The warning signs rarely show up in a compliance note.
They usually appear in an enthusiastic analytics review that everyone walked into expecting good news.
It’s a monthly performance meeting.
On the screen: a deck from the data science team titled, politely,
“Behavioural Segmentation – Early Results”.
The lead analyst walks the room through a slide:
· Response rates in a “high-probability” segment are up 35%.
· Roll-forward risk from a “high-friction” sub-segment has dropped after targeted limits.
· Cross-sell take-up in a “silent potential” group is much higher than the control.
People are pleased.
Someone from business says:
“This is exactly why we invested in advanced analytics.
We’re finally using all that data properly.”
Then a quieter slide appears.
A heat map of “low strategic value” customers:
· Low expected lifetime value.
· Higher predicted stress in a slow-down.
· Lower responsiveness to campaigns.
The bullet point is worded carefully:
“Strategic option: deprioritise engagement and future offers; monitor for early exit.”
Most people skim past it.
One person doesn’t.
The senior risk head asks:
“When we say ‘deprioritise’, what does that actually mean for a borrower who is paying on time?”
The analyst answers, honestly:
“No changes to contractual terms.
But they won’t be considered for upgrades, fee waivers, or proactive limit reviews.
They’re less likely to get offers even if they behave well.”
There is a small pause.
On the next slide, someone has written:
“All usage within existing consent and privacy policy.
No deviation from regulatory permissible purposes.”
The meeting moves on.
What nobody says out loud is the question that sits underneath many of these projects now:
“At what point does ‘better analytics’ become a quiet decision about which customers deserve a better financial life, even when they have done nothing wrong?”
You don’t meet that question in a model approval memo.
You meet it a year later, when:
· A regulator asks whether certain socio-economic groups are systematically getting fewer beneficial changes despite clean repayment histories.
· A Board member forwards a story of a long-standing customer who never got a rate drop while similar profiles did.
· An internal whistleblower hints that a project “effectively blacklists low-income segments from upgrades” even though the documentation never uses that word.
By then, “analytics vs overreach” is no longer a theoretical debate.
It’s a pattern you have to own.
In most institutions, the working belief sounds something like this behind closed doors:
“We are operating within RBI rules.
We have bureau and internal data with proper consent.
Our models are approved by governance.
As long as we stay inside the law and documented policy, using more data to sharpen decisions is not an ethical problem, it’s just good risk management.”
You hear versions of it in different rooms:
· In a product steering call:
“If we can identify customers more likely to churn or default, why wouldn’t we act on it? That’s the point of analytics.”
· In a marketing discussion:
“We’re not denying anyone their contractual rights. We’re just choosing where to invest offers and better terms.”
· In a legal review of a new data project:
“Purpose is credit risk management and legitimate business interest. We’re not straying into non-permissible uses.”
Underneath is a simple assumption:
· Ethics is handled by law + consent + high-level policy.
· Once those gates are cleared, analytics can explore the full possibility space.
The uncomfortable part is that credit in India already sits at the centre of power imbalances:
· Thin-file borrowers with less ability to shop around.
· Segments that don’t fully understand how scores and risk labels shape their future.
· An ecosystem where bureau and internal data are dense, persistent and hard to escape.
When you add powerful analytics on top of that, the question stops being “are we allowed to?” and becomes “what are we doing with that power?”
Overreach almost never begins with bad intent.
It starts with legitimate goals:
· Lower losses.
· Better targeting.
· More efficient capital use.
And then it quietly crosses a line.
One of the most common patterns now is customer value tiers that drive treatment.
Nothing wrong with that in principle.
But the way it’s implemented matters.
In one lender, the analytics team built a “strategic value score” combining:
· Profitability.
· Expected lifetime value.
· Cost to serve.
· Price sensitivity.
· A few bureau and behavioural attributes.
They then proposed treatment bands:
· High value → more proactive limit upgrades, faster approvals, fee waivers.
· Medium → standard treatment.
· Low → minimal offers, limited manual reviews, slower exception handling.
On paper:
· It was efficient.
· It did not alter contractual terms.
· It operated “within consent”.
In practice, over time:
· Certain geographies and occupations were over-represented in the low band.
· Their repayment behaviour was not materially worse; their income and product mix were simply less attractive.
