Supreme court’s judgement on Aadhaar and its use by private organizations all but pushed the BFSI sector back to its legacy processes of manual verification. Some sectors saw as much as 40% downturn in the new customer acquisition when compared to the eKYC era.
The worst-hit were the fintechs, who relied solely on the presence-less feature of Aadhaar to onboard customers but had to look for a non-existent alternative method of verification.
Though Offline Aadhaar based verification did help, It came with its own limitations.
Companies like us(read Veri5Digital) built solutions like Video-based customer KYC to help the sector get back to its feet, though without exclusive approval from RBI and other regulators the solutions were just a band-aid on the problems faced.
With RBI’s latest amendment and it’s approval on the use of Video-based KYC software, we now know that digital modes of identification are legally accepted and BFSI sector can freely use the latest technological advances including AI and machine learning to onboard customers while being completely compliant with the regulations.
In this post, we try to outline the 10 most important things that you must know before you can implement a Video-based KYC and onboarding system or as RBI calls it Video-based customer Identification Process (V-CIP).
You can also download the latest RBI circular on V-CIP here.
In case you do not want to go through the entire article, here is a gist of everything in this post
1. Video KYC now means a video call between an official of the RE and the customer
2. KYC can be done using both physical or electronic version of documents
3. You don’t need to send an agent to the customer location for IPV, this is done using the V-CIP and DSA can be used for assisting the customer.
4. Face match and other AI/ML-driven technologies are preferred to make the process robust but recorded live video call is mandatory.
5. Customer consent is mandatory before accepting Aadhaar and Aadhaar number needs to be masked.
6. Offline Aadhaar XML or secure QR cannot be more than 3 days old to be accepted for KYC
7. Same KYC process also applies to non-individual customers i.e. businesses
Video KYC now needs to have a video call based verification system
V-CIP or video-based customer identification process as defined by RBI, consists of 2 steps,
- a document collection step in case of electronic or e-version of documents like ePAN, Aadhaar XML/Secure QR or e-version present in Digilocker ;
- followed by a video call between the customer and the official of the RE, in which case the video call is recorded. RE would have to check for liveness fo the customer and the customer would have to show the physical copies of the OVDs to the official of the RE
The video call needs to be secured with end-to-end encryption and all the associated data needs to be saved for audit purposes.
KYC can be done both using physical cards or electronic version of them
Documents like PAN and Aadhaar have electronic machine-readable versions available that can be downloaded from NSDL and UIDAI website respectively or accessed from Digilocker. The new RBI circular allows for the use of either for KYC verification.
Though in the case of physical cards, the image of such cards needs to be captured while the customers is on a Video call with the official of the registered entity. Along with other details mentioned in the points below.
Additionally, the e-version of the documents needs to be verified using the digital signature of the issuing authority. Aadhaar XML for example has UIDAI’s secure digital signature in it.
You don’t need to send an agent for verification and but can still use DSA’s or BC’s for assistance
Video-based customer identification process or V-CIP also called Video KYC by the industry allows for remote identification of the customers, provided that you follow the process defined by RBI for Video KYC in the circular.
V-CIP has made agent visits optional for IPV instead in-person verification is done via the video call between the official of the RE and the customer.
You can send a DSA(direct selling agent) or a BC(Business Correspondents) to assist your customer throughout the process. Though BC cannot complete or approve KYC, that needs to be done by your official of the RE.
Digital KYC process can use AI and Face match technology to increase accuracy but a live video call is mandated for Digital KYC/V-CIP
RBI prefers that RE’s(i.e. you) use the latest technological innovations like AI face match and document fraud detection to ensure the integrity of the process.
As a RE you can use these technologies to protect your self from human error and any potential hi-tech fraud that you might be susceptible too. Though the actual KYC identification needs to be done via the video call.
In effect, you can ask your customers to scan and upload their documents directly to you; but the official of the RE would still be required to verify the same again while on the V-CIP call and take screen-captured images of the customer and all the physical OVDs submitted.
This data i.e. screen-captured images of the customer and documents submitted needs to be saved in the logs along with the
- Geo-tagged location of the customers to see if they are in India
- The timestamp
- The identity of the official of the RE on a call with the customer
- The identity details of the BC(if any) assisting the customer on customer’s end
Customer consent is mandatory before accepting Aadhaar
Offline Aadhaar is accepted for KYC, provided the customer gives you exclusive consent before submitting the same. This can be done using a consent form or verbally in the recorded video call.
In case the customer uses the Aadhaar Card (physical copy) for KYC the Aadhaar number needs to be redacted or Masked.
Checkout our Aadhaar masking API that can be used to redact Aadhaar numbers from the document.
Additionally, in case Aadhaar is not available or the customer doesn’t want to share the same with you other OVDs can be used for KYC. In this case, the image of the document needs to be captured during the call.
Offline Aadhaar based Verification XML or secure QR cannot be more than 3 days old
If a customer gives consent and then shares their Aadhaar data via Offline Aadhaar XML or secure QR code for KYC, such data cannot be more than 3 days old. You can check the same using the timestamp usually present in the file shared.
The secure QR code is different from the QR code on the Aadhaar card, you can learn more about it in the link below
Same KYC process also applies to non-individual customers
The V-CIP process applies to both individual customer i.e. end-user and non-individual customers i.e businesses. Though the documents that might be used for each of these categories might differ the process would remain the same.
Additionally, the e-version of the document can also be used to KYC businesses.
From where we stand, this step was the need of the hour. Legitimizing Video KYC (V-CIP as RBI calls it) allows for faster onboarding of the customer and gives access to millions of Indians who otherwise would have been excluded from the financial economy of the country.
Though there are still many questions that need clarification; we believe that RBI would be more than helpful in that regard. Ultimately, this step puts a stop to the uncertainty that was present in the financial sector and gives organizations in the sector an opportunity to grow while being compliant.
Until next time!