%20scale(0.09049,-0.09049)'%20d='M103%201298%20191%201493H1325L1239%201298H923Q955%201242%20967%201168H1325L1239%20973H962Q945%20896%20902%20838Q830%20743%20686%20698Q765%20680%20828%20616Q891%20552%20954%20424L1163%200H753L571%20371Q516%20483%20459.5%20524.0Q403%20565%20309%20565H159V831H362Q483%20831%20536%20898Q562%20931%20575%20973H103L191%201168H572Q559%201205%20536%201234Q483%201298%20362%201298Z'%20fill='%23FFFFFF'/%3e%3ccircle%20cx='390.83'%20cy='161.76'%20r='43.80'%20fill='%230B5FFF'/%3e%3cpath%20d='M%20371.12%20161.76%20L%20388.64%20179.28%20L%20412.73%20142.05'%20fill='none'%20stroke='%23FFFFFF'%20stroke-width='9.64'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/svg%3e)
Scenario 1: You took a legitimate loan from a well-known, heavily downloaded app. You missed an EMI by three days, and suddenly recovery agents are calling your office desk 15 times a morning, threatening your job and shouting gali-galauj (abusive language) over the phone.
Scenario 2: You downloaded a random 7-day cash app from a sketchy social media ad. You paid them back in full, but they are now demanding double the amount, claiming a "system error," and threatening to create WhatsApp groups with your entire contact list.
Scenario 3: A complete stranger is sending morphed, explicit photos of you to your family members over WhatsApp, demanding immediate UPI transfers for a loan you never even applied for.
Which one is yours?
If you are dealing with aggressive recovery tactics, your first instinct is probably to panic, followed quickly by wanting to file a complaint everywhere at once—the police, the RBI, Twitter, and the app store. But throwing complaints into the void without a strategy is exactly why so many borrowers receive automated "ticket closed" emails while the abuse continues.
Filing the right complaint at the right portal, with evidence packaged exactly the way regulators expect, is the difference between a dismissed case and a real outcome. The Reserve Bank of India (RBI) and law enforcement have very specific, separated jurisdictions. If you complain to the RBI about a fake app, they will close it. If you complain to the police about a high interest rate, they will ignore it.
This guide operates as a decision tree. We will walk you through exactly which channel is built for your specific nightmare, how to navigate the required regulatory timelines, and how to bulletproof your case so it cannot be ignored.
The Decision Tree: Which channel is right for you?
Before you type a single word into a complaint box, you need to follow this prose flowchart to determine your path. Your route to loan app harassment recourse depends entirely on the legal status of the entity harassing you.
Branch 1: The Registered NBFC Harassment Path If the app you borrowed from is legally partnered with an RBI-registered Non-Banking Financial Company (NBFC) or a Bank, you are dealing with a regulated entity. Even if their recovery agents are behaving like street thugs, the RBI considers this a regulatory grievance. Your Path: You cannot go straight to the RBI. You must first file a written complaint with the NBFC's Grievance Redressal Officer (GRO). If they do not resolve the issue within 30 days, or if they reject your complaint, you then escalate to the rbi ombudsman via the Complaint Management System (CMS).
Branch 2: The Unregistered App Path If the app has no NBFC partner, does not provide a Key Facts Statement (KFS), and operates entirely outside the banking system, it is an illegal lending operation. The RBI Ombudsman cannot help you here because the entity does not officially exist in their books. Your Path: You must file an unregistered loan app complaint on the RBI Sachet portal. Sachet is designed specifically to gather intelligence on unauthorized financial entities and coordinate with state law enforcement to shut them down.
Branch 3: The Criminal Threat Path If the harassment involves blackmail, morphed photos, accessing your phone's gallery, contacting your family members, or physical threats, you have crossed out of financial regulation and into criminal law. Your Path: You must immediately file a complaint on the National Cyber Crime Reporting Portal (NCRP) and, if physical threats are made, dial 112 for the local police. This path should be taken in parallel with Branch 1 or Branch 2.
