LSP Lending Service Provider
LSP Lending Service Provider

A Lending Service Provider, or LSP, in digital lending is generally treated as an agent of the Regulated Entity when it performs lender functions such as customer acquisition, underwriting support, pricing support, servicing, monitoring or recovery on behalf of a bank or NBFC. Even if the agreement between the Regulated Entity and the LSP describes their inter se relationship as “principal-to-principal”, the LSP may still be treated as acting on behalf of the Regulated Entity in its dealings with borrowers. Therefore, the Regulated Entity cannot escape customer-facing responsibility merely by calling the LSP an independent principal in the contract.


Introduction

Digital lending has changed the Indian credit market. Many fintech companies now provide customer acquisition, digital onboarding, credit-tech support, underwriting assistance, repayment support, servicing, analytics and recovery support to banks and NBFCs. These fintech partners are commonly referred to as Lending Service Providers, or LSPs.

The legal question is critical: Is an LSP an agent of the lender, or an independent contractor working on a principal-to-principal basis?

This is not merely a drafting issue. The answer affects borrower rights, RBI compliance, liability for mis-selling, data privacy, recovery conduct, grievance redressal, outsourcing obligations, fund-flow restrictions, commission structure, indemnity, audit rights and regulatory exposure.

A common drafting mistake is to insert a standard clause stating that “the parties are acting on a principal-to-principal basis” and assume that the lender has no responsibility for the acts of the LSP. That approach is unsafe in digital lending. Under the RBI’s digital lending framework, the Regulated Entity remains accountable for the lending relationship and cannot use the LSP structure to distance itself from borrower-facing obligations.


What is a Lending Service Provider?

A Lending Service Provider is an entity engaged by a bank, NBFC or other RBI-regulated lender to perform one or more digital lending functions or part of such functions.

An LSP may perform functions such as:

  1. Customer acquisition.
  2. Lead generation.
  3. Digital onboarding.
  4. KYC assistance, subject to applicable law.
  5. Credit assessment support.
  6. Underwriting support.
  7. Pricing support.
  8. Loan servicing.
  9. Monitoring of specific loan or portfolio.
  10. Recovery support.
  11. Customer support.
  12. Technology interface through a digital lending app or platform.

An LSP is not automatically a lender. The lender is the Regulated Entity. The LSP is a service provider that supports lending functions, subject to RBI outsourcing and digital lending requirements.


Regulated Entity and LSP: Who Does What?

Regulated Entity

The Regulated Entity is the bank, NBFC or other lender regulated by RBI. It owns the lending relationship and remains responsible for regulatory compliance.

The RE must generally control:

  1. Loan approval.
  2. Credit decision.
  3. Sanction.
  4. Key Facts Statement.
  5. Loan agreement.
  6. Disbursement.
  7. Repayment flow.
  8. Customer grievance redressal.
  9. Outsourcing oversight.
  10. Data and privacy compliance.
  11. Recovery governance.
  12. Regulatory reporting.

Lending Service Provider

The LSP may assist the RE but should not act like an unregulated lender.

The LSP may support:

  1. Borrower sourcing.
  2. Technology platform.
  3. Customer interface.
  4. Document collection.
  5. Underwriting analytics.
  6. Servicing.
  7. Recovery assistance.
  8. Grievance escalation support.
  9. Operational reporting.
  10. DLA maintenance.

The LSP must operate within the mandate given by the RE.


Agency vs Principal-to-Principal: Why It Matters

The distinction between agency and principal-to-principal contracts is important because it decides whether one party acts for and on behalf of another party or as an independent contracting party.

Agency Relationship

In an agency relationship:

  1. Agent acts on behalf of the principal.
  2. Agent may represent the principal before third parties.
  3. Principal may be bound by authorised acts of the agent.
  4. Principal may be responsible for customer-facing conduct.
  5. Agent must act within authority and instructions.
  6. Principal may supervise the agent’s role.

