Digitisation Of KYC Process
One hopes that with the increasing technological advancements and proof of concept/sandbox driven approach, the regulators will be forthcoming in recognising innovation.
Photo Credit : Shutterstock
Know your customer (KYC) checks refer to a due diligence process carried out on customers availing financial services to ascertain (a) identities of such customers; (b) proof of their residency; and (c) source of their finances. The objectives intended to be achieved by KYC include prevention of money laundering and ensuring individual accountability from a taxation perspective. In India, the primary obligation to conduct KYC on customers is on banks, financial institutions, intermediaries or persons carrying on a designated business or profession - mainly in the nature of financial services. Depending on the sector in which financial services operate, different regulators (such as the Reserve Bank of India, Securities Exchange Board of India, Indian Renewable Energy Development Agency Limited, Pension Fund Regulatory and Development Authority) have adopted different rules for KYC. The rules regulate responsibility, methods, periodicity, data protection, privacy, and outsourcing aspects of KYC.
Until the launch of Aadhaar, KYC was mainly carried out by way of physical means through collection and verification of physical certified copies of identity-related documents, followed by visits to and by the customers. The process was costly, cumbersome and acted as a deterrent for financial services providers in broadening their customer base.
The launch of 'Aadhaar', a 12 - digit unique identification number issued by the Unique Identification Authority of India (UIDAI) played a significant role in facilitating digitization of KYC by providing avenues for digital identity verification. It made KYC easy, efficient, secure and paperless, forming the backbone of emerging technology-based financial services companies (Fintechs) not only from a cost perspective but also ensuring operational ease. Specifically, in the retail lending segment, it played a crucial role in the gradual transformation of the population from a debt-averse society to a leveraged community.
However, with the striking down of Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits And Services) Act 2016 (Act), providing for usage of Aadhaar for the purpose of establishing the identity of an individual by the State or any body corporate or person under any law or contract by the Supreme Court of India in Justice K.S Puttuswamy (Retd.) and Another v. Unions of India and Others (Writ Petition No. 494/2012), Aadhaar based KYC was put to an abrupt stop. Predictably, creating a huge turmoil in the market and forcing Fintechs to explore other means of carrying out KYC.
While the government did try to damage control by passing the Aadhaar and Other Laws (Amendment) Act 2019 (Amendment Act), the Amendment Act is fraught with uncertainties. For instance, the Amendment Act differentiates between Aadhaar based "authentication" and "offline verification" and the degree of care that needs to be adopted by the person eligible to adopt these processes. The differentiation in itself is fine, however, there is no clarity on the meaning of "offline verification". "Offline verification" is defined "as the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations". But the Government has not taken any steps for passing these regulations yet. On a separate note, an offline verification process was launched by UIDAI, but it hasn't seen mass adoption and is yet to be recognised under the regulations. The strength of technology to be adopted by eligible entities for "authentication" is also yet to be clarified, like the much-needed clarification on "alternate virtual identity". The objective of the Amendment Act was to balance concerns of privacy against the perils of personal sensitive information of people, which was accessible under the Aadhaar based authentication. However, it's still not compelling enough to encourage mass adoption.
Outside the Aadhaar regime, some of the other innovative means like real-time video calling, use of digital media recordings etc. are still subject to regulatory uncertainty. For instance, non-banking finance companies are still forced to undertake either (i) consent-based offline verification prescribed under the Amendment Act; or (ii) undertake OSV (originally seen and verified) copies of identity-related documents making physical verification imperative. Non-face-to-face means of KYC checks are allowed but only for a limited duration and nominal quantum. Commendable ideas like the Central KYC Registry have been implemented. However, the registry is not integrated with Fintechs across sectors and currently caters only to a limited section of consumers and financial service providers.
There has always been a wide gap in innovation in technology and the adoption of it. Regulatory impetus has been a huge encouragement for mass adoption. However, the apparent mismatch in the perspective of the innovators and regulators in the use of technology in KYC has resulted in undesirable ambiguity. While the innovators view technology not only an efficient tool for providing access to finance but also as a potential safeguard against frauds, the regulators have always bent on the side of caution in timely recognition of technology. One hopes that with the increasing technological advancements and proof of concept/sandbox driven approach, the regulators will be forthcoming in recognising innovation.
By Smita Jha, Principal Associate, Khaitan & Co. and Anurag Singh, Associate, Khaitan & Co.