COERCION OR CONSENT: SHOULD REMOTE-LOCKING SOFTWARE FOR SMARTPHONES BE LEGALISED IN INDIA?

Authored by Rajpratim Kakati pursuing an L.L.M in Corporate & Commercial Law from West Bengal National Law University.

Introduction

With the government's persistent efforts to digitise the Indian economy, the use of smartphones has become an indispensable prerequisite for the integration of the common man into the Indian market. The increased demand for quality smartphones has created a lucrative market for the manufacturers of such devices. However, the primary concern here lies in the affordability of such tech-enabled smartphone devices, especially when considered in the context of developing countries like India. The middle-class and lower-class population of the country, which constitutes the majority of the population, still struggles to afford a smartphone. This hurdle has been overcome, to some extent, with the idea of ‘loans for phones’ made possible through the intervention of various banks and Non-Banking Financial Companies (‘NBFCs’) that provide for smartphone financing throughout the country.

However, the recovery process of such ‘loans for phones’ has not always been smooth sailing for the lending institutions. With respect to unsecured loans like the loans availed for buying smartphones, there exists no governing legislation, and as a result heavy reliance is placed on the guidelines issued by the Reserve Bank of India (‘RBI’) regarding the same. The absence of a regulating statute, the enlarging base of non-compliant borrowers, and the despair of the creditors to recover as many loans as possible have persuaded the lending institutions to resort to new strategies, including the use of third-party automatic device locking software to recover bad loans. 

Grievances Against Software-based Loan Recovery Mechanism

Allegations of using automatic device locking software like Device Lock Controller, DataCultr, etc. against various NBFCs as a mechanism for loan recovery have surfaced in recent times in India. Reportedly, certain Indian NBFCs have adopted the said mechanism for recovering defaulted loans and have thereby caused a plethora of challenges to the existing guidelines prohibiting coercive methods of recovery. Such software enabling automatic device lock permits the creditor to remotely access the device bought on credit, and in the instance of default in repayment, the creditor can remotely restrict the functionality of the phone to make the user unable to access his own device. From the perspective of a creditor, this application provides a very convenient as well as cost and time-efficient alternative to engaging human agents in loan recovery.

However, this method of loan recovery results in innumerable grievances on behalf of the borrowers. In addition to the concern of privacy compliance, such software-based recovery mechanism for unsecured debts establishes an alternate framework with no human agents involved in the process of recovery and thereby carves out a pathway to avoid the RBI guidelines that are applicable only in the context of human recovery agents.  

RBI Regulations on Recovery of Unsecured Loans

RBI, being the regulating authority governing the loan recovery framework in India, issues guidelines from time to time monitoring the activities of the creditors such as the banks and the NBFCs. RBI has, so far, taken strong initiatives to ensure that the loan recovery agents do not perpetrate intimidation, humiliation, and threatening against the defaulters who are already facing financial distress. 

• RBI issued ‘Guidelines on Fair Practices Code for Lenders’ in 2003 which created a broad layout for the banks and NBFCs to formulate a fair practice code on their own, duly approved by their respective boards of directors. The guidelines also prohibited ‘undue harassment’ of the borrowers through persistent botheration at odd hours and application of muscle power.

• RBI regulation unequivocally establishes that all NBFCs must be held responsible for outsourced financial services as well. Therefore, the board and the senior management of NBFCs cannot escape from the liability of the actions of the recovery agents. Not only NBFCs but also all “Regulated Entities” are bound by the activities of a third-party recovery agent. 

• In 2022, RBI issued a notification that strictly prohibited certain actions of the recovery agents, such as resorting to verbal and physical ‘intimidation or harassment’ against defaulters or any other person in the process of recovery. The definition of ‘intimidation or harassment’ includes acts intended for the public humiliation of the defaulter, intrusion into the privacy of the family members, referees, and friends of the defaulter, and sending inappropriate messages on the phone or through social media as well as making anonymous and/or threatening calls to the defaulter. In addition, the notification directs recovery agents not to call the debtor persistently for recovery of debt. Calling the debtor before 8:00 a.m. and after 7:00 p.m. for debt collection is barred by the notification. Making false and misleading representations to the debtor is also inclusive of the definition of ‘intimidation or harassment’ under the said notification. The ultimate responsibility of all such activities of a recovery agent vests with the creditor. 

