploading the apps on its app store. Google has removed 2,200 digital lending apps (DLAs) from its app store during September 2022 to August 2023,” he added. In January, RBI Governor Shaktikanta Das had said that the central bank has shared a whitelist of lending apps with the Centre. The RBI’s action had come after a two-part investigation published on November 20-21 by The Indian Express, which reported how dubious loan apps advertise on Instagram and Facebook, and, despite whatever filters the platforms claim to use, many such apps, including those red-flagged by the government, continue to offer their services. It had also reported that the RBI initially did not have a whitelist of registered loan apps, or even a negative list which is updated. “We have been able to identify the responsibility of various stakeholders. Steps taken include whitelisting of illegal loan apps. Through MeitY, Google has also tightened the uploading policy for its app store. It now requires that developers of personal loan apps targeting Indian users have to declare whether they are licensed by the RBI for lending or if they are not lenders themselves and they only facilitate lending by banks or NBFCs and comply with the laws including the Fair Practices Code of the RBI,” Joshi told The Indian Express. Google has also modified its app onboarding policy to mention that it will only allow lending apps which are tied to a legal lending institution. Joshi said that the policy revision at the company has happened based on the request of the RBI and the DFS. The Centre is also taking steps to strengthen cybersecurity of its various ecosystems. For critical information infrastructure, 40 institutions have been notified by the DFS in the BFSI sector including those from the private sector also, Joshi said. “We notify that a specific database of a financial institution including private sector banks is critical information. The agency then monitors such critical information against any kind of cyber attacks including those from other countries,” he said. The National Critical Information Infrastructure Protection Centre (NCIIPC), a Government of India organisation under Section 70A of the Information Technology Act, is acting as the national nodal agency for safeguarding the critical information in the notified institutions. More measures are being worked out to contain cyber frauds. The DFS has suggested a system for individuals to block and report suspicious or fraud calls. “We are working with the telecom ministry to develop a system wherein customers can flag a number from a fraudster which can then be blocked. The system has to be developed in a manner that other (genuine) numbers don’t get blocked,” Joshi said.
