Welcome to our meticulously curated KYC/KYB category, a comprehensive repository dedicated entirely to the multifaceted dimensions of Know Your Customer (KYC) and Know Your Business (KYB). As we stride deeper into the digital era, the procedures around KYC/KYB have emerged as a fundamental pillar, ensuring secure and compliant operations within the financial landscape.
The articles housed in this category plunge into the complexities of KYC/KYB, discussing its inherent challenges, potential solutions, and its indispensable role in the realm of identity verification. Our articles traverse a wide array of topics, ranging from the application of artificial intelligence in customer due diligence processes to the impact of regulatory shifts on KYC methodologies. These writings cover a broad spectrum of subjects, offering relevance to businesses and professionals operating within the financial industry.
As a leading industry player in the domain of digital identity verification, Signzy stands at the helm of innovation in KYC/KYB. Our cutting-edge solutions are engineered to simplify KYC, making these procedures faster, more efficient, and notably secure.
Regardless of whether you’re a compliance officer diligently maintaining regulatory standards, a fintech entrepreneur navigating the challenging waters of the financial industry, or simply an individual interested in gaining a deeper understanding of the evolving world of KYC/KYB, our category offers a treasure trove of information and insights.
We invite you to join us on this journey of exploration as we dive into the future of KYC in the rapidly evolving digital age. Our articles aim to enlighten, inform, and provide a well-rounded perspective on the significant role that KYC processes play in today’s digital financial landscape. Welcome to a world where knowledge becomes power, and compliance becomes simplified.
Till the COVID-19 pandemic tapers down, work from home and remote functioning have become our current “normal”. We’re in a time where digital transformation has been forced upon companies to remain afloat and surf the wave of changes this situation calls for.
Work processes are adopting new workflows and technology to ensure this period is productive and not stagnant. Staying connected is at the top of the list of work from home priorities. All interaction and meetings have now taken to calls and video conferencing. Third party video conferencing tools were aggressively downloaded by millions in this span. A few weeks in, however, privacy concerns have started circling many video conferencing platforms.
Privacy plague
Video conferencing has surged in popularity recently. Everything is being done online. From taking school lessons, virtually attending weddings, and hosting cabinet meetings. But, it’s privacy shortcomings have now been brought to the fore. In an era of social distancing, as everything takes to the digital, online security cannot be distanced from. It is imperative to protect personal data and organization data shared over the digital space. With most of the tech industry holed up at home, the sheer volume and frequency of shared data has multiplied.
In the past few weeks an online harassment method termed “Zoombombing” emerged [1]. Malefactors disrupted calls on the platform Zoom by flashing inappropriate content such as pornography, hate speech, and shock videos. Privacy advocates also revealed that popular video conferencing tools were caught sending personal data to Facebook. News reports are replete with such privacy concerns exposing these apps’ vulnerabilities.
Whether you’re the type to have tape over your laptop camera or not, it is safer to distance yourself from unsafe platforms. At the same time, privacy does not have to be sacrificed at the feet of convenience.
Digital Trust for Banks and Financial Institutions
For banks and financial institutions, it is imperative to maintain processes that do not jeopardize the privacy of their customers. And at the same time offer protection from fraud. A successful example of a banking workflow that is adapted to be 100% digital is the Know-Your-Customer process for onboarding and customer verification.
Using VideoKYC ensures there are no compromises on safety standards. We have honed the process with numerous layers of checks and balances. These include AI-enabled video forensics and identity document checks. They eliminate security gaps by combining human scrutiny with both software and ML and AI-enabled learning.
While generic video conference tools are not secure enough for financial services, our systems have always been designed for banking grade technology. We’ve developed our tools in a way that banks and financial institutions trust us with their data. This has now been taken a step further with our video-conferencing tool. It is developed keeping the needs of banks and financial institutions in mind.
In some cases the COVID-19 crisis is serving as an impetus to go digital. In other cases digital help is needed to coordinate between offsite and onsite officials. It is a daily need for confidential cross-country interaction. Either way video conferencing is essential to preserve uninterrupted work.