Channel Comparison Matrix
Understanding the alphabet soup of Indian grievance portals is half the battle. Here is a breakdown of what each channel actually does.
| Portal / Channel | Best Used For | Prerequisite to File | Expected Outcome |
|---|---|---|---|
| RBI Sachet (sachet.rbi.org.in) | Unauthorised apps, fake lenders, entities with no RBI licence. | None. You can file immediately upon facing harassment or fraud. | Intelligence gathering for State Level Coordination Committees (SLCC); app takedowns. |
| RBI Ombudsman / CMS (cms.rbi.org.in) | Harassment, hidden charges, or unfair practices by registered NBFCs/Banks. | Must complain to the lender's Grievance Officer first and wait 30 days. | Binding orders on the NBFC, potential refunds of illegal charges, penalties for the lender. |
| Cybercrime Portal (cybercrime.gov.in) | Morphed photos, contact list hacking, UPI fraud, digital blackmail. | Active criminal threat or cyber fraud. | Freezing of the fraudster's bank accounts; FIR registration by local cyber cell. |
| Local Police (Dial 112) | Immediate physical threats, extortion, or threats to family safety. | Active threat to life or property. | Immediate police intervention; formal FIR for extortion under the BNS (Bharatiya Nyaya Sanhita). |
Sachet vs. Ombudsman vs. CMS vs. Cybercrime
Borrowers frequently confuse these portals. Let's clear up the overlapping terminology.
CMS (Complaint Management System) vs. RBI Ombudsman: These are the exact same thing. CMS is simply the name of the website (cms.rbi.org.in) where you file a complaint to reach the RBI Ombudsman. The Ombudsman is the actual person/office that judges your case against a regulated NBFC.
Sachet vs. Ombudsman: Sachet is essentially an alarm bell. When you file on Sachet, you are telling the government, "There is an illegal entity operating in the market." Sachet does not pass binding legal judgments to refund your specific EMI. Instead, it aggregates data to block the app and initiate police sweeps. The Ombudsman, however, acts like a consumer court. If a registered NBFC breaks the rules, the Ombudsman can order that specific company to compensate you or clear your CIBIL report.
Cybercrime vs. Sachet: If a fake app steals your contacts, Sachet wants to know so they can track the app's overall footprint. Cybercrime wants to know so they can immediately freeze the specific bank account where you were forced to send money. Always use both for unregistered apps.
Step 1: Identify the lender (The crucial first step)
You cannot guess your path; you have to look at the paperwork. Open your loan agreement or the Key Facts Statement (KFS) emailed to you when the loan was approved. Look for the "Lender" or "Financier" field.
It will usually name a registered NBFC (e.g., Krazybee Services Pvt Ltd, Si Creva Capital, DMI Finance, Epimoney). If you see a company with "Pvt Ltd" or "Finance" in the name, you cross-check it on the official RBI list of NBFCs.
A representative borrower scenario we often see on SahiSujhav involves users asking, "Is mpokket safe or not?" The answer lies in their structure. mPokket itself is an app, but they facilitate loans through their own registered NBFC (mPokket Financial Services Private Limited) and other regulated partners. Because they are legally registered, they are "safe" in the sense that they are bound by RBI rules. However, if an agent from a registered app harasses you, you do not go to Sachet. You follow Branch 1: Grievance Officer, then the RBI Ombudsman.
If the app provides no KFS, no loan agreement, and the money came from a random UPI ID or an individual's savings account, you are dealing with an unauthorized entity. Proceed to Sachet.
The 30/60/90-Day Remedial Timeline
Regulatory wheels turn slowly. If you expect a resolution in 24 hours from the RBI, you will be disappointed. Here is the exact timeline you need to follow and what to expect at each milestone.
Day 0: The Groundwork
- For Regulated NBFCs: Send a highly detailed email to the NBFC's Grievance Redressal Officer (find their email in your loan agreement or via our app reviews). State clearly that their agents are violating the RBI Digital Lending Guidelines 2022.
- For Unregistered Apps: File your complaint on the RBI Sachet portal.
- For Criminal Harassment: File on cybercrime.gov.in. Take screenshots of every abusive WhatsApp message, fake legal notice, and morphed photo.
- Tool Check: Chat with our HeyZ AI chat if you need immediate guidance on drafting your initial emails to the grievance officers.
