Signzian, Author at Signzy

Making KYC Digital For Mutual Funds In India — Landmark SEBI Guidelines & The Way Forward

Posted on June 3, 2020 | by Signzian

The onboarding process for Asset Management Companies (AMCs) is among the most complex of all client-facing activities. Reams of documentation are exchanged between a client and the investment management firm. It is then distributed throughout the organization. Most of this requires approvals, signatures, and validations.

Digital onboarding requires finalizing legal agreements, Know Your Customer (KYC) and Anti Money Laundering (AML) activities. It also involves opening client accounts on multiple systems and transitioning incoming assets. Each of these activities engages multiple groups throughout the organization. Examples include client service, legal, compliance, and operations. Without well-defined and coordinated procedures, this could lead to errors. Ex: misplaced information, breakdowns in communication, and duplicated efforts are likely. The right-hand needs to know what the left hand is doing in order to properly manage all the hand-offs and moving parts.

Benefits of improving onboarding:-

Ability to generate fees sooner.
Increased potential to cross-sell, additional products, and services.
More referrals from clients due to a positive experience.
Reduced client turnover.
More efficient resource allocation.
Better views into process status.
Fewer mishandled communications and handoffs between the team.
Measurable efficiency through metrics.
Faster addition of new products and services.

Why Digital KYC? The Need For Digitization Of KYC In Mutual Funds

At present, investing in a mutual fund requires a second round of KYC. This is also true even for customers who have completed KYC in their bank accounts. The procedure involves the submission of identification and address proofs along with photographs. The distributor or adviser must physically meet the customer to conduct ‘in-person verification’ for him/her. This requirement greatly hampers the growth of mutual funds online.
It also affects access to mutual fund investments for those in remote areas. In 2019, the Nilekani committee proposed that there should be a simple KYC procedure for opening a mutual fund account funded from a KYC-verified bank account. However, inflows into such a folio and redemptions to it must be restricted to this account.

This leads to the digitization of KYC. Among the many advantages of getting paperless KYC done, the following benefits are most important:

Personal Details are Secure: All information is stored and transmitted on the website with a special configuration. Whether it is your Account Information, Demographic Data, Biometric Data, etc. The KRA, Fund House, or AMC’s Portal is maintained with the highest level of Security. It reduces illegal activities of money laundering, loan scams, identity theft, and fraud.
You are the Boss: The option to invest will always be yours. The digital KYC mechanism is completely dependent on your decision. Not only that, you have the choice of providing access to your details to whomsoever you want. In some cases, if you change your mind. You may not want to invest in Mutual Funds. Whereas, if you opt for offline KYC. It is possible that your self-attested documents end up with unauthorized parties. This risk gets reduced to a large extent by taking the online KYC mode.
Instant Process: No Human element is involved that means no Red Tape is involved. The efficiency in the digital process ensures no delays. Comparatively, the offline process would take at least a few days.
Transparency: Incidents of the KYC documents in illegal and illegitimate persons occurred commonly. Opting for Online KYC, you can avoid such an event. The websites store the data in encrypted servers. It makes the possibility of a breach highly unlikely. Besides, the trespasser or the source of the breach can be traced in online transactions. They can be brought to legal authority with proof.
No Hidden Costs: Some Mutual Funds agents may charge extra amount as KYC Registration fees. And investors need to pay to avoid the hassle of taking time off from work and visiting the Government Agency in person. With eKYC, you do not need to pay in addition to the investment amount.
Compliance: Your data gets validated using the latest technologies. This increases the overall security of the system. It also ensures that the digitally transferred document is legally valid.

The Road To Digitization Of KYC

As per regulatory developments from January 1, 2011, KYC is mandatory for investors wanting to transact in Mutual Funds. This is regardless of the transaction amount. It implies that you will not be able to process any fresh MF purchases post January 1, 2011. This is true except when you are MF KYC compliant as per CDSL Ventures Limited (CVL) norms.

This implies that you can always ask your broker to provide you forms for submission to your KYC. Since there are no charges for mutual funds they may not be useful. As such, it is better you also understand you can get your KYC done. Follow these steps:

1. Get the Form

The KYC application form can be availed from the investor service centers for the particular Fund, CAMS or at any specified ‘Points of Service’ (POS) of CDSL Ventures Ltd. You can also download it from your broker, advisor or AMC.

2. Documents

The following lists the set of documents which are required for submission with the KYC application form:

1. A recent passport size photograph

2. PAN card copy

3. Address proof (Recent bank statement will work but if you have to get your bank statement in the email you need to visit your bank branch to get an original one.)

The document submission can be done at the CAMS Online office in your city. Ensure you carry the originals along with a photocopy of the documents because at times they might need to verify with the originals.

3. Verification

Once the KYC application form and supporting documents are verified, the investors will receive a letter authenticating their KYC compliance. They normally give you the letter in a few hours to a max of 24 hours for this identity verification api .

You can verify your KYC status online. You should verify on the day of form submission that your status is processing. Once it is done, your status should change to VERIFIED.

Actually KYC need not be done at your broker’s end. But some online systems do not accept the order. This can happen if they don’t have the data in their own system and so it is better to get that done as well.

KRA and K-IPV In KYC Collection

SEBI had initiated the usage of uniform KYC by all SEBI registered intermediaries (RIs). This was done to bring uniformity in the KYC requirements for the securities markets. In this regard, SEBI had issued the SEBI KYC Registration Agency (KRA), Regulations, 2011.

KRA is the authority for the centralization of all KYC records and details in the securities market. The client who wishes to open an account with a broker shall submit the KYC details. They can be submitted through the KYC Registration form with supporting documents. The Intermediary is responsible for conducting the initial KYC. The RI should also upload the details to the KRA system. The KYC details are accessible to all SEBI RIs for the same client. So once the client has undergone KYC with an RI, it is not necessary to repeat the same process again with other RIs.

It is compulsory for each client to be registered with any one of the various KRA registered intermediaries. This should be done before availing the benefits of any intermediary. Such benefits include Stock Broker, Mutual Fund Companies, Depository Participant, Portfolio Management Services (PMS) etc.

In-Person Verification (IPV) is part of the process of doing KRA-KYC registration of clients. KRA compliant clients are not required to undergo this process.

Importance Of IPV

The Prevention of Money Laundering Act, 2002 (PMLA), came into effect from 1 July 2005. The Act enforces that no one could use investment tools to hide their illegal wealth. Soon after, SEBI mandated that all intermediaries should adopt the KYC policy. It was also necessary to plan and install certain policies. The policies should follow vis-a-vis the guidelines on anti-money laundering measures.

Since 1 January 2011, KYC compliance has been made mandatory for all investors. This is irrespective of the amount invested and includes the following transactions:

a. New / Additional Purchases

b. Switching Transactions

c. First-time Registrations for SIP/ STP/ Flex STP/ FlexIndex/ DTP

d. Any SIP/STP/trigger-related products which were introduced after the enactment of the act

e-KYC (Know Your Customer) is a value-added feature that is offered by many financial institutions. E-kyc is useful for making the application process convenient. Investors can access it and upload the necessary documents. It can be done from the comfort of their home or office. As previously discussed, this is applicable to only SEBI-approved KRAs. For ex: CVL and CAMS can complete the e-KYC process. This means that Digital KYC can be used for IPV as well.

EKYC — The Miracle Turned Myth

To remove the repetitive submission of documents, SEBI launched the concept of common KYC in 2011. With this move, the first intermediary processes the KYC-related information and sends them to the KYC Registration Agency (KRA). Once your account is created, any other intermediary can make use of the same details in the future for new accounts.

Why eKYC?

The concept of common KYC smoothened things for retail investors, However, it was still a time-consuming process (8–10 days). It also included the problem of in-person verification. This also increased the cost of servicing small investors while preventing immediate on-boarding of new customers.

SEBI launched eKYC in order to make the procedure more investor-friendly. It enabled customers to verify their identity and upload documents digitally. To get started, you only needed to quote your Aadhaar number, PAN number, e-mail id, and mobile number. Once you type in the details, you will receive a one-time password (OTP) in your Aadhaar-registered mobile number. After entering the OTP, the eKYC process would be completed and you could start investing in mutual funds within minutes.

While Aadhaar based eKYC had been introduced as a means for onboarding, there were a lot of discrepancies. This was especially after the Supreme court judgement on the use of Aadhaar based eKYC. It was later reintroduced. This had left a state of confusion and many AMCs continued traditional methods of KYC collection for onboarding. Physical KYCs are more time-consuming. The distributor has to submit the documents to KYC Registration Agencies or KRAs. The KRA nodal agencies have to manually fill in the data in their systems from the applications. If the handwriting is illegible, capturing the KYC data could lead to errors. This would delay the process further.

The SEBI Way Of Digital KYC

In a recent move on April 24, 2020, the Securities & Exchange Board Of India (SEBI) has issued the latest guidelines on the digitization of the KYC process. Some of the highlights are mentioned below:

1. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies form a part of KYC. They are the foundations of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (also known as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor.

2. The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary will continue to ensure to obtain the express consent of the investor. This should be done before undertaking online KYC.

3. SEBI, from time to time has issued various circulars to simplify the process of KYC by investors / RIs. Constant technology evolution has led to multiple innovative platforms being created. These allow investors to complete the KYC process online. SEBI held discussions with various market participants and based on their feedback, technology like Aadhar-based e-Sign service which can facilitate online KYC will now be used. This is done with a view to allow ease of doing business in the securities market.

