Recovery Harassment: What's Illegal & What To Do
A loan app threatened to email a Bengaluru borrower's office "from 1 PM today" — what the RBI rules actually say
When a salaried borrower in Bengaluru fell behind, four loan apps — PaisaOnSalary, Qualoan, SnapPaisa and PaisaInTime — allegedly turned to his workplace and phone. What the RBI Fair Practices Code bars, and how to file an RBI or cybercrime complaint against a loan app.
A loan app called SnapPaisa, operated by Ampire Finance Pvt Ltd, is alleged in a documented borrower complaint to have set a clock: pay immediately, or "employment verification emails to your office from 1 PM today." The borrower — a salaried man in Bengaluru — had a job, a desk, and colleagues. That is what was being held over him.
He is not alone. The same evidence file describes three more lending brands reaching past the borrower toward the people he works with and the phone in his pocket. None of this is about the interest rate. It is about a recovery tactic the RBI Fair Practices Code does not allow: turning your workplace into a pressure point.
Here is the part worth saying plainly first. The threat works only because most borrowers do not know the rule. Once you know it, the threat is not leverage — it is evidence.
What the documents and complaints describe
The conduct below is set out as it appears in the borrower's own emails and screenshots, or — where marked — as alleged in a documented borrower complaint. Where call logs exist, they are described as documented.
- SnapPaisa (operated by Ampire Finance Pvt Ltd) is alleged to have threatened to send "employment verification emails to your office from 1 PM today" unless the borrower paid immediately — a manufactured deadline aimed at his workplace.
- PaisaOnSalary (operated by Aman Fincap Ltd) is alleged, in a documented borrower complaint and a screenshot, to have emailed the borrower's workplace colleagues, disclosing his "default" and his employment details to pressure repayment.
- Qualoan (operated by Naman Finlease Pvt Ltd) is alleged to have emailed the borrower's employer's staff seeking "employment verification" over an unpaid loan.
- PaisaInTime (operated by Sawalsha Leasing & Finance Pvt Ltd) generated documented call-harassment: roughly 16 missed calls in 9 minutes, and repeated pressure calls.
Read those four together and a single tactic emerges. "Employment verification" sounds procedural, almost reasonable — like a form an HR department might process. It is not procedural when it is timed to a payment deadline and aimed at the one place a borrower most fears exposure: the office where he earns the salary that is supposed to repay the loan. The pressure is not the verification. The pressure is the fear of what colleagues and managers will think.
This sits within a much larger problem. The Government of India has blocked 600+ predatory digital-lending apps, and the RBI has issued repeated advisories about offshore and unregistered operators. But the brands above are operated by companies that present themselves as registered NBFCs. The lesson of this file is that a recovery email to your colleagues is not made lawful by a registration certificate. The Code applies to the regulated entity and everyone collecting on its behalf.
Know your rights: what the RBI Fair Practices Code actually says
The RBI's Fair Practices Code for lenders and its directions on recovery agents are not vague guidance. They draw hard lines. If you take only a few facts from this article, take these.
Calls only to you — never your office, family or references. A lender and its recovery agents may contact you, the borrower. They may not contact your employer, colleagues, family, friends or references, and they may not disclose your debt to any of them. An email to your workplace colleagues announcing a "default", or an "employment verification" email sent to your employer's staff as a collection tactic, is precisely the kind of third-party contact and debt-disclosure the Code prohibits.
Only between 8 a.m. and 7 p.m. Recovery contact is permitted only during those hours. Calls before 8 a.m. or after 7 p.m. are not allowed.
No harassment by volume. Recovery must be by lawful means. Persistently and repeatedly calling — a barrage like roughly 16 missed calls inside 9 minutes — is the kind of conduct the Code is meant to stop. Recovery is not supposed to feel like a siege.
No abuse, no threats, no public shaming. Agents may not use threatening or abusive language, intimidate you, or humiliate you publicly or in front of others. Exposing your debt to people you work with is a form of exactly that.
The APR must be disclosed. Before you borrow, the lender must give you a Key Facts Statement stating the full cost as an Annual Percentage Rate. You are entitled to know the real price of the loan up front.
The Regulated Entity is accountable for its agents. A lender cannot hide behind a recovery vendor or a call-centre. If an agent collecting on the loan breaches the Code, the Regulated Entity (RE) — the NBFC — is responsible. The buck stops with the licensed company.
And the point that defuses the most common threat of all: inability to repay a loan is, by itself, a civil matter. You cannot be jailed simply for being unable to pay. So when a caller says you will be "arrested" over a defaulted instalment, that threat is not a statement of law — it is itself a form of unlawful pressure. (This is general information, not individualised legal advice, and specific situations such as cheque dishonour or alleged fraud can differ.)
Notice what this means for the SnapPaisa-style deadline. "Pay by 1 PM or we email your office" is not a lawful escalation you must race to beat. The email to your office is the thing the rule forbids. The threat to send it is the misconduct — not a consequence you triggered by being late.
What to do the moment your office is threatened
You do not have to argue the law with a recovery agent. You have to document and report. Both are easier than they sound.
1. Keep the evidence. This is the single most important step, and the borrower in this file did it well. Save the call logs that show the volume and timing of calls. Save the emails sent to your colleagues or your employer's staff — including headers and timestamps. Screenshot any message that threatens to contact your office, your family or your references. A run of 16 missed calls in 9 minutes is not just distressing; once captured, it is proof.
2. Write to the grievance officer. Every regulated lender must publish a grievance officer's contact. Send a short written complaint: state that contacting your employer, colleagues and references and disclosing your debt to them breaches the RBI Fair Practices Code, instruct them to communicate only with you, in writing, within lawful hours, and demand they cease all third-party contact. Keep a copy. This starts the clock.
How to report it
There is a clear ladder of official channels. Use them in order, and lean on the cyber-crime route immediately if your data has been exposed or you are being threatened.
- The lender's grievance officer first. Raise your complaint in writing and wait 30 days. This step is required before you can escalate to the RBI Ombudsman, and it puts your objection on record.
- RBI Ombudsman via the Centralised Receipt and Processing Centre (CRPC). If the lender does not resolve your complaint within 30 days, escalate to the RBI Ombudsman through the CRPC. This is the RBI's formal redress mechanism for conduct by regulated entities.
- RBI Sachet — sachet.rbi.org.in. Report the entity or the practice on the RBI's Sachet portal, which the RBI maintains for complaints and information about lenders.
- National Cyber Crime Reporting Portal — cybercrime.gov.in, helpline 1930. If your personal data has been exposed, if colleagues' or contacts' information has been misused, or if there is blackmail or criminal harassment, file on cybercrime.gov.in or call 1930. Do this without waiting for the 30-day cycle.
- A consumer commission. You also have the right to take a deficiency-in-service or unfair-practice complaint to the appropriate consumer commission.
Whichever route you use, attach your saved logs, emails and screenshots. Documented evidence is what turns "they harassed me" into a complaint a forum can act on.
This is one pattern in a wider file
Employer-contact pressure is one chapter of a larger evidence file on how some app-based lenders behave when repayment slips. The same investigation documents undisclosed costs and rollover structures across other brands — see the wider investigation for the full picture, and a separate case in this series on how borrower data ends up in mass emails. The throughline is simple: registration does not license the recovery tactics described here, and the rules that protect you are the same in every one of these cases.
If you are facing this right now, start with the two steps that cost nothing and protect you most: save everything, and put your instruction to the grievance officer in writing. The threat to email your office is not a countdown you have to beat. It is evidence of a breach — and the channels above exist precisely so you can act on it.
Any company named in this article may submit a factual correction or response through our right-of-reply channel.