DPDP for NBFCs and wealth firms: consent across LOS, core, bureau, and advisory

TL;DR Lending and wealth estates are a mosaic of LOS, core/LMS, CRM, bureau and KYC rails, collections, partner channels, and execution platforms. DPDP still expects one coherent notice-and-consent story for the client. Bolting privacy into a single supplier’s module leaves bureau pulls, MF RTA flows, and open-finance paths structurally “out of scope.” Kavach is modeled as a cross-cutting layer—APIs, webhooks, optional in-browser assist—not a replacement LOS feature.

NBFCs and wealth managers rarely operate from a single screen. A typical estate mixes loan origination (LOS), core / LMS, CRM, credit bureau and KYC utilities, collection and partner apps, and—on the wealth side—risk profiling, advisory disclosures, and execution / custodian interfaces. The Digital Personal Data Protection Act still expects one coherent story for clients: what was collected, for which purpose, and how optional uses can be withdrawn.

This article mirrors the structure and diagrams on the Kavach financial services solution page (also published at dpdpkavach.netlify.app/solutions/financial)—use it with compliance, risk, and distribution when you map your real stack.

What you’ll take away

Why “LOS-only” or “core-only” privacy fragments when bureau, MF APIs, and partners sit outside that box.
A reference topology (vector sketch) plus six Mermaid figures: estate + Kavach, governance contrast, lending and wealth journeys, external-call wrapper, lawful-basis fork.
A touchpoint map from lead to ledger (and wealth lifecycle) in a scroll-friendly table.
How regulatory and fraud processing stays segregated from marketing consent in evidence—and what boards usually probe.
How client portal, collection surfaces, and audit exports stay aligned when grievances hit the nodal officer or social channels.

Reference topology (vector sketch)

Illustrative boxes · not a network diagram to scale

The LOS is strong at sanctions, covenants, and document checklists. Core banking or LMS holds balances and schedules. But personal data also moves through bureau pulls, e-KYC rails, call-centre diallers, DSAs and BC tablets, wealth research portals, and MF / broking APIs. If consent screens and audit trails live only inside one of those boxes, every upgrade, every new partner API, and every cross-sell campaign becomes a patchwork—and your client portal may tell a different story than what operations actually did.

Kavach is deliberately separate: one versioned record of notices, purposes, consents, withdrawals, and rights requests—pushed to the systems that need to act on it—so compliance, risk, and distribution can agree on a single narrative under the DPDP Act.

Fig. 1 Typical estate + Kavach illustrative · vendor names vary

flowchart TB subgraph finmosaic["Common systems - often different vendors and ages"] fLOS["LOS / loan origination"] fCORE["Core banking or LMS"] fCRM["CRM and campaigns"] fBUR["Credit bureau APIs"] fKYC["e-KYC and CKYC utilities"] fCOL["Collections and dialler"] fWTH["Wealth OMS and research"] fEXE["Execution custodian MF APIs"] end fKV["Kavach - notices consent client portal audit"] fEXT["Optional browser layer on legacy web LOS or CRM"] fLOS --> fKV fCORE --> fKV fCRM --> fKV fBUR --> fKV fKYC --> fKV fCOL --> fKV fWTH --> fKV fEXE --> fKV fEXT --> fKV fKV --> fLOS fKV --> fCORE fKV --> fCRM fKV --> fCOL fKV --> fWTH fKV --> fEXE

Server integrations carry authoritative state; the browser layer is for places where staff still work inside older web UIs—consent checks and notice prompts appear without waiting for a full LOS rewrite.

Fig. 2 Why “LOS-only privacy” fragments governance view

flowchart LR subgraph finrisk["Privacy owned by LOS vendor"] fA["Upgrade breaks consent UX"] fB["Bureau and MF rails out of sync"] fC["Client sees mismatched history"] end subgraph finfix["Separate accountability layer"] fD["Stable owner across vendors"] fE["Same purpose map at bureau and RTA"] fF["Portal matches operations"] end

When privacy is treated as a module inside one supplier, every adjacent channel—especially open finance and wealth execution—becomes an exception. A separate accountability layer shrinks that exception list.

