By Mahesh Shukla, Founder and CEO of PayMe
India’s digital lending story has never really been about speed. It’s been about trust—or more precisely, the long-standing absence of it.
For the better part of a decade, the country’s fintech sector has operated in a peculiar paradox. On one side, an explosion of digital credit access—the personal loan market alone touched $157 billion in 2025, with fintech-originated personal loan volumes crossing ₹97,381 crore in just the first half of FY26. On the other hand, a growing underbelly of predatory apps, offshore shell companies, and bad actors who have weaponised that very hunger for credit access, targeting students, homemakers, and low-income borrowers with blackmail, public shaming, and data extortion. These aren’t isolated incidents—they are symptoms of a market that scaled faster than its accountability infrastructure.
That, arguably, is the real problem the Reserve Bank of India is now trying to solve.
A Directory Is More Than a List
When the RBI operationalised the Digital Lending Apps (DLA) Directory on July 1, 2025, much of the initial commentary focused on it as a consumer grievance tool—a resource for borrowers to cross-verify whether an app is genuinely linked to a regulated entity. That reading, while accurate, undersells what this mechanism actually represents.
Think about what was missing before. A borrower in a Tier-2 city downloading a loan app had virtually no way to distinguish a licensed NBFC-backed product from a fly-by-night operation mimicking its branding. Fraudulent apps routinely claimed “RBI approval”—a claim that was, as the Fintech Association for Consumer Empowerment (FACE) had repeatedly flagged, entirely misleading since the RBI does not directly approve individual apps. The Directory inverts this dynamic entirely. Instead of the burden falling on consumers to detect fraud, it places the affirmative responsibility on regulated entities to register and maintain their DLAs on the RBI’s Centralised Information Management System (CIMS) portal. Non-presence on the list is now, functionally, a red flag.
This is not incremental tightening. It is a structural reset in how legitimacy is signaled—and for lenders operating in the formal system, it opens a window of competitive differentiation that didn’t exist before.
The Compliance-to-Credibility Conversion
Here is an insight practitioners in this space are beginning to articulate more clearly: regulatory compliance, for the first time, is becoming a visible, legible trust asset in the eyes of the borrower.
The 2025 RBI Digital Lending Directions, released in May 2025, went well beyond the DLA Directory. They mandated digitally signed Key Fact Statements (KFS) before every disbursement, explicit consent-based data collection, India-only data storage, and a prohibition on biometric data unless legally required. For multi-lender platforms, transparent disclosure of lender names, APR, tenures, and ranking logic became non-negotiable by November 2025. Chief Compliance Officers are now required to personally certify the accuracy of data submitted to CIMS—a move that places individual accountability at the senior-most levels of lending organisations.
These are not box-ticking exercises. Each of these requirements, taken together, reshapes the borrower’s experience in a way that communicates trustworthiness. Research consistently validates this. According to a PwC India study, 82% of Indian users cite data safety and transparency as the primary reason for staying loyal to a fintech platform. And according to NPCI’s User Behaviour Report, 73% of semi-urban users actively prefer fintech apps that display RBI or bank partnership icons during onboarding. The DLA Directory formalises exactly that visible association—except now it’s verified, not self-proclaimed.
The distinction matters enormously. In a market flooded with lookalike apps and copycat branding, having a verifiable regulatory footprint is the difference between a fleeting download and a long-term borrower relationship.
What This Means for the Investment Thesis
The fintech investment narrative in India has evolved considerably. Early-stage capital chased growth — user acquisition, disbursement volumes, and ticket sizes. By 2025, with projected fintech investments hitting the $10 billion mark, investor priorities have shifted toward sustainability, and within that, toward regulatory resilience. Funds that once assessed platforms purely on AUM growth are now scoring them on compliance infrastructure maturity.
The DLA Directory and the broader Digital Lending Directions framework accelerate this shift. Regulated, listed platforms are now more legible to institutional capital. The ability to point to RBI registration, DLA compliance, and CIMS-certified disclosures has become a due diligence conversation point, not just an operational footnote. More importantly, it affects unit economics: compliant platforms demonstrably see lower customer acquisition costs over time because they attract borrowers through trust rather than just discounting and marketing spend.
There’s also a market consolidation angle worth watching. As the regulatory floor rises, undercapitalised and non-compliant players will find it increasingly untenable to operate. That is, in effect, a structural tailwind for platforms that have invested in building proper compliance architecture — fewer bad actors distorting consumer perception, more borrowers gravitating toward verifiable lenders.
The Invisible Architecture of Borrower Confidence
For those building digital lending products for the next 200 million borrowers—the salaried professional in Bhopal, the self-employed trader in Patna, the first-time borrower in Nashik—the DLA Directory represents something more subtle but equally important: the beginning of a shared vocabulary of trust between borrower and lender.
Financial inclusion has always had a demand-supply mismatch at its core. About 87% of India’s 63.3 million MSMEs lack access to formal credit. Much of that gap is not just structural or geographic — it is rooted in an information asymmetry that makes potential borrowers wary of digital lending platforms altogether, especially after years of predatory app horror stories amplified across social media. When a borrower can now go to RBI’s website, check whether an app is listed, and proceed with some institutional assurance behind that verification, the psychological friction around digital credit drops. That is not a small thing.
RBI’s parallel initiatives reinforce this ecosystem — the National Cybercrime Reporting Portal, the 1930 helpline, the SACHET grievance platform, and MeitY’s powers under Section 69A to block fraudulent apps. Taken together, these constitute something resembling a trust infrastructure stack. The DLA Directory is its most borrower-facing layer.
The Road Ahead
None of this means the work is done. The digital lending market is projected to grow at a CAGR of 31.5%, reaching $2.45 billion by 2030 at the platform level. At that scale, trust infrastructure will be stress-tested repeatedly. New threat vectors will emerge — deepfake-based synthetic identity fraud is already rising, even as traditional predatory apps get squeezed. The agentic payments era, where AI initiates financial transactions on behalf of users, will introduce entirely new verification challenges that today’s frameworks will need to evolve to address.
But what the DLA Directory does—and this is its lasting contribution—is it establishes the foundational norm: that regulated digital lenders are identifiable, accountable, and verifiable by anyone, anywhere, in real time. For a market that has had no reliable way to separate signal from noise, that norm is not just regulatory hygiene. It is the precondition for scaling with trust. And in the long arc of India’s financial inclusion story, those two things—scale and trust—have never been more urgently in need of travelling together.
The fintech players who understand this will build accordingly. The ones who treat compliance as a cost centre will be left behind.