RBI Digital Lending Compliance Checklist 2025
34-point checklist for NBFCs, MFIs, and cooperative banks — covering every RBI Digital Lending Guidelines 2025 mandate. Board Policy · KYC · CIMS · Grievance · Data Privacy · Co-Lending.
Get Instant Access
*Enter your details to unlock the full checklist below
Fill the form above to unlock
Free — takes 10 seconds
RBI Digital Lending Compliance Checklist 2025
Source: RBI Circular RBI/2022-23/111 (Updated 2025) · Prepared by MICS
Board-Approved Digital Lending Policy
- Board-approved Digital Lending Policy (DLP) in place — covering fair practices, privacy, data security, grievance redressal
- Annual review of DLP conducted and minutes recorded
- Key Fact Statement (KFS) template board-approved and in active use
- Annual Percentage Rate (APR) disclosed upfront in KFS as mandated by RBI 2025
- Loan contract digitally signed, time-stamped, and stored in tamper-proof system
- Cooling-off period of minimum 3 days offered to borrowers for personal/consumer loans
KYC / AML / Customer Due Diligence
- Video-based Customer Identification Process (V-CIP) facility for digital borrowers
- Aadhaar XML OTP verification integrated with UIDAI
- PAN verification via NSDL / UTI API in real time
- CKYC (Central KYC Registry) upload for all new borrowers within prescribed timelines
- Negative list / debarment database check before loan disbursal
- Politically Exposed Persons (PEP) and sanctions screening in place
- Transaction monitoring system for suspicious activity detection
CIMS Reporting & RBI Supervisory Compliance
- NBFC / MFI registered on RBI CIMS (Centralised Information Management System) portal
- Supervisory data submitted quarterly within prescribed timelines
- Corrective action documented and taken on all CIMS alerts
- System-generated CIMS reports archived for minimum 5 years for audit purposes
- Regulatory returns (DNBS) filed on time — no pending submissions
Grievance Redressal Mechanism
- Nodal Grievance Redressal Officer (GRO) appointed, details published on website and app
- 30-day grievance resolution SLA enforced with auto-escalation
- Escalation pathway to RBI Ombudsman clearly communicated to borrowers
- Grievance register maintained — shared with Board quarterly
- No penal charges on borrowers for grievances found to be valid
Data Privacy, Security & Localisation
- All borrower data stored on servers physically located in India (RBI data localisation mandate)
- Explicit consent for data collection and sharing obtained before onboarding
- Third-party Lending Service Provider (LSP) app permissions audited — no background data access
- Borrower data not shared with LSP beyond need-to-know basis
- Annual penetration testing conducted by CERT-IN empanelled firm
- Incident response plan documented, tested, and Board-approved
- DPDP Act 2023 compliance: Data Protection Officer (DPO) appointed, consent framework in place
Co-Lending Compliance (if applicable)
- Co-Lending Model (CLM) Master Agreement with bank partner executed and filed with RBI
- Profit/loss sharing ratio declared and documented per CLM guidelines
- Co-lending reconciliation automated — no manual intervention in settlement
- Separate escrow account operational for co-lending disbursements and collections
Disclaimer: This checklist is prepared by MICS for informational purposes based on publicly available RBI circulars and guidelines as of 2025. It does not constitute legal advice. Always consult a qualified legal and compliance professional for your specific situation. RBI guidelines are subject to change — verify against the latest RBI circulars at rbi.org.in.
Is Your NBFC RBI-Ready?
MICS builds RBI Digital Lending 2025 compliant software for NBFCs, MFIs, and cooperative banks — CIMS reporting, V-CIP KYC, co-lending engine, and complete audit trail. From ₹30,000/month.
Or call us: +91 9355273535