Where personal data appears—from lead to ledger

The table blends NBFC / lending and wealth / advisory realities. Use it with compliance and risk to map purposes and lawful bases; Kavach operationalises notices and evidence—it does not replace legal interpretation or regulatory guidance.

Touchpoint	What typically happens (NBFC & wealth)	Notice & consent themes
Digital acquisition & leads	Website or app enquiry, calculators, webinar sign-ups, WhatsApp journeys. Wealth: investor education funnels.	Separate service vs marketing use; cookie / analytics where applicable; clear opt-in for outbound campaigns.
KYC & onboarding	PAN, Aadhaar / Digilocker, video PD, CKYC fetch, address proof. Wealth: additional suitability pre-checks.	Identity verification purpose; CKYCR / KUA sharing; retention; re-KYC refresh notices; FATCA-CRS declarations where in scope.
Credit appraisal & underwriting	Bureau pulls, bank statement analytics, employer / trade references, psychometric tests for small-ticket loans.	Explicit consent for bureau and alternate data; purpose tied to underwriting only; soft vs hard inquiry disclosure; withdrawal if application dropped.
Sanction & documentation	Key facts, loan agreement, co-borrower / guarantor packs, e-sign workflows.	Contract performance vs optional ancillaries (insurance cross-sell); visibility of obligations to joint applicants.
Disbursement & account opening	Tranche release, escrow, NACH / e-mandate, virtual account tagging.	Payment processing; SMS / email alerts; partner bank data minimisation.
Servicing & lifecycle	EMI changes, prepayment, NOC, interest resets, limit enhancements.	Account servicing communications; preference centre for channels; documentation of material changes.
Collections & restructuring	Dialler, field agents, settlement letters, legal notices, one-time restructuring schemes.	Fair collection practices; third-party agency scope; recording rules if calls are stored; sensitive hardship data.
Wealth: suitability & risk	Risk questionnaires, investor categorisation, goal planning notes, annual suitability refresh.	Advisory vs execution-only clarity; risk warnings; documented client answers tied to recommendations.
Wealth: advice & execution	Scheme / product selection, MF KYC at RTA, DP instructions, broking orders, insurance referrals.	Product-specific disclosures; consent for each product line; best-interest / regulatory disclosure packs as applicable.
Reporting & family access	Consolidated statements, family office views, POA / mandate holders viewing portfolios.	Confidentiality; authority of representatives; segmentation of what each viewer may see.
Partners & channels	DSAs, BC networks, corporate anchors, account-aggregator flows, referral partners.	Data shared with which partner, for which purpose, and for how long; revocation when relationship ends.
Contact centre & messaging	Inbound service, proactive EMI reminders, fraud verification calls.	Channel preferences; do-not-call alignment; verification without over-collection.
Compliance, fraud & regulatory	RBI reporting, AML monitoring, sanctions screening, litigation holds, cyber incident response.	Grounds other than marketing consent—legal obligation, legitimate uses—must still be documented and segregated from optional uses.
Grievance & nodal	Internal escalation, regulator-directed timelines, ombudsman routes.	Grievance redressal under DPDP; evidence of intake, response, and closure; consistent with RBI / SEBI / IRDAI channels you operate.

Two rhythms: lending lifecycle and wealth relationship

Most institutions run both shapes in some proportion—retail loans plus private clients, or gold loans plus distribution. The consent story has to survive hand-offs between digital, branch, partner, and market-infrastructure touchpoints.

Fig. 3 NBFC lending (simplified) happy-path schematic

flowchart LR fL["Lead or application"] --> fK2["KYC and CKYC"] fK2 --> fU["Underwriting and bureau"] fU --> fS["Sanction and docs"] fS --> fD2["Disbursement"] fD2 --> fV["Servicing and collections"]

Each arrow is a consent and notice checkpoint in Kavach: what was shown, what was accepted, and which downstream system received the webhook to proceed.