Enumerated below are some uses and features of this technology:
Since it is a safe and secure method of communication with no scope of privacy infringement, banks can schedule a call with the customer. This will cut down on the back and forth time that accompanies financial transactions.
Instead of the relationship managers from banks having to be physically present, they can now use our tool to communicate with the users. With COVID-19, this can help ensure banks continue their normal functioning, with higher efficiency. Our compliant VideoKYC has now merged with video conferencing, allowing REs to clarify issues in real time.
The features are customizable for the bank. The organizer (bank) can restrict the functionalities available to the user. For example, a bank can decide they do not want to let the user switch off video during the interaction.
The technology is good for auditing the call. Any breach in protocol can be caught through this auditing. Since this has been developed keeping banks in mind, no other third party software enables this.
Certainty of security in a time of uncertainty
We can’t say till when you’ll have to work from home. But, we can ensure that our tools are tested to be secure, simple, and even compliant.
No leakage of data
The platform prevents the leakage of personal data such as email IDs and photos.
End-to-end encryption
We ensure end-to-end encryption of all data shared over our platform. A third party cannot decrypt the calls.
Seamless communication
While the technology ensures full protection of the interaction, the UI ensures it is also easy to use and seamless.
Only a person with an invitation can join the call. This prevents any hackers or miscreants from disrupting the call. Our video conferencing tool ensures there is no scope for malicious activity such as “Zoombombing” to occur.
Signzy has control over the data flow. There have been recent concerns where data is being routed through China by video conferencing platforms [2].
Companies that adopt Signzy’s secure video conferencing have one less thing to worry about in these strange times.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
The Know Your Client or Know Your Customer (KYC) is a standard process in the investment industry. It ensures investment advisors know detailed information about their clients. This includes risk tolerance, investment knowledge, and financial position. The KYC process conducted during investor onboarding protects the interests of both clients and investment advisors. Clients are protected as their investment advisor knows the best choices for investments. Similarly, investment advisors know what they can and cannot include in the portfolio.
KYC compliance basically revolves around certain necessities and policies. This includes risk management, customer acceptance policies, and transaction monitoring. However, the need for digitizing the KYC collection process is crucial in these times.
KYC in Securities Industry — Rules & Regulations
The Know Your Client (KYC) rule is an ethical requirement of the securities industry. This includes those who interact with customers during investor onboarding and maintaining accounts. There are two rules which were implemented in July 2012 that are applicable in this regard.
1. Financial Industry Regulatory Authority (FINRA) Rule 2090 (Know Your Customer)
2. FINRA Rule 2111 (Suitability)
These rules are designed to protect both the broker-dealer and the customer. The rules provide a mutually beneficial agreement to both parties.
FINRA 2090
The Know Your Customer Rule 2090 cites that every broker-dealer must provide logical effort during investor onboarding and maintaining customer accounts. It is a requirement to maintain records on the demographics of each customer. It is also required to identify each individual who has the capacity to act on the customer’s behalf.
The KYC rule is crucial for the start of a customer-broker journey. It establishes the essential facts of each customer. This has to be done before any recommendations are made. These are required to service the customer’s account effectively. It also provides awareness of any special handling instructions for the account. The broker-dealer needs to be familiar with each person who has the authority to act on behalf of the client. It is necessary to follow all the laws, regulations, and rules of the securities industry.
FINRA 2111
As found in the FINRA Rules of Fair Practices, Rule 2111 goes in tandem with the KYC rule. It covers the topic of making recommendations. Suitability Rule 2111 mandates that a broker-dealer must have sensible grounds on which to make a recommendation. This must be customer-based and depend on the client’s financial situation and needs. This ensures that the broker-dealer has checked the facts and profile of the customer. This must also include the customer’s other securities. This should be done before making any purchase, sale, or exchange of securities.
KYC For Trading/DEMAT Accounts
Know Your Customer (KYC) is a primary requirement for opening your trading-cum-DEMAT account with a broker. What does KYC mean and why does SEBI mandate KYC for opening a DEMAT account? The perception is that the customer has relevant documentation for online ID verification. It also checks whether the flow of funds have a distinct record through banking channels. Today, it is not possible to activate a DEMAT account without KYC. As per SEBI (Securities and Exchange Board Of India) guidelines, KYC is a must.
