Several Founders, Co-Founders, CXO Bankers, CXO Fintech professional & people who participated in the ePanel discussions:
- Mr. Sony A, Head – Digital, South Indian Bank
- Mr. Narayan Rao, Chief Services Officer, Suryoday Small Finance Bank
- Mr. Abhishek Arun, Senior Vice President, Paytm
- Mr.Topendra Bhattacharjee, Head – Digital Bank, Direct Channels and Analytics, RBL Bank
- Mr. Anupam Mishra, Head – Digital Banking, Cards & Payments, Jana Small Finance Bank
- Mr. Vikas R Panditrao, Co-Founder, Forum of Industry Academic Knowledge Sharing (FIAKS)
- Many other CEO/CXO Bankers & Fintech professionals on FIAKS Forum requested to remain anonymous
When Section 57 of the Aadhaar Act was struck down, not only did FinTech and Payment systems suffer, but it also left a lot of people confused. KYC (Know Your Customer) and verification processes only became more obscure. Private entities and corporates could no longer demand the Aadhaar number for identity verification of their customers.
Awaited and required amendments were made to the Prevention of Money Laundering Rules were made on 13 February 2019 (‘PMLA Notice’) that allowed Aadhar to be used as a document for identification while protecting personal and sensitive data of borrowers. On 2nd March 2019, amendments were made to the Aadhaar and Other Laws (Amendment) Ordinance, but the RBI did not specifically clear up the ambiguity in terms of the Aadhar’s operative guidelines. The RBI finally announced much-needed amendments in the KYC Master Directions on 29 May 2019.
As per the PMLA Notification, proof of Aadhaar Number is an ‘Officially Valid Document’ (OVD). Aadhaar Number will be accepted in the form of Aadhaar Letter, Downloaded Aadhaar (e-Aadhaar), QR Code Aadhaar, Paperless Offline e-KYC Aadhaar (an XML document generated by the Authority).
The amendments in the KYC Master Directions allow offline verification of customers, stipulates that NBFCs (non-banking financial companies) can only request Aadhaar if provided willingly and ensures the privacy and safety of the customers by implementing compliance. The FIAKS community held a discussion on Aadhaar now being an Officially Valid Document (OVD).
One member pointed out that it clears up which forms of Aadhaar can be used for verification processes. Another stated that although FinTech companies are treated as secondary citizens in India, all kinds of companies were using Aadhaar and quite often misusing it.
One implication of this amendment is that Biometric authentication has a success rate of 70% approximately. Being able to switch to taking a photo of Aadhaar if biometric KYC is not working will be greatly helpful without worrying about having to sign up for DBT (Direct Benefits Transfer).
However, one still cannot complete the full e-KYC process through Aadhaar with OTP. It still warrants a physical interface, although it does make the onboarding process a little easier for the customer. OTP based eKYC is allowed, with consent, for accounts with a balance of only Rs. One Lakh, and valid only for one year within which KYC needs to be done physically at the branch, after which the account is allowed to hold further balances.
To all this, a member questioned, “So Banks can open an account without DBT opt-in basis Aadhar based KYC methods mentioned in the Gazette above *AND* Aadhar OTP based eKYC ( with restrictions ). Right?”
“A matter of interpretation I would say. Now with this notification, an Aadhaar card is a valid OVD. And instead of collecting a physical photocopy and affixing an OSV seal and signature, we can click a photo and there will be a digital trail of the OSV – based on login credentials, date + timestamp, and even geo-tagging.”, replied a contributor.
Some questioned the point of OTP based KYC, and it’s a correlation with DBT. One specifically asked in case of DBT opt-in and Aadhar based KYC, would there be any impact if DBT registration fails due to:
a) incorrect existing DBT account
b) DBT locked with an existing account
Well, in both scenarios, the new account would get opened ( with DBT opt-in) but DBT registration itself would fail.
Here’s an explanation to help you understand the scenario better:
“1. There was a 40% rejection rate in DBT registrations due to incorrect details. This was dealt with by going back to the customer and making all efforts to correct the details and switching the DBT account.
2. Then, NPCI provided an API to upfront validate the customer’s DBT status so if you integrate this in the front end application, the chances of registration failing is nil.
3. Having said that, with the Aadhaar amendment, it does not matter if it is DBT opt-in or not, you can open an account with eKYC.”
Here’s the sequence of events that led up to the current amendment:
- Aadhaar was made mandatory after demonetization
- The PMLA was amended and in the new list of OVDs, Aadhaar was deleted. This meant that if e-KYC was not used, then banks had to collect any OVD other than Aadhaar for opening an account.
- In late 2018, the Supreme Court struck down Sec 57 of Aadhaar Act which meant private entities including banks could not access e-KYC.
- UIDAI then clarified that after getting legal confirmation, they were of the view that it is not only desirable but obligatory for banks to use e-KYC and AePS as long as the purpose is to provide DBT to an existing or potential beneficiary of such scheme.
- Banks restarted the e-KYC after obtaining a declaration from customers that account is opened shall be for DBT purposes. But technically the control on this is simply not possible as the customer could switch to another bank for DBT later.
- On Mar 3, Govt passes an ordinance for allowing e-KYC available to banks and Telco as long as it is voluntary.
- The PMLA is once again amended so as to include Aadhaar as an OVD as paper Aadhaar and offline KYC became important.
By the way, Banks and Telcos can do eKYC for non-DBT also, but only with
(a) informed consent and
(b) required security measures of masking the number and implementing Aadhaar vault.
Now that Aadhar is an Officially Valid Document, we hope that the ambiguity in banking and FinTech verification processes will be dealt with, along with ensuring the privacy of these Aadhaar holders.
What are your views on this? We’d love to know! Any question for our panel of experts? Feel free to ask.
Ms. Anuradha Panditrao, Founder of Forum of Industry and Academic Knowledge Sharing(FIAKS) acknowledges and thanks the contributions of the FIAKS Community members in creating intellectual pull by participating in the discussions.
Bibliography: