This area of lending needs greater parity at a time of heightened regulatory scrutiny, writes Nishant Kotak, DSP Finance’s head of legal
Co-lending in India was designed as a straightforward partnership, i.e. banks bring capital while non-banking financial companies (NBFCs) bring reach. That model is now under closer regulatory scrutiny. The focus has clearly shifted from whether these arrangements exist to how they operate in practice, particularly around customer ownership, credit decision making, and who ultimately carries and manages risk.
For digital-first NBFCs, this is less about restriction and more about recalibration. Structures that were built for speed, scalability and capital efficiency now need to demonstrate that they are transparent, well governed and sustainable under ongoing supervisory review. In practical terms, this means moving away from models that rely heavily on contractual protections towards those that reflect genuine shared accountability.
This shift is consistent with the Reserve Bank of India’s (RBI) original intent under its circular dated 5 November 2020, titled “Co-Lending by Banks and NBFCs to Priority Sector” (commonly referred to as the 2020 co-lending model, or the CLM circular).
The framework was designed to promote joint origination and proportionate risk sharing at the loan level, not simply balance sheet optimisation. What has changed now is the level of scrutiny applied to ensuring that this intent is actually reflected in how co-lending partnerships are structured and executed.
Regulatory undercurrent
The framework in the CLM circular was designed to align incentives, i.e. banks contributing low-cost capital, NBFCs bringing origination strength and credit underwriting expertise. Over time, however, the edges blurred. Structures evolved to accommodate first-loss protections, synthetic exposures, and increasingly outsourced customer journeys.
In parallel, the rise of digital lending introduced new variables platform-led sourcing, application programming interface-based underwriting, and fragmented customer touchpoints.
Regulatory communications from the RBI in the past two years signal a clear transition, from enabling co-lending as a model to interrogating how it is executed in practice. The emphasis has moved to substance over form, who truly owns the customer relationship, who exercises underwriting discretion, and whether economic risk aligns with accounting exposure.
This intent becomes evident when the 2020 CLM circular is read together with RBI/2022-23/111 dated 2 September 2022 (Digital Lending Guidelines), RBI/2023 24/41 dated 8 June 2023 (DLG Guidelines), and the draft to final evolution of the Master Directions on Outsourcing of Financial Services (Press Release 2023-2024/1180, dated 26 October 2023).
Collectively, these instruments limit tolerance for structures that rely on contractual form rather than economic substance.
Faults in co-lending structures
Several structural tensions have come to the fore under this renewed scrutiny.
(1) Risk sharing v risk shifting. The foundational premise of co-lending is proportional risk sharing. Yet, in practice, structures often drifted towards asymmetric protection most notably through first loss default guarantees (FLDGs). While FLDGs served as a credit enhancement mechanism, their overuse risked diluting the principle of shared exposure. The regulatory discomfort is evident, i.e. where one party is effectively insulated, the arrangement begins to resemble a synthetic transfer rather than co-origination.
(2) Balance sheet neutrality, capital efficiency. Certain models were engineered to optimise capital treatment, minimising on-balance sheet exposure for one participant while retaining economic upside. These constructs, while commercially appealing, raise questions about true risk ownership. The regulatory position increasingly looks through such arrangements, assessing whether they achieve outcomes inconsistent with prudential intent.
(3) Customer interface ambiguity. In a digital origination ecosystem, the customer’s journey is often mediated through NBFC platforms or fintech interfaces. In co-lending arrangements, this creates a layered relationship; the bank provides capital, but the NBFC controls onboarding, servicing and communication. Without clear delineation, this leads to blurred accountability, particularly in areas such as disclosures, grievance redressal and consent architecture.
(4) Outsourcing v partnership. A recurring theme in supervisory observations is the fine line between co-lending and outsourcing. Where the bank’s role is reduced to passive capital deployment, with limited involvement in credit decisioning or monitoring, the structure risks being recast as an outsourcing arrangement bringing with it a different and more onerous compliance framework.
These fault lines are no longer merely structural or conceptual. They now have direct balance sheet and governance consequences for both banks and NBFCs.
Capital, accounting, governance
The co-lending reset now has clear balance sheet consequences for both banks and NBFCs. Regulatory benefits can no longer be achieved through guarantees or contractual protection alone.
Capital and provisioning outcomes increasingly depend on who truly bears the risk and participates in credit decisions. With borrower-level classification and
provisioning now aligned between co lenders, one party can no longer treat the exposure as inherently safer than the other.
For NBFCs, co-lending is no longer balance sheet light; retained exposure consumes capital and demands sharper pricing discipline. For banks, it requires active involvement in underwriting and monitoring rather than passive capital placement.
Governance expectations follow naturally. Regulators are focused on control, who approves loans, who monitors them and who bears responsibility when outcomes deteriorate.
Compliance expectations
The intersection of co-lending and digital lending is where the reset becomes most pronounced. The digital lending guidelines have redefined expectations around transparency, data governance and customer protection. When superimposed on co-lending structures, they introduce a layer of compliance convergence that cannot be addressed in silos.
Seen in a global context, the RBI’s co lending reset is not exceptional but convergent. Comparable post-crisis frameworks in the EU and the US emphasise mandatory risk retention and substance-over-form supervision to curb originate-to-distribute excesses.
Minimum retention thresholds and prohibitions on synthetic risk insulation mirror the RBI’s insistence that co-lending reflect genuine loan level risk sharing rather than contractual arbitrage.
For instance, the requirement that loan disbursals and repayments flow directly between the regulated entities and the borrower challenges earlier routing constructs. Similarly, enhanced disclosure norms particularly around lender identity and loan terms necessitate a reworking of front-end interfaces in co-lending journeys.
