Digital Lending Apps: The Invisible Threat to National Security

The Indian economy recently cemented its position as the world’s fifth-largest economy overtaking the United Kingdom. The Prime Minister of India at the SCO summit 2022 projected GDP growth at 7.5% which would be the highest among the world’s biggest economies.

Amidst these ground-breaking milestones, India needs to stay cautious of the impending dangers surrounding this growth especially from its hegemonic and hostile neighbour China. The threat from China is manifold from the tangible and downright threat of military engagement on the borders to the intangible and largely uninterrupted threats through virtual/technological means.

The Financial Debt Threat

Driven by its quest for ultimate global dominance and in a bid to out-muscle the US stronghold in strategising military resources in critical locations globally, China has, in the last decade, adopted every trick in and out of the book. The Belt and Road Initiative (BRI) of the Chinese Communist Party (CCP) is one such example, where China is engaged in the financing of infrastructure projects of poor, developing countries in a series of long-term loans at seemingly high interest rates. The consequences of this financing are slowly coming to light with the most recent example being the usurping of the Hambantota International Port of Sri Lanka which is of critical geopolitical importance with respect to exercising control in the Indian Ocean.

A Time magazine article described Chinese debt as methamphetamine of infrastructure finance: readily available, highly addictive and with long-term negative effects that far outweigh any temporary high. A 2021 study titled “Review of How China Lends: What Did 100 Chinese Lending Contracts Teach Us?” Is revealing. The study, which analysed the terms of 100 Chinese infrastructure lending contracts, found a lack of adequate disclosure of terms and conditions and an existing vagueness in the terms. Additionally, it revealed that post-pandemic, debtor capability of repayment of these debts has been greatly endangered owing to the nature of the economic status of the borrowing nations, which simultaneously increased the risk of dire consequences for the borrower nations.

The geo-political locations of the countries who have been beneficiaries to the Chinese loans greatly affect the diplomatic interests of India from a national security point of view. Debt-trapping nations and seizing infrastructural assets of border countries offers the Chinese potent resources to establish strategic military units increasing their ability to acutely monitor and strategise attempts to infiltrate and influence other growing economies like India.

The Data and Cyber Threats

Christopher Wary, the Director of the Federal Bureau of Investigation (FBI) of the USA, in a 2020 event spoke on the economic and national security threat posed by China to the US. He called the attempted economic espionage threat the greatest long-term threat to the US. He then elaborated on the means used by China to carry out Intellectual Property Theft to bolster their technological innovation. He also spoke of the use of cyber resources to procure high volumes of critical citizen data which China then uses to monitor activity and pose a serious irreversible threat.

State-funded cyber-attacks on top US tech companies poses danger not only to the US citizens but also puts global user data at risk. The growing threat of data attacks and lack of adequate means of detection and seemingly inadequate regulations around data protection make India a soft target for cyber-attacks. The trade and use of data for undesirable purposes not only puts the privacy of citizens at risk but also adds a serious national security threat. A 2021 German study classified all the elements of personal data misuse in 11 different categories including use for derivation of coercive incentives, creating religious and racial disharmony, influencing political narratives, social engineering, organised crime, evidence manipulation, torture, bullying among others.

Considering these threats, India needs a strictly enforced and robust data protection framework. This is the prominent reason why the government has stressed upon the requirement of locating data processing units and data servers of foreign companies within the territorial limits of the country also termed as ‘Data Localisation.’ It is of particular importance to preserve the privacy of the citizens of the country and ultimately secure the sovereignty of the nation and not hinder its socio-economic development through blatant intangible weaponising means of data and cyber-attacks.

An adversarial, resourceful, powerful neighbour, which has hostile intentions against India, and which has ready access to information on all aspects of citizen activity, poses a serious threat to India’s security, sovereignty, integrity, and development.

The Threat in India

In India, where direct financing, military engagement as well as diplomatic intimidation approaches have failed, China has resorted to more capricious means for causing disturbances in the socio-economic setup. This, after China unleashed the wrath of biological warfare on the world which considerably slackened the growth of the global economy except its own. It is a combination of two of its weapons widely used in the global scenario—finance (debt) and abusing large-scale citizen data.

During the pandemic, China flooded the Indian market with several digital lending apps which fell outside the purview of the RBI’s regulations and carried out large-scale individual lending to desperate borrowers in need of money due to the unfortunate circumstances led by the pandemic. The government bodies, then focused on dealing with the mass hysteria surrounding the crises of the pandemic, failed to take note as it occurred. The modus operandi of the apps was entering into outsourcing agreements with NBFCs (Non-Banking Financial Companies) to carry out digital lending on the furnishing of First Loss Default Guarantees to them.