When you open the DEMAT account, the DP / broker will ask you to fill up a KYC form along with your client agreement form. KYC requires basic paperwork and submission of essential documents. It also requires originals for complete verification.
KYC norms were put out by the RBI in 2002 and have been adopted by SEBI for all investment-related activities. This includes opening a trading account, DEMAT account, mutual fund investments, etc. The idea was to cut down on corrupt practices. Money laundering, acting as fronts for entities, trading in cash without audit trails, fraud, and financing of anti-national activities are some examples.
With KYC, your data is secure in a central database and the KYC process is applicable only once. After that, it is just picked up from the central database by linking your PAN card.
KYC helps banks and other financial institutions conduct online ID verification and track their customer transaction trails. This helps link all your capital market activity with your bank account. It also assists in tax returns and plugs any gaps in reporting. SEBI has enforced KYC compliance for sectors like mutual fund accounts, DEMAT accounts and trading accounts.
Key steps in the KYC documentation process for DEMAT account
The first step is the filling of the KYC form if you are a new investor and opening your DEMAT account for the first time. The application forms require demographic information. This can be name, residential address, office address, joint account holder details, account nomination, etc.
The next step of the investor onboarding process is to present your identity proof. PAN card is mandatory in this regard. You may also be asked to submit an additional government authorized proof. This can be a passport, driving license, voter ID, Aadhaar, etc.
The third step involves submitting proof of residential address. The document should include the current address in the exact format. You can provide utility bills with link documents. Other documents like bank statements, company letters, etc can also be linked.
Finally, you must submit a copy of your cancelled cheque. The account holder name must be clearly embossed on the cheque leaf. This is to verify your IFSC code and account details.
This entire process of investor onboarding can be time-consuming as well as heavily dependent on manpower. It also involves a significant amount of paperwork. With the digitization of the KYC process, the complete process has been simplified. Onboarding new DEMAT account holders can now take a matter of minutes.
Know Hows of KRA and K-IPV In KYC Collection
SEBI had initiated the usage of uniform KYC by all SEBI registered intermediaries (RIs). This was done to bring uniformity in the KYC requirements for the securities markets. In this regard, SEBI had issued the SEBI KYC Registration Agency (KRA), Regulations, 2011.
KRA is the authority for the centralization of all KYC records and details in the securities market. The client who wishes to open an account with a broker shall submit the KYC details. They can be submitted through the KYC Registration form with supporting documents. The Intermediary is responsible for conducting the initial KYC. The RI should also upload the details to the KRA system. The KYC details are accessible to all SEBI RIs for the same client. So once the client has undergone KYC with an RI, it is not necessary to repeat the same process again with other RIs.
It is compulsory for each client to be registered with any one of the various KRA registered intermediaries. This should be done before availing the benefits of any intermediary. Such benefits include Stock Broker, Mutual Fund Companies, Depository Participant, Portfolio Management Services (PMS) etc.
In-Person Verification (IPV) is part of the process of doing KRA-KYC registration of clients. KRA compliant clients are not required to undergo this process.
Importance Of IPV
The Prevention of Money Laundering Act, 2002 (PMLA), came into effect from 1 July 2005. The Act enforces that no one could use investment tools to hide their illegal wealth. Soon after, SEBI mandated that all intermediaries should adopt the KYC policy. It was also necessary to plan and install certain policies. The policies should follow vis-a-vis the guidelines on anti-money laundering measures.
Since 1 January 2011, KYC compliance has been made mandatory for all investors. This is irrespective of the amount invested and includes the following transactions:
a. New / Additional Purchases
b. Switching Transactions
c. First-time Registrations for SIP/ STP/ Flex STP/ FlexIndex/ DTP
d. Any SIP/STP/trigger-related products which were introduced after the enactment of the act
e-KYC (Know Your Customer) is a value-added feature that is offered by many financial institutions. E-kyc is useful for making the application process convenient. Investors can access it and upload the necessary documents. It can be done from the comfort of their home or office. As previously discussed, this is applicable to only SEBI-approved KRAs. For ex: CVL and CAMS can complete the e-KYC process. This means that digital KYC verification can be used for IPV as well.