Perhaps more significantly, the guidelines reinforce the principle that regulated entities cannot outsource core decision making. In a co-lending context, this requires both the bank and the NBFC to demonstrate active participation in underwriting and credit evaluation, even where processes are technology enabled.
FLDG, credit enhancement
Few aspects of co-lending have attracted as much attention as FLDG arrangements. While not prohibited, their contours have been tightened both through explicit guidance and supervisory signalling. The emphasis is on ensuring that such structures do not undermine the integrity of risk sharing.
From a structuring perspective, this calls for restraint and clarity. Credit enhancements must be calibrated, transparently documented, and aligned with regulatory expectations on capital recognition. More importantly, they must not become a substitute for robust underwriting.
In practice, this has led to a re-evaluation of portfolio-level guarantees, dynamic top-ups and other mechanisms that could be perceived as shifting risk disproportionately. The direction of travel is clear; co-lending must reflect genuine co-investment, not engineered insulation.
Control, oversight, “who decides”
A recurring regulatory theme is controlling who originates, underwrites and monitors. In a compliant co-lending structure, these functions cannot be concentrated entirely with one party.
For banks, this necessitates deeper integration beyond capital allocation into credit frameworks, policy alignment and monitoring systems. For NBFCs, particularly those with strong digital capabilities, it requires a willingness to open their underwriting models to scrutiny and, where necessary, harmonise them with bank expectations.
This is not merely a legal exercise. It is operational. It requires interoperable systems, shared data standards and governance forums that enable joint decision making without diluting accountability.
Regulatory durability
In the current regulatory environment, compliance is no longer achieved through documentation alone. It must be built into the operating model. At the heart of any sustainable co-lending arrangement is a clearly defined and mutually agreed framework between partners, covering how risk, control and customer ownership are shared in practice. The following design principles are therefore less best practices and more foundational requirements.
(1) Symmetry in risk, reward. Co-lending must reflect genuine alignment of incentives. This requires both parties to maintain proportionate exposure at the loan level, coupled with transparent and consistent revenue sharing. Structures that create artificial protection for one party, whether through excessive guarantees or embedded asymmetry, are unlikely to withstand scrutiny. Partners must explicitly agree on how risk is originated, shared and managed throughout the lifecycle of the loan.
(2) Clear customer ownership frameworks. A critical element of the partnership is clarity on who “owns” the customer at each stage. This goes beyond disclosure and must be operationally defined, covering onboarding, servicing, grievance redressal and data management. A well-structured arrangement will clearly delineate roles, while ensuring that both lenders remain visible and accountable to the borrower. Ambiguity at the customer interface is one of the most common points of regulatory concern.
(3) Integrated governance mechanisms. Effective co-lending cannot operate on loosely co-ordinated processes. It requires formal governance structures agreed upfront, including joint credit committees, shared risk dashboards, escalation protocols and periodic portfolio reviews. These are essential not just for risk management but to demonstrate to regulators that both partners are actively involved in decision making and oversight, rather than operating in silos.
(4) Technology as an enabler, not a black box. Technology is central to scaling co-lending, particularly in digital models, but it must be transparent. Both partners must have visibility into the underwriting logic, decision rules and portfolio performance. Systems should be designed for auditability and explainability from the outset. The technology architecture itself should be jointly understood and agreed on, rather than treated as a proprietary “black box” of one partner.
(5) Alignment with digital lending, regulatory norms. Compliance must be embedded at the design stage, particularly in areas such as fund flow, disclosures and customer consent. This requires upfront agreement on how processes will align with digital lending guidelines, outsourcing norms and credit reporting requirements. Retrofitting compliance after scale is achieved is no longer a viable strategy.
Taken together, these elements reflect a broader shift from structuring co-lending arrangements for efficiency to structuring them for regulatory durability. This direction is reinforced by the Reserve Bank of India (Co-Lending Arrangements) Directions, 2025 (dated 6 August 2025), which expand co-lending beyond priority sector lending and formalise expectations around exposure retention, disclosures, default loss guarantees and asset classification.
What these directions make clear is that co-lending is no longer just a commercial arrangement; it is a jointly governed framework. Its sustainability depends on how well both partners align on structure, execution and accountability from the outset.
Imperative for NBFCs
For high-growth NBFCs, particularly those built on digital rails, the co-lending reset presents a strategic inflection point. The instinct to optimise for speed and scale must now be balanced with the discipline of regulatory alignment.
This is not without trade-offs. Tighter structures may temper short-term growth or compress margins. But they also unlock more sustainable partnerships where banks are willing to commit capital with confidence in the underlying framework.
In the author’s experience of scaling a digital lending business, the most enduring partnerships have been those in which structuring conversations extend beyond documentation into shared philosophy on credit, customers and compliance. The legal architecture, in that sense, becomes an expression of strategic alignment rather than a constraint on it.
Looking ahead
The future of co-lending in India is unlikely to be defined by regulatory arbitrage. The direction is firmly towards architectural integrity structures that are transparent, balanced and aligned with prudential intent.
This does not diminish the role of NBFCs. If anything, it reinforces it. Their ability to originate, underwrite and service credit, particularly in digitally enabled segments, remains central to the ecosystem.
What is changing is not the appetite for collaboration, but the tolerance for structures where responsibility is opaque and risk is asymmetrically absorbed. The reset calls for more thoughtful structuring, deeper collaboration and a willingness to engage with regulation not as an external constraint, but as a design parameter.
In that shift lies the opportunity to build co-lending models that are not only scalable but also defensible.
Nishant Kotak is the head of legal at DSP Finance, an NBFC lender with USD24 billion in assets under management.