4. New regulations allow Investor’s KYC to be completed through an online / App-based KYC. There is also provision for in-person verification through video, online submission of Officially Valid Document (OVD) / other documents under eSign. It allows the introduction of VideoKYC, which was also allowed by RBI for the banking sector earlier this year. (Click here< to read more about RBI Guidelines for VideoKYC)

5. SEBI registered intermediary may implement their own Application (App) for undertaking online KYC of investors. The App shall facilitate taking photographs, scanning, acceptance of OVD through Digilocker, video capturing in a live environment, usage of the App only by authorized persons of the RI.

6. The guidelines also allow RIs to undertake the VIPV(Video In-Person Verification) of an individual investor through their App. This is done to ease investor onboarding.

Digital KYC For The New Era

Signzy has developed an AI-based electronic KYC solution called RealKYC. It consists of a host of microservices that provide the following benefits to AMCs

Reduction of TAT: During investor onboarding, the traditional method of KYC collection involves the submission of a lot of documents and processing that is done by several departments and their officers. This can be a time-consuming process but with VideoKYC, the entire process is automated and can be done in a matter of minutes in real-time.
Lower Operational Costs: The onboarding process for a new investor can require several checkpoints that are cost-effective. There is significant manpower involved as well which also raises the cost of onboarding. All these factors can be automated with RealKYC, thereby reducing operational expenses.
Remote Onboarding: With RealKYC, there is no need for investors/entities to pay multiple visits to the physical branch for the processing of KYC. They can simply visit the website and submit all their documents as well as get the verification done, online.

Signzy’s VideoKYC solution offers a simple, secure KYC collection process that is 100% compliant with the latest SEBI Guidelines. The benefits include:

Compatibility With Most User Devices: This solution has matured over dialects, browsers and low-internet scenarios. This means that most users can undergo VideoKYC without any technical pain points.
Improved BackOps; Our Patented AI reduces 90% Backops effort, making onboarding of investors a smooth process.

Conclusion

KYC or Know Your Customer is a compulsory requirement for those wishing to invest in Mutual Funds. It is mandatorily needed by the Market Regulator SEBI (Securities and Exchange Board of India). This identification process needs to be undertaken only once. KYC was introduced to avoid fraudulent activities. eKYC for Mutual Fund was launched for the ease of investors.Digitization of KYC merely changes the mode of KYC collection and not the process.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

PDP Skepticism: Big Brother, Big Tech and a Sandbox

Posted on May 26, 2020 | by Signzian

The politics of data protection can be seen through three lenses. That of the government, the individual, and private companies. The concerns of all three have to be addressed to devise an effective data regulation framework. For the government, pressure is mounting to safeguard citizens’ personal data. However, it is their prerogative to preserve national security. This may require access to personal data to combat illegal activities like trafficking. Companies are grappling to strike a balance between compliance, personalization and interoperability. It then becomes the data regulator’s responsibility to safeguard personal data. But, without risking national security or hampering innovation and economic growth.

The Indian Personal Data Protection Bill (PDP) of 2019 is on the verge of becoming a law. So, questions on it’s power and compliance are at the fore. This blog addresses prominent questions on the bill in the global & national context:

Would PDP compliance result in GDPR (General Data Protection Regulation of the European Union) violation?
Does the bill itself threaten global cybersecurity?
Will government mission creep grow as a side effect?
Is innovation stagnancy a real possibility stemming from the bill?

A preliminary understanding of the data protection regulations in place in the EU and India is helpful. You can take a look at our article comparing the GDPR and PDP Bill.

The intent of the regulations is identical. Both were created to safeguard data and privacy. But, their criteria for compliance is not. This means that if a company’s operation is compliant to the GDPR, it won’t necessarily be PDP compliant. To remain compliant the data fiduciaries will have to chart their course according to the standards of each framework. Both regulations have different requirements and prerequisites. The question is if compliance to any provision in the PDP is contradictory to the needs of the GDPR.

Many obligations overlap or are at different degrees on the same spectrum. But, the International Association of Privacy Professionals (IAPP) points out a problem. Indian companies may find themselves at a crossroads when processing data under the purview of the GDPR. If the data they collected was only on the basis of “contractual performance”.
This is one of the lawful bases that permits an entity to process data under the GDPR. The PDP does not list “contractual necessity” as a legal basis for processing. This is why the confusion arises. Many businesses in the online services environment heavily rely on this criteria to process personal data. It allows an entity to transfer data to another entity as a contractual obligation. For example, shipping a product requires the data to be shared with the deliverers and customs officials. Travel agents require the data be shared with the hotel or airlines.
This creates a grey area. Complying with one regulation may make it difficult not to violate the other. This is because swapping the lawful bases (to comply with the PDP) is not allowed under the GDPR.

It can be assumed that the data fiduciaries/ data controllers are not violating the GDPR when they change the lawful basis. Even then it will be a challenge for larger entities. For example: Companies with several foreign subdivisions. They will have to redefine, re-communicate, and re-implement processes. In particular, data collection, usage, & protection protocols for all parties involved in the data flow.

Does the Indian Personal Data Protection Bill threaten global cybersecurity?

PDP proposes banning re-identification of data. Cybersecurity and privacy researchers have revealed that this discourages researchers. They cannot thoroughly investigate security weaknesses, thereby encouraging cybercriminals to exploit them.

But, what is re-identification? First it’s important to define de-identification and its necessity.

When a company processes an individual’s data, algorithms are used to decouple sensitive details from identifying information. For example: medical records and traces of location separated from phone numbers and email addresses . This is de-identification.

Organizations can recover the link between the users’ identities and their data when required. The reverse process is called re-identification. This is a routine practice when done in a controlled environment designed for security by legitimate entities.

The risk is of malicious parties getting their hands on a de-identified database and re-identifying it. Data breaches and leaks are an increasing concern in our data-fied world. The PDP proposes to criminalize the process of re-identification without consent of user data. It’s called illegitimate re-identification. While this seems only logical, it may threaten global cybersecurity.

Researchers often perform meticulous cybersecurity tests and privacy guarantees without knowledge or consent of an organization. They act with public interest in mind and their work makes the digital world a safer place. The blanket ban could hamper research altogether. With risk of penalties and even jail time, security researchers would not partake in this testing for social good. Worse yet, software vendors might be tempted to instigate legal action against such researchers.

At India’s scale, impeding cybersecurity and privacy research could leave the cyber realm at large to malicious forces. This threatens global cybersecurity.

What exceptions are given to the government and what does this mean?

The bill gives the central government the power to exempt its agencies from the purview of this act. The purpose of revoking the regulations are vaguely defined. It can be

In the interest of sovereignty and integrity of India or
To preserve national security

This thereby eliminates the obligations of consent, accountability and transparency to ensure just processing of data. A regulation drafted for the protection of personal data can rid the government it’s duties and result in mission creep. This can give rise to a Big Brother like situation with the government morphing into a surveillance state under the guise of national interest. In the absence of a privacy law, it can be dangerous for the State to have access to all our personal data.

Are there any provisions for companies working on innovative data driven tech?

Companies are preparing to adapt to the new compliance requirements. But, there are growing concerns for tech companies:

Mounting operational expenses
Compliance constraints
Rising cost of doing business
Increase in barriers to entry

This could limit the ability of new competitors to enter the market. Restrictions on sharing data with third parties could make it difficult for companies to collaborate on data-driven innovation.

There is a massive flux of data across borders. Governments are increasingly considering data and digital infrastructure as integral to national security and economic growth. Developing economies in the past wanted to foster domestic auto production. Today, governments are focusing on endeavors to make their domestic tech industries thrive.

Governments are drafting policies on data infrastructure and technology. This includes data localization constraints, and limits on foreign investment on technology. The aim here by this is to foster innovation at a local level. Barriers and constraints have the tendency to prioritize national goals over global innovation. And so it is important to find the right balance between multiple objectives.

As a welcome counter to such provisions, the PDP introduces the concept of a “sandbox”. It gives the Data Protection Authority the power to modify provisions for certain data fiduciaries. Those that work for “innovation in artificial intelligence, machine-learning or any other emerging technology in public interest”. Under Section 40 of the PDP bill exemptions may be given as part of the sandbox. This includes relaxations. Specifying a clear purpose for data processing and collection may be relaxed. The limits to the period of data retention can be revoked.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Ankit Ratan, CEO-Signzy

A Guide to EU’s New AI Guidelines

Posted on May 15, 2020 | by Signzian

The data economy can be a Catch-22. It can succumb to corporate surveillance capitalism on the one hand and an authoritarian digital “welfare” state on the other. The European Union (EU) places itself as the alternative to both. Its strategy to regulate technology over the next decade is to set that precedence. Whether it is successful is up for interpretation. On 19th February 2020, the European Commission (executive branch of the European Union) published a 26-page whitepaper on Artificial Intelligence (AI). The paper titled a European Approach to Excellence and Trust states the EC’s intent to regulate and advance AI.

This blog will explore the reach, requirements, and reservations of the guidelines the whitepaper introduces.

Reach: A Risk Barometer Approach

The whitepaper will have consequences for those using and developing AI. To be specific, businesses that are participants of the data economy. It’s drafted to effectively regulate AI while not being dictatorial. Strict measures could create a disproportionate burden for SMEs.

The paper defines AI as

“Systems that display intelligent behavior by analyzing their environment and taking actions — with some degree of autonomy — to achieve specific goals.”

However, the proposed requirements will mainly affect AI which is deemed “high-risk”. This is enumerated by the EC as:

“…deployed in health care, transport, energy and parts of the public sector, or if it is used in the employment sphere (for recruitment puposes or in situations impacting worker’s rights), or for remote biometric identification and other intrusive surveillance technologies.”