Principal-to-Principal Relationship

In a principal-to-principal relationship:

  1. Each party acts independently.
  2. One party does not normally bind the other.
  3. Each party bears its own commercial risk.
  4. There may be no vicarious liability for the other party’s conduct.
  5. Liability depends on contract terms and law.
  6. There is usually no representative authority.

In digital lending, the difficulty is that the LSP may be contractually described as independent, but functionally it may be doing lender-facing work before borrowers. In such cases, labels are not conclusive.


The Contract Label Is Not Final

A contract may say “principal-to-principal”, but courts and regulators examine the real substance of the relationship.

The relevant factors include:

  1. Who owns the borrower relationship?
  2. Who approves the loan?
  3. Who disburses the loan?
  4. Who receives repayment?
  5. Whose name appears in loan documents?
  6. Who decides pricing?
  7. Who controls recovery?
  8. Who handles borrower complaints?
  9. Who controls customer data?
  10. Does the LSP represent itself as acting for the lender?
  11. Does the borrower understand the LSP as the lender’s representative?
  12. Does the lender supervise LSP conduct?

If the LSP is doing lender functions on behalf of the RE, the relationship may carry agency consequences in borrower-facing dealings even if the inter se contract uses principal-to-principal language.


RBI’s Position: LSP as Agent in Digital Lending

The RBI digital lending framework treats an LSP as an agent of a Regulated Entity when it performs digital lending functions on behalf of the RE.

This is the central legal point. The RBI’s approach is borrower-protective. It prevents a lender from saying: “The app or fintech partner did it, not us.”

For digital lending compliance, the RE remains answerable for:

  1. Borrower disclosures.
  2. KFS and APR transparency.
  3. Fund-flow compliance.
  4. Recovery agent conduct.
  5. Grievance redressal.
  6. Data collection and consent.
  7. Outsourcing supervision.
  8. LSP due diligence.
  9. DLA compliance.
  10. Borrower-facing mis-selling or unfair practices.

The RE cannot use the LSP as a shield against regulatory responsibility.


People Also Ask: Can an LSP Agreement Be Principal-to-Principal?

Yes, the RE and LSP may define their inter se commercial relationship as principal-to-principal for certain contractual purposes such as indemnity, tax, fees, confidentiality, IP ownership, service levels and liability allocation. However, in borrower-facing digital lending functions, the LSP may still be treated as acting as an agent or representative of the RE.

Therefore, a principal-to-principal clause is not a complete liability shield.


People Also Ask: Can a Fintech LSP Lend Money Directly?

An LSP cannot lend merely because it is an LSP. If the fintech itself lends from its own balance sheet, it must examine whether it is carrying on lending business requiring registration or regulatory status under applicable law. If the loan is being provided by an NBFC or bank, the fintech LSP should not present itself as the lender.

The documents, app journey and borrower communication must clearly identify the actual lender.


Why Principal-to-Principal Drafting Is Risky in Digital Lending

Principal-to-principal drafting becomes risky when it is used to avoid regulatory accountability.

Examples of risky drafting include:

  1. LSP has full control over customer acquisition and loan journey.
  2. Borrower does not know who the actual lender is.
  3. LSP collects fees directly from borrower.
  4. LSP controls repayment account or pass-through account.
  5. LSP handles recovery without proper lender oversight.
  6. LSP stores excessive borrower data.
  7. LSP decides pricing or sanction independently.
  8. LSP’s app hides the RE’s identity.
  9. Grievance redressal is handled only by LSP.
  10. RE has no real audit or intervention rights.

Such structures are vulnerable because they weaken the RE’s control over regulated lending.


RBI Outsourcing Framework: RE Remains Responsible

Digital lending LSP arrangements are also governed by outsourcing principles. Outsourcing does not reduce the RE’s obligations to borrowers or RBI.