Fig. 4 Wealth & advisory (simplified) non-exhaustive

flowchart LR fP["Prospect or client"] --> fR["Risk profiling"] fR --> fA2["Advisory mandate and disclosures"] fA2 --> fX["Product selection"] fX --> fO["Order and settlement"] fO --> fM["Reporting and review"]

Suitability artefacts and execution consents stay linked—so a later complaint does not depend on reconstructing email threads.

Purposes that cut across both sectors

Contract and service delivery — what you must do to run the loan or advisory agreement.
Regulatory and legal — reporting, AML, court orders—documented separately from marketing.
Optional growth uses — cross-sell, referrals, events—explicit, granular, and easy to withdraw.
Analytics and modelling — if used beyond service delivery, disclose and consent as your counsel advises.

For CRO / compliance. Kavach is built to show which lawful story applied at each event—not to blur regulatory processing and promotional WhatsApp into one checkbox.

Bureaus, KYC rails, and markets infrastructure

Bureau pulls, CKYC downloads, MF KYC at RTA, and payment rails are where DPDP scrutiny meets operational reality. Kavach binds notice version and purpose before the call leaves your perimeter, and logs the outcome for audit and client portal display.

Fig. 5 External call with governance wrapper conceptual

flowchart LR fT["Trigger from LOS CRM or wealth desk"] --> fK3["Kavach checks notice and purpose"] fK3 --> fX2["Bureau KYC RTA or payment API"] fX2 --> fR2["Response or acknowledgement"] fR2 --> fK3 fK3 --> fH["Core systems and webhooks"]

The same pattern scales to account-aggregator journeys and partner DSAs: the partner receives the minimum necessary payload, not an export of everything you know about the client.

Financial institutions routinely process data on bases other than fresh marketing consent—for example statutory returns, fraud investigation, or court directions. The DPDP framework still expects clarity, minimisation, and accountability. Segregate those trails from optional uses so examiners and clients are not faced with an undifferentiated “we have consent for everything” claim.

Fig. 6 Classify the basis, then document not legal advice

flowchart TD fE2["Operational event"] --> fQ{"Which lawful basis applies?"} fQ -->|Legal obligation or similar| fL2["Document authority and scope"] fQ -->|Requires consent| fC2["Kavach consent flow"] fL2 --> fA3["Audit entry and client comms when required"] fC2 --> fA3

Your legal team maps categories; Kavach gives you the mechanism to record what was done, when, and under which policy—distinct from campaign opt-ins.

What boards and regulators usually probe

Can you show which notice was active when a bureau pull or CKYC fetch occurred?
Are marketing and regulatory processing logically separated in logs and portals?
When a client withdraws optional consent, which systems actually stop—CRM, dialler, partner APIs?
Under stress—cyber event or litigation—can you produce a coherent export without manual reconciliation?

This article is not legal advice. NBFCs, RIAs, brokers, and insurers face overlapping regulators; confirm grounds and disclosures with qualified counsel for your licence mix.

Client-facing transparency and evidence

Clients see consent history, active purposes, and requests in plain language—aligned with what risk and audit exports. That alignment matters when grievances hit the nodal officer or social channels.

Below is a representative Kavach portal view (purpose detail + consent history timeline), hosted on this site as /images/DP_portal.png. Demo tenants may show placeholder organisation names in the chrome; your production skin would use your institution’s branding.

Client-facing data principal portal with consent history (representative Kavach UI)

Staff-facing capture can mirror the same notice and purpose pattern at digital onboarding, branch tablets, or partner-led journeys:

Collection surface: loan application, suitability, or partner-assisted onboarding

Filterable audit trails support internal audit, regulatory dialogue, and board packs:

Filterable audit trails for governance

For the full solution narrative, see the financial services solution page.

Kavach provides software for notices, consent, rights workflows, and audit evidence. Scope depends on your licence, vendors, and data map.