Due to this definition and set scope, the suggestions would not apply to advertising technology or consumer privacy. The assumption here is that risk can be finitely calculated. This leaves many contentious issues outside of the purview of the guidelines. For example, data brokers that leverage AI to predict identities and hyper-targeted advertising.

It is anticipated that the new framework will have extraterritorial impact, like the GDPR.

Requirements: The Precursor to Compliance

The AI applications classified as high-risk would be regulated by the following key features. These center on safety, security, fairness and transparency:

Training data
The paper reiterates that if there is no data, there is no AI. The decisions and performance of an AI are dependent on the data sets it has been fed and trained on. To ensure that the services or products that the AI system enables are safe, the requirements dictate that it must be trained on a broad enough data set. The training data must also be representation to avoid inadvertent coded discrimination. The data collected to adhere to privacy and data protection standards i.e. the GDPR. (Interested in reading more on the data protection regulations in place in the EU and India? Take a look at our article comparing the GDPR and PDP Bill)
Data and record-keeping
Considering the opacity and complexity of many AI systems, certain requirements are put forth to verify compliance. It could allow potentially problematic decisions or actions by the AI to be traced back. The regulatory framework proposes that the following records can be kept:
a. Records related to the programming of the algorithm
b. Data sets used to train and test the high-risk AI systems (when justified) along with a description of their main characteristic and the reason for their selection
c. Documentation on the algorithm and the training methodologies adopted to build, test, and validate the AI
Information to be provided
Apart from the above information, the AI system’s limitations and capabilities must be proactively provided. It should also mention the degree of accuracy to which the system can achieve a specific purpose. This information could be useful to those deploying the AI application. The whitepaper reiterates that citizens should be duly informed when they are interacting with an AI and not a real person. The details should be easy to understand, concise and objective.
Robustness and accuracy
Across the AI system’s life cycle, it must correctly reflect its own degree of accuracy. The whitepaper mentions that the outcomes should be reproducible. The AI system must be able to deal with errors and inconsistencies. It should endure overt attacks, and be resilient against manipulated data.
Human oversight
The AI system must be ethical and trustworthy. To not undermine human autonomy, the whitepaper insists on the AI being human-centric. This could manifest in different ways depending on the system’s purpose and functioning:
a. Output is reviewed and validated by a human before it becomes effective. For example, human intervention needed to approve a person’s KYC.
b. Human intervention post the output being effective. For example, reviewing why the AI rejected a credit application, after the decision was put into effect.
c. Monitoring the operation of the AI system. This is with the possibility to intervene and stop its functioning in real time. For example, a deactivate button in a driverless car.
d. Constraints integrated during the design phase. For example, a driverless car will stop when visibility is low.
Specific requirements (Example: For AI applications used for remote biometric identification)
The application of AI systems for functions such as facial recognition affects the fundamental rights of a citizen. For example the right to a private life and the protection of one’s personal data. Processing of biometric data is to uniquely identify a person. This can only be done in special circumstances with adequate safeguards. The whitepaper declares that the EC will begin a “broad European debate”- on what these circumstances are and their justification.

Reservations: Missing the Mark

The proposed guidelines address issues of personal data protection and pivacy rights, non-discrimination, and cybersecurity. But, it seems to miss the perils of “low-risk” technologies with weakened guidelines.

The whitepaper overlooks that the classification of low risk is not absolute. This could actually be very risky for some. The harms of technology are often amplified to disproportionately affect the marginalized.

A draft version of the whitepaper was leaked in January. Held against that, the new criteria are feeble attempts to regulate the possible adverse implementations of AI. Here, the draft proposed a prohibition or what is called a “moratorium” on facial recognition in public spaces for 5 years. But, the released guidelines are merely a call for a “broad European debate” on the facial recognition policy.

Stakeholders can give their insights on the whitepaper by 31st May 2020. The EC will start drafting legislation based on the proposal and feedback at the end of 2020.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

A more reliable, secure and private video conferencing

Posted on May 11, 2020 | by Signzian

Till the COVID-19 pandemic tapers down, work from home and remote functioning have become our current “normal”. We’re in a time where digital transformation has been forced upon companies to remain afloat and surf the wave of changes this situation calls for.

Work processes are adopting new workflows and technology to ensure this period is productive and not stagnant. Staying connected is at the top of the list of work from home priorities. All interaction and meetings have now taken to calls and video conferencing. Third party video conferencing tools were aggressively downloaded by millions in this span. A few weeks in, however, privacy concerns have started circling many video conferencing platforms.

Privacy plague

Video conferencing has surged in popularity recently. Everything is being done online. From taking school lessons, virtually attending weddings, and hosting cabinet meetings. But, it’s privacy shortcomings have now been brought to the fore. In an era of social distancing, as everything takes to the digital, online security cannot be distanced from. It is imperative to protect personal data and organization data shared over the digital space. With most of the tech industry holed up at home, the sheer volume and frequency of shared data has multiplied.

In the past few weeks an online harassment method termed “Zoombombing” emerged [1]. Malefactors disrupted calls on the platform Zoom by flashing inappropriate content such as pornography, hate speech, and shock videos. Privacy advocates also revealed that popular video conferencing tools were caught sending personal data to Facebook. News reports are replete with such privacy concerns exposing these apps’ vulnerabilities.

Whether you’re the type to have tape over your laptop camera or not, it is safer to distance yourself from unsafe platforms. At the same time, privacy does not have to be sacrificed at the feet of convenience.

Digital Trust for Banks and Financial Institutions

For banks and financial institutions, it is imperative to maintain processes that do not jeopardize the privacy of their customers. And at the same time offer protection from fraud. A successful example of a banking workflow that is adapted to be 100% digital is the Know-Your-Customer process for onboarding and customer verification.

Using VideoKYC ensures there are no compromises on safety standards. We have honed the process with numerous layers of checks and balances. These include AI-enabled video forensics and identity document checks. They eliminate security gaps by combining human scrutiny with both software and ML and AI-enabled learning.

While generic video conference tools are not secure enough for financial services, our systems have always been designed for banking grade technology. We’ve developed our tools in a way that banks and financial institutions trust us with their data. This has now been taken a step further with our video-conferencing tool. It is developed keeping the needs of banks and financial institutions in mind.

In some cases the COVID-19 crisis is serving as an impetus to go digital. In other cases digital help is needed to coordinate between offsite and onsite officials. It is a daily need for confidential cross-country interaction. Either way video conferencing is essential to preserve uninterrupted work.

Enumerated below are some uses and features of this technology:

Since it is a safe and secure method of communication with no scope of privacy infringement, banks can schedule a call with the customer. This will cut down on the back and forth time that accompanies financial transactions.
Instead of the relationship managers from banks having to be physically present, they can now use our tool to communicate with the users. With COVID-19, this can help ensure banks continue their normal functioning, with higher efficiency. Our compliant VideoKYC has now merged with video conferencing, allowing REs to clarify issues in real time.
The features are customizable for the bank. The organizer (bank) can restrict the functionalities available to the user. For example, a bank can decide they do not want to let the user switch off video during the interaction.
The technology is good for auditing the call. Any breach in protocol can be caught through this auditing. Since this has been developed keeping banks in mind, no other third party software enables this.

Certainty of security in a time of uncertainty

We can’t say till when you’ll have to work from home. But, we can ensure that our tools are tested to be secure, simple, and even compliant.

No leakage of data
The platform prevents the leakage of personal data such as email IDs and photos.
End-to-end encryption
We ensure end-to-end encryption of all data shared over our platform. A third party cannot decrypt the calls.
Seamless communication
While the technology ensures full protection of the interaction, the UI ensures it is also easy to use and seamless.
Only a person with an invitation can join the call. This prevents any hackers or miscreants from disrupting the call. Our video conferencing tool ensures there is no scope for malicious activity such as “Zoombombing” to occur.
Signzy has control over the data flow. There have been recent concerns where data is being routed through China by video conferencing platforms [2].

Companies that adopt Signzy’s secure video conferencing have one less thing to worry about in these strange times.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Digital KYC on Securities & Trading or DEMAT Accounts

Posted on May 9, 2020 | by Signzian

The Know Your Client or Know Your Customer (KYC) is a standard process in the investment industry. It ensures investment advisors know detailed information about their clients. This includes risk tolerance, investment knowledge, and financial position. The KYC process conducted during investor onboarding protects the interests of both clients and investment advisors. Clients are protected as their investment advisor knows the best choices for investments. Similarly, investment advisors know what they can and cannot include in the portfolio.

KYC compliance basically revolves around certain necessities and policies. This includes risk management, customer acceptance policies, and transaction monitoring. However, the need for digitizing the KYC collection process is crucial in these times.

KYC in Securities Industry — Rules & Regulations

The Know Your Client (KYC) rule is an ethical requirement of the securities industry. This includes those who interact with customers during investor onboarding and maintaining accounts. There are two rules which were implemented in July 2012 that are applicable in this regard.

1. Financial Industry Regulatory Authority (FINRA) Rule 2090 (Know Your Customer)

2. FINRA Rule 2111 (Suitability)

These rules are designed to protect both the broker-dealer and the customer. The rules provide a mutually beneficial agreement to both parties.

FINRA 2090

The Know Your Customer Rule 2090 cites that every broker-dealer must provide logical effort during investor onboarding and maintaining customer accounts. It is a requirement to maintain records on the demographics of each customer. It is also required to identify each individual who has the capacity to act on the customer’s behalf.

The KYC rule is crucial for the start of a customer-broker journey. It establishes the essential facts of each customer. This has to be done before any recommendations are made. These are required to service the customer’s account effectively. It also provides awareness of any special handling instructions for the account. The broker-dealer needs to be familiar with each person who has the authority to act on behalf of the client. It is necessary to follow all the laws, regulations, and rules of the securities industry.

FINRA 2111

As found in the FINRA Rules of Fair Practices, Rule 2111 goes in tandem with the KYC rule. It covers the topic of making recommendations. Suitability Rule 2111 mandates that a broker-dealer must have sensible grounds on which to make a recommendation. This must be customer-based and depend on the client’s financial situation and needs. This ensures that the broker-dealer has checked the facts and profile of the customer. This must also include the customer’s other securities. This should be done before making any purchase, sale, or exchange of securities.

KYC For Trading/DEMAT Accounts

Know Your Customer (KYC) is a primary requirement for opening your trading-cum-DEMAT account with a broker. What does KYC mean and why does SEBI mandate KYC for opening a DEMAT account? The perception is that the customer has relevant documentation for online ID verification. It also checks whether the flow of funds have a distinct record through banking channels. Today, it is not possible to activate a DEMAT account without KYC. As per SEBI (Securities and Exchange Board Of India) guidelines, KYC is a must.
When you open the DEMAT account, the DP / broker will ask you to fill up a KYC form along with your client agreement form. KYC requires basic paperwork and submission of essential documents. It also requires originals for complete verification.
KYC norms were put out by the RBI in 2002 and have been adopted by SEBI for all investment-related activities. This includes opening a trading account, DEMAT account, mutual fund investments, etc. The idea was to cut down on corrupt practices. Money laundering, acting as fronts for entities, trading in cash without audit trails, fraud, and financing of anti-national activities are some examples.
With KYC, your data is secure in a central database and the KYC process is applicable only once. After that, it is just picked up from the central database by linking your PAN card.

KYC helps banks and other financial institutions conduct online ID verification and track their customer transaction trails. This helps link all your capital market activity with your bank account. It also assists in tax returns and plugs any gaps in reporting. SEBI has enforced KYC compliance for sectors like mutual fund accounts, DEMAT accounts and trading accounts.

Key steps in the KYC documentation process for DEMAT account

The first step is the filling of the KYC form if you are a new investor and opening your DEMAT account for the first time. The application forms require demographic information. This can be name, residential address, office address, joint account holder details, account nomination, etc.
The next step of the investor onboarding process is to present your identity proof. PAN card is mandatory in this regard. You may also be asked to submit an additional government authorized proof. This can be a passport, driving license, voter ID, Aadhaar, etc.
The third step involves submitting proof of residential address. The document should include the current address in the exact format. You can provide utility bills with link documents. Other documents like bank statements, company letters, etc can also be linked.
Finally, you must submit a copy of your cancelled cheque. The account holder name must be clearly embossed on the cheque leaf. This is to verify your IFSC code and account details.

This entire process of investor onboarding can be time-consuming as well as heavily dependent on manpower. It also involves a significant amount of paperwork. With the digitization of the KYC process, the complete process has been simplified. Onboarding new DEMAT account holders can now take a matter of minutes.

Know Hows of KRA and K-IPV In KYC Collection

In-Person Verification (IPV) is part of the process of doing KRA-KYC registration of clients. KRA compliant clients are not required to undergo this process.

Importance Of IPV

Since 1 January 2011, KYC compliance has been made mandatory for all investors. This is irrespective of the amount invested and includes the following transactions:

a. New / Additional Purchases

b. Switching Transactions

c. First-time Registrations for SIP/ STP/ Flex STP/ FlexIndex/ DTP

d. Any SIP/STP/trigger-related products which were introduced after the enactment of the act

New Norms For Digital KYC — Latest SEBI Guidelines

In a recent move on April 24, 2020, the SEBI has issued the latest guidelines pertaining to the digitisation of the KYC process. Some of the highlights are mentioned below:

1. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies as part of KYC are the foundations of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (also known as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor.

2. The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary shall continue to ensure to obtain the express consent of the investor before undertaking online KYC.

6. The guidelines also allow RIs to undertake the VIPV(Video In-Person Verification) of an individual investor through their App. This is done to ease investor onboarding.

How Digital KYC Can Help Financial Institutions In The Securities Market

The latest SEBI guidelines have allowed ease of convenience to digitize the KYC process. This will be beneficial for financial institutions in the securities market. Previously banks, telecom, and other financial services providers used to deal with photocopies. The customer’s original ID proof was physically examined for conducting KYC verification. The conventional process of opening a DEMAT account can often become quite complex. It is also time-consuming and requires significant manpower.

The advantages to financial institutions in using eKYC are as follows:

Paperless verification
Cost-effective
Prevents fraud
Real-time identity verification
Transparent
Consent based to protect user privacy

E-KYC and VideoKYC — The New Age Digital KYC

At Signzy, we offer a unique e-KYC solution known as RealKYC. The solution offers KYC collection as well as background verification and checks.

Advantages of RealKYC

Secure System: A customer’s trading/DEMAT account information is secure. This is because the entire process is online. Identity theft, fraud, loan scams, money laundering, the flow of black money, etc. are all minimized with RealKYC.
Efficient Communication: The data can be effectively relayed in a precise and timely fashion. There is no need for constant back and forth. Most details are published automatically unlike manual KYC.
‘Free of Cost’ Process: RealKYC verification doesn’t charge any extra amount to the customer. A company or institution may need to pay automation costs of installing verification systems for the long-run.
Faster processing: The RealKYC service is completely automated online. This implies that KYC information can be transferred in real-time and does not require any manual intervention. The paper-based KYC process can be delayed for days and go up to weeks to get verified. Using the eKYC process reduces this to just a few minutes to verify and issue.

At Signzy, we have also introduced a new form of KYC verification called VideoKYC. This is a faster and more efficient form of KYC collection and verification. It conducts liveliness checks against the user. It also verifies the identification document against forgeries.

Advantages of using VideoKYC during investor onboarding

Signzy’s unique VideoKYC solution is compliant with RBI and SEBI guidelines. It has been the winner of several awards and accolades earlier this year. Here are some highlights of the product advantages:

Higher Application Accuracy
Plug and Play solution, swift Go-To-Market
Comprehensive Training Program
Competitive Advantage through customer delight
100% compliant with the latest RBI Mandate
Exponentially increase Scale of Operations
Reduced back office overheads (upto 70%)
Reduction in customer Drop-offs (upto 50%)
Platform Agnostic, support multiple communication channels

Conclusion

Over the last two decades, the securities market in India has witnessed structural reforms. This abolishes the century-old practices of trading and settlement. This has been possible due to the advent of technology that has created a nationwide network. It has enabled the market participants to interface from any corner in the country. With the new regulations and compliance norms, Digital KYC will soon become the standard for KYC collection in the market.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Ease Customer Onboarding with the New Offline KYC Rules

Posted on April 24, 2020 | by Signzian

RBI has unveiled the guidelines for ‘offline KYC’- a significant move towards reducing the woes for fintech companies and easing the customer onboarding process. These regulations have opened up new avenues for fintech companies to innovate their leverage of the Aadhaar database.

Fintech startups have been desperate for modifications to the KYC to make it easier to onboard customers remotely. In a statement from RBI, “Banks have been allowed to carry out online verification using Aadhaar identification of an individual who voluntarily uses their Aadhaar number for identification purposes.

For offline KYC, companies can capture customer details using a QR code or an XML-based process laid out by the Unique Identification Authority of India which manages Aadhaar- the biometric database of residents.

After this move, RBI has added ‘proof of possession of Aadhaar number’ to the list of OVDs (Officially Valid Documents).

Let’s explore in depth what this move means for the consumers and the financial institutions.

Why Use Aadhaar Offline Paperless e-KYC?

Through Aadhaar offline KYC, UIDAI provides a mechanism to verify the identity of an Aadhaar card holder through an online electronic service. This e-KYC method facilitates an authenticated instant verification of identity and substantially lowers the cost of paper-based manual KYC.

This method is usable by all agencies who have the following:

Reliable internet connectivity.
The right technical infrastructure to call online e-KYC service and deploy services at their end (as and when necessary).
A method to capture the biometrics of a resident.

UIDAI maintains each KYC request in a record to carry out audits.

The Merits of Aadhaar Paperless Offline e-KYC

Here are a few reasons why offline e-KYC is the right move toward a digital future:

Privacy of information

KYC data can be shared by the cardholders without the knowledge of UIDAI.
The Aadhaar number of the resident is not revealed. Only a reference ID is shared with the agency.
This offline verification method does not need any of the core biometrics, such as fingerprints or iris detection.
The Aadhaar cardholders get a choice of the data (within the demographics data and their photo) they want to share.

Security

When the Aadhar number holders download their Aadhaar KYC data, it is digitally signed by the UIDAI to detect fraud and tampering to authorize the use of that data.
Any agency can validate the data with their own OTP or face authentication methods.
The Aadhaar number holders provide a phrase which is then used to encrypt their KYC data- allowing consumers more control over their data.

Inclusion

Aadhaar paperless offline e-KYC is a voluntary, number holder driven method.
Any agency can use this method for identification and verification with the approval of cardholders allowing wide usage of the technology.

Any agency with the right infrastructure to support face identification using facial recognition, AI, and ML will be able to leverage this opportunity for its full potential to improve customer onboarding for remote customers.

How does Aadhaar Paperless e-KYC Work?

