Online Workshop on Regulatory Concerns on Fair Lending Practices and KYC

Register here:
Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download as PDF [370.96 KB]

Our resources on KYC can be accessed here.

Our resources on SBR:

AML/ CFT Compliances Expand – RBI Further Amends KYC Master Directions

– Chirag Agarwal | Executive |


The Reserve Bank of India (“RBI” or “Regulator”) plays a pivotal role in India meeting its anti-money laundering (AML) and combating financing of terrorism (CFT) obligations as part of its membership with the Financial Actions Task Force (FATF). As the Regulator of the credit sector and payment systems it does so by  ensuring the implementation of robust and up-to-date Know Your Customer (KYC) norms vide its  Master Direction – Know Your Customer (KYC) Direction, 2016 (“KYC Directions”). With a possible FATF evaluation around the corner, on October 17, 2023, the RBI introduced significant amendments to these KYC directives through its notification titled – Amendment to the Master Direction on KYC (“Amendment”), impacting various regulated entities, including Non-Banking Financial Companies (NBFCs).

Read more

KYC/AML risk categorisation of customers

Key Points as per the RBI’s Directions on Risk Management under the KYC and PML Regime

-Anita Baid | Vice President |

In line with the Reserve Bank of India’s (RBI) directions on risk management under the Know Your Customer (KYC) norms and Anti-Money Laundering (AML) standards, Non-Banking Financial Companies (NBFCs) are required to categorize their customers into low, medium, and high-risk categories. This risk categorization plays a crucial role in determining the level of due diligence to be undertaken by the NBFC while establishing and maintaining relationships with customers. Here are some key points to consider regarding the risk categorization process for legal entities (corporate borrowers, LLPs, trust, etc.) as well for individual borrowers:

Read more

PML Act and Rules: Recent changes may have new compliance requirements

-Team Finserv |


Financial sector entities have to follow PMLA and related rules, including by way of KYC Directions. The Finance Ministry came up with various amendments pertaining to the Prevention of Money-Laundering Act, 2002 (“PML Act”) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (‘PML Rules’). The amendments pertain to revised thresholds for ascertainment of beneficial ownership (25% to 10%), implementation of group wide policies for compliance with provisions of Chapter IV, expanding the obligations under PMLA to service providers of virtual digital assets, etc.

Effective date and applicability:

The amendment shall be effective from the same date, i.e. March 07, 2023. It may be noted that the Master Direction – Know Your Customer (KYC) Direction, 2016  (‘KYC Directions’) are issued and updated by the regulator based on the amendment in PML Act and PML Rules. However, the Regulated Entities (RE) are required to ensure compliance with the provisions of PML Act and PML Rules, as amended from time to time. Hence, necessary steps must be taken based on the amendments.

Whether applicable to existing or new customers?

Customer Due Diligence (as required under the PML Act and Rules) is required to be undertaken at the time of commencement of a financial transaction or account-based relationship with the customer. Accordingly, necessary steps must be taken by the RE to ensure compliance with the Amendment Rules for all new customers or new financial transactions undertaken with existing customers after March 07, 2023. However, it is also pertinent to note rule 9(12) of the PML Rules which requires reporting entities to exercise continuous due diligence with respect to the business relationship with every clients.

Read more

Simplifying the KYC process and business identifier

Anita Baid, Vice President |


The regulations for conducting customer identification and due diligence by financial sector entities have been laid down by RBI and SEBI, in accordance with the provisions of Prevention of Money Laundering Act and Rules. Under the current regime, the KYC process extends from physical KYC to digital and video-based KYC as well. The physical process of collecting KYC documents and verifying the same involves a lot of paperwork. On the other hand, the Digital KYC Process is a facility that allows lenders to undertake the KYC of custom​​ers via an authenticated application, specifically developed for this purpose, hence making it a paperless process. The Digital KYC process, however, also requires physical interaction. Video-based KYC is both paperless and without any physical intervention.

Read more

NBFCs licensed for KYC authentication: Guide to the new RBI privilege for Aadhaar e-KYC Authentication

-Kanakprabha Jethani (


On September 13, 2021, the RBI issued a notification[1] (‘RBI Notification’) permitting all NBFCs, Payment System Providers and Payment System Participants to carry out authentication of client’s Aadhaar number using e-KYC facility provided by the Unique Identification Authority of India (UIDAI), subject, of course, to license being granted by MoF. The process involves an application to the RBI, onward submission after screening of the application by the RBI, then a further screening by UIDAI, and final grant of authentication by the MoF,

We discuss below the underlying requirements of the PMLA, Aadhaar Act and regulations thereunder (defined below) and other important preconditions for this new-found authorisation for NBFCs. Read more

Workshop on Effective Regulatory interface: Preparing for and handling RBI’s NBFC inspections

Registeration for the workshop have been closed. You may register your interest for a repeat workshop here here:


Rationalisation of KYC- Measures for relief or technical advancement?

