Context
On 9 January 2020, in a welcome step, the Reserve Bank of India (RBI) issued a circular to amend the Master Direction on know-your-customer (KYC). The circular enables leveraging of digital channels for Customer Identification Process (CIP) by Regulated Entities (REs). It permits Video based Customer Identification Process (V-CIP) as an alternate method of establishing the customer’s identity, for customer on-boarding. It also highlights the possibility of use of e-KYC facility by fintech companies for verifying customers who voluntarily provide their Aadhaar number.
NASSCOM had made several representations to the Department of Revenue, Unique Identification Authority of India (UIDAI), NITI Aayog, Ministry of Electronics & Information Technology (MeitY) and RBI with a request to permit video KYC as a method for doing digital KYC and to enable e-KYC for prepaid payments instruments (PPIs).
Major highlights of the circular
- e-KYC: a paperless KYC process, wherein the identity and address of the subscriber are verified electronically through Aadhaar Authentication.
As of now, e-KYC can only be carried out by banks. REs other than banks will have to carry out offline verification of its users. To be sure, offline verification of Aadhaar for identification involves Aadhaar number holder providing the verifying agency with Aadhaar in digital or physical formats-XML/PDF format and QR code. Aadhaar number holders can obtain Aadhaar Paperless Offline e-KYC data through the following channels:
- UIDAI’s resident portal (https://resident.uidai.gov.in)
- mAadhaarmobile application on a registered phone number
- Inbound SMS using registered phone number
- Aadhaar Kendra using Biometric Authentication
We believe that e-KYC facility, which is currently only available for banks, should be extended to other REs as well. We will continue to engage with the RBI on this issue.
Here is a recap of NASSCOM’s Recommendation to RBI in November:
- As an immediate step, RBI should issue a circular on use of e-KYC authentication facility by entities regulated by it. This will enable RBI regulated entities to apply for e-KYC license with the UIDAI.
- As a long-term solution, the RBI should consider requesting the Department of Revenue should to modify the circular issued on 9 May 2019. Accordingly, the circular should upfront treat reporting entities which are regulated by different regulators such as RBI, SEBI, Pension Fund Regulatory and Development Authority (PFRDA) as eligible to apply for e-KYC. Thereafter, they should be allowed to apply to UIDAI directly for an Aadhaar authentication license. The existing step 2 i.e. Examination by the appropriate regulator in the circular, should be removed.
- Also, the RBI should consider requesting the Department of Revenue to prescribe an application template after consultation with the UIDAI, which can be used by fintech companies to apply for an Aadhaar authentication license directly. This will eliminate the need for separate procedure to be laid by different regulators for getting license to conduct e-KYC.
- Video-based KYC: real-time, consent based audio-visual interaction with the customer to obtain identification information including the documents required for customer due diligence (CDD) purpose, and to ascertain the veracity of the information furnished by the customer.
The updated Master Direction- KYC Direction, 2016, says that video-based KYC process shall be treated as face-to-face process. This will be carried out by an official of the RE, for establishment of an account-based relationship with an individual customer, after obtaining his informed consent. The official of the RE shall ensure that the sequence and/or type of questions during video interactions are varied in order to establish that the interactions are real-time and not pre-recorded. In order to ensure that customer is physically present in India, geotagging shall also be captured.
- Banks: can use either OTP based Aadhaar e-KYC authentication or Offline Verification of Aadhaar for identification. Further, services of Business Correspondents (BCs) may be used by banks for aiding the V-CIP.
- REs other than banks: can only carry out Offline Verification of Aadhaar for identification.
The move comes as a major relief for the fintech industry, which was struggling to verify its customers digitally. However, there are some steps laid out by the RBI, which might make the process cumbersome for the industry. For instance, the circular says, “RE shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority.”
e-PAN is the electronic form of PAN which is downloaded by the user in their DigiLocker app directly from the Income Tax Department. These documents can be shared instead of self-attested copies of documents. A number of documents such as Aadhaar, driving license etc. can also be uploaded in a DigiLocker wallet in jpg and other formats. The data is stored in the cloud and can be accessed from the app as well as through the website thus reducing the necessity to carry original documents.
The circular necessitates that PAN details shall be verified from the database of the issuing authority in case of e-PAN. This does not make sense when the issuing authority has directly issued the documents on the DigiLocker app. We will engage with RBI on such provisions and get further clarity for the industry to make the use of this facility seamless.
Additionally, we appreciate RBI’s move to encourage the use of latest available technology, including Artificial Intelligence (AI) and face matching technologies, to ensure the integrity of the process as well as the information furnished by the customer.
Here is a recap of NASSCOM’s Recommendation to RBI in November:
A remote face-to-face KYC process should be notified, and best practices from global frameworks be leveraged to ensure that the mechanism is made seamless and customer friendly. Reference can be drawn from European regulations on Digital Identity (SPID, eIDAS) and UK/EU KYC/AML provisions that allow capturing customer identity and consent in video sessions (‘Live-ID’), without the need for any physical verification whatsoever. This process is treated at par in terms of meeting technical security and legal compliance as face-to-face in person identification. A similar solution needs to be notified that given industry an alternate to e-KYC, to offer customers who do not want to use Aadhaar for authentication another digital method for doing KYC. NASSCOM would be happy to assist RBI, including the organization of industry consultations to evaluate new digital KYC means such as the video-based KYC.
- Digital KYC: capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the RE.
The DoR introduced digital KYC by amending the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 on 19 August 2019. Annex I of the updated Master Direction- KYC Direction, 2016 contains details of the steps involved in Digital KYC process.
The KYC process will be undertaken only through an authenticated application of the REs. The RE must ensure that the live photograph of the customer is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the RE shall put a watermark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by REs) and Date (DD:MM:YYYY) and time stamp (HH:MM:SS) on the captured live photograph of the customer. All the entries in the CAF shall be filled as per the documents and information furnished by the customer. A verification process will be carried out after which, the CAF shall be digitally signed by authorized officer of the RE who will take a print of CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.
REs can carry out verification through digital KYC in cases when any OVD or proof of possession of Aadhaar number where offline verification cannot be carried out. Banks may use the services of BCs for this process.
We appreciate RBI’s move to retain the Digital KYC process while also giving a nod to video-based KYC. We will continue to engage with the industry to understand if there are any further concerns around this.
Here is a recap of NASSCOM’s Recommendation to RBI in November:
The RBI should consider requesting the DoR to revisit the steps enumerated under the ‘Digital KYC process’ and remove the unnecessary clauses to make the process more practical and suitable for large-scale implementation. The industry should be consulted before the government finalizes any changes.
If you have any suggestions/clarifications regarding this matter, please write to komal@nasscom.in
Background: In February 2019, the Union Cabinet cleared an ordinance to allow use of Aadhaar by banks and telecom companies. This ordinance had no provision for non-banking entities. Following extensive advocacy to extend this provision to non-banking entities as well, Department of Revenue (DoR), the Ministry of Finance issued a circular which laid down the procedure for processing of applications under Section 11A of the Prevention of Money Laundering Act, 2002 (‘PMLA’) for use of Aadhaar authentication services by non-banking entities. This included, reporting entities having to file an application for use of Aadhaar authentication services with their respective regulator. The circular said that the application would have to undergo a three-tier approval process involving the regulator, UIDAI and the Central government.
The DoR also introduced digital KYC in August 2019 by amending the Prevention of Money-laundering (Maintenance of Records) Rules, 2005.The move was aimed at providing a digital solution to fintech companies who were forced to adopt age old, physical form of KYC in the absence of any alternate digital KYC. Despite this, the PPI industry has been still struggling to do KYC of the customers digitally.