Aadhaar paperless e-KYC eliminates the need for cardholders to make a copy of their Aadhar letter. Instead, they can download the KYC XML and provide that to the agency wanting to do their identity verification.
The agency will have to go step-by-step with a detailed procedure to verify the KYC details given by a resident.
The KYC details are captured and shared in a machine-readable XML format which is digitally signed by UIDAI to verify its authenticity.
The agency can choose to verify the customer through their own facial verification software.

The following fields are included in the KYC data when customers download it:

Resident name
Reference number for download
Address
Photo
Gender
Dob
Mobile number in a hashed format
Email in a hashed format

Aadhaar offline KYC data is encrypted using a ‘Share Phrase’ given by the customer at the time of downloading data which they need to share with an agency for them to read and access that data.

Read on here to learn the simple steps of downloading and accessing Aadhaar e-KYC data.

Adoption of e-KYC

The incorporation of offline KYC is a welcome step for fintech companies. However, some digital payment companies think the process is a bit complex compared with the biometrics or OTP based KYC that has been the present norm for authentication and validation.

Thus, companies believe the method could be difficult to scale.the guidelines, however, show a way to encourage mass adoption of offline KYC, in three steps:

Paperless XML
eAadhaar PDF
Secure QR code scan

Now, the payments industry is waiting for the incorporation of e-KYC norms for non-banks, concerning an order by the Department of Revenue on May 9. As of the current regulations, RBI prohibits e-KYC for any non-DBT (Direct Benefit Transfer or subsidy-linked) accounts.

For carrying out the customer identification of non-DBT beneficiaries, the REs should obtain a certified copy of any OVD containing the details of his identity and address along with one recent photograph.

Following the Supreme Court judgement on Aadhaar in 2018 and in order to address privacy concerns and limit data sharing,The use of offline KYC can surely be an innovative solution for identity verification wherein verification can be done without sharing biometrics or even Aadhaar number.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Moni Gupta

COVID-19: Technology, Information & Information Technology

Posted on April 17, 2020 | by Signzian

For those of us away from the epicenter of the coronavirus pandemic, behavior change began from chemist runs to buy sanitizer. About 3 months in, with precautions and anxieties rising, we’re compulsively refreshing coronavirus dashboards, social distancing, and packing our pantries.

With a rising death toll, analogies to dystopian apocalyptic times are surfacing. But, so are stories of our heroic front-line workers, global solidarity, quarantine creativity, and technological innovation. The first part of this blog is to understand technology as the boon, bane, and balm of these times. The second part is to delve deeper into the role of social media in this “infodemic”, and the third is to briefly assess the IT sector’s response to the crisis.

Technology: Boon/Bane/Balm?

Computer modeling of the coronavirus’s spread based on airplane flights and travel data is helping epidemiologists (someone who studies the incidence, distribution, and possible control of diseases) predict where the illness will move next and how. Professionals performing infectious disease modeling across the globe are trying to ascertain how the disease will unfold so that governments may take apt precautionary measures and maintain accurate numbers. A model is however, as good as the data fed into it. Even with uncertain numbers, modelers are trying to work on critical issues like how many people are infected but symptom-less, increasing undetected numbers.

Other technological measures deployed in the time of corona are assessed country wise:

China

China is fighting against this public health crisis with its tech giants at the fore. There is news of new hospitals in Wuhan only staffed with robots. While many of these tech implementations are setting new healthcare practices, experts are deeming some as performative gimmicks and excuses for future mass surveillance by the authoritarian, press-controlling Chinese government.

1. Color Coded QR

Near the epicenter of the outbreak, entering public transport, one’s apartment or office, requires scanning a QR code which color codes the risk factor a citizen poses as red, yellow or green. This can be accompanied by writing down one’s name, ID number, temperature and recent travel history. This quarantine determination project is called the Alipay Health Code. It is an app developed for the local government of Hangzhou with the help of Alibaba’s sister company Ant Financial. It’s set to have nationwide implementation.

Neither Chinese officials nor Alipay have explained in detail how people are classified by the system. It is speculated that the compulsory app uses Big Data to identify potential carriers of the virus. The data can include stats sourced from transport agencies, health centers, and state-owned firms.

2. Drones, Robots and Autonomous Vehicles

In cities under lockdown, drones are being used to transport medical supplies and patient samples. They can also be used to spray disinfectant across large areas. According to authorities the aerial tech is also an effective way to scan large crowds to spot if someone needs medical attention and warn those not wearing masks of repercussions.

Robots are doubling up as cooks, cleaners, and delivery to eliminate human contact as much as possible. An important function for robots at the front-lines is thermal imaging and basic diagnostic functions.

China has nurtured various self-driving, autonomous vehicle platforms such as Baidu’s Apollo. They are proving to be an effective system to cut out human contact and ensure efficient delivery of essential supplies.

3. Big Data, Facial Recognition and AI

Taking a closer look, the color code app and surveillance drones use Big Data and streamlined facial recognition technology at their core. China has a history of using such data and AI to keep tabs on its citizens. In this time of crises, the role has simply been streamlined to enforce quarantines.

As an after-effect of the attempts to curb the spread of COVID-19, another ailment is spreading in China; mass surveillance. The country could easily use the health crisis as a justification to expand its already vast surveillance system.

With the race to find a vaccine for the coronavirus underway, tech giants like Alibaba and DIDI are contributing their computing power to help hospitals perform diagnoses and possibly find a cure.

USA

The U.S. government and public health experts are considering taking the help of private companies to aggregate anonymous smartphone location data to combat the virus. Talks are underway with Google and Facebook to track the infection. It could be a powerful tool to pinpoint the next hotspot or allocate health resources.

South Korea

When COVID-19 reached South Korea, anxiety was coupled with a bout of coding. Multiple apps have come into existence which help track the spread by sourcing data from publicly available government information. A person using the “Corona 100m” app can determine their proximity to the coronavirus patient. The government is also distributing smartphone alerts about the movements of people who have tested positive.

Singapore

Singapore has adopted a different method to tackle the pandemic. Thousands of people have imposed self-quarantine since the initial days of the outbreak. People required to isolate themselves are called multiple times a day and asked to click an online link to share their phone’s location. With officials successfully tracking infected individuals, this method proved to be effective. The Singapore police force is using CCTV footage to trace contacts and draw up lists of people who could be possibly exposed through interviews.

Iran

Iran’s official COVID-19 detection app “AC19” was removed by Google from the Play Store. Several users had accused the Iranian government of using the coronavirus as a means to scare citizens and tricking them into installing the app which was then used to collect phone numbers and real-time geo-location data. The most probable reason the app was taken off the Play Store was its misleading claims. It asserted that it could determine whether an individual had contracted COVID-19 or not. The app could not perform a diagnosis in any sense.

Israel

Israel is set to use its ‘anti-terror’ technology to counter the virus. Cyber monitoring would be deployed to track individuals who tested positive in real-time through their mobile phones to catch breaches in quarantine.

During a pandemic, there are two things we have to be vary of; the disease itself and the misinformation it creates. When every 2nd notification is an update or speculation about the virus, it becomes difficult to step away, and yet be aware. The sheer mass of posts has a tendency to fuel fear and racism, yet also hope.

On the one hand there is the problem of rumors and fake news, but on the other there is a paucity of information and the issue of censorship by authoritarian governments. Both construct dangerous false narratives. Stringent responses are being taken for each situation, but for very different intents:

To curb misinformation
To control what information goes out in the world

The World Health Organization (WHO) in a situation report dated 2nd February 2020, coined the mass of information as an infodemic.

“The 2019-nCoV outbreak and response has been accompanied by a massive ‘infodemic’ — an overabundance of information — some accurate and some not — that makes it hard for people to find trustworthy sources and reliable guidance when they need it.”

To curb this peril, Google has scrubbed its searches in an attempt to remove misinformation. A simple Google search now triggers an SOS Alert with links from reputed news organizations. It also brings up a “Help and Information” section with resources from local governments and the WHO. Google also blocked thousands of ads capitalizing on the virus. Similarly, Facebook banned listings of medical face masks on its marketplace due to the exorbitant prices they were being sold at. YouTube also removed a host of hoax videos and cure claims from their site. Ads have been removed from videos by verified accounts that are meant to inform and educate citizens.

On Chinese social media, information on COVID-19 is being tightly controlled. Censorship of coronavirus related content started from early stages of the outbreak and continued to expand. It blocked a wide range of speech depending on the platform. From personal accounts, warnings, criticism of the government and even officially sanctioned facts and information.

YY, a live-streaming platform in China blocked keywords related to the outbreak.
WeChat, broadly censored coronavirus-related content which could be critical or neutral. This included references to the late Dr. Li Wenliang who gave the first warning of the outbreak. Any comments on the Chinese government’s efforts on handling the outbreak, even facts, were censored.

However, with the barrage of information shared by Chinese social media users, the government was pressured to put out more accurate numbers and official warnings. Some of the personal accounts by doctors and medical professionals that did get through the censors, gave journalists worldwide an idea of ground realities to monitor its progression.

Tech Disruptors adapting to a Disrupted Life

Established models are being evaluated. Empty shelves in stores implies that the supply chain is being tested. Situation-based preference shopping is observed. Panic influenced buying patterns point to extreme mathematical models which AI and the IT sector are trying to solve. With millions of people working from home, the strength of online platforms is being tested, productivity channels are being rewritten, and techniques reworked. Some tech companies are playing their role in easing us into this interim lifestyle:

Microsoft rolled out updates on Teams to make it available to companies for free for six months in an effort to help remote productivity during the outbreak. It is also licensing Office 365 E1 free for six months.
Zoho Corporation allowing its WFH tool ‘Remotely’ to be used for free till July
Cisco ‘s remote working tool ‘Webex’ can now be used for 90 days under its free license
Google is set to roll out Advanced Hangouts Meet Conferencing to all G Suite customers for free
Edtech platform BYJU’S is letting students from grades 1–12 download and access the programs on their Learning App free of cost till the end of April.
Online tutoring platform, Vedantu, has made its learning platform free for all students, teachers, and schools.