Recent Developments

As per reports, in the wake of the inadequacy of existing regulations to address the concerns regarding digital recovery through device locking, the RBI went on to instruct the lenders to halt uncontrolled remote device locking because of privacy and consumer security issues, and the initiative led to a significant increase in EMI defaults of smartphones. Recently, media sources revealed that the RBI has been deliberating upon a consent-based framework wherein device-locking will be permitted to be used as a last resort. The proposal, which would probably be incorporated into the Fair Practices Code, would permit remote locking of devices upon default of loans below Rs 1 lakh only with explicit prior consent of the borrower. The proposed framework seeks to restrict access to personal data and emphasizes immediate unlocking of the device upon repayment.

Legality of Pre-installed Device Locking Software Used Without Borrower Consent

With due regard to the rising concerns of small loan default, it is pertinent to argue that allowing the credit companies to use software applications for loan recovery without any restriction will put the creditors at an unfair advantage against the debtors and might lead towards defeating the very policy purpose of covering as much of the population as possible under the formal financial system to eradicate exploitation of the marginalized under the disguise of loan repayment. 

• Illegal Possession of the Device: By restricting access to the device enabled by remote locking software, the lender obtains possession of the asset without the justification of any competent court order. Hence, it can be reasonably argued that the remote restriction on the use of the device is equivalent to freezing or attaching the asset, and initiating such an action without an order issued by a competent court constitutes a breach.

• Virtual Coercion and Undue Harassment: RBI guidelines on debt recovery agents monitor and regulate the activities that can be committed only by a human recovery agent. Creditors do not always prefer to employ staff on payroll for debt recovery, and in this era of advanced software technology, the process of debt recovery does not essentially require human agents calling relentlessly or making verbal and physical intimidation. Phone-based ‘device locking’ applications are alternatives to human recovery agents to remotely coerce defaulters without any human medium and conveniently steer away from the RBI regulations concerning recovery agents. Hence, the existing framework is not equipped to regulate coercive and intimidating recovery mechanisms adopted by the creditors through software applications. 

• Secured Loans Under Disguise of Unsecure Loans: When “loans for phones” are granted, the vendor/lender installs an “undeletable app” at the point of sale. Such apps/software, as discussed earlier, monitor the repayment schedule attached to the smartphone, and in case of default on the same, the smartphone is remote-accessed by the third-party software and thus blocked. Such an act is the equivalent of taking possession of the collateral in the event of default in payment of secured loans. Here, similar to “car loans,” the smartphone itself becomes the “collateral” or “security” that the lenders can claim back or deprive the user of its “effective possession” in case of non-repayment of defaulted loans. The collateralization of the device implies that the creditor has a security interest over the asset, and therefore, such loans fall under the ambit of secured loans instead of unsecured loans.  

Conclusion 

If one is to deliberate upon the efficacy of the device-locking loan recovery procedure, it can be inferred that such methods of bad loan recovery do not provide for any infallible cure or absolute and guaranteed answer to the problems of non-payment of loans and loan recovery for lenders. When a lending institution forcefully and coercively blocks the smartphone device of a borrower, the same further restricts the borrower’s ability to pay back the loan by hindering his earning capacity and livelihood. An ‘illegal reselling economy’ is also fueling as numerous consumers, finding no way out of their piling loan installments adding to the woes of the automatic locking of their devices, tend to dishonestly sell the locked devices during the loan period to other unassuming consumers on secondhand e-marketplaces like ‘OLX’, etc. This further reduces the chance of efficient loan recovery for the lenders.

Although such digital loan recovery mechanisms have the capability to dispense with the current system of inconvenient and extensive paperwork and provide for a hassle-free solution to loan recovery, the same should not be effectuated, disregarding the rights of the borrowers. Forthcoming RBI guidelines should establish a system of checks to regulate the coercive software-based loan recovery mechanism instead of issuing a blanket prohibition on the use of such loan recovery software.