New Norms For Digital KYC — Latest SEBI Guidelines
In a recent move on April 24, 2020, the SEBI has issued the latest guidelines pertaining to the digitisation of the KYC process. Some of the highlights are mentioned below:
1. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies as part of KYC are the foundations of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (also known as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor.
2. The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary shall continue to ensure to obtain the express consent of the investor before undertaking online KYC.
3. SEBI, from time to time has issued various circulars to simplify the process of KYC by investors / RIs. Constant technology evolution has led to multiple innovative platforms being created. These allow investors to complete the KYC process online. SEBI held discussions with various market participants and based on their feedback, technology like Aadhar-based e-Sign service which can facilitate online KYC will now be used. This is done with a view to allow ease of doing business in the securities market.
4. New regulations allow Investor’s KYC to be completed through an online / App-based KYC. There is also provision for in-person verification through video, online submission of Officially Valid Document (OVD) / other documents under eSign. It allows the introduction of VideoKYC, which was also allowed by RBI for the banking sector earlier this year. (Click here to read more about RBI Guidelines for VideoKYC)
5. SEBI registered intermediary may implement their own Application (App) for undertaking online KYC of investors. The App shall facilitate taking photographs, scanning, acceptance of OVD through Digilocker, video capturing in a live environment, usage of the App only by authorized persons of the RI.
6. The guidelines also allow RIs to undertake the VIPV(Video In-Person Verification) of an individual investor through their App. This is done to ease investor onboarding.
How Digital KYC Can Help Financial Institutions In The Securities Market
The latest SEBI guidelines have allowed ease of convenience to digitize the KYC process. This will be beneficial for financial institutions in the securities market. Previously banks, telecom, and other financial services providers used to deal with photocopies. The customer’s original ID proof was physically examined for conducting KYC verification. The conventional process of opening a DEMAT account can often become quite complex. It is also time-consuming and requires significant manpower.
The advantages to financial institutions in using eKYC are as follows:
Paperless verification
Cost-effective
Prevents fraud
Real-time identity verification
Transparent
Consent based to protect user privacy
E-KYC and VideoKYC — The New Age Digital KYC
At Signzy, we offer a unique e-KYC solution known as RealKYC. The solution offers KYC collection as well as background verification and checks.
Advantages of RealKYC
Secure System: A customer’s trading/DEMAT account information is secure. This is because the entire process is online. Identity theft, fraud, loan scams, money laundering, the flow of black money, etc. are all minimized with RealKYC.
Efficient Communication: The data can be effectively relayed in a precise and timely fashion. There is no need for constant back and forth. Most details are published automatically unlike manual KYC.
‘Free of Cost’ Process: RealKYC verification doesn’t charge any extra amount to the customer. A company or institution may need to pay automation costs of installing verification systems for the long-run.
Faster processing: The RealKYC service is completely automated online. This implies that KYC information can be transferred in real-time and does not require any manual intervention. The paper-based KYC process can be delayed for days and go up to weeks to get verified. Using the eKYC process reduces this to just a few minutes to verify and issue.
At Signzy, we have also introduced a new form of KYC verification called VideoKYC. This is a faster and more efficient form of KYC collection and verification. It conducts liveliness checks against the user. It also verifies the identification document against forgeries.
Advantages of using VideoKYC during investor onboarding
Signzy’s unique VideoKYC solution is compliant with RBI and SEBI guidelines. It has been the winner of several awards and accolades earlier this year. Here are some highlights of the product advantages:
Higher Application Accuracy
Plug and Play solution, swift Go-To-Market
Comprehensive Training Program
Competitive Advantage through customer delight
100% compliant with the latest RBI Mandate
Exponentially increase Scale of Operations
Reduced back office overheads (upto 70%)
Reduction in customer Drop-offs (upto 50%)
Platform Agnostic, support multiple communication channels
Conclusion
Over the last two decades, the securities market in India has witnessed structural reforms. This abolishes the century-old practices of trading and settlement. This has been possible due to the advent of technology that has created a nationwide network. It has enabled the market participants to interface from any corner in the country. With the new regulations and compliance norms, Digital KYC will soon become the standard for KYC collection in the market.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
At a macro level, India seems to be going through an “identity crisis”. Not in terms of whether she is a potential superpower or a grappling economy, but instead which papers and bills identify its constituents as Indian citizens.
