The RBI KYC Master Directions has raised more questions than it has answered
29th May, 2019, the Reserve Bank of India released the updated Master
Direction – Know Your Customer (KYC) Direction, 2016. (“Master Directions”)
This was an eagerly awaited document that was required to signal RBI’s acceptance of Aadhaar since the Aadhaar Supreme Court judgment in late September 2018 and the, then ordinance amending The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”) and the Prevention of Money Laundering Act,2002(“PMLA”) passed in February 2019.
Master Directions did provide validity to the use and acceptance of Aadhaar and
set out updated KYC flows in its incorporation of Aadhaar in three formats, – biometric
authentication, offline verification and OTP authentication
But in providing such validity, have raised more questions than they have answered. While further still, keeping several key infrastructure players on the edge – in their ability to successfully provide efficient KYC options.
A clause wise breakdown follows:
Clause 16 of the Master
This clause acknowledges KYC by way of:
verification of Aadhaar
authentication of Aadhaar
copy of any OVD containing details of his identity and address
Why is there a requirement to submit a physical copy of the Aadhaar card, in addition to offline verification?
Does this clause contemplate that that Aadhaar number is to be ‘blacked out’ by the customer? This doesn’t seem practically enforceable.
Why is there a requirement of certification of the OVD? For documents that are digitally retrieved from source, such as documents retrieved from Digilocker or e-Aadhaar, would this still be required?
The requirement of OVD is only compounded in the case of Non-Resident Indians/PIOs with the onerous restrictions on who the original certified copy can be procured from.
Clause 38 of the Master
clause sets out the requirement to conduct KYC as part of the Periodic Updation
This clause contemplates repeating of the KYC
process as set out in clause 16, as part of the Periodic Updation process. This
is onerous and does not account for the existing relationship between the RE
and the customer, that ranges from 2 -7 years long.
How are redacted Aadhaar numbers (at source-
distinct from tokenisation) to be recorded in internal databases?
How are tokenised Aadhaar numbers to be
handled by recipients? For eg: The tokenised Aadhaar number can be received by CKYC
and Credit Bureaus, how are the Aadhaar numbers to be handled by such entities?
Original Seen and Verified has been retained
as necessary step for documents. This does not appreciate KYC advancements such
as Digilocker or Video based KYC.
The Master Directions- while a necessary move forward doesn’t factor in perspectives from industry players. And has not kept in touch with changing realities that seek to embrace technological infrastructure advancements such as Digilocker or Video KYC.
We strongly believe that KYC procedures can be enabled in a manner that allows for ease of industry in providing financial services to the populace while addressing the concerns of safety and security of the regulator- if we work together to groupsolve.
It would be important to see us working together with the regulator to air out the concerns to help address such queries. Definitely- to provide for clarity in the Directions, as they now stand.
In the absence of these factors, the Master Directions can only be argued as One Step Forward, Two Steps back.
Contemplated KYC Flows
For ease of reference, the conteplated KYC flows from the Master Directions are below: