Ever since the RBI amended the KYC master directives (28th April and 4th May), clients have been calling us to ask for clarity on the regulations.
I know, the guidelines are confusing in a lot of places.
So at IDfy, we’ve decoded the changes and made it easy for you!
Let’s look at them one by one:
1. CKYC for Aadhaar
RBI has mentioned that CKYC pull is now recognized as one of the modes to perform KYC.
But is that a good thing?
Well, not in isolation. There’s a lot more nuance.
You see, CKYC pull has its own set of issues. To start with, the document quality in the registry is unpredictable. So you may have problems reading the data, which could lead to incorrect names being stored or populated.
In addition to that, you can’t be sure whether the data belongs to the person who you’re actually onboarding. For example, a person named Ajit may provide someone else’s PAN number, let’s say Varun’s. In this case, you will not be able to verify whether it’s Ajit or Varun in reality. And that means Varun could end up with a loan he had not even applied for. I’m sure that’s not something you’d want, right?
This is why, RBI expects that the RE takes explicit consent from the customer before the CKYC pull. But that’s not all.
The RE should also perform the required due diligence on the documents (such as ensuring that the document is valid and belongs to that particular individual).
So how do you solve this?
We’d say that Video KYC is one of the most powerful modes to do KYC. But if that’s not feasible, REs should ensure that consent is taken from the user and also do a face match/liveness check to be sure that it’s the same person whose KYC is being performed and not a fraudster.
IDfy not only has CKYC APIs to pull the user’s data with PAN/Aadhaar, but we can also read these poor-quality KYC images with 99% accuracy! This means that even low-resolution images can give you accurate results. We also have a powerful set of face match APIs that can help you do the required due diligence by matching the picture in the document with the live picture of the customer.
2. VCIP
With regard to video verification, RBI made some more clarifications:
- If the cloud model is used to deploy the platform, the RE needs to make sure that it has complete ownership of the data
- The V-CIP infrastructure should undergo the necessary tests & audits conducted only by impaneled auditors under CERT-In
- Earlier, the regulator had said that the XML file/QR code generation date should not be later than 3 days from the date of carrying out V-CIP. With the latest guideline, this has been changed to 3 working days
- Lastly, the RBI has now formalized the call reconnecting feature by adding that disruptions of any kind should not lead to the creation of multiple files
IDfy is a pioneer in the Video solutions space, and here’s how our solutions can help you:
- We offer V-KYC solutions both in a single-tenant as well as in a multi-tenant setup. We also ensure that the complete ownership of the data rests with the RE and we don’t retain any of the data on our servers, as per RBI norms
- Our V-KYC solution has a powerful reconnect feature to ensure that the session stays active despite a connection failure. This makes sure that only a single file is needed and the customer need not redo the journey again
3. Customer Due Diligence (CDD) for legal entities
There were also some changes with regard to GST, beneficial ownership, and overall customer due diligence.
- GST Verification: Wherever the GST number is available, it’s mandatory to verify it before onboarding the entity
- Beneficial owner: The minimum threshold for an individual to be identified as a Beneficial Owner of a Company & Trust, which was 25% and 15% respectively, has now been changed to 10%
- Registration certificate: RBI now recognizes the Udyam registration certificate as valid business proof for sole proprietorships
- Some additional documents/information will need to be declared/obtained for CDD, as below:
- Name of relevant persons holding senior management
- Registered office & principal place of business (if they’re different)
4. KYC Updation
There’s good news on this front – In case of a change in KYC status, earlier, V-CIP was mandatory for periodic KYC updation. But with the recent update, RBI KYC guidelines say that Aadhaar-OTP-based e-KYC in non-face-to-face mode can also be used to update KYC details.
5. High-risk categorization
The regulator said that customers having accounts opened in the non-face-to-face mode via Aadhaar verification modes like CKYC & Digilocker along with PAN verification would be subject to high-risk monitoring until customer identity is verified face-to-face or through V-CIP.
However, If the RE has a provision to do V-CIP, then that should be the first option given to customers, followed by the non-face-to-face mode of KYC
6. Wire Transfers
The new amendments also talk about the information requirements both for domestic & cross-border wire transfers (including the originator and beneficiary information), and batch transfers.
Essentially, this means that the regulated entities will now have to perform identity verification of the originator or beneficiary depending on its role in the transaction before it can process the transfer.
7. Changes in AML Lists
With regards to the AML rules:
- The RBI has asked REs to run checks against –
- All the 14 UNSC Sanctions Lists (as opposed to 2 lists earlier).
- Lists in the First & Fourth Schedule of the UAPA Act, 1967 (was already present earlier, before this amendment)
- The lists now need to be updated on a daily basis (especially the UNSC Sanctions List)
- There is no guideline specifically on how periodically the AML checks have to be run for the existing customer base. The general industry practice is these are done on a monthly basis
It is impressive to see the emphasis that RBI is putting on AML norms with the recent amendment. If you ask us, it’s a huge step forward in ensuring fraud mitigation in the financial sector!
At IDfy, our AML Solution already covers all the new lists as mentioned by the RBI that are updated at a frequency of 15 minutes – suiting RBI’s daily list updation requirements. We also offer the periodic screening facility for AML as is now required by RBI – right from daily monitoring to quarterly monitoring, as needed.
Are you worried about complying with these RBI KYC guidelines?
No need to fret! As I said, at IDfy, we have a suite of solutions that comply with the latest guidelines, like
- CKYC pull (with 99% accuracy) + face match APIs
- Video KYC solutions as per the latest guidelines
- RiskAI, which gives you a comprehensive solution for UBO, GST, Udyog, and Udyam Verification APIs
- AML tools covering all the lists mentioned by RBI
If you’re looking to explore these or more, reach out to us at shivani@idfy.com or fill out the form here. The best part is, with these APIs, you can integrate and go live in less than a week!