Policy Update: Finance Ministry introduces digital KYC under PMLA
The Ministry of Finance (Department of Revenue) has introduced digital KYC (know your customer) by amending the Prevention of Money-laundering (Maintenance of Records) Rules, 2005, it said in a gazette notification dated 19 August 2019. “digital KYC means the capturing live photo of the client and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the reporting entity,” the notification said.
The move comes as a major relief for the fintech industry as no cost effective, scalable and customer friendly alternative digital KYC method was available to them, until now. Post the Supreme Court judgment on Aadhaar in September 2018, leveraging Aadhaar eKYC was no longer an option. In the absence of any alternate digital KYC, non-banking entities such as PPIs were forced to adopt the age-old, physical form of KYC. This process was expensive, time-consuming and operationally burdensome. The industry also resorted to the XML offline Aadhaar verification method as introduced by RBI for verification however as per the feedback received from industry, failure rate for such verification are as high as 57% making it an unviable method of digital KYC.
In June, NASSCOM had written to different government departments/ministries such as the Department of Revenue, UIDAI, NITI Aayog, Ministry of Electronics & Information Technology (MEITY) and the Reserve Bank of India (RBI) with regard to certain challenges that the PPI industry is facing, pertaining to KYC verification process. We had requested the regulators to expedite approval of video KYC as a method for doing digital KYC; so that customers who do not want to use Aadhaar for doing KYC have a digital alternative as well.
Steps involved in the Digital KYC Process
- The reporting entities shall develop an application for digital KYC process which shall be made available at customer touch points for undertaking KYC of their customers and the KYC process shall be undertaken only through this authenticated application of the reporting entities.
- The access of the application shall be controlled by the reporting entities and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login-id and password or Live OTP (one time password) or Time OTP controlled mechanism given by reporting entities to its authorized officials.
- The client, for the purpose of KYC, shall visit the location of the authorized official of the reporting entity or vice-versa. The original Officially Valid Document (OVD) shall be in possession of the client.
- The reporting entity must ensure that the live photograph of the client is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the Reporting Entity shall put a water-mark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by reporting entities) and Date (DD:MM:YYYY) and time stamp (HH:MM:SS) on the captured live photograph of the client.
- The application of the reporting entities shall have the feature that only live photograph of the client is captured and no printed or video-graphed photograph of the client is captured. The background behind the client while capturing live photograph should be of white colour and no other person shall come into the frame while capturing the live photograph of the client.
- Similarly, the live photograph of the original officially valid document or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall be captured vertically from above and water-marking in readable form as mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph of the original documents.
- The live photograph of the client and his original documents shall be captured in proper light so that they are clearly readable and identifiable.
- Thereafter, all the entries in the CAF shall be filled as per the documents and information furnished by the client. In those documents where Quick Response (QR) code is available, such details can be auto-populated by scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e-Aadhaar downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be auto-populated by scanning the QR available on Aadhaar/e-Aadhaar.
- Once the above mentioned process is completed, a OTP message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to client’s own mobile number. Upon successful validation of the OTP, it will be treated as client signature on CAF. However, if the client does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officer registered with the reporting entity shall not be used for client signature. The Reporting Entity must check that the mobile number used in client signature shall not be the mobile number of the authorized officer.
- The authorized officer shall provide a declaration about the capturing of the live photograph of client and the original document. For this purpose, the authorized official shall be verified with OTP which will be sent to his mobile number registered with the Reporting Entity. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.
- Subsequent to all these activities, the application shall give information about the completion of the process and submission of activation request to activation officer of the reporting entity, and generate the transaction-id/reference-id number of the process. The authorized officer shall intimate the details regarding transaction-id/reference-id number to client for future reference.
- The authorized officer of the reporting entity shall check and verify that:
- information available in the picture of document is matching with the information entered by authorized officer in CAF.
- live photograph of the client matches with the photo available in the document.; and
- all of the necessary details in CAF including mandatory field are filled properly.;
13. On successful verification, the CAF shall be digitally signed by authorized representative of the reporting entity who will take a print of CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.
We are still reviewing the notification and getting industry feedback on this. We will update the blog accordingly. In case you have any inputs or suggestions pertaining to this specific issue, write to us at firstname.lastname@example.org.
Justice K. S. Puttaswamy (Retd.) and Another vs Union Of India And Others. See: https://www.supremecourtofindia.nic.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf
 Under PMLA, reporting entity means a banking company, financial institution, intermediary or a person carrying on a designated business or profession.