Why Pakistan Needed Digital Lending Rules
Pakistan’s digital lending market grew quickly — and so did the complaints. High effective interest rates, harassment over delayed payments, undisclosed fees, and outright fraud were widespread. In response, the Securities and Exchange Commission of Pakistan (SECP) set out a clear regulatory framework for any Non-Banking Finance Company (NBFC) running a loan app. These rules apply to every licensed digital lender in Pakistan, including MoneyTap (operated by ZANDA Financial Services, SECP licence SECP/LRD/123/ZFSPL/2023-39). Apps that don’t follow them either lose their licence — or are operating illegally in the first place.
If you’ve ever wondered why some loan apps feel safe while others feel predatory, the answer is usually here: whether they follow these six rules.
The 6 SECP Rules Every Pakistani Borrower Should Know
Rule 1: No upfront deductions from your loan amount
The rule: A licensed digital lender cannot deduct service fees, processing fees, or any “upfront charges” from the loan amount before disbursing it to you.
What it means for you: When you borrow Rs.10,000, you receive Rs.10,000 — not Rs.7,500 with the rest taken as a “service fee”.
Why it matters: Predatory apps commonly took 20–30% as an “upfront service fee”, which is effectively an extra 25–40% APR hidden from the displayed cost. SECP outlawed that.
How to spot violations: If the amount disbursed to your wallet or bank account is less than the amount you approved on screen, the app is violating SECP rules.
Rule 2: One company, one app
The rule: A licensed NBFC can operate only ONE digital lending app on Google Play. Companies running parallel “Lite / Plus / Pro” variants are required to consolidate into a single master app within 90 days.
What it means for you: You won’t see the same lender hiding behind five different app names with different terms.
Why it matters: Some operators created multiple parallel apps to escape accountability — if one app accumulated bad reviews or complaints, they would simply push users toward the next clone. This rule closes that loophole.
How to spot violations: If you see the same NBFC operating “AppName”, “AppName Lite”, and “AppName Plus” simultaneously — that’s a violation.
Rule 3: Your data must stay in Pakistan
The rule: Per SECP Circular 15, borrowers’ personal data cannot be stored on cloud infrastructure outside Pakistan’s jurisdiction.
What it means for you: Your CNIC, photos, and personal data are protected by Pakistani law — not the law of some foreign country where servers might be located. Pakistani regulators can subpoena and audit your data; foreign-jurisdiction servers can’t be reached easily.
Why it matters: Without this rule, your sensitive data could end up on servers in countries with weaker privacy protection. Pakistani residents deserve Pakistani-jurisdiction data protection.
How to spot violations: Hard to verify from outside the app, but if the app appears on the SECP whitelist, it meets this requirement by definition.
Rule 4: No access to your contacts, photos, or SMS — even with your consent
This is the single most important rule. SECP explicitly prohibits digital lenders from accessing your phone’s contact list, photo gallery, or SMS messages — even if the borrower agrees in the permissions dialog.
What it means for you: When you install a legitimate Pakistani loan app, it cannot ask for these permissions. If it asks — and especially if it refuses to function without them — it’s operating illegally.
Why it matters: Predatory apps were using contact lists to harass borrowers’ friends, family, and colleagues if a payment was late. They scanned SMS to assess income, and scraped photos to use for shaming. This rule eliminates the legal basis for all of that in Pakistan.
How to spot violations: When you install the app, check the permissions list (Android shows it before install). Licensed apps need only Camera (for CNIC photo) and Notifications. If you see Contacts, full Storage access, SMS, or “Phone state” requested — uninstall immediately.
Rule 5: Mandatory Key Fact Statement in English AND Urdu
The rule: Every loan must show a Key Fact Statement (KFS) summarizing the cost — markup rate, total repayment, fees, late penalties — in both English and Urdu, delivered through video/audio, screenshot, and email/SMS confirmation.
What it means for you: You have a clear record of exactly what you agreed to, in your language, before accepting the loan.
Why it matters: Pakistani borrowers were sometimes shown English-only legal terms they couldn’t fully understand, then held to those terms later. The Urdu requirement closes that comprehension gap. The multi-channel delivery (video + screenshot + SMS) ensures you can refer back later.
How to spot violations: If the cost summary is shown only in English, or you cannot find a clear KFS before confirming the loan, that’s a violation.
Rule 6: Loan terms cannot change without your consent
The rule: Once you agree to a loan with specific terms (amount, tenure, markup), the NBFC cannot unilaterally change those terms after disbursement.
What it means for you: If you signed for Rs.10,000 at 30 days with a specified markup, that’s exactly what you owe — the app cannot retroactively add fees, extend your obligation, or “recalculate” the amount upward.
Why it matters: Predatory apps were known to change terms mid-loan to extract additional money — adding surprise fees, claiming the disbursement was actually a “partial” loan, or extending tenure without telling the borrower. This rule makes all of that illegal.
How to spot violations: If you receive a notification saying “due amount has been recalculated” or “extra fees added” — and you never agreed to those changes — that’s a violation.
How to Verify Any Loan App is SECP-Licensed
Before downloading any loan app in Pakistan, take 60 seconds to do this:
- Open the SECP official whitelist: Digital Lending Apps approved by SECP
- Search for the app name or the operating NBFC name
- If it’s on the list — it’s licensed and required to follow the 6 rules above
- If it’s not on the list — it’s operating illegally in Pakistan; do not install
The SECP maintains this list and updates it regularly. There is no shortcut around this check.
5 Red Flags to Watch for Before Installing
When you can’t immediately check the whitelist, these are signs an app is likely operating outside Pakistani law:
- Asks for Contacts, Storage, or SMS permissions during install — Pakistani-licensed apps don’t need these
- Disburses less than the approved loan amount — explicit violation of upfront-deduction rule
- Shows cost summary in English only — must show Urdu
- No verifiable physical office or NBFC name in Pakistan — legitimate lenders are registered
- The same company appears under multiple app names on Google Play — violation of one-app rule
Any one of these is a red flag. Two or more, and you should walk away regardless of how attractive the offer looks.
What to Do If an App Violates These Rules
If you’ve used an app that violated SECP rules:
- Stop using it — document the violation with screenshots of any harassment, unexpected charges, or permission requests
- File a complaint with SECP — visit secp.gov.pk and use the official complaint portal
- Report the app on Google Play if it’s still listed
- Contact your bank or wallet provider if money was deducted beyond what you agreed
The SECP has the authority to revoke licences, fine operators, and refer cases for prosecution. Borrower complaints are taken seriously and contribute to enforcement.
Note
This article explains SECP regulations in plain language for general consumer education. All procedures, amounts, and terms in any digital lending app are subject to the actual in-app experience at the time of application. For binding regulatory interpretations, refer to the official SECP documents linked above.