Introduction of Digital KYC
Anita Baid (anita@vinodkothari.com)
The guidelines relating to KYC has been in headlines for quite some time now. Pursuant to the several amendments in the regulations, the KYC process of using Aadhaar through offline modes was resumed for fintech companies. The amendments in the KYC Master Directions[1] allowed verification of customers by offline modes and permitted NBFCs to take Aadhaar for verifying the identity of customers if provided voluntarily by them, after complying with the conditions of privacy to ensure that the interests of the customers are safeguarded.
Several amendments were made in the Prevention of Money laundering (Maintenance of Records) Rules, 2005, vide the notification of Prevention of Money laundering (Maintenance of Records) Amendment Rules, 20191 issued on February 13, 2019[2] (‘February Notification’) so as to allow use of Aadhaar as a proof of identity, however, in a manner that protected the private and confidential information of the borrowers.
The February Notification recognised proof of possession of Aadhaar number as an ‘officially valid document’. Further, it stated that whoever submits “proof of possession of Aadhaar number” as an officially valid document, has to do it in such a form as are issued by the Authority. However, the concern for most of the fintech companies lending through online mode was that the regulations did not specify acceptance of KYC documents electronically. This has been addressed by the recent notification on Prevention of Money-laundering (Maintenance of Records) Third Amendment Rules, 2019 issued on August 19, 2019[3] (“August Notification”).
Digital KYC Process
The August Notification has defined the term digital KYC as follows:
“digitial KYC” means the capturing live photo of the client and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the reporting entity as per the provisions contained in the Act;
Accordingly, fintech companies will be able to carry out the KYC of its customers via digital mode.
The detailed procedure for undertaking the digital KYC has also been laid down. The Digital KYC Process is a facility that will allow the reporting entities to undertake the KYC of customers via an authenticated application, specifically developed for this purpose (‘Application’). The access of the Application shall be controlled by the reporting entities and it should be ensured that the same is used only by authorized persons. To carry out the KYC, either the customer, along with its original OVD, will have to visit the location of the authorized official or vice-versa. Further, live photograph of the client will be taken by the authorized officer and the same photograph will be embedded in the Customer Application Form (CAF).
Further, the system Application shall have to enable the following features:
- It shall be able to put a water-mark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by Reporting Entities) and Date (DD:MM:YYYY) and time stamp (HH:MM:SS) on the captured live photograph of the client;
- It shall have the feature that only live photograph of the client is captured and no printed or video-graphed photograph of the client is captured.
The live photograph of the original OVD or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall also be captured vertically from above and water-marking in readable form as mentioned above shall be done.
Further, in those documents where Quick Response (QR) code is available, such details can be auto-populated by scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e-Aadhaar downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be auto-populated by scanning the QR available on Aadhaar/e-Aadhaar.
Upon completion of the process, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to client’s own mobile number. Upon successful validation of the OTP, it will be treated as client signature on CAF.
For the Digital KYC Process, it will be the responsibility of the authorized officer to check and verify that:-
- information available in the picture of document is matching with the information entered by authorized officer in CAF;
- live photograph of the client matches with the photo available in the document; and
- all of the necessary details in CAF including mandatory field are filled properly.
Electronic Documents
The most interesting amendment in the August Notification is the concept of “equivalent e-document”. This means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the client as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016 shall be recognized as a KYC document. Provided that the digital signature will have to be verified by the reporting entity as per the provisions of the Information Technology Act, 2000.
The aforesaid amendment will facilitate a hassle free and convenient option for the customers to submit their KYC documents. The customer will be able to submit its KYC documents in electronic form stored in his/her digital locker account.
Further, pursuant to this amendment, at several places where Permanent Account Number (PAN) was required to be submitted mandatorily has now been replaced with the option to either submit PAN or equivalent e-document.
Submission of Aadhaar
With the substitution in rule 9, an individual will now have the following three option for submission of Aadhaar details:
- the Aadhaar number where,
- he is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 or
- he decides to submit his Aadhaar number voluntarily
- the proof of possession of Aadhaar number where offline verification can be carried out; or
- the proof of possession of Aadhaar number where offline verification cannot be carried out or any officially valid document or the equivalent e-document thereof containing the details of his identity and address;
Further, along with any of the aforesaid options the following shall also be submitted:
- the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962; and
- such other documents including in respect of the nature of business and financial status of the client, or the equivalent e-documents thereof as may be required by the reporting entity
The KYC Master Directions were amended on the basis in the February Notification. As per the amendments proposed at that time, banking companies were allowed to verify the identity of the customers by authentication under the Aadhaar Act or by offline verification or by use of passport or any other officially valid documents. Further distinguishing the access, it permitted only banks to authenticate identities using Aadhaar. Other reporting entities, like NBFCs, were permitted to use the offline tools for verifying the identity of customers provided they comply with the prescribed standards of privacy and security.
The August Notification has now specified the following options:
- For a banking company, where the client submits his Aadhaar number, authentication of the client’s Aadhaar number shall be carried out using e-KYC authentication facility provided by the Unique Identification Authority of India;
- For all reporting entities,
- where proof of possession of Aadhaar is submitted and where offline verification can be carried out, the reporting entity shall carry out offline verification;
- where an equivalent e-document of any officially valid document is submitted, the reporting entity shall verify the digital signature as per the provisions of the IT Act and take a live photo
- any officially valid document or proof of possession of Aadhaar number is submitted and where offline verification cannot be carried out, the reporting entity shall carry out verification through digital KYC, as per the prescribed Digital KYC Process
It is also expected that the RBI shall notify for a class of reporting entity a period, beyond which instead of carrying out digital KYC, the reporting entity pertaining to such class may obtain a certified copy of the proof of possession of Aadhaar number or the officially valid document and a recent photograph where an equivalent e-document is not submitted.
The August Notification has also laid emphasis on the fact that certified copy of the KYC documents have to be obtained. This means the reporting entity shall have to compare the copy of the proof of possession of Aadhaar number where offline verification cannot be carried out or officially valid document so produced by the client with the original and record the same on the copy by the authorised officer of the reporting entity. Henceforth, this verification can also be carried out by way of Digital KYC Process.
[1] https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566#F4