Zooming in to the fintech ecosystem of the country, constantly identifying individuals through Know Your Customer (KYC) processes is imperative, but the latest developments in the sector are far from bleak. The past few years have seen rapid developments in ideas and technologies, with the regulatory space dishing out amendments to keep up.
With concepts like Artificial Intelligence (AI), face-matching, and Computer Vision now a practical reality instead of something fresh out of a sci-fi movie, the processes of authenticating customers have taken a step away from the physically daunting and expensive task of onboarding. Along the same tangent, the regulatory body RBI is also tasked with updating their KYC compliance norms. The fintech space is fast changing, and sometimes companies developing futuristic tech have solutions relegated to waiting in the wings until official norms give them the green light. This may require sitting back with a tub of popcorn for a few years.
The build up here is to introduce an esrtwhile non-compliant, yet simple, secure, and scalable method to establish the identity of an individual: Video KYC (VCIP).
Reaching Compliance: The past
In an earlier phase of “identity crisis”, the question was whether the unique identification card “Aadhaar” had constitutional validity itself. On 26 September 2018, the Supreme Court affirmed its constitutional validity but scrapped Section 57 of the Aadhaar Act that allowed private companies to use Aadhaar authentication and eKYC.
With the 1,448-page judgment up for interpretation, a cloud of ambiguity loomed over India’s booming fintech industry; when was Aadhaar authentication to be stopped, and would the private space have to sacrifice the paperless, cashless and presence-less verification method it had adopted? Potential customers were seen on the opposite side of the regulations door as the industry suffered hiccups to onboard new customers after the judgement.
About six months later, on June 26, 2019, an expert committee on Micro, Small and Medium Enterprises (MSMEs), headed by UK Sinha, former chairman of the Securities and Exchange Board of India (SEBI) proposed the need for online video KYC. The panel recognized the drawbacks of physical presence and the sheer data handling required for even eKYC. Video-KYC was seen as a simple seamless process that could be done through a video chat where the customer can display documents. At that time the committee recommended it could be done through apps like Google Duo or Apple FaceTime.
Experts pointed out that considering these applications were of foreign origin, the RBI was unlikely to allow them. Under the Data Protection Bill, and the debate around data localization, the central bank was unwilling to let companies store customer data in foreign locations.
In the latest installment of updates, the RBI approved Aadhaar-based video authentication as an alternative to e-KYC on January 9, 2020. The amendment to the KYC norms allow banks and other lending institutions regulated by it to adopt a Video based Customer Identification Process (V-CIP) as a consent based alternate method of identity verification for customer onboarding.
Explaining Compliance: The present
Making sense of the latest amendments to regulations is not easy. We at Signzy have distilled it down to a 20-point cheat sheet to make sure it is. The changes due to the introduction of V-CIP are:
Informed consent to be obtained from individual customer before the live V-CIP process
RE (Regulated Entities) official to record video of the customer present for identification
RE official is to capture a photograph of the customer during the session
RE official to obtain identification information. This can be done through two methods depending on the entity type:
Banks: OTP based Aadhaar eKYC authentication
Non-bank RE: only Offline Verification of Aadhaar
RE official to capture a clear image of PAN card which is to be displayed during the process
Live location is to be recorded during the session
RE official to ensure customer’s photograph matches them
RE official to ensure provided identification details match the details on the Aadhaar/PAN
Randomization of questions to ensure there is no pre-recording. This means that the sequence and/or type of questions during video interactions should be varied in order to establish that the interactions are in real-time
The Aadhaar XML or Secure QR provided for offline verification should not be more than 3 days old
Accounts opened through the V-CIP process will only be operational after a concurrent audit
RE official to carry out a liveliness check
The audiovisual interaction should be triggered from the domain of the RE itself
An activity log along with the credentials of the official carrying out the process should be preserved
Video to have a timestamp and be safely stored
The amendment encourages the use of AI and face-matching technology
RE official to redact/blackout Aadhaar number as per standard guidelines
The interaction is to be necessarily done by a bank official and not an agent
The process is to be operated only by specifically trained officials
RE to ensure security, robustness and end to end encryption of the V-CIP application
This is a monumental step towards digitizing the authentication process for banks, lending startups and non-banking financial institutions.