Day 1 to 30: The Waiting Period
- For Regulated NBFCs: You must wait. The RBI legally gives the NBFC 30 days to resolve your complaint internally. If recovery agents call during this time, inform them clearly: "A formal complaint is pending with your Grievance Officer. I will not engage until it is resolved." Log every call they make.
- For Unregistered Apps: You should receive an acknowledgement email from Sachet with a Complaint Reference Number within 7 days. Meanwhile, the cyber police may call you to verify your cybercrime.gov.in complaint and convert it into an FIR.
Day 30 to 60: The Regulatory Escalation
- For Regulated NBFCs: If 30 days have passed and the NBFC has ignored you, rejected your claim, or given an unsatisfactory reply, it is time to escalate. Go to cms.rbi.org.in and file your case with the RBI Ombudsman. Attach proof that you waited 30 days.
- For Unregistered Apps: Sachet data is reviewed by the State Level Coordination Committee. You may not get personal updates, but this is the window where you typically see the abusive app suddenly vanish from the Google Play Store due to regulatory pressure.
Day 60 to 90: The Resolution Phase
- For Regulated NBFCs: The RBI Ombudsman processes the evidence. If your evidence is solid, the Ombudsman can pass an "Award" (a binding order). This often results in the NBFC being forced to refund illegal penal charges, issue an official apology, and correct your CIBIL report if they marked a default unfairly.
- For Unregistered Apps: Cybercrime investigations continue. Ensure you have blocked all unknown numbers and secured your social media profiles.
Step 2: File on Sachet (For unauthorised lenders)
If you determined in Step 1 that the app is illegal, here is exactly how to file your unregistered loan app complaint.
- Go to https://sachet.rbi.org.in and click "File a Complaint".
- Under Category, select Unauthorised Entity. For Sub-category, choose Digital Lending App.
- Entity name: Type the exact app name as it appeared on your phone, and the developer company name listed on the Play Store / App Store (e.g., "CashRupee - Developer: Star Tech Solutions").
- Nature of complaint: Select Harassment / Coercive Recovery AND Unauthorised Lending.
- Description box: Do not write an emotional essay. Use this clinical template:
I have been heavily harassed by [App Name] which is operating as a lending entity without RBI authorisation. The app does not disclose a regulated NBFC partner in any Key Facts Statement. Their recovery agents have engaged in criminal coercion [list specific violations — e.g., called my family members, threatened legal action, called before 8am]. Evidence attached includes: disbursal SMS showing illegal deductions, repayment proofs, [N] screenshots of WhatsApp abuse, call log export, and a Harassment Checker analysis tagging [N] distinct violations of the RBI Digital Lending Guidelines 2022.
- Upload your evidence: Sachet allows a maximum of 5MB per file. Compress your PDFs.
- Submit the form and immediately save the Complaint Reference Number. Take a screenshot of the confirmation page.
Step 3: File with the RBI Ombudsman (For regulated NBFC harassment)
If the lender IS a registered NBFC, Sachet will reject your complaint. You must use the CMS portal, but only after completing the 30-day wait from Day 0.
- Go to https://cms.rbi.org.in and click "File a complaint".
- Select the scheme: Integrated Ombudsman Scheme 2021.
- The portal will ask if you have complained to the regulated entity first. Click Yes.
- Enter the date you emailed the Grievance Officer.
- Fill in the NBFC's details. You will need their exact registered name.
- The Evidence Upload: This is the most critical step. You must attach your original email to the NBFC, their reply (or a document stating they ignored you), and your complete evidence package proving the harassment.
- Submit and track your case ID. The Ombudsman is mandated to respond, usually within 30 days of filing.
Sidebar: Don't let them reject your evidence Both Sachet and the Ombudsman dismiss complaints with "insufficient evidence" more than any other reason. "They harassed me" is too vague. Stop guessing if a recovery agent's message crosses the legal line. Run their texts, WhatsApp threats, and call logs through SahiSujhav's Harassment Checker. It automatically tags the exact RBI Digital Lending Guideline 2022 clause they violated and generates a timestamped PDF that regulators recognize.
Packaging Evidence from the Harassment Checker
Regulators are bureaucrats; they speak the language of documentation. If you upload a random, cropped screenshot of a WhatsApp message saying "Pay now," the Ombudsman will likely close the case. You must package your evidence from the Harassment Checker professionally.
