In our regular founder conversations at the intersection of finance and infrastructure, we recently met the team behind a startup tackling one of the murkiest corners of India’s lending system - how NBFCs pledge retail loans as collateral, and how that very mechanism is being gamed.

At first glance, it looked like compliance tech. But under the hood, it’s a story about trust, opacity, and systemic loopholes in how credit flows through the Indian economy.

Here’s what we unpacked.

The Problem: Collateral isn't always Collateral

Banks and large financial institutions often lend to NBFCs (Non-Banking Financial Companies), who then lend further to retail borrowers i.e shopkeepers, gig workers, truck drivers, etc.

To raise this capital, NBFCs pledge their retail loan receivables - the EMIs their customers are expected to pay — as collateral. This is called hypothecation. Hypothecation is the practice of pledging loan receivables (e.g., EMIs from borrowers) as collateral to a lender (usually a bank or wholesale financier) without transferring ownership. The NBFC keeps control of those receivables.

Sounds straightforward? It should be. But it’s not.

Unlike home loans or cars, these hypothecated receivables are invisible in most public registries. They’re not always tracked loan-by-loan. That opacity leaves room for NBFCs, especially the unscrupulous ones to exploit the system. This system breaks down when transparency is weak, especially in India where there’s no single loan-level public registry for hypothecated receivables leading to the following key loopholes:

Here are three common tricks:

1. Double Hypothecation (Duplication)

Let’s say NBFC-A has a loan to a shopkeeper in Indore. It pledges that loan to Bank-1 for ₹10 crore.

Quietly, it also pledges the same loan again to Bank-2 for another ₹10 crore.

Neither bank knows, because the registry isn't granular enough to catch the duplication.

CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest of India) does record charges filed under SARFAESI, but:

• Data is not granular to the individual loan level.
• Many NBFCs don’t file promptly or accurately. 
• There is no mechanism that allows banks to cross-verify loan-level pledges across multiple lenders unless someone manually audits the loan tapes and compares borrower IDs.

RBI’s Master Directions on NBFCs (Oct 2023) require asset classification and transparency, but do not mandate loan-level charge registration for every hypothecated loans. CERSAI filings are asset-level, not receivable-level, which leaves a blind spot.

2. Fictitious Loans (also called Phantom Lending)

In some cases, the loans pledged as collateral don’t exist. No borrower, no EMI, no repayment. Just an entry in Excel backed by false paperwork. Banks take that on face value until defaults pile up.

Banks typically review an Excel loan schedule or PDF with a summary of loans pledged; there is no real-time validation against a credit bureau or API-level pull of underlying loan data.

The NBFC can inflate the book without triggering any alarms, especially if the amounts are within tolerance limits.

There is no RBI-mandated API linkage between hypothecated loan pools and credit bureau databases (like CIBIL/CRIF). Loan verification is still manual or outsourced, often happening only at the time of a deal — not continuously.

3. Collateral Swapping

Even after a deal is signed, the NBFC may quietly remove high-quality loans from the pledged pool and replace them with lower-quality ones usually without informing the lender.

Most lending contracts don’t include real-time monitoring clauses. There is no continuous reconciliation of the pledged loan tape with actual EMI collections or credit bureau records. In the absence of technology, banks trust periodic reports sent by the NBFC often just PDFs or scanned summaries.

The Solution

The founders are building a risk monitoring and validation platform to tackle exactly this. On paper, this kind of infrastructure B2B tool that regulators, banks, and NBFCs should embrace. The team had deep experience in structured finance and BFSI technology.

Despite appreciating the problem and the thoughtfulness of the founders, we chose to pass the deal at this stage. Here’s why:

1. Regulatory Whiplash Risk

This feels like a problem that RBI should own. If regulators mandate granular charge registration or centralized loan validation (which they’ve shown signs of doing), the entire value prop could become redundant overnight.

2. Data Access is a Wall

The solution depends on NBFCs voluntarily sharing sensitive, possibly compromising data. That’s a big ask, especially in a system that often rewards opacity, not transparency.

3. Execution Gap

While the team had strong domain expertise, we didn’t see the complementary muscle needed to build and scale a SaaS business into slow-moving financial institutions. No pilots, no revenue yet, and limited clarity on GTM (go-to-market) strategy.

Final Word

We often meet startups that feel ahead of their time. This was probably one of them. 

We respect founders who tackle invisible, messy infrastructure problems but timing, regulation, and stakeholder incentives must align.

If RBI moves slower than expected or if banks decide to proactively invest in risk tools  this solution might still find a wedge. We’ll be watching closely.

In the meantime, we’re grateful for the conversation and our learnings out of it - thought our findings were worth sharing. This reminded us that in lending, as in life, the devil’s in the collateral.