Here’s hoping dystopia remains just a popular Netflix genre and we emerge from this crisis with a lifetime of lessons. Don’t forget to wash your hands.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Impact of RBI’s NSFI report on Different Indian Business Sectors

Posted on March 20, 2020 | by Signzian

Need For Financial Inclusion

The Reserve Bank of India (RBI) has intricately planned out an ambitious strategy for financial inclusion till 2024. The National Strategy for Financial Inclusion report aims to fortify the ecosystem for various modes of digital financial services in order to create the necessary infrastructure to move towards a less-cash society by March 2022. While charting out the report for the period 2019–2024, RBI said, “Financial inclusion is increasingly being recognized as a key driver of economic growth and poverty alleviation the world over.”

Similar to the conventional banks, other institutions like payments banks, small finance banks, co-operative banks and other entities such as fertilizer shops, fair price shops, should encourage the use of digital transactions to uphold efficiency and transparency. The NSFI report outlines the need for increasing the reach of banking outlets of scheduled commercial banks, payment banks, etc to provide banking access to every village within a 5 km radius and at least 500 households in hilly areas by March 2020.

The increased global recognition and United Nations Sustainable Development Goals (SDGs) empower financial inclusion as a pivot for achieving sustainable development across the globe, countries are developing strategic policies to increase access and usage of formal financial services.

One of the key objectives of the World Bank is to achieve Universal Financial Access by 2020 (UFA 2020). The intent behind this is to provide adults who currently aren’t part of the formal financial system, with access to a transaction account to store money, send and receive payments to manage their financial lives. (Universal Financial Access 2020, 2018)

To achieve this ambitious goal, the World Bank Group has committed to enable one billion people to gain access to a transaction account through targeted interventions.It also works with countries to fortify the following primary building blocks:

public and private sector commitment
initiation of legal and regulatory framework
strengthening financial infrastructure
interaction with regulatory bodies on a global scale to provide guidelines that will enable access to transaction accounts.

Objectives of Financial Inclusion:

To provide awareness and enlighten customers on financial services, procuring various types of products and their highlights.
An objective has been defined where every eligible & consenting adult enrolled under the Prime Minister Jan Dhan Yojana, will be provided with an insurance scheme and a pension scheme by March 2020.
Change attitudes to translate knowledge into behavior.
Help consumers get a clear understanding of their rights and responsibilities as consumers of financial services.
Enhance the reach of banking outlets to provide banking access to every village within a 5-km radius or a hamlet of 500 households in hilly areas by March 2020.
By March 2024, every adult should have access to a financial service provider through a mobile device.

Application of Financial Inclusion Across Various Business Sectors

The RBI has drafted the NSFI 2019–24 under the supervision of the Financial Inclusion Advisory Committee (FIAC). The report has been created on the basis of inputs and suggestions from the Government of India as well as other Financial Sector Regulators. The report has also been approved by the Financial Stability Development Council (FSDC).

The NSFI 2019–24 outlines the vision and primary objectives for financial inclusion policies in India to help expand and sustain the process on a national scale. This can be done through a broad convergence of action which includes all the major constituents of the financial sector. As such, certain focus areas have been identified across various business sectors which we will discuss below.

Micro, Small and Medium Enterprises (MSMEs):

MSMEs are the primary catalysts that drive the growth of the Indian economy. They contribute nearly 31% to India’s GDP, 45% to exports and provide employment opportunities to more than 11.1 crore skilled and semi-skilled people.
An estimated presence of 6.33 crore MSMEs can be located in the country. Several initiatives have been undertaken to enable credit off take in this industrial sector.
A special capacity building programme named ‘National Mission for Capacity Building of Bankers for financing MSME Sector’ (NAMCABS) has been devised to familiarise bankers with the entire gamut of credit related issues of the MSME sector.
Web portals like the ‘Udyami Mitra’ and ‘psb loan in 59minutes’ have also been launched to provide easy access to credit. Trade Receivables Discounting System (TReDS) platforms have been set up to address the problem of delayed payments to MSMEs. In April 2015, the Pradhan Mantri Mudra Yojana (PMMY), an initiative to finance small business enterprises, was introduced. This was to ensure lending institutions would finance micro entrepreneurs up to ₹10 lakh. The interest subvention initiative has been launched for MSMEs to alleviate the cost of borrowings..

Agriculture:

In India, agriculture serves as the source of around 15 percent of GDP, 11 percent of exports and livelihood for about half of the Indian population. The importance of the sector from a macroeconomic perspective is also reflected in the form of bank credit to finance agricultural and allied activities relative to other sectors of the economy.
Banks have been mandated specific targets under priority sector schemes to give a thrust to agriculture financing from the formal sector, Currently the target for agriculture lending under priority sector for all domestic scheduled commercial banks and foreign banks having more than 20 branches is 18% of Adjusted Net Bank Credit (ANBC) or Credit Equivalent Amount of Off-Balance Sheet Exposure (CEAOBE), whichever is higher.
Within the 18 per cent target for agriculture, a sub-target of 8 percent of ANBC or Credit Equivalent Amount of Off-Balance Sheet Exposure, whichever is higher is prescribed for Small and Marginal Farmers. The banks have been advised to extend collateral free loans to small and marginal farmers upto ₹1.6 lakh. To provide adequate and timely credit support from the banking system under a single window to the farmers for their cultivation & other needs, an innovative product called the Kisan Credit Card Scheme (KCC) was launched in August 1998 as a flexible source of cash credit for easy access and delivery.

Banking:

RBI has adopted a bank oriented system to strengthen financial inclusion. The banks were mandated to open branches nationwide especially in under-banked pockets which led to a considerable increase in bank branches and later Automated Teller Machines (ATMs) in the 1990s to early 2000.
The banks were instructed to draw up a road map for having banking outlets in villages with population more than 2000 (in 2009) and less than 2000 (in 2012). Consequently, the banks were advised to open brick and mortar branches in villages with populations of more than 5000. The banks were also advised to prepare Financial Inclusion Plans for a period of three years comprising key parameters viz., modes of delivery of financial services, access to Basic Savings Bank Deposit Accounts (BSBDAs) as well as transactions via the BC Channel.
To fortify financial inclusion, RBI has relaxed the branch authorization guidelines in 2017 wherein fixed-point Business Correspondent(BC) outlets serving for more than 4 hours a day and five days a week are treated in a similar fashion to branches with physical infrastructure. An exclusive fund viz., Financial Inclusion Fund (FIF) has been created to support adoption of technology and capacity building with an initial corpus of ₹2000 crore.
As a measure to improve financial inclusion, RBI has issued differentiated banking license viz., Small Finance Banks (SFBs) and Payments Banks in 2015. The objective of setting up of SFBs was to further financial inclusion by provision of a savings vehicle and supply of credit to small business units, small and marginal farmers, micro and small industries as well as other unorganized sector constituents. This can be done with high technology-low cost operations. Payments Banks have been set up to provide small savings accounts and payments/remittance services to migrant labor workforce, low income households, small businesses and other unorganized sector entities / other users.
In order to strengthen the business correspondents(BC) model of delivery and help prospective users to identify BCs having good service track record, the BC Registry has been launched under the aegis of Indian Banks’ Association (IBA). For capacity building and to ensure certain minimum standards of service rendered by the BCs, a BC Certification course through Indian Institute of Banking and Finance (IIBF) has also been introduced.

Insurance:

The key initiatives undertaken in the insurance sector include increasing awareness among citizens on the benefits and appropriateness of insurance and enabling greater availability of insurance products (including micro-insurance). This can be done by increasing the number of delivery channels which consist of corporate agents as well as Common Service Centers.
Further, with the use of technology, Web Aggregators and Insurance Repositories have been erected to provide ease of access and storage of insurance policy details to enable issuance of insurance policies in an electronic form.
Towards the interests of policyholders and also in building their confidence in the system, the institution of Insurance Ombudsman has been created. The objective is to quickly dispose of grievances of the insured customers and also mitigate their problems involved in redressal of their grievances. To protect the interests of policyholders and customers catered to by the insurance companies / intermediaries under the Health insurance segment, separate guidelines have been issued.

Pension:

To monitor and control the National Pension System (NPS) and other pension schemes which are not subject to any other enactment, the Pension Fund Regulatory and Development Authority (PFRDA) was set up under the PFRDA Act, 2013. Some of the key initiatives undertaken in the pension sector include expansion of NPS via increased channels of distribution, developing efficiency of the officials of its intermediaries and increasing the awareness on old age income security and retirement planning. The regulatory authority has also leveraged technology in an effort to drive efficiencies & improve ease of access to NPS for the subscribers and service providers.

Future Scope of Fintechs in NSFI

The policies on financial inclusion would be incomplete if digital financial inclusion and the role of fintechs is not meaningfully integrated. While the Jan Dhan-Aadhaar — Mobile trinity has been a benefactor to Indian economy over the last few years, adequate measures are needed to strengthen the ecosystem for digital financial services, including increased awareness on usage of digital modes of transactions, increased access points/ acceptance infrastructure and a safe environment incorporating the principles of consent and privacy.

