Systematic investment plans in mutual funds have become immensely popular—so much so there has been a spurt in fintech apps selling all sorts of financial products. Some of these apps, however, want users to part with their phone book. And they will go to any lengths to get these contacts—even if it means barring access to its existing users. A case in point is Navi Mutual Fund.
Many users of Navi have recently complained that the firm is restricting access to the app till they give it permission to access their phone contacts, location and other details. Ask Shantanu Goel, 42, who works in a Bangalore-based ed-tech company. Goel had invested in the firm’s ‘Navi Nifty 50’ and ‘Nasdaq 100 fund-of-fund’. Recently, he decided to increase investments in these plans but was told to share his phone location and contact details to log in to his account. Until recently, he could do so without giving these permissions.
Hemanth G., 32, who works as a chief technology officer in a startup. also faced the same problem when he opened the Navi app to check his mutual fund investments. Hemant is now ready to pay any short-term gains tax that his investment has accrued but is not sure how to exit the fund. Unlike other asset management companies, MF unitholders cannot log in on Navi’s website. The only way to get in is through the mobile application.
View Full Image
“Even if I want to sell my units and exit, I can’t do so since I cannot log in without sharing my personal info,” said Goel, who said he has now filed a complaint with market regulator Sebi against Sachin Bansal-run Navi Mutual Fund. Bansal is the co-founder of e-commerce heavyweight Flipkart. Goyal said he had registered the complaint on Sebi’s grievance redressal website scores.gov.in.
To be sure, it is not necessary for mutual fund investors to onboard fintech platforms to start their financial journey. Most Indian lenders now offer the facility to invest in mutual funds to their savings account customers. Besides, mutual fund holders are not required to share personal information, such as their contacts, particularly with asset management firms. When they do so, such information may be passed on to third-party users, mostly platforms that use the data to solicit new users with personalized solutions like cheaper loans or other financial products. Sometimes though, this can end up creating bigger problems. There have been several instances of call records being used in the recent past by some lenders for predatory or coercive loan recovery practices. The government even came down heavily on some illegal Chinese lending apps that were resorting to such tactics.
Typically, people who invest directly with an asset management company (AMC) do so to save on commissions charged by distributors and banks and to avoid cross-selling of products like insurance policies.
Navi’s privacy policy
Navi offers a variety of mutual fund schemes, with focus on passive investing. Its index funds are some of the cheapest in India—its equity funds have performed well in recent years. The firm also offers products like cash loans, home loans, and insurance.
According to Navi’s privacy policy terms, when you give permission to your phone contacts, it gets access to names and contact details from your address book. It uses this data to facilitate invitations and assess your phone use. It determines your social network from your phone book for marketing purposes and to identify fraud. When you give your phone geolocation data, it is used for servicing suitable products.
Ravi Saraogi, RIA and co-founder of Samasthiti Advisors, said Navi is collecting this data for the sole purpose of cross-selling other products. He said that MF investors should be given the option of saying no to sharing their phone book, call records, and location details.
Also, this requirement—permissions to access phone records—was introduced for Android users sometime back but was mandated for Apple iOS users only recently. Apple app store guidelines , however, mandate that apps should allow a user to get what they have paid for without performing additional tasks, such as uploading contacts and sharing their location. Both Goel and Hemanth are apple iOS users.
In response to a tweet by Goel, Navi replied “We regret to inform you that we are currently unable to make any exceptions to our privacy policy and continued usage of the Navi App requires adherence to the Navi Privacy Policy. We kindly request your understanding and cooperation in granting the required permissions to use the Navi application.”
In response to queries raised by Mint. it said, “Navi App offers customers lending, insurance and other financial services in addition to the Navi Mutual Fund products. To clarify, the Navi App does not selectively ask for any permissions for its users who are investors in Navi Mutual Fund. The primary reason the Navi App seeks these permissions is for centralized fraud monitoring measures across product lines. As a platform servicing a wide range of regulated entities within the Navi group, Navi is committed to putting in place robust mechanisms to tackle fraud. These permissions have proven critical to thwarting fraudulent actors on the platform.”
Bansal said he had nothing to add to the response sent by Navi. Emails sent to Sebi and the Association of Mutual Funds in India (Amfi) did not elicit any response.
This is not the first time Navi has been in the limelight for privacy concerns. Last year, social media sites were abuzz with reports of Navi sending out customized loan offers to many people who had never opened an account with the firm. The messages, though, mentioned their PAN card numbers. Mint could not independently verify this.
“Any practice aimed at acquiring personal data is subject to scrutiny concerning its compliance with current regulations and its potential implications for the privacy of mutual fund investors. The key factors to consider in assessing the legality of such practices include obtaining informed and specific consent, ensuring the security and protection of collected data, providing alternative methods for accessing investments (such as through MF Central or MF utilities), maintaining transparency in communicating the reasons for data collection and the benefits it offers to investors, and compliance with Sebi’s mutual fund regulations and master circular,” said Sumit Agrawal, Founder, Regstreet Law Advisors, and a former Sebi officer. “Whether an intermediary is collecting personal information beyond necessary KYC is fact specific. In case of breach of privacy such as on receipt of unsolicited investments calls, one would be able to reach the Data Protection Board (DPB) under recent Digital Personal Data Protection (DPDP) Act, 2023, in addition to Sebi,” he added.
Smit Kotadiya, a cybersecurity consultant, emphasized the uncertainty and security problems surrounding the use of data collected by companies from users through apps or other medium. With the data protection bill that the government plans to enforce soon, companies will be held accountable for their data collection and usage practices, he said.
How to exit Navi app
While Hemanth is still trying to find a way to exit Navi, Shantanu managed to access his Navi mutual fund units through the Mutual Fund Utilities (MFU) website. MFU is an industry-backed transaction platform run under the aegis of Amfi. MFU requires first-time users to submit details such as registered email ID, mobile number. PAN and copy of a cancelled cheque.
Saraogi said that investors can also use the MF Central platform to access their mutual fund units without having to go through Navi. MF Central also has a more sleek and user-friendly interface.