A compliant outsourcing arrangement should ensure:

  1. Board-approved outsourcing policy.
  2. Due diligence on LSP.
  3. Written agreement.
  4. Clear scope of outsourced activity.
  5. Service standards.
  6. Monitoring rights.
  7. Audit rights.
  8. Data confidentiality.
  9. Grievance redressal.
  10. Business continuity.
  11. Termination rights.
  12. RBI access/inspection rights.
  13. Subcontracting control.
  14. Customer protection.

The lender must retain ultimate control.


People Also Ask: Who Is Liable for Misconduct by LSP?

The Regulated Entity may remain responsible for borrower-facing misconduct by its LSP, especially where the LSP acts on behalf of the RE in customer acquisition, servicing, monitoring or recovery. The RE may contractually recover losses from the LSP through indemnity, but borrower-facing and regulatory responsibility generally cannot be outsourced away.


Fund Flow Rules in Digital Lending

Fund flow is a critical compliance issue.

A compliant digital lending structure should ensure:

  1. Loan disbursement flows directly from RE to borrower.
  2. Repayment flows directly from borrower to RE.
  3. LSP should not control loan funds.
  4. Pass-through accounts controlled by LSP should be avoided.
  5. Charges payable to LSP should generally be paid by RE, not extracted from borrower through hidden deductions.
  6. Borrower should receive clear disclosure of all charges.
  7. Payment aggregators should not become disguised LSP fund-control layers.

The core principle is simple: the lender lends, the borrower repays the lender, and the LSP should not sit in the middle of funds.


Customer Disclosure Requirements

Digital lending arrangements must be transparent. Borrowers should know:

  1. Name of the Regulated Entity.
  2. Role of LSP.
  3. Loan amount.
  4. Tenure.
  5. Annual Percentage Rate.
  6. Processing fees.
  7. Penal charges.
  8. Cooling-off period.
  9. Recovery mechanism.
  10. Grievance redressal officer.
  11. Data being collected.
  12. Consent and revocation rights, where applicable.
  13. Key Facts Statement.
  14. Loan agreement terms.

The LSP should not create confusion about who the lender is.


Multi-Lender LSP Arrangements

Many LSPs work with multiple banks or NBFCs and display different loan offers to borrowers. This creates additional transparency issues.

A fair multi-lender LSP model should:

  1. Display lender options clearly.
  2. Avoid deceptive product ranking.
  3. Disclose lender name.
  4. Disclose APR and key terms.
  5. Avoid dark patterns.
  6. Provide comparable information.
  7. Show KFS-linked information.
  8. Not push a particular lender unfairly.
  9. Follow a consistent offer-generation method.
  10. Maintain audit trail of offer display.

This is especially important for loan marketplaces and credit aggregation platforms.


Data Protection and Privacy in LSP Models

LSPs often handle sensitive borrower data. Therefore, the RE-LSP agreement must have strong data protection controls.

Key clauses should include:

  1. Data minimisation.
  2. Purpose limitation.
  3. Consent capture.
  4. No unauthorised storage.
  5. No excessive phonebook/contact access.
  6. No biometric storage unless legally permitted.
  7. Data localisation, where applicable.
  8. Encryption and security standards.
  9. Breach reporting.
  10. Audit rights.
  11. Deletion/return of data after termination.
  12. DPDP Act compliance.
  13. Subprocessor controls.
  14. Confidentiality survival.

Borrower data cannot be treated as an unrestricted commercial asset of the LSP.


Recovery Conduct and LSP Liability

If an LSP or recovery partner contacts borrowers, the RE must ensure lawful and fair recovery conduct.

A compliant recovery structure should include:

  1. Board-approved recovery code.
  2. Training of recovery agents.
  3. Borrower communication protocols.
  4. Approved calling hours.
  5. No harassment.
  6. No public humiliation.
  7. No threats.
  8. No misuse of contacts or photos.
  9. Prior intimation of recovery agent details.
  10. Call recording and monitoring, where legally permissible.
  11. Complaint escalation mechanism.
  12. Strict termination for misconduct.

Recovery misconduct by an LSP can create regulatory, criminal, civil and reputational exposure for the lender.