The hidden aspects of their arbitrary operation included charging fluctuating interest rates and exorbitant penal charges, unclear terms and conditions, illegal data collection, data export and unauthorised processing. The apps engaged Recovery Agents who used sensitive data (extracted without the knowledge and authorisation of the users from their devices) as leverage to blackmail innocent borrowers in paying unreasonably high interest and penal charges. The consequences are only being slowly discovered and acknowledged now, nearly two years after the onslaught of operations of these apps. The borrowers have faced the brunt with incidents of harassment and blackmailing, leading to some borrowers even committing suicide.

It is now being discovered that many of these apps had no legal standing whatsoever and have been since banned from operating in a series of notifications issued regarding the same. The disproportionate, unnecessary, and unauthorised data collection by these apps and particularly exporting of all the data back to China has been the prominent reason why the government has recently, in more instances than one, moved to ban several Chinese apps. It comes as a major threat to the privacy of citizens and has the potential for far-reaching consequences in the future—data monitoring, influencing social/political decision-making, targeted advertising, offshore data trading, social engineering, predictive policing etc.

The other immediate threat of capturing innocent buyers in debt traps makes a sizeable portion of the workforce insolvent and renders them incompetent to contribute to their personal growth thereby restricting the overall growth of the nation.

The Scope of Illegal Operations

A recent Directorate of Enforcement (ED) investigation revealed that the Instant Loan Providing Digital Apps also known as Fintech companies backed by Chinese funds carried out large scale digital lending activities on entering into MoU agreements (Memorandum of Understanding) with NBFCs without any interference or checks. The Lending Apps took control of the social media data of the clients. High interest rates and late fees were imposed. The investigation also reveals the major decisions related to the operations of these Fintech companies were instructed by Chinese owners based in Hongkong. 12 NBFCs are said to have been involved in such agreements with various foreign backed Fintech companies having disbursed a total sum of ₹4430 crore leading to a total profit of ₹819 crore.

The entire sum of ₹819 crore is being regarded as proceeds of crime and being further investigated under the provisions of the Prevention of Money Laundering Act, 2002. The operations of the Chinese Digital Lending Applications are indeed audacious. In short, they operate on agreements (with questionable validity) with NBFCs, (several of them said to have expired licenses), exploiting desperate borrowers by charging them unreasonably high interest and variable charges, extracting and exporting high volumes of unauthorised citizen data including personal and financial data, blackmailing and harassing them by hiring recovery agents acting as extortionists, disrupting the financial stability of citizens of the unorganised sector, hindering financial growth of the nation, posing a serious financial and national security threat and quite audaciously making a huge profit out of it all.

The Action: Too Little Too Late?

The RBI had been aware of these threats by the Digital Lending Apps and a Working Group on Digital Lending was established on 13 January 2021. The Working Group submitted its report of recommendations on 18 November 2021. On 10 August 2022, through a press release, the RBI adopted certain parts of the recommendations of the Working Group for immediate implementation. Finally, on 2 September 2022, an official circular was issued providing further clarity on the details of implementation of the recommendations and brought forth strict guidelines on the operation of Digital Lending Apps and Lending Service Providers. It emphasised the direct movement of funds to and from the bank accounts of the regulated entities and the bank account of the borrower. It also laid down instructions on data collection, storage, and processing mechanisms to be strictly followed by the apps. A deadline of 30 November 2022 was given for the apps to make their systems compliant with the terms issued under the guidelines.

Additional legislation with respect to data protection is long overdue with the government having recently withdrawn the Personal Data Protection Bill, 2019 after a Joint Parliamentary Committee recommended a host of amendments to the bill. A new piece of legislation is expected to be introduced, incorporating the recommended amendments as early as in the winter session of the Parliament which shall be the governing law in matters relating to data protection in the country.

It can be argued that the RBI perhaps waited too long to intercept and investigate the practices followed by Digital Lending Apps and probably did not take the scope of their operations all too seriously. It is however, for the best that further delay has been avoided and affirmative action has been taken. Material efforts are now being seen to be put in order to regulate Indian and foreign backed lending companies, whose operations were indubitably putting a strain on the financial stability of a major section of population. To counter and prevent compromising of citizen data privacy, strict provisions have been issued in the latest guidelines on Digital Lending.