Signzy: The future
Signzy’s video technology came into existence before the license to use it did. In 2016, bankers told us our tech was too futuristic and not practical, but now the future is here! Keeping up to its promise of delivering future ready digital onboarding solutions, Signzy is ready with a plug and play end-to-end digital Video KYC solution with V-CIP features.
Our systems are designed for banking grade technology which means they meet the strictest infosec regulations and data security requirements. Signzy’s video KYC is being used to onboard thousands of customers every month by SEBI regulated institutions. This solution has matured over dialects, browsers and low-internet scenarios. And also has one of the best facial recognition technology at the background (Can read more here)With RBI’s progressive move to bring Video KYC (Video Customer Identification Process) 2020, we look forward to onboarding RBI regulated institutes on our battle-tested solution!
If you would like to know more then look at the Video KYC section on our website
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
The RBI has recently released a revised set of directions in the PPI regulator framework. In its 20-point notification, RBI has asked all the PPIs (Prepaid Payment Instruments) to improve how they operate. With the latest regulations, in effect already, RBI will treat PPIs more or less like banks subjecting them to full compliance in the provisions like Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT), and more.
In this article, we’ll look at the most significant changes that the RBI has introduced to the PPI framework.
But before that, we’ll see how the world has fought money laundering with a powerful tool called “KYC” because the biggest change that the updated RBI regulations bring to the PPI players is a mandatory full KYC.
Fighting money laundering with KYC
The UN General Assembly declaration in 1990 (precursor to the PMLA) — which was the first constructive global step against money laundering — focused on prevention of financing to illicit drug trade. Today the objective of the legislation is to stop money earned through illegal means from coming into traditional financial system and getting converted into legitimate money. Also, the same being used to fund such illegal activities including terrorism.
In pursuance of this noble objective, regulators have defined a KYC regime for financial institutions to follow. The Financial Action Task Force (FATF) is an intergovernmental body which recommends to countries regulatory regime for prevention of money laundering. Very recently FATF has defined a more risk based approach to counter money laundering.
One of the most important functions of financial regulators is to manage the risk within the financial system. This function manifests into a massive regulatory regime of KYC, which quite literally means know your customer and in essence know if he is a fraud, a money launderer or a terrorist.
Adopting KYCs as an AML measure in India
With a view to curb money laundering, terrorist financing, and fraudulent activities, RBI introduced KYC norms for banking institutions in 2002. These norms directed banking authorities to carry out tests and audits and freeze any accounts with suspicious activities (transactions).
RBI has always stressed on strict compliance of these guidelines and several big banks like Bank of Maharashtra, Dena Bank and the Oriental Bank of Commerce faced heavy penalties (1.5 crore each) for violation and non-compliance of certain KYC regulations and Anti Money Laundering (AML) norms.
Until now, October 2017, the RBI’s KYC guidelines were only applicable to banks. However, the latest regulation brings PPI players into its ambit.
A quick note about PPIs
In 2009, RBI paved the way for a new payment instrument which would not require the two factor authentication for small payments and will help in easier acceptance of payments by merchants. These pre-paid instrument (“PPI”) could be recharged with money and then used upto the recharged amount.
The initial PPI had allowed PPI to be issued for upto Rs. 1000 by accepting any customer identity document and upto Rs. 5000 by accepting an Officially Valid Document (OVD). This went through a transformation and in 2014 was relaxed by allowing PPI upto Rs. 10,000/- (total usage in a month) by accepting “minimum details of the customer”. Which transformed the PPI industry into what it is today and led to opening of wallets through mobiles and emails. Somehow though this was a boon for the industry, it did not go down well with the regulator.
In October 2016, an RBI senior official Nanda Dave stated that PPIs have been