DLG / FLDG and LSPs

Default Loss Guarantee, often called DLG or FLDG in industry usage, is a separate but related issue. Some LSPs provide limited credit-loss cover to REs for a specified loan portfolio.

Important compliance points include:

  1. DLG must be structured within RBI limits.
  2. DLG should be documented in writing.
  3. Portfolio must be specified upfront.
  4. Cap and invocation must follow RBI framework.
  5. DLG should not convert the LSP into an unregulated lender.
  6. Borrower-facing role must remain transparent.
  7. Accounting, provisioning and capital treatment must be reviewed.
  8. Contract must define invocation, replenishment prohibition and audit.

DLG should not be used to disguise balance-sheet lending by an unregulated fintech.


Key Clauses in an RE-LSP Agreement

A proper RE-LSP agreement should include:

1. Scope of Services

Define whether the LSP handles acquisition, onboarding, underwriting support, servicing, monitoring, recovery or technology interface.

2. Nature of Relationship

Clarify inter se commercial relationship, but expressly state that customer-facing conduct must comply with RBI digital lending and outsourcing norms.

3. No Lending Representation

The LSP must not represent itself as the lender unless it is legally the lender.

4. Regulatory Compliance

The LSP must comply with all applicable RBI directions, outsourcing norms, data protection law, consumer protection law and fair practices requirements.

5. Fund Flow Restriction

No loan disbursal or repayment funds should be routed through or controlled by the LSP, except where expressly permitted by law.

6. Borrower Disclosure

The agreement must require lender identity, KFS, APR, fees, grievance details and recovery information to be properly disclosed.

7. Data Protection

Insert detailed clauses on consent, storage, access, confidentiality, breach notification, deletion and audit.

8. Audit and Inspection

The RE must have audit rights, and the agreement must permit RBI access where required.

9. Grievance Redressal

Borrower complaints must be routed and resolved under the RE’s oversight.

10. Recovery Conduct

Recovery standards must be defined and breach must permit termination and indemnity.

11. Subcontracting

Subcontracting should require prior written approval of the RE.

12. Indemnity

The LSP should indemnify the RE for regulatory breach, data breach, recovery misconduct, misrepresentation, fraud, customer claims and non-compliance.

13. Business Continuity and Exit

The RE must be able to migrate operations, access records and continue servicing borrowers if the LSP arrangement terminates.


What LSPs Should Not Do

An LSP should not:

  1. Call itself the lender if it is not the lender.
  2. Decide loan sanction independently.
  3. Control disbursement or repayment flow.
  4. Collect hidden charges from borrower.
  5. Misrepresent APR or fees.
  6. Store excessive borrower data.
  7. Use borrower contacts for coercive recovery.
  8. Engage recovery agents without RE approval.
  9. Subcontract critical functions without consent.
  10. Use dark patterns to push loans.
  11. Hide the RE’s identity.
  12. Use principal-to-principal clause to defeat borrower rights.

What Regulated Entities Should Not Do

A bank or NBFC should not:

  1. Treat LSP onboarding as a simple vendor contract.
  2. Outsource credit decision-making.
  3. Allow LSP to control borrower funds.
  4. Permit unclear app branding.
  5. Permit LSP-only grievance redressal.
  6. Ignore recovery conduct.
  7. Allow excessive data collection.
  8. Fail to monitor DLA activity.
  9. Avoid audit rights.
  10. Use principal-to-principal drafting to escape liability.

The RE remains the regulated lender. That responsibility cannot be outsourced.


People Also Ask: Does an LSP Need RBI Registration?

An LSP does not automatically require RBI registration merely because it provides technology or outsourcing services to a regulated lender. However, if the LSP itself carries on lending, accepts deposits, operates as an NBFC, provides regulated financial services, controls loan funds or performs activities requiring registration, separate regulatory analysis is required.

The LSP should also comply with contractual, data, consumer-protection and outsourcing obligations imposed through the RE.


People Also Ask: Can LSP Charge Borrower Directly?