Based on the report, it is expected that over the next few years, the fintech space may evolve from its present structure, calling for adequate understanding among regulators, financial service providers and most importantly the customers availing financial services through the digital mode. It is important to primarily address the newly-included digital customers through sufficient awareness and literacy.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Is your online identity on the line?

Posted on March 7, 2020 | by Signzian

Among the questions that can potentially induce an existential crisis is, “Who are you?”. Among the phrases that can answer this question are, “You are who you are”, “You are what you do”, “You are what you eat”, and the optimistic “You are what you want to be”. This blog isn’t a metaphysical exploration of who we all are. But, as residents of the Internet Age, it is an attempt to figure out what constitutes our online identities, how they’re threatened, verified, and protected.

The sum of an individual’s characteristics and interactions on the internet can be said to be their online identity. Every minuscule piece of information about a person on the internet adds to this virtual identity. Since our interaction with different online sites would be different, each site has its own understanding of who a person is.

Amazon knows what products you like to buy. Zomato knows all about your midnight cravings. Google has seen the panicky medical searches made at the slightest hint of a cough. Uber probably knows where you live. Facebook knows your friends just as much as it knows you. Netflix knows what you binge after work, and Spotify knows your workout jam.

This may not give a clear picture of the individual to these platforms, but defines a way to identify them. All of these are an individual’s partial identities, the aggregate of which make up who we are online.

Our online identities are related to a number of facets in the virtual world. The prominent ones are discussed ahead:

Profiles, Cookies, and Footprints

Site Profiles:
For many of the apps and sites we sign up on, we construct profiles. When it is not required to feed some data for the creation of a profile, unbeknownst to us, the site creates a profile for us. This is to distinguish an individual, maintain a record for them, and secure their information. An attribute called an “identifier” is needed to create this automatic profile. The identifier is a way of referring to a set of characteristics. It can be something like a number given by the site, your email ID or a username.

Browser Cookies:
A cookie can be understood as a piece of information sent by a web server for the browser to store. The browser returns the cookie to the server the next time the page is opened. Cookies usually contain at least two pieces of data:

• a unique user identifier
• some information about that user

It’s cookies that preserve the state of a user’s interaction on a site across browser sessions and page reloads. They help in the optimum functioning of the website, and although seemingly innocuous and invisible, cookies can store various data points. If you allow your browser to accept cookies, you are being tracked. For example, sites using embedded Google tools such as the search bar, trace your activity via cookies whose data Google will have access to.

Cookies fall under the purview of data protection regulations such as the GDPR, which is a testament to the personal nature of the data they contain. Explicit consent is now required from the user to allow the cookies to attach themselves to an individual’s browser.

Digital Footprints:
We are constantly leaving behind a digital footprint on the internet. This refers to the traces of data we leave behind on the internet, the primary constituents of which are website cookies and social media activity. This footprint is what is commonly commercialized. Third parties such as advertisers pay for this data, and digital footprints are thus monetized with companies having access to our data. This may lead to:

Data deduced from footprints used for big data analytics
Loss of privacy and anonymity
Information shared with advertisers without our explicit knowledge for targeted advertising
Malicious activity such as identity theft

Identity Providers

In the technical sense, identity provision can be distilled into three forms:

a) Traditional or retrospective identities: Individuals receive a credential from a third party after a trusted enrollment process. It can then be used to authenticate oneself.

b) Low trust or self-asserted identities: The third party merely issues an identifier to the individual which it can confirm when asked.

c) Behavioral identities: When enough data about an individual is collected by the service providers to decipher that the same person is visiting multiple times.

Google or Facebook have the capacity to act as a trusted identity provider (IdP) by authenticating an individual on behalf of some other online entity that is being signed in to. These are called social IdPs and are accepted across platforms for their convenience, bypassing re-authentication processes. With this possibility, the digital world is shifting from siloed credentials to those that are accepted across platforms. For example, your employee ID cannot be used to identify you at an airport, but your Google account can be used to make a booking through MakeMyTrip.

While this type of identity aggregation makes the onboarding process efficient for individuals, it is also beneficial for advertisers. As opposed to using subsets of data from different platforms, referring to an IdP allows them to:

Personalize experience
Provide recommendations
Preserve customer histories
Prepare and proliferate hyper targeted ads

However, this gives rise to the problem of panopticism. It is a concept by French philosopher Michel Foucault used to explain a kind of internal surveillance. In this case, the IdP will be able to keep track of each place an individual is authenticating, without them being overtly aware of the data being subliminally collected.

It is evident that social logins are shaping the future of our digital identities. The European Commission has even proposed the idea of using national ID cards to access online services, such as Facebook, Uber and Twitter. A Facebook profile could thus be lobbied as a border-less digital identity. On the flip side, KYC for social media users has been proposed in India as a way to combat trolling online.

The proliferation of aggregated identities reveals the difficulty and need to remain anonymous in the 21st century. This has paved the way for the existence of alternatives like:

Sign in with Apple, which can authenticate a user using Face ID on their iPhone without turning over any of their personal data to a third-party company.
Anonymous social apps such as Whisper which functions as any other social media site, except for they are supposed to be completely anonymous. Users are issued a random nickname upon joining which cannot be searched.

Threats to Online Identity

With our use of the internet entwined with our online identity, the aim isn’t to be anonymous anymore, but to control the degree to which subsets of our data are revealed to public and private entities. While it is difficult to be in full control, it is important to be familiar with the existing threats to our online identity.

Data breaches

A data breach is when confidential information is accessed by an entity not having the authorization to do so. It is common for breaches to go undetected, or companies to not reveal to customers that there has been a breach. “HaveIBeenPwned” is a website that lets netizens check if their personal data has been leaked in data breaches. It reveals the company, year, and constituents of the data breaches where one’s data was compromised from an online account. You can then take remedial measures to safeguard your data and be vary of unsafe logins.

Hackers

Hackers use a multitude of ways to reel in victims of identity theft. Two of the most common ones are phishing and keylogging.

Phishing is the process of deceiving an individual into sharing sensitive information. It involves attaching links or malicious software codes/bits to a non-suspicious medium like e-mail or a Facebook attachment (pictures/audio clips etc). Clicking on the link/attachment will redirect you to an imitation of a trusted website where you would need to provide your credentials. For example, when being phished a careful observation of the URL space in your browser will show that you are not truly on facebook.com, but instead a sly imitation like fac3book.com. An individual’s login credentials, passwords, bank details etc, can then be sold on the blackmarket, used to steal identities or commit bank fraud.
Keylogging is the retrieval of information through the act of covertly recording keystrokes of a device user. An attacker can use keylogging to intercept sensitive information such as passwords and credit card numbers. A preventive measure is using a virtual keyboard when logging in or carrying out transactions online.

ISP Tracking

Internet Service Providers store the logs of IP addresses and session timings for billing and legal purposes. However, it can be used for questionable purposes as well:

Data retention, whistleblower Edward Snowden revealed the National Security Agency requested information from ISPs in the US for surveillance purposes
Data monetization, selling of personal data (this is legal in some countries)
Bandwidth throttling, in areas where net neutrality is threatened
Monitoring, for torrents and illegal file shares, copyright infringements

Surveillance

While citizens have a right to privacy in India, constitutional provisions are not yet in effect to question government surveillance of personal data. Excesses of government surveillance, and exceptions in personal data protection laws can lead to aspects of one’s online identity being used against them. It is imperative to hold our governments accountable to privacy demands. The epitome of surveillance is China’s social credit system which tracks individual, corporate, and government behavior across the country in real time to build a database on its citizens.

Verifying Online Identity

While the privacy of our identity is a concern, on the flip side banks and fintechs are concerned with verifying this identity. With a multitude of transactions happening online, verification of our digital identities is imperative.

A digital identity comprises of two forms of information:

Digital attributes: Email address, date of birth, government issued ID, biometrics, login credentials etc.
Digital activities: Likes and comments of social sites, purchase history, photos on Instagram etc.

For the most part, the verification of an identity is done by authenticating digital attributes.

The classic method to gain an acceptable level of assurance that the identity of an online customer matches their real-world identity is a three part paradigm which includes verifying:

Something the individual knows (eg. password/ security question)
Something the customer has (eg. identity card)
Something the customer is (eg. biometrics, such as a fingerprint)

Banks may require more information for security reasons. One way is to observe and an individual’s behavioral data such as login habits. When there is an anomaly, the bank can then alert the customer and verify activity to prevent fraud.Digital identity verification service can encompass social media identity as a layer of verification. For example, BlaBlaCar and Ola request sharing of social media profiles as an additional layer for a quicker KYC process.

More than seventy financial institutions including 7 major banks in India trust Signzy’s RealKYC and VideoKYC solutions to make the entire process simple, secure, and compliant.

Protecting Online Identity

While it seems as if the virtual walls of the internet have eyes and ears, it is not difficult to protect your data. Although it appears as if the government and private companies alike are after your personal data and online identity, with data protection regulations in effect, no one can access your data without your knowledge and in some places, your consent. (To read more on the regulations in place in the EU and India, you can take a look at our article comparing the GDPR and PDP Bill)

Here are a few ideas on how to safeguard your private information:

Inspect privacy policies before granting permissions
Change passwords often
Avoid unprotected or public Wi-Fi networks
Have a primary and secondary email. When logging in to a new site you do not trust, use a secondary email which is not linked to any other accounts with personal information
Use a Virtual Private Network (VPN) to access the internet. This masks your IP and ensures your trail is encrypted, dissuading any malware to follow into your device.
Try not to save passwords on your browser. This can protect you from malicious cookies that may get access to the rest of your saved passwords.

