LEGAL HOLDING ON E-KYC

In India, concept of E-KYC was introduced under The Prevention of Money Laundering Act 2002. After such introduction, details regarding the procedure to carry out such E-KYC was released separately known as PML Rules (Prevention of Money Laundering). Regulators in India, namely, RBI (Reserve Bank of India), SEBI (Security Exchange Board of India), and IRDA (Insurance Regulatory Development Authority), then interpreted such rules for entities they regulate.

Initially to carry out E-KYC process Government ID (Officially Valid Documents) were used like PAN Card or Voter ID Card etc. However, issues like duplication or creation of fake IDs were realized to be hurdles to carry out the process effectively. Therefore to address this hurdle, Government introduced Aadhaar Card. The system of Aadhaar Card was created very strong and robust to eliminate duplicate and fake identities and also to make it convenient to verify in a simple manner. Also authenticity was ensured after such invention of Aadhaar.

Post such invention of Aadhaar Card, Government amended the PML Rules and mandated Aadhaar based E-KYC mandatory for all. On September 26, 2018, the Supreme Court changed that aspect of mandatory Aadhaar based E-KYC as per PML Rules and made it voluntary for Aadhaar holders to provide their Aadhaar for such process voluntarily.

The amended version of the PML Rules prescribe, Aadhaar based E-KYC by which financial service providers can now verify the documents for process of E-KYC electronically.


Regulations and Legal aspect of E-KYC under regulators
1.RBI ( RESERVE BANK OF INDIA)
  • Banks have been allowed to carry out Aadhaar authentication/ offline-verification of an individual who voluntarily uses his Aadhaar number for identification purpose
  • ‘Proof of possession of Aadhaar number’ has been added to the list of Officially Valid Documents (OVD) with a proviso that where the customer submits ‘Proof of possession of Aadhaar number’ as OVD, he may submit it in such form as are issued by the Unique Identification Authority of India (UIDAI).
  • For customer identification of “individuals”: There is no bar or restriction on the banks to perform Aadhaar based authentication using e-KYC authentication facility for opening bank accounts of the clients, who give such express declaration that he/she is desirous of receiving his/her entitled subsidies of welfare schemes funded from the Consolidated Fund of India in his/her account directly. For non-beneficiary customers, the Regulated Entities shall obtain a certified copy of any OVD (Officially Valid Documents) containing details of his/her identity and address along with one recent photograph.
  • Regulating Entities other than banks may identify a customer through offline verification under the Aadhaar Act with his/her consent.
  • The Reserve Bank of India (RBI) has allowed video-based authentication as an alternative, but such verification will be Aadhaar-based, either online or offline.
  • In video-KYC, the whole process can be carried out simply through a video chat where the customer can display documents. Such video-KYC can be done through Google Duo or Apple FaceTime as RBI has not prescribed any specific application to be use for this purpose. Thus, RBI in its Master Direction approved of such Video-KYC.
2.SEBI (Securities Exchange Board of India)
  • SEBI simplified the account opening process for investors [SEBI wide Circular No. CIR/MIRSD/16/2011 dated August 22, 2011.]
  • Guidelines were issued for uniform KYC requirements for investors while opening accounts with any intermediary in the securities market. [SEBI wide circular MIRSD/SE/Cir-21/2011 dated October 05, 2011]
  • It was clarified that after consultation with Unique Identification Authority of India (UIDAI), Government of India, it was decided that the Aadhaar Letter issued by UIDAI shall be admissible as Proof of Address in addition to its being recognized as Proof of Identity. [SEBI wide Circular no. CIR/MIRSD/09/2012 dated August 13, 2012]
  • SEBI prescribed that in consultation with UIDAI and the market participants, it was decided to accept e-KYC service launched by UIDAI as a valid process for KYC verification. The information containing relevant client details and photograph made available from UIDAI as a result of e-KYC process shall be treated as sufficient Proof of identity and Address of the client.
    [SEBI vide circular no. CIR/MIRSD/09/2013 dated October 08, 2013]
  • SEBI clarified that the usage of Aadhaar card as issued by the UIDAI is voluntary, considering that the Hon’ble Supreme Court, in its judgement dated September 26, 2018, had struck down Section 57 of the Aadhaar Act as “unconstitutional” which means, that no company or private entity can seek Aadhaar identification from clients or investors mandatorily. [SEBI wide circular no. CIR/MIRSD/29/2016 dated January 22, 2016]
  • Entities in the securities market, as may be notified by the Central Government, shall be allowed to undertake Aadhaar Authentication under section 11A of the PMLA. SEBI Registered intermediaries for reasons such as online on-boarding of clients, customer convenience, increased efficiency and reduced time for client on-boarding would prefer to use Aadhaar based e-KYC facility to complete the KYC of the client.
  • These entities would be registered with UIDAI as KYC user agency (“KUA”) and shall allow all the SEBI registered intermediaries / mutual fund distributors to undertake Aadhaar Authentication of their clients.
  • Investors have to authorize intermediaries to access their Aadhaar data through UIDAI system.
3.IRDA (Insurance Regulatory Development Authority)
  • In accordance with the circular issued by IRDA, it was decided that E-KYC services of UIDAI is acceptable for KYC verification subject to specific and express consent of the customer to access his/her data through UIDAI system.
  • IRDA accepted E-KYC service offered by Unique Identification Authority of India (UIDAI) as a valid process for KYC verification.
  • The IRDA circular says, "The acceptability of these services(E-KYC) for KYC purposes under the Prevention of Money-laundering (Maintenance of Records) Rules, 2005, was discussed with the Department of Revenue, Ministry of Finance and operational issues were taken up with the insurers. As an outcome of the same discussion IRDA adopted and accepted the E-KYC facility.
  • Aadhaar based e-KYC service offered by UIDAI for KYC verification was allowed. [IRDA wide circular dated 21st October, 2013 and AML Master Circular dated 28th September, 2015]
  • It was hereby clarified that for accessing the details of the client from UIDAI for identification and authentication, prior consent of the client on a voluntary basis is to be obtained by such Regulated Entities.
  • Insurers shall perform the verification of the client through “E-KYC authentication facility” provided by UIDAI, i.e. authentication through biometric authentication (fingerprint or iris scanning) and/or through One Time password (OTP) received on client’s mobile number or on e-mail address registered with UIDAI.
  • The information downloaded from UIDAI shall be considered as sufficient information for the purpose of KYC verification and would be considered authentic.
  • The records of KYC information so received by such insurer shall be maintained by the insurer as per PML Rules, 2005.
Digital KYC Process under PMLA (Maintenance of Records) Third Amendment Rules 2019