As a compliance principle, charges payable to the LSP should generally be paid by the Regulated Entity and transparently disclosed to the borrower where forming part of loan cost. Hidden or direct borrower charges by the LSP create regulatory risk, especially if they distort APR, KFS, fund flow or borrower consent.


Legal Structuring for Fintech Startups Acting as LSPs

A fintech startup planning to act as an LSP should prepare a compliance stack before approaching an NBFC or bank.

Entity and Governance

  1. Proper company incorporation.
  2. Board approvals.
  3. Authorised signatory documents.
  4. Compliance officer.
  5. Grievance officer, if borrower-facing.
  6. Data protection officer/lead, where appropriate.
  7. Internal control matrix.

Policies

  1. LSP compliance policy.
  2. Data protection policy.
  3. Privacy policy.
  4. Information security policy.
  5. Customer communication policy.
  6. Recovery support policy, if applicable.
  7. Vendor/subcontracting policy.
  8. Incident response policy.
  9. Business continuity plan.
  10. Grievance redressal SOP.

Documents for NBFC Onboarding

  1. Company profile.
  2. Product flow note.
  3. Customer journey map.
  4. Fund-flow note.
  5. Data-flow note.
  6. Information security controls.
  7. Draft RE-LSP agreement.
  8. Draft borrower communications.
  9. KFS integration process.
  10. Grievance escalation matrix.
  11. Recovery protocol.
  12. Compliance undertaking.

Agency Risk Matrix for LSP Agreements

IssuePrincipal-to-Principal DraftingAgency / LSP Reality
Borrower interactionLSP says it is independentBorrower may see LSP as lender representative
Loan approvalLSP should not decideRE must retain final sanction control
Fund flowLSP should not controlDirect RE-borrower flow required
FeesCommercially agreedMust be transparent and compliant
DataLSP processes dataRE remains accountable for lawful processing
RecoveryOutsourced supportRE responsible for conduct and complaints
LiabilityInter se indemnityRE may remain borrower-facing accountable
Contract labelUseful internallyNot conclusive before regulator/court

Practical Drafting Strategy

The safest drafting approach is not to blindly choose “principal-to-principal” or “agency”. The stronger approach is layered drafting:

Layer 1: Inter Se Commercial Relationship

Define fees, IP, indemnity, confidentiality, service levels, tax, ownership and liability allocation between RE and LSP.

Layer 2: Regulatory Character

Acknowledge that borrower-facing LSP functions will be performed on behalf of the RE and subject to RBI digital lending and outsourcing norms.

Layer 3: Customer Protection

Mandate disclosures, grievance redressal, fair conduct, data protection and recovery rules.

Layer 4: Control and Oversight

Preserve RE’s audit, monitoring, intervention, suspension and termination rights.

Layer 5: Exit and Continuity

Ensure borrower servicing, data, records and complaints can continue even if the LSP exits.

This structure protects both commercial flexibility and regulatory compliance.


People Also Ask: What Is the Main Legal Risk in LSP Contracts?

The main legal risk is drafting the LSP as an independent principal while operationally allowing it to act as the lender’s face before borrowers without proper oversight. This creates regulatory, consumer, data, recovery and mis-selling risk for both the RE and the fintech partner.


What is an LSP in digital lending?

An LSP is a service provider engaged by a regulated lender to perform one or more digital lending functions such as customer acquisition, underwriting support, servicing, monitoring or recovery.

Is LSP an agent of NBFC?

In borrower-facing digital lending functions, an LSP is generally treated as acting on behalf of the Regulated Entity. The RE remains responsible for oversight and customer protection.

Can LSP agreement be principal-to-principal?

It can define inter se commercial obligations as principal-to-principal, but this does not eliminate the RE’s borrower-facing regulatory responsibility.

Can LSP handle loan money?

As a compliance principle, LSP should not control the flow of loan disbursement or repayment funds between lender and borrower.

What documents are needed for an LSP arrangement?