-Kanakprabha Jethani and Anita Baid (


Considering the resurgence of the Covid-19 pandemic on the economy, the RBI Governor, on May 5, 2021, announced several measures with a view to infuse liquidity in the economy, avoid another wave of borrower defaults[1] as well as aid in ease of business during the lockdown.

Out of the several measures announced by the Governor, one was to simplify the KYC process, which is the initial step of any lending transaction. Some of the amendments seem to provide immediate relief from compliance requirements and some are intended to encourage carrying out KYC compliances electronically, given the social distancing norms.

In this regard, the RBI has issued the following notifications:

  1. Periodic Updation of KYC – Restrictions on Account Operations for Non-compliance dated May 5, 2021[2]
  2. Amendment to the Master Direction (MD) on KYC dated May 10, 2021[3]

In this article we intend to discuss the prima facie implications of the amendments introduced by the aforesaid notifications. Read more

CKYCR becomes fully operational: The long-awaited format for legal entities’ information finally introduced

-Kanakprabha Jethani (


The Central KYC Registry (CKYCR) is a registry that serves as a central record for KYC information of all the customers of financial institutions. In India, the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI) has been authorised to carry out the functions of CKYCR. It was operationalised in 2016 beginning with collecting information on ‘individual’ accounts. Until now, the CKYCR did not have a feature to collect KYC information of legal entities.

The CERSAI has, in consultation with the RBI, prepared a template for submission of KYC information of legal entities (the same is yet to be published by CERSAI). The RBI has, through a notification dated December 18, 2020[1] (‘Notification’) directed financial institutions to begin submitting KYC information of legal entities w.e.f April1, 2021 (‘Notified Date’). The Master Direction – Know Your Customer (KYC) Direction, 2016 (‘KYC Directions’) have been updated in line with the said notification.

In this note we have discussed the implications for NBFCs, having customer interface, specifically.

Actionables for financial entities

In compliance with the existing KYC provisions on CKYCR and the Notification, NBFCs shall be required to take the following steps:

For customer who are legal entities, other than individuals and FPIs

  • Ensure uploading KYC data of legal entities whose loan account has been opened after the Notified Date; within 10 days of commencement of an account-based relationship with the customer. It is to be noted that the existing time limit for uploading the documents of individual accounts was 3 days.
  • Ensure uploading KYC records of legal entities on CKYCR, whose accounts are opened before the Notified Date, while undertaking periodic updation[2] or otherwise on receipt of updated KYC information from the customers. (When KYC information is uploaded during periodic updation or otherwise, it must be ensured that the same is in accordance with the CDD process as prevailing at such time.) Such uploading may not be required for loan accounts that are closed before undertaking the first periodic updation after the Notified Date.
  • Communicate the KYC identifier generated after uploading of KYC information to the customer.

 For individuals

  • Ensure that the existing KYC records of individual customers pertaining to loan accounts opened prior to April 01, 2017, should be incrementally uploaded on CKYCR at the time of periodic updation or earlier when the updated KYC information is obtained/received from the customers. (When KYC information is uploaded during periodic updation or otherwise, it must be ensured that the same is in accordance with the CDD process as prevailing at such time.) Such uploading may not be required for loan accounts that are closed before undertaking the first periodic updation after the Notified Date.
  • Ensure uploading KYC data of individual loan account opened after the Notified Date; within 10 days of commencement of an account-based relationship with the customer.
  • Communicate the KYC identifier generated after uploading of KYC information to the customer.

Clarification with respect to identity verification through CKYCR

There has been a confusion regarding validity of identity verification done by fetching KYC details from the CKYCR. While the provisions of the Prevention of Money Laundering Act, 2002 (PMLA) and rules thereunder as well as the operating guidelines clearly state that if the customer submits KYC identifier for identity and address verification, no other documents need to be obtained.

The KYC Directions have remained silent on the same for long. The Notification also clarified that-

“Where a customer, for the purpose of establishing an account based relationship, submits a KYC Identifier to a RE, with an explicit consent to download records from CKYCR, then such RE shall retrieve the KYC records online from CKYCR using the KYC Identifier and the customer shall not be required to submit the same KYC records or information or any other additional identification documents or details, unless –

  • there is a change in the information of the customer as existing in the records of CKYCR;
  • the current address of the customer is required to be verified;
  • the RE considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.”

Hence, for the purpose of verification, what is necessary is the KYC Identifier and an explicit consent from the customer to download his/her KYC information from the CKYCR.


The template for uploading KYC information of legal entities on the CKYCR portal has been formulated and shall be live on CERSAI Platform shortly. Financial institutions shall be required to ensure uploading of KYC information of legal entities w.e.f. the Notified Date. Further, additional obligations have been placed on financial institutions in terms of uploading KYC documents for existing customers and intimation of KYC identifier to all customers. Clarification regarding the validity of KYC verification using data from CKYCR is a welcome move.



[2] As per para 38 of the KYC Directions- Periodic updation shall be carried out at least once in every two years for high risk customers, once in every eight years for medium risk customers and once in every ten years for low risk customers as per the prescribed procedure.