“ Digital KYC” which means capturing of live photograph of the client along with valid documents or proof of possession of Aadhaar card and in case when such offline verification is not possible, then along with geographical location of place where photograph has been taken by an authorized officer as per the provisions of the Act.

Digital KYC process
SR NO. AUTHORITY TASK
1. Reporting Entity Entity Develop an application for digital KYC process and make it available at customer touch points to facilitate KYC of customers and such KYC to be performed only through authenticated application.
2. Reporting Entity Access of such application to be controlled by reporting entities and they should ensure that there is no unauthorised persons accessing application. The application to shall be accessed only through login-id and password /Live OTP/Time OTP.
3. Client The client to visit such locations of authorised official of the Reporting Entity for the purpose of Digital KYC process and carrying along Officially Valid Document during such visit.
4. Reporting Entity Ensure that Live Photograph of the client is taken by authorised officer and same is included in Customer Application Form.
5. Reporting Entity System Application of such entity shall put watermark in readable form including CAF number, GPS coordinates, name of authorised official ,unique employee code and date and time stamp on the captured live photograph of the client.
6. Reporting Entity The application of the reporting entity shall have feature that only Live Photograph of the client can be taken and in no other form and the background while taking such photo should be white colour only and no other person should come into the frame.
7. Reporting Entity Similar care has to be taken while taking photograph of original officially valid document or proof of possession of Aadhaar where offline verification is carried out, such photographs to be taken vertically from above and in proper light to be able to make them clearly readable and identifiable.
8. Reporting Entity Next step would be to that all the entries in the CAF shall be filled as per the documents and information furnished by the client. In case where QR code is available on the documents then manual filing is not required such document could just be scanned.
9. Reporting Entity On completion of above mentioned process an OTP containing message is to be sent to client’s own number which shall include text that “Please verify the details filled in form before sharing OTP”. Successful validation of OTP would be considered as client’s signature on CAF.
10. Reporting Entity In case the client does not have his/her mobile number then mobile number of the family/relatives/known persons may be used and which should be mentioned clearly in CAF. It is the duty of reporting entity to check and verify that personal mobile number of authorised officer shall not be used for KYC purpose.
11. Authorised Officer He/she shall provide a declaration about capturing the live photograph of client and original documents, and for this purpose it will be sent to his mobile number registered with reporting entity an OTP, and upon its validation it will be treated as his signature on such declaration. Live photograph of the authorised officer shall also be captured and included in such declaration.
12. Authorised Officer Further subsequent to all these activities, the authorised officer shall intimate the details regarding transaction, i.e. id/reference id number obtained after due completion of the process to client for future reference.
13. Authorised Officer Authorised officer shall check and verify that: Information contained in documents matches with information entered by authorised officer in CAF and, live photograph of the client matches with photograph in the document and, -all necessary details in CAF including mandatory field are filled properly.
14 Reporting Entity On successful verification, CAF shall be digitally signed by authorised representatives of reporting authority and he/she shall take print of CAF, and take signature or thumb impression of the client at appropriate places. Then scan and upload the same in system. Original Hard Copy to be returned to the client.


Therefore, all of the above information establishes the legal holding with respect to E-KYC Process.