Share This Post

Home >> Communities >> Policy Advocacy

Policy Brief: RBI permits video-based customer verification to address KYC challenges faced by the fintech industry

Context

On 9 January 2020, in a welcome step, the Reserve Bank of India (RBI) issued a circular to amend the Master Direction on know-your-customer (KYC). The circular enables leveraging of digital channels for Customer Identification Process (CIP) by Regulated Entities (REs). It permits Video based Customer Identification Process (V-CIP) as an alternate method of establishing the customer’s identity, for customer on-boarding. It also highlights the possibility of use of e-KYC facility by fintech companies for verifying customers who voluntarily provide their Aadhaar number.

NASSCOM had made several representations to the Department of Revenue, Unique Identification Authority of India (UIDAI), NITI Aayog, Ministry of Electronics & Information Technology (MeitY) and RBI with a request to permit video KYC as a method for doing digital KYC and to enable e-KYC for prepaid payments instruments (PPIs).

Major highlights of the circular

  1. e-KYC

The circular says, “provided that where the customer has submitted Aadhaar number under paragraph (c.I.i) above to a bank or to a RE notified under first proviso to sub-section (1) of section 11A of the PML Act, such bank or RE shall carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the UIDAI.

This suggests that not only banks but also fintech companies will be able to authenticate users using the e-KYC facility if the users provide Aadhaar number voluntarily. However, we are engaging with the industry to understand it.

Here is a recap of NASSCOM’s Recommendation to RBI in November:

  • As an immediate step, RBI should issue a circular on use of e-KYC authentication facility by entities regulated by it. This will enable RBI regulated entities to apply for e-KYC license with the UIDAI.
  • As a long-term solution, the RBI should consider requesting the Department of Revenue should to modify the circular issued on 9 May 2019. Accordingly, the circular should upfront treat reporting entities which are regulated by different regulators such as RBI, SEBI, Pension Fund Regulatory and Development Authority (PFRDA) as eligible to apply for e-KYC. Thereafter, they should be allowed to apply to UIDAI directly for an Aadhaar authentication license. The existing step 2 i.e. Examination by the appropriate regulator in the circular, should be removed.
  • Also, the RBI should consider requesting the Department of Revenue to prescribe an application template after consultation with the UIDAI, which can be used by fintech companies to apply for an Aadhaar authentication license directly. This will eliminate the need for separate procedure to be laid by different regulators for getting license to conduct e-KYC.
  1. Video-based KYC

RBI has provided the definition of V-CIP in S.3 of the circular. The process of V-CIP has been specified in S.18 in terms of which, REs may undertake live V-CIP, to be carried out by an official of the RE, for establishment of an account-based relationship with an individual customer, after obtaining his informed consent.

Video as well as photograph of the customer shall be captured for establishing identification.

  • Banks: can use either OTP based Aadhaar e-KYC authentication or Offline Verification of Aadhaar for identification. Further, services of Business Correspondents (BCs) may be used by banks for aiding the V-CIP.
  • REs other than banks: can only carry out Offline Verification of Aadhaar for identification.

DigiLocker: RBI has officially granted recognition to the DigiLocker platform, which allows citizens to store their personal documents online, for KYC process. For example: e-PAN can be provided by the customer during video KYC and the PAN details shall be verified from the database of the issuing authority.  This is a welcome move from RBI.

In order to ensure that customer is physically present in India, geotagging shall also be captured. In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 days from the date of carrying out V-CIP.

Here is a recap of NASSCOM’s Recommendation to RBI in November:

 A remote face-to-face KYC process should be notified, and best practices from global frameworks be leveraged to ensure that the mechanism is made seamless and customer friendly. Reference can be drawn from European regulations on Digital Identity (SPID, eIDAS) and UK/EU KYC/AML provisions that allow capturing customer identity and consent in video sessions (‘Live-ID’), without the need for any physical verification whatsoever. This process is treated at par in terms of meeting technical security and legal compliance as face-to-face in person identification. A similar solution needs to be notified that given industry an alternate to e-KYC, to offer customers who do not want to use Aadhaar for authentication another digital method for doing KYC. NASSCOM would be happy to assist RBI, including the organization of industry consultations to evaluate new digital KYC means such as the video-based KYC.

  1. Digital KYC

The DoR introduced digital KYC by amending the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 on 19 August 2019. “digital KYC means the capturing live photo of the client and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the reporting entity,” the notification said.

According to the RBI circular, “provided that where the customer has submitted proof of possession of Aadhaar number where offline verification cannot be carried out under clause (c.I.iii) above or any OVD under clause (c.I.iv), the RE shall carry out verification through digital KYC as specified under Annex I of the Master Direction.” We are waiting for the updated version of the Master Direction on KYC to understand the changes in the process of Digital KYC. We will update this blog accordingly.

Here is a recap of NASSCOM’s Recommendation to RBI in November:

The RBI should consider requesting the DoR to revisit the steps enumerated under the ‘Digital KYC process’ and remove the unnecessary clauses to make the process more practical and suitable for large-scale implementation. The industry should be consulted before the government finalizes any changes.

If you have any suggestions/clarifications regarding this matter, please write to komal@nasscom.in

Background: In February 2019, the Union Cabinet cleared an ordinance to allow use of Aadhaar by banks and telecom companies. This ordinance had no provision for non-banking entities. Following extensive advocacy to extend this provision to non-banking entities as well, Department of Revenue (DoR), the Ministry of Finance issued a circular  which laid down the procedure for processing of applications under Section 11A of the Prevention of Money Laundering Act, 2002 (‘PMLA’) for use of Aadhaar authentication services by non-banking entities. This included, reporting entities having to file an application for use of Aadhaar authentication services with their respective regulator. The circular said that the application would have to undergo a three-tier approval process involving the regulator, UIDAI and the Central government.

The DoR also introduced digital KYC in August 2019 by amending the Prevention of Money-laundering (Maintenance of Records) Rules, 2005.The move was aimed at providing a digital solution to fintech companies who were forced to adopt age old, physical form of KYC in the absence of any alternate digital KYC. Despite this, the PPI industry has been still struggling to do KYC of the customers digitally.


Attachment

Download

Share This Post

Leave a Reply