Build a specific folder on your computer before you start filling out any forms. Name it clearly (e.g., RBI-Complaint-Evidence-2026-06-13).
Your mandatory attachments must include:
- The Loan Agreement / KFS: Download this from the app. If the app didn't provide one, upload a PDF stating "No KFS provided by entity, violating DLG 2022."
- Disbursal SMS / Bank Statement: Show the exact amount credited to your account. Unregistered apps often deduct massive upfront "processing fees" (e.g., sending ₹3,500 for a ₹5,000 loan). Regulators need to see this math.
- Repayment Receipts: Prove every single paisa you paid back via UPI screenshots or bank statements.
- Call Log Export: Do not just take a screenshot of your phone's recent calls. Export the log to show the date, time, number, and duration of recovery calls. Highlight any calls made before 8:00 AM or after 7:00 PM, as these are strictly illegal.
- The Harassment Checker Report: This is your silver bullet. When you run your screenshots and agent messages through SahiSujhav's Harassment Checker, the tool analyzes the text against Indian law. It doesn't just say "this is abusive." It says, "Violation of DLG 2022 Section 9.3 — Contacting third parties / Data privacy breach." It embeds metadata and outputs a clean, timestamped PDF.
Stale evidence is useless. Screenshots without timestamps get rejected. Ensure your phone's status bar (showing time, battery, and date) is visible in every screenshot, or rely on the metadata embedded by our tools.
FAQs on Loan App Complaints
Can the RBI Sachet portal refund my money?
No. Sachet is an intelligence-gathering portal for unauthorized entities. Because these fake apps are not registered with the RBI, the RBI has no legal jurisdiction to force them to process a refund. Sachet uses your data to block the app and coordinate with the police. For refunds from fraud, you must rely on the Cybercrime portal and your bank's chargeback processes.
What if the loan app does not show an NBFC name anywhere?
If there is no NBFC name in the app, no Key Facts Statement (KFS), and no loan agreement, it is an illegal, unregistered lending app. Do not waste time looking for a Grievance Officer. Proceed immediately to Branch 2 of our decision tree and file an unregistered loan app complaint on the Sachet portal, alongside a cybercrime complaint.
Does the RBI Ombudsman handle fake loan apps?
No. The RBI Ombudsman (via the CMS portal) only adjudicates disputes between consumers and RBI-regulated entities (Banks, NBFCs, Payment System Participants). If you file a complaint against a fake, unregistered app on the CMS portal, it will be immediately rejected for "non-maintainability."
How long does the cybercrime portal take to block a fraudster's account?
If you report financial fraud immediately (within the "golden hour" of the transaction), the cyber police can instruct the receiving bank to freeze the disputed funds almost instantly via the Citizen Financial Cyber Fraud Reporting and Management System. However, for general harassment and blackmail complaints, action depends on the local cyber cell's workload, which can take days or weeks.
Can I file a complaint on both Sachet and the Ombudsman?
You can, but one of them will be rejected. If the lender is registered, Sachet will close your ticket and tell you to go to the Ombudsman. If the lender is unregistered, the Ombudsman will reject your ticket and tell you to go to Sachet. Save time by identifying your lender correctly in Step 1.
What happens if the recovery agent uses a personal WhatsApp number instead of a company line?
This is a standard tactic to maintain deniability. Regulated NBFCs are strictly prohibited from using personal, unregistered 10-digit mobile numbers for recovery. If they do, it is a severe violation. Document the number, take a screenshot of the WhatsApp profile, run it through the Harassment Checker, and include it in your Ombudsman complaint as proof of "unauthorized recovery practices."
Taking Back Control
Harassment thrives in the dark. Recovery agents rely on your fear, your shame, and your confusion about Indian financial law to extort money from you. By organizing your evidence, identifying the exact legal status of your lender, and escalating through the proper 30/60/90-day channels, you strip them of their power.
Whether you are checking Sahi Rate to see if your interest charges were legal, or preparing a watertight dossier for the RBI Ombudsman, documentation is your best defense. Do not let vague complaints ruin your chances of recourse.
Related on SahiSujhav: