Overview
Digital credit is one of the fastest growing segments of the financial services market. Its defining features give it the potential to deepen financial inclusion but also to inflict serious harm if not carefully regulated. The risks to the borrower and the stakes for financial inclusion are highest in the personal digital credit segment, and it is here that the discussion in this chapter focuses.
This chapter maps the key risks and regulatory concerns arising in the digital credit domain, and offers guidance on the framing of regulations based on experience to date. We begin, in Section 2, with an overview of digital credit forms and characteristics, drawing out key regulatory implications and contrasting digital with traditional lending.
Section 3 deals with approaches to digital credit regulation. This includes the definitions and jurisdictional overlaps involved, the choice of regulatory regimes, and the issues arising at the limit (“perimeter”) of the financial authority’s remit. The placement and scope of regulatory authority raise questions that are answered quite differently across countries. On the one hand, small short-term loans by predominantly credit-only providers raise consumer protection issues but are not in themselves of concern to prudential regulators. On the other hand, the need for a framework of rules and oversight is clear from the widespread abuses and defaults associated with digital credit booms. Yet implementing such a framework faces challenges due to fragmented, overlapping rules and enforcement authorities.
Section 4 addresses the core risks to consumers raised by the provision of any type of credit – and given specific valence in digital lending. The discussion proceeds from the marketing and disclosure phase to screening and approval, product suitability, responsible lender behavior, credit reporting, and handling of complaints and disputes.
Section 5 considers regulatory approaches in critical areas that are often beyond the remit of the financial regulator: data privacy, digital security and fraud, and insolvency. Authorities need to take these issues into account, both for a complete picture of the digital credit market and to assess the likely impact of regulatory action.
Digital credit characteristics
Digital credit, defined simply as credit delivered by digital means, takes in a wide range of financing activity. On one end are loans that closely resemble traditional credit products but benefit from the efficiencies of digitization, especially larger digital loans with longer terms, such as SME and asset-based loans. Credit in this sense requires a credit history, an asset to be deployed as collateral, or some form of personal knowledge, reference, or guarantee. These things not only lend credibility to the borrower but undergird a loan’s value as an asset on the lender’s balance sheet. Newer forms of medium- to large-scale credit include Peer-to-Peer (P2P) lending, crowdfunding, and embedded finance offered on e-commerce platforms. These types of credit are handled digitally, using big data and algorithmic scoring similar to consumer credit, but undergo a more thorough approval process incorporating traditional elements such as credit assessment based on cash flow and security interests in business assets.
At the other extreme are digital consumer (or “personal”) loans – products that are native to the digital ecosystem. (Table 1 below summarizes their key features.) This type of lending largely dispenses with the traditional supports mentioned above. Big data, algorithms, and digital marketing and delivery are central to this model. Ensuring repayment depends on the borrower’s positive incentive of accessing a larger loan once the current one is paid, and the negative incentives of debt enforcement, penalty interest, delinquency reporting, and blacklisting. We include in the category of personal digital credit Buy Now, Pay Later (BNPL) products, i.e., point-of-sale installment loans that incur interest or fees under defined conditions (e.g. late payment). What we do not include as personal digital credit are products designed for micro and small enterprises – for reasons stated above – although some personal loans are in fact used for business purposes.1
Table 1. Key features of personal digital credit
| Instant | Loans are approved instantly, often within seconds. |
| Automated | Loan decisions are automated (no human review) and leverage alternative data (e.g., social media, behavioral data). |
| Remote | Account sign-up and application, disbursement, repayment, and queries are managed remotely, and often available 24/7. |
| Unsecured | No collateral, guarantee, cosigners or formal proof of income generally required. |
| Short term | Loan tenure can be as short as 1 week, typically 4 weeks or up to a few months. |
| Small value | First-time loans can be tiny (as low as $0.50) and then increase in value upon successful repayment. |
The distinctive features of personal digital credit2 make it accessible to ordinary people, who often want More+
quick and easy short-term funds to meet household (and MSE) needs. Digital credit leverages non-traditional data. This includes telecommunications data (voice, airtime); financial transaction data (mobile money usage); and social media data. These sources substitute for formal credit histories, standard requirements for traditional credit but lacking for many potential borrowers. Customers incur lower transaction costs and enjoy greater convenience due to near-instantaneous loan approval and disbursement. Further, using a digital channel can avoid interpersonal issues more common in face-to-face borrowing, such as harassment, social pressure, and corruption.
On the other hand, personal digital loans are often costlier than traditional consumer loan products or microcredit. Moreover, a precondition for many digital credit deployments is an existing subscription to mobile phone and mobile money (MM) services.3 Lastly, personal digital credit poses risks that are often distinctive and more severe than those arising in more traditional loans, including inadequate disclosure, unsuitable products that exploit behavioral vulnerabilities, over-indebtedness, data misuse, and fraud. These are discussed in more detail in section 4.
The digital credit market has grown rapidly in the past decade. By 2019, fintech and bigtech credit reached US $800bn globally, with Africa, Latin America, and Asia leading growth due to early mobile phone penetration. The global fintech credit market is projected to reach $4.9tn by 2030.4 Some illustrative personal digital credit deployments are summarized in Table 2 below.