Conclusion

The Indian economy being on the ascendant and India’s good relations with most nations in the South and South-East Asian region is probably a cause of concern for Beijing. The CCP has consequently adopted various means to cause disturbances in India such as creating tension on India’s border with Tibet, exerting undue influence over countries like Nepal and Bhutan which have traditional strong ties with India and by providing strategic loans under its BRI to strengthen its geopolitical and military stance by encircling India with investment in infrastructure projects in countries all around it. China is leaving no stone unturned in its no-holds barred attempt to interrupt the overall socio-economic development of India.

The underlying threat, pursuant to the illegal collection and processing of data, should not be taken lightly and a strong model to detect data breaches and efficient countering mechanisms need to be established. The downsides and negative uses of data can have alarming consequences given the tense political climate within the country. It could be used to further hateful agendas and contribute adversely to the already highly polarised society.

Furnishing unregulated debts predominantly to those in the unorganised sector is bound to have an adverse impact in the economic stability of the entire sector. Steps need to be taken to mitigate the harm already done and ensure the prevention of any further damage. Furthermore, instances like these will serve to cause severe apprehensions about emerging technologies and their potential uses, particularly in finance. It will make public trust and acceptance a difficult prospect for future government policy initiatives in adopting these technologies in banking, finance, and other sectors. The net result being a large chunk of the population may well miss out on the convenience and truly beneficial aspects of the technological advancements.

These attempts are, in all probability, just one example of how China is trying to cause major imbalances in the overall socio-economic fabric of India. Future threats need to be anticipated in the interest of the citizens and the larger interest of preservation of the sovereignty of the country. This can be done through vigilance and caution and by keeping abreast with the ever-evolving realm of technology.

Author Brief Bio: Siddharth Acharya is a practicing advocate in Supreme Court of India. Apart from legal profession he has directed acclaimed documentary films on Kashmir and CPEC. He writes extensively and frequently on Constitutional issues and judgments pronounced by Supreme Court.

References

Directorate of Enforcement (ED) Press Release 3^rd August, 2022

https://enforcementdirectorate.gov.in/sites/default/files/latestnews/HYZO%20Loan%20APP%20PAO%20No%203.pdf

RBI Guidelines on Digital Lending, Circular issued 2^nd September 2022

https://rbidocs.rbi.org.in/rdocs/Notification/PDFs/GUIDELINESDIGITALLENDINGD5C35A71D8124A0E92AEB940A7D25BB3.PDF

The Threat Posed by the Chinese Government and the Chinese Communist Party to the Economic and National Security of the United States, Christopher Wray (Director Federal Bureau of Investigation) – Hudson Institute, Video Event: China’s Attempt to Influence U.S. Institutions Washington, D.C. July 7, 2020

https://www.fbi.gov/news/speeches/the-threat-posed-by-the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states

China Cyber Threat Overview and Advisories – Cybersecurity and Infrastructure Security Agency, United States of America

https://www.cisa.gov/uscert/china

Financial Stability and National Security in an Era Of Hegemonic Rivalry: The Need To Tighten United States Securities Disclosure Requirements by Joel Slawotsky (University of Pennsylvania Journal Of Business Law, 2020)

https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1603&context=jbl

It’s A (Debt) Trap! Managing China IMF Cooperation Across The Belt And Road – Dylan Gerstel (Researcher at Center for Strategic and International Studies)

https://csis-website-prod.s3.amazonaws.com/s3fs-public/181017_DebtTrap.pdf?MKq76lYIBpiOgyPZ9EyK2VUD7on_2rIV

Johnston, Lauren A, Reviewing How China Lends: What Did 100 Chinese Lending Contracts Teach Us? (April 30, 2021)

Available at SSRN: https://ssrn.com/abstract=4070631 or http://dx.doi.org/10.2139/ssrn.4070631

Balding, Christopher, Chinese Open Source Data Collection, Big Data, And Private Enterprise Work For State Intelligence and Security: The Case of Shenzhen Zhenhua (September 13, 2020).

Available at SSRN: https://ssrn.com/abstract=3691999 or http://dx.doi.org/10.2139/ssrn.3691999

Kröger, Jacob Leon and Miceli, Milagros and Müller, Florian, How Data Can Be Used Against People: A Classification of Personal Data Misuses (December 30, 2021).

Available at SSRN: https://ssrn.com/abstract=3887097 or http://dx.doi.org/10.2139/ssrn.3887097