RBI, SEBI, UIDAI and IRDAI tend to update their KYC mandate overtime and considering how official circulars are written most of us require the help of a legal expert to understand and interpret the changes and regulations that might affect you as an enterprise registered and regulated by one of these entities.
We spoke to our team of legal experts to help us understand what these mean and in this series we try to demystify each of these regulations for you.
In our first chapter we try to interpret the most recent of these KYC mandates, this one by RBI. We would, to being with cover the major highlights of the RBI master circular on KYC here.
here we go,
The Reserve Bank of India on May 29, 2019, issued a fresh Master Direction on Know Your Customer (KYC). The Direction provides Know Your Customer norms which will be applicable to inter alia the following entities:
All banks, all India Financial Institutions (AIFIs), all Non-Banking Finance Companies (NBFCs); all Payment System Providers (PSPs)/ System Participants (SPs); prepaid Payment Instrument Issuers (PPI Issuers); all authorised persons (APs) including those who are agents of Money (“Regulated Entities/REs”).
The following are the main highlights and key implications of the Master Direction:
Banks have been allowed to carry out Aadhaar authentication/ offline-verification of an individual who voluntarily uses his Aadhaar number for identification purpose
Banks can now carry out Aadhaar authentication/ offline-verification of an individual who voluntarily uses her Aadhaar number for identification purposes. Further, REs other than banks may carry out offline verification of a customer if she is desirous of undergoing Aadhaar offline verification for identification purpose. This basically means that if you are a bank you can cross verify the identity of the Aadhaar holder as against the UIDAI database by performing E-KYC. If not, you are a regulated entity who is not a bank and you can verify the identity of the Aadhaar number holder by performing offline verification. “Offline verification” has in turn been defined under the Aadhaar Ordinance and the recently introduced Aadhaar Amendment Bill to include process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by the Regulations.
‘Proof of possession of Aadhaar number’ has been added to the list of Officially Valid Documents (OVD) with a provision that where the customer submits ‘Proof of possession of Aadhaar number’ as OVD, he may submit it in such form as are issued by the Unique Identification Authority of India (UIDAI):
The “Proof of possession of Aadhaar number” is conclusive, if it is delivered to the holder by being issued in any of the following forms:
- Aadhaar letter;
- Downloaded Aadhaar (e-Aadhaar)
- Aadhaar Secure QR Code
- Aadhaar Paperless Offline e-KYC.
The delivery of Aadhaar in any of its forms by itself may not be considered to be satisfactory proof of possession of Aadhaar number and the Aadhaar number holder may have to provide additional documents as may be required by the concerned entity. This basically means that a banking company or government entity can rely on any of the above 4 documents/items as conclusive proof of Aadhaar number ownership. But, at the same time, such bank or government entity can demand other supporting documents in addition to the above four Aadhaar proofs, to ensure the ownership of a Aadhaar number by an Aadhaar holder.
For individual desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar Act, 2016, the bank shall obtain the customers Aadhaar and may carry out its e-KYC authentication based on his declaration that he is desirous of receiving benefit/subsidy under the Aadhaar Act, 2016: It is interesting to note that E-KYC is allowed for Banks. Post the Supreme Court judgement in 2016, licensed entities were denied the permission to perform E-KYC. However, a special exception has been created where banks are now allowed to perform E-KYC, by requesting information from UIDAI’s central database in the instance such customer identification is being done to effect direct benefit transfer or DBT’.
For non-DBT beneficiary customers, the Regulated Entities (REs) shall obtain a certified copy of any OVD containing details of his identity and address along with one recent photograph: “Officially Valid Document” (OVD) means the passport, the driving licence, proof of possession of Aadhaar number, the Voter’s Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address. Provided that, where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India.Where the OVD furnished by the customer does not have updated address, the following documents shall be deemed to be OVDs for the limited purpose of proof of address:
- Utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill)
- Property or Municipal tax receipt
- Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
- Letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation; c. the customer shall submit OVD with current address within a period of three months of submitting the documents specified at ‘b’ above
- Where the OVD presented by a foreign national does not contain the details of address, in such case, the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.
REs shall ensure that the customers (non-DBT beneficiaries) while submitting Aadhaar for Customer Due Diligence, redact or blackout their Aadhaar number in terms of sub-rule 16 of Rule 9 of the amended PML Rules:
NBFCs and other RBI regulated entities can now accept Aadhaar details from the customers provided he/she shares the same with their consent and the Aadhaar number is redacted i.e. hidden at the time of submission. This can be as simple as darkening the Aadhaar number on paper or using a code based technology to mask the Aadhaar number. This will entail substantial compliance costs, especially if the Aadhaar number is being stored in image format.
THat’s it folks.
In our next chapter we dig further into RBI’s master circular and tell you what’s important in detail.
Until, then watch this space.