Table 2. Examples of personal digital credit products
| Provider/ product | Category | Partnership | Launch Year | Loan size (USD) | Loan term | Customers | Markets |
|---|---|---|---|---|---|---|---|
| Tala | Mobile-based | MNOs, banks | 2011 | 10-1,000 | 21-90 days | 6 million | Kenya, India, Philippines, Tanzania, Peru |
| Branch | Mobile-based | MNOs, banks | 2015 | 2.2-1,200 | 1-12 months | 4 million | Kenya, India, Nigeria, Tanzania |
| Safaricom and NCBA: M-Shwari | Mobile-based | MNO (Safaricom), bank (NCBA) | 2012 | 0.78-7,751 | Up to 30 days | 6.5 million (FY24) | Kenya |
| M-Kopa: M-Kopa solar | Mobile-based and online | MNO (Safaricom, Vodacom, MTN), bank (NCBA) | 2011 | 0.70-350 | Up to 30 days | 5 million | Kenya, Ghana, Nigeria, Uganda |
| Kubo Financiero | Mobile-based and online | Financial institutions | 2012 | 1,200-5,000 | 4-36 months | 1,200 (FY24) | Mexico |
1. Izaguirre et al., RESPONSIBLE DIGITAL CREDIT: FRONTIER SOLUTIONS, CGAP May 2025, forthcoming [link]
2. Hereafter, for convenience, we sometimes use “digital credit” as shorthand for personal digital credit.
4. https://www.alliedmarketresearch.com/fintech-lending-market-A14263
Regulatory and supervisory approach
The remaining parts of this chapter address regulation from three angles. The present section maps the digital credit terrain and reviews approaches to jurisdiction, registration and licensing, and coordination across regulatory domains. The following two chapters respectively take on the core consumer protection issues in digital credit (section 4) and those matters that are critical to digital credit but often fall under other authorities (section 5).
Table 2 illustrates the types of firms and partnerships that offer personal digital credit. These are often banks and nonbank institutions issuing loans via mobile network and mobile money operators (MNOs and MMOs), fintechs, and general retail and service platforms. In some cases, digital loans are funded by investment in a firm that is not regulated by a financial authority, perhaps governed only by money lending or contract law. Some nonbank entities lend through apps without legal authorization – whether required or not – and in violation of consumer and data protection laws.
Digital credit thus cuts across traditional boundaries that define sectors and regulatory regimes. It may come within the jurisdiction not only of financial services, consumer, credit reporting, and competition agencies (as is true of traditional credit) but also agencies responsible for telecommunications, data protection, computing, and artificial intelligence (AI). The key question is how to create a consistent and comprehensive rule framework while ensuring that it does not stifle innovation. The answer must account for several variables such as:
- The rules on traditional credit,
- The defined object of regulation (institution or activity),
- The agency (or agencies) bearing primary responsibility for credit regulation,
- The extent to which licensing and prudential supervision apply to digital credit, and ,
- The regulatory perimeter.
Protecting the customer
The prevalent models of digital credit and the distinctive features of digital ecosystems heighten certain risks to the point where they are qualitatively different from those of traditional credit (see Table 3). How can regulation address these risks? This section considers this for each phase of the digital loan journey, from reaching the customer to screening and onboarding, product suitability, abuses in lending and collections, complaints, and credit reporting.
Table 3. Heightened consumer risks in personal digital credit
| Consumer risk | Example of how digital credit can exacerbate consumer risks |
|---|---|
| Lack of transparency | Hidden, misleading, and noncomparable disclosure of costs affects digital borrowers, who often have limited financial and digital literacy and are subject to high-pressure sales practices. A fifth of surveyed digital borrowers in Kenya and a quarter in Tanzania reported experiencing poor transparency in 2017. Poor transparency correlated with higher late repayment and default rates.1 |
| Behavioral vulnerabilities | Borrowers’ behavioral vulnerabilities expose them to more complex consumer risks in digital credit. |
| Unfair treatment | Lenders, credit bureaus and third parties may discriminate or blacklist debtors or not follow minimum responsible lending practices. |
| Third-party and network risks | Agents may engage in irresponsible practices (e.g. overcharges at loan disbursement, aggressive communications with borrowers). Network downtime may affect the borrower experience (e.g., failure to complete a repayment transaction). Other third parties may also engage in irresponsible practices (e.g., unethical debt collectors, apps with weak security that enable borrower data leaks). |
| Data misuse | Borrowers may have personal data collected or shared without consent or legitimate purpose, utilized for aggressive marketing, selling or debt collection. Over half of the largest digital loan apps in 2020 collected sensitive data.2The average data breach cost increased from USD 4.45 million in 2023 to USD 4.88 million in 2024, with 46% of breaches involving personal data.3 |
| Fraud | Fraudulent apps or platforms, phishing, spoofing, or fake SMS or websites may trick borrowers into sharing sensitive information (e.g., account numbers, PIN), transferring funds (e.g., loan “application” fees), or allowing access to other apps or device data. Around 40% of 1,200 survey respondents in Rwanda reported being targeted by fraudsters. Over 20% of banked individuals in Kenya, Nigeria and Uganda reported financial losses due to fraud, scams, or bribes.4 |
| Inadequate redress | Borrowers may find it harder to know where and how to complain and obtain redress as more actors participate in offering digital credit. For example, with BNPL products, customers may think the financing comes from the consumer goods company when it is actually provided through a partnership with a lender, potentially leading to confusion during the grievance/redress process. |
| Over-indebtedness | Greater vulnerabilities and risk exposures may lead to over-indebtedness, which can manifest in loan stacking (i.e., multiple borrowing within a short period to repay existing loans), skipping of meals, selling of assets or failure to pay children’s school fees. |
Complementary protections
Some of the risks to digital borrowers lie outside the financial regulator’s direct authority, or the regulator may have joint responsibility with another agency. In any case, these factors are important for the regulator to take into account, both for a complete picture of the digital credit market and its risks, and to assess the likely impact of regulatory action.