Whether you know who exactly you are or not, you’re now adept to protect who you are in the digital world.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

Data privacy: the debacle & the debate (GDPR vs PDP)

Posted on February 19, 2020 | by Signzian

In an increasingly data driven digital economy, Big Tech companies have an eye, ear, and finger on the pulse of billions.

Depending on how deep you’ve let Amazon, Facebook, and Google sync into your life (pun intended), the data these companies have access to has reached an increasing level of detail. The digital era has molded us into great liars when it comes to signing up to online sites. While complaining about how ridiculous it seems to identify traffic lights to prove we’re not robots, we mechanically lie about reading all the Terms and Conditions. By agreeing to the T&C we may have inadvertently let the company use and sell our data for reasons we weren’t aware of.

Contextualizing the need for personal data protection

In the past few years, the headlines have been replete with worrying instances from the digital world. From large scale data breaches to controversial targeted political ad policies and inconclusive investigative hearings on privacy. The Facebook–Cambridge Analytica data scandal of 2018 exposed how unethically sourced personal data could be used for thought manipulation. Data of about 87 million Facebook users was inappropriately harvested by the political consulting firm, Cambridge Analytica, and was used for electoral advertising.

The mammoth scale and global repercussions of this scandal altered the history of the privacy debate. It revealed the imperative need to have wide-scale legal mechanisms. A system needed to be enforced to regulate what data will be collected, what it will be used for, and how permission should be sought from its owners. Organizations would have to be held accountable to such provisions through a transparent legal process. These regulations were to be designed to protect the privacy and personal data of netizens and perhaps rein in the power and influence of giant tech companies.

Introducing EU’s GDPR and India’s PDP

The European Union set precedence with the European General Data Protection Regulation (GDPR). The GDPR was adopted in 2016 and enforced on 25 May 2018. It is not a mere directive, but a regulation. This implies that it is directly binding and applicable although it does allow for some flexibility to individual member nations to adjust the provisions. The GDPR is also not an Act, which means that its members have passed their own legislations based on the regulation.

In India, a regulation governing data privacy and data protection is set to be passed this year. The need stemmed from the 2017 Supreme Court judgement on the Right to Privacy. (Read our article on how the judgment impacted the digital world and the financial sector here.) A draft data protection bill was then composed by a committee headed by Justice B. N. Srikrishna. After about 2 years of contentious debate on the bill, during which it was floated for public feedback from stakeholders, it was tabled in the Indian Parliament on 11 December 2019. Currently, a joint parliamentary committee is scrutinizing the revised draft of the bill, codified as the Personal Data Protection Bill (PDP Bill). Post this, it will be debated in the Indian Parliament and finally passed.

It is yet to be determined whether the Indian PDP Bill is closer to the EU’s progressive GDPR or to China’s policy of control. Either way, it has managed to irk both Big Tech companies and privacy advocates alike. Companies with data banks aren’t happy with the cost and hassle of compliance. They deem the bill as isolationist due to its restrictive certification requirements to operate in India. Privacy advocates highlight how the exceptions in the bill can lead to State excesses of control over our data. They warn of government mission creep. Mission creep is the gradual expansion of an intervention, here, it implies the dangerous possibility of the State having access to all our data in the absence of a Privacy Law.

This blog is an exploration of how the GDPR and PDP Bill are similar, yet different in various ways.

Coming to terms with the terminology

Before delving into specifics, it’s important to be acquainted with the terminology used in the legal mechanisms for data privacy. The two regulations also use different terms for the same entity:

Data processor: Any person or legal entity including the State who processes the data. This may consist of the data controller or data fiduciary itself or a third party.
Interestingly, the PDP Bill’s definition of personal data differs from the international definition in the GDPR.

Thematic classification of differences

The underlying principles and intent of the PDP Bill resemble the provisions enshrined in the GDPR. Aspects such as the need to have a clear purpose of processing personal data, consent requirements, personal rights, and the appointment of Data Protection Officers in organizations are closely adapted from the GDPR.

However, there are a range of differences between these two instruments of privacy. Here, the language and enforcement provisions aren’t compared, but the stance both mechanisms take on different issues.

These have been classified into the following themes:

1. Classification of data

Critical data has not yet been defined by the Indian government. Although the category resembles the list of “special categories” in the GDPR, the EU’s regulation has defined what the category entails while in India the government has the power to declare any data as critical data. The GDPR does not have separate localization rules for this type of data, unlike India. This is explained ahead.

2. Data localization and cross border data flows

Data localisation requires the collection, processing, or storage of certain types of data within the borders of the nation where the data was generated, before being internationally transferred.

GDPR stance

The aim of data protection frameworks is to protect the data while safeguarding its free flow. The GDPR has no hard data localization conditions. It allows for cross-border transfer of all types of data if the country of data transfer has an adequate framework of data protection.

PDP Bill stance

On the other hand, the Indian regulation’s requirements seem to restrict data’s free flow.

Sensitive personal data: This category of data when collected, shared or disclosed to the data fiduciary in India has to be stored only within the borders of the State. It may be transferred beyond the territory of India for processing, subject to explicit consent and conditions.
Critical personal data: Strict data localization norms exist for this category of data. It can only be processed within the borders of India. The problem arises since this type of data has not even been defined yet.

Due to firm opposition, the 2018 draft was amended to dilute data localisation requirements (such as storing a mirror copy of all personal data in India). Yet, the GDPR’s approach to handling data is considered more pragmatic since it ensures data gets similar protection once it moves out of the jurisdiction of the regulation.

3. Right to restrict processing

The GDPR grants the data subject the right to limit the processing of their data. This means that the processing of personal data can be stalled at an intermittent stage. This can be requested on the grounds of unlawful processing, data inaccuracy etc. The PDP Bill doesn’t enshrine any such right to the data subject.

4. Right to not be subjected to automated decisions

The GDPR grants the right to not be subjected to automated decision-making, such as profiling. Profiling is the automated processing of personal data to assess certain things about an individual. This right gives the data subject the recourse of obtaining human intervention. This is when such data is solely automatically processed to make an important decision, has legal consequences or significantly affects the individual.

For example, automated processing can be used to profile potential behaviour of an individual in a faster way. It is possible that the individual will not behave in the manner the results project. In that case, if such profiling affects the legal rights of the individual, the person can legally request human intervention.

The PDP Bill does not ascertain this right. While it encourages individuals to seek remedy through courts in case of such discrimination, it does not empower an individual to decide how their data should be processed.

5. Storage limitation

The GDPR lays down specific exceptions for increasing the storage period of collected data. These exceptions include public interest, historical, scientific, and statistical reasons.

On the other hand, the PDP Bill mandates the explicit consent of the data principal to store data for a longer duration of time than is needed to satisfy the purpose for which it is collected. The GDPR does not necessitate this consent.

What does this mean for your organization?

The most contentious question is whether GDPR compliance implies PDP compliance. It is briefly addressed in this section to understand how these bills affect an organization’s compliance needs.

Areas such as the anonymization standards differ between the PDP Bill and the GDPR.
With no parallel of ‘critical personal data’ in the GDPR, companies will have to be careful with their processing of this classification for India.
Unlike the GDPR, the PDP Bill also mandates the explicit consent of the data principal to store data for a longer duration of time.

Such differences and more, warrant that companies pay close attention to the compliance needs of the PDP Bill, even if they meet the requirements of the GDPR.

Other interesting follow-up questions will be explored in our next blog in the PDP Bill series.

About Signzy

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

« Previous 1 … 20 21 22 23 24 25 Next »

Why Digital KYC? The Need For Digitization Of KYC In Mutual Funds

The Road To Digitization Of KYC

KRA and K-IPV In KYC Collection

EKYC — The Miracle Turned Myth

The SEBI Way Of Digital KYC

Digital KYC For The New Era

Conclusion

About Signzy

Written By:

Will complying with India’s PDP Bill mean violating the GDPR?

Does the Indian Personal Data Protection Bill threaten global cybersecurity?

What exceptions are given to the government and what does this mean?

Are there any provisions for companies working on innovative data driven tech?

About Signzy

Ankit Ratan, CEO-Signzy

Reach: A Risk Barometer Approach

Requirements: The Precursor to Compliance

Reservations: Missing the Mark

About Signzy

Written By:

Privacy plague

Digital Trust for Banks and Financial Institutions

Certainty of security in a time of uncertainty

About Signzy

Written By:

KYC in Securities Industry — Rules & Regulations

FINRA 2090

FINRA 2111

KYC For Trading/DEMAT Accounts

Key steps in the KYC documentation process for DEMAT account

Know Hows of KRA and K-IPV In KYC Collection

Importance Of IPV

New Norms For Digital KYC — Latest SEBI Guidelines

How Digital KYC Can Help Financial Institutions In The Securities Market

E-KYC and VideoKYC — The New Age Digital KYC

Advantages of RealKYC

Advantages of using VideoKYC during investor onboarding

Conclusion

About Signzy

Written By:

Why Use Aadhaar Offline Paperless e-KYC?

The Merits of Aadhaar Paperless Offline e-KYC

How does Aadhaar Paperless e-KYC Work?

Adoption of e-KYC

About Signzy

Moni Gupta

Technology: Boon/Bane/Balm?

China

USA

South Korea

Singapore

Iran

Israel

Social Media in a Time of Social Distancing

Tech Disruptors adapting to a Disrupted Life

About Signzy

Written By:

About Signzy

Profiles, Cookies, and Footprints

Identity Providers

Threats to Online Identity

Verifying Online Identity

Protecting Online Identity

About Signzy

Written By:

About Signzy

Written By:

Connect with us