A written RE-LSP agreement, due diligence documents, data-flow note, fund-flow note, customer journey, KFS process, grievance SOP, privacy policy, security controls and audit rights are essential.


Frequently Asked Questions

1. What is a Lending Service Provider?

A Lending Service Provider is an entity engaged by a Regulated Entity to perform digital lending functions such as customer acquisition, underwriting support, servicing, monitoring or recovery.

2. Is an LSP an agent or independent contractor?

For borrower-facing digital lending functions, the LSP is generally treated as acting on behalf of the Regulated Entity, even if the inter se agreement contains principal-to-principal language.

3. Can an LSP agreement be principal-to-principal?

Yes, for inter se commercial obligations. But such drafting cannot be used to defeat RBI compliance, borrower rights or RE responsibility.

4. Who is liable for LSP misconduct?

The Regulated Entity may remain responsible to borrowers and the regulator for LSP misconduct. The RE may separately claim indemnity from the LSP under the contract.

5. Can an LSP collect repayment from borrowers?

Loan repayment should ordinarily flow directly from borrower to the Regulated Entity. LSP control over fund flow creates serious compliance risk.

6. Can an LSP charge fees directly to borrower?

Direct or hidden borrower charges by LSP are risky. Charges must be transparent, properly disclosed and compliant with RBI’s digital lending framework.

7. Does an LSP need an RBI licence?

Not merely for providing technology or outsourced services. However, if the LSP carries on lending or regulated financial activity, separate licensing analysis is required.

8. What clauses must be in an RE-LSP agreement?

Scope, regulatory compliance, borrower disclosures, data protection, fund-flow restrictions, audit rights, grievance redressal, recovery conduct, subcontracting, indemnity and termination clauses are essential.

9. Can an LSP work with multiple lenders?

Yes, but multi-lender arrangements require transparent, fair and unbiased presentation of loan offers and clear disclosure of lender identity and loan terms.

The safest structure is a compliant outsourcing arrangement where the RE remains the lender, the LSP performs clearly defined support functions, fund flow remains direct between borrower and RE, disclosures are transparent, and the RE retains oversight, audit and intervention rights.


Conclusion

The agency versus principal-to-principal debate in digital lending cannot be solved by a drafting label alone. The real test is functional: what does the LSP do, whom does it represent, how does it interact with borrowers, who controls the loan journey, and whether the Regulated Entity retains oversight.

The commercially sensible approach is to define inter se obligations clearly while accepting the regulatory reality: in borrower-facing digital lending functions, the LSP acts on behalf of the RE, and the RE remains accountable.

A proper RE-LSP agreement should therefore balance commercial independence with regulatory control. It must protect borrower rights, ensure transparent disclosures, restrict fund-flow misuse, safeguard data, regulate recovery conduct, and preserve the RE’s audit and intervention rights.

In digital lending, the fintech may build the interface, but the regulated lender owns the responsibility.


Disclaimer

This article is intended for general legal awareness and educational purposes only. It does not constitute legal advice, regulatory advice, solicitation, advertisement or creation of an advocate-client relationship. LSP structuring depends on the business model, RBI-regulated entity type, loan product, fund flow, data flow, DLA design, recovery role, DLG/FLDG structure, outsourcing agreement and case-specific facts.

Setting up a Lending Service Provider in India requires legal structuring of the fintech entity, RBI digital lending compliance, NBFC-LSP agreement, borrower journey, fund flow, data flow, privacy policy, grievance redressal, recovery controls, Key Facts Statement integration, DLG/FLDG review and outsourcing safeguards. An LSP may support customer acquisition, onboarding, underwriting support, servicing, monitoring and recovery for a bank or NBFC, but should not misrepresent itself as the lender or control loan funds. A lawyer’s role in LSP setup includes identifying whether RBI registration is required, preparing business model and compliance notes, drafting the RE-LSP agreement, reviewing data protection and fund flow, and preparing NBFC onboarding documentation. This information is for legal awareness only and is not solicitation.

Leave a Comment

Your email address will not be published. Required fields are marked *