· Even when they behaved well, they rarely saw rate drops, upgrades, or better terms.
Nobody defined an intention to permanently keep a segment on the lower rung of credit experience.
But the effect was close.
The internal product memo had a line:
“No differential contractual rights; only differential commercial treatment.”
From a spreadsheet, that’s true.
From a customer’s life, it’s a distinction without much meaning.
Another pattern is how bureau and alternative data get reused.
On paper, policies say:
· “Bureau data is used for credit decisioning, monitoring and permissible risk purposes.”
In practice, you see projects like:
· Using detailed bureau attributes and internal performance to create propensity models for non-credit products.
· Creating look-alike audiences for digital acquisition based on enriched credit profiles.
· Designing “nudge campaigns” where collections tone and timing are adjusted depending on a customer’s overall leverage and past stress patterns.
Individually, each initiative has a well-argued case.
Some stay within a reasonable interpretation of “legitimate interest”.
Some are much harder to defend if read slowly in front of a regulator or consumer body.
Most follow the same pattern in documentation:
· A slide in a use-case deck that says “All usage within existing consent and privacy policy; no new data sources.”
· A short note from legal: “Permissible, provided usage is restricted to risk and portfolio management.”
In execution, boundaries blur.
A model initially built to “detect early stress” ends up being used to decide which customers get cross-sell offers and which don’t, even when they are current on all obligations.
Nobody writes:
“We will use stress indicators to withhold beneficial products from segments we don’t like.”
But that’s what the combined effect can look like from the outside.
Advanced analytics now allow teams to segment customers finely based on:
· Transaction patterns.
· Geo and occupation signals.
· Device and usage behaviour.
· Combinations of bureau and internal attributes.
Again, in itself, segmentation is not unethical.
The challenge is when:
· Decisions with material life consequences (credit limits, restructuring options, rate reductions, collections posture) are shaped by segments that customers cannot see, understand or challenge.
· Two customers with identical repayment behaviour and basic profile receive very different opportunities or treatment because they diverge on a handful of opaque features.
In one bank, a collections experiment allocated customers to:
· “High empathy” path → softer scripts, more flexibility, more hardship options.
· “High firmness” path → earlier legal language, fewer waivers.
The assignment was based on:
· Past response behaviour.
· Bureau-level stress.
· A model that inferred “likelihood to contest or escalate”.
On the experiment dashboard, it looked like successful optimisation:
· Better resolution rates.
· Lower cost per cure.
On the ethics axis, no one asked in the initial meeting:
“Are we comfortable that a customer’s likelihood to raise their voice is part of how we decide how hard to push them?”
Later, when someone did ask, the room was less confident.
If the lines are being crossed, why doesn’t anyone see it early?
Because the way analytics work and are reported hides the ethical question in plain sight.
In many institutions, model documents and segmentation decks are treated as technical artefacts:
· “Scorecard v3.2 – documentation”
· “Segmentation scheme – Collections 2026 experiment”
The review questions are usually about:
· Predictive power.
· Stability.
· Data quality.
· Operational fit.
Very rarely are they about:
· “What kind of world are we building if we deploy this scheme at scale?”
· “Who consistently ends up on the wrong side of these cuts, even when they behave well?”
So the ethical dimension doesn’t get air-time at the moment of design.
It shows up later in case studies and complaints, when harm has already accumulated.
Analytics teams are measured, and rewarded, on:
· Lift vs baseline.
· Response and cure rates.
· Impact on loss, revenue, cost.
Dashboards for experiments and production models rarely include:
· Distribution of benefits or burdens across income, geography, occupation or gender where such proxies exist.
· Counts of customers who were systematically excluded from beneficial changes despite good performance.
· Any narrative on customer understanding of how decisions were made.
In one NBFC, the only fairness-related metric in early models was:
· “No variable using protected characteristics directly.”
That satisfies a very narrow definition.
It does not answer:
· “Are our proxies and segments effectively recreating the same boundaries under different names?”
Because these views are not exposed, senior rooms hear:
· “The model works well; Gini has improved.”
They do not hear:
· “The model also means a whole cluster of customers, who have done nothing wrong, virtually never see a rate drop.”
Model and analytics governance committees tend to have checklists:
· Data sources.
· Purpose.
· Regulatory compliance.
· Customer communication where required.
Ethical overreach usually sits in a different place:
· Not illegal.
· Not in direct violation of any circular.
· But uncomfortable when read in the light of long-term trust and social impact.
Because governance is not designed to hold that conversation, the default answer becomes:
“If legal and compliance are comfortable, and risk sees benefit, we should proceed.”
No one is formally tasked with asking:
· “Even if we can, should we?”
So the question gets raised informally, or not at all.
The institutions that take this seriously don’t abandon analytics or move to vague principles.
They do a few grounded things.
Instead of “more data is better”, they force each analytics initiative to answer:
· “What is the assumption about fairness behind this model or segment?”
For example:
· “It is acceptable to prioritise upgrades for customers who are both profitable and stable, as long as we do not worsen terms for others.”
· “It is not acceptable to use a customer’s likelihood to complain as a factor in how much hardship support we offer.”
These assumptions are not mathematical.
They are plain sentences.
In one bank, the CRO insisted that every major analytics artefact include:
· A short section labelled “Ethical boundary we are choosing”.
For a collections model, it read:
“We will not use attributes that explicitly or implicitly estimate a customer’s ability to make noise (education, complaints history, social media connectivity) in deciding whether to offer hardship options.”
For a cross-sell model:
“We accept that high-risk segments may see fewer new offers.
We do not accept that long-standing, clean segments in low-income categories are permanently excluded from upgrades.”
This did not solve everything.
It forced clarity.
Rather than generic bias audits, more experienced teams ask:
· “Across a year, which segments rarely get upgrades, fee waivers or rate drops, despite clean performance?”
· “Among customers who are declined, how many have no meaningful path to improvement because the reasons are built into their profile, not their behaviour?”
This isn’t always about protected classes.
In India, it often shows up as:
· Certain districts or PIN codes quietly getting fewer offers or harsher collections posture.
· Certain income bands or occupation codes almost never being deemed “strategic” even when they perform well.
· Certain channels (e.g., assisted, branch-led customers) being consistently left out of “best offers”.
Teams create simple internal views:
· A table that shows beneficial actions (upgrades, rate drops, hardship approvals) by broad segment.
· Not for publication. For self-awareness.
When you see, in one line, that:
· “Customers with these three occupation codes make up 15% of the book but only 2% of upgrades,”
the conversation changes.
In one institution, the Chief Risk Officer and Head of Compliance agreed a simple principle:
“We will occasionally block or modify an analytics use-case not because it is illegal, but because we are not comfortable living with it at scale.”
They did not use it often.
But its presence changed how teams designed.
Examples:
· A project that wanted to downrank hardship options for customers with low social visibility was stopped early.
· A proposal to use combined bureau, app and device signals to decide who would ever see a pre-approved line in the app was altered to guarantee a path for clean payers, regardless of segment.
The point wasn’t to make everything soft.
It was to signal that “within the law” is a floor, not the ceiling.
It’s tempting to keep the story simple:
“We have consent.
We use data within regulatory purposes.
Our models are documented and approved.
Analytics is about efficiency, not ethics.”
If you stay with that, the line between analytics and overreach will continue to be drawn:
· Late, after complaints and regulatory questions.
· Case by case, in response to specific incidents.
· Mostly by people outside your institution.
If you accept a more uncomfortable view:
· That in a credit system as dense as India’s, analytics now shapes who gets a second chance, who ever sees a better rate, and who is quietly left behind,
· That many of the decisions with the deepest human impact are now buried in segments and scores nobody can see or question,
· And that “permissible and profitable” is not the same as “something you would defend aloud in front of a regulator, a consumer body and your own Board”,
then the question changes.
It stops being:
“Are we legally allowed to use this data in this way?”
and becomes:
“If we applied this model or segmentation at scale for five years,
and then had to explain to a room of borrowers why some of them never saw better treatment despite doing everything right,
would we still be comfortable saying:
‘This is the system we chose to build’?”
Most institutions don’t ask that question when a model goes live.
The ones that do are not less data-driven.
They’ve just decided that the hardest boundary in analytics isn’t technical or legal.
It’s whether, when the system is read back as a story about real people, they can still sit in the room and call it fair.
27 Mar 2026
24 Dec 2025
26 Dec 2025