The Reserve Bank of India (“RBI”) on January 09, 2020 issued a circular notifying the changes made to Master Direction on Know Your Customer (“MD-KYC”) dated February 25, 2016 (“Amendment Circular”). The Amendment Circular has introduced the following changes to Know Your Customer (“KYC”) norms:
• Introduction of Digital KYC. Clause 3(a)(ix) of the MD-KYC stipulates that “Digital KYC” involves capturing of a customer’s (a) live photograph, (b) and officially valid document/proof of Aadhaar possession, (c) geographical coordinates of the customer, by an authorised officer of the Regulated Entity (“RE”), in the event offline verification cannot be carried out.
• Definition of “Equivalent e-document”. Clause 3(a)(x) of the MD-KYC defined Equivalent e-document as an electronic document which (a) is issued by the issuing authority and a valid digital signature of the issuing authority; and (b) includes such documents issued to the digital locker account of the customer as per Rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
• Definition of “Video based Customer Identification Process (“V-CIP”)”. Clause 3(a)(xx) of the MD-KYC has defined V-CIP as a method of customer identification by RE official. It involves the use of seamless, secure, real-time, consent based audio-visual interaction with the customer. This can be carried out for (a) obtaining identification information about the customer, (b) carrying out Customer Due Diligence (“CDD”), and (c) to ascertain the veracity of the information furnished by the customer. The MD-KYC specifies that this process shall be treated on par with the physical verification process.
• Clause 16 of MD-KYC outlines the documents a RE can collect for carrying out a CDD. A RE can collect:
a) Aadhaar Number if the individual is desirous of receiving any benefit or subsidy under any scheme notified under Section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016) or if they voluntarily decide to submit the Aadhaar number to the bank or RE; and
b) Permanent Account Number or equivalent e-document; and
c) such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by the RE.
d) For verification of Aadhaar, the Amendment Circular specifies that the bank or the RE should use e-KYC facility provided by the Unique Identification Authority of India or if offline verification is possible then they should adopt that method. Further, if for any other documents offline verification is not possible then the Bank or the RE shall adopt Digital KYC.
• Process of carrying out V-CIP. Clause 18 of the MD-KYC prescribes the process of V-CIP to be carried out by the RE. V-CIP can be carried out for establishment an account-based relationship with an individual customer. Clause 18 of the MD-KYC further stipulates all REs to adhere to following:
a) The official of the RE performing V-CIP shall record video in addition to taking photo of the individual. The banks are allowed to use one time passwords based Aadhaar e-KYC authentication in addition to offline verification, whereas REs other than banks can only follow offline verification. Banks may also use services provided by Business Correspondents for aid in V-CIP process.
b) RE shall capture a clear picture of PAN card except if the customer provides an e-PAN card. The RE is also required to capture the live location of the customer to ensure that the customer is physically present in India at the time of verification.
c) All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process.
d) The audio-visual interaction shall be triggered from the domain of the RE itself, and not from third party service provider, if any. The V-CIP process shall be operated by officials specifically trained for this purpose. The activity log along with the credentials of the official performing the V-CIP shall be preserved.
The Author’s Take
Digital KYC was a hot topic in 2019 and it still continues to be. Reports suggest that since demonetisation, physical KYC has been a barrier for customers from using fintech platforms like Paytm, Amazon Pay and PhonePe. This is because physical KYC and the associated verification process proved to be a cumbersome task for financial institutions, with the involvement of significant time, effort and cost. Hence, it was believed that digital KYC seemed a plausible option for these platforms to retain existing clients and ensure addition of new ones.
Although the RBI, through the Amendment Circular, has attempted to make the KYC policy more business friendly, the Amendment Circular does little to address the issues that entities face today.
One of the main reasons behind the emergence of the idea of digital KYC was to save on the manpower and physical labour involved for the conventional verification/authentication process. Ideally, through digital KYC, the customer could send in their details over the portal used by the verifying entity, ensuring faster turnaround time, however, that is not the case. The process of digital KYC will be undertaken by officials of REs, meaning that the process will need a lot of manpower to execute it efficiently. The only change brought by the Amendment Circular is that rather than using paper to undertake KYC compliance, it will now be done on a smartphone or a tablet. However, any RE other than Banks are required to use offline verification process, which leaves the situation as it is without addressing it properly. Further, the definition suggests that Digital KYC may be used even by banks only in areas where physical KYC cannot be carried out.
Another aspect of this change is the applicability of data protection regulations on the REs, since they will be storing all the data digitally in their database. The REs will have to ensure that they incorporate highly secure safety standards to protect the data collected from the customers.
Secondly, the definition of the RE includes banks, NBFCs, All India Financial Institutions, Miscellaneous Non-Banking Companies, Residuary Non-Banking Companies, All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers) and All authorised persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator. But at the same time, it ignores any agency or corporation which could carry the authentication process for interested entities i.e., banks and other REs.
It may be argued that this is a deliberate exclusion by the RBI as they are not in favour of hiring third party agencies to complete the KYC procedure on behalf of banks or other financial entities. It was reported earlier in October 2019 that the RBI expressed its dissent on hiring of agents by the banks to complete the KYC process. It comes from the belief that collection of personal data for KYC by agents may bring cases of data theft and increase the operation costs of the banks. However, they have failed to take into consideration such companies who may act as agents and have incorporated strict safety measures as necessary to prevent any data loss or theft. If any entity receives proper safety certification from regulating authority under personal data protection legislation, then data loss may not be the main reason for not allowing such entities to complete the digital KYC process and ease up the burden on Banks and other REs.
If digital KYC has to be truly “Digital”, then RBI has to think beyond the normal electronification of the documents and move completely to the digital domain which would require less manpower and more focus on technology.
Disclaimer: This post has been prepared for informational purposes only. The information/or observations contained in this post does not constitute legal advice and should not be acted upon in any specific situation without seeking proper legal advice from a practicing attorney.
Learn more about our Technology practice.
#DigitalKYCNorms #RBI #Technology #India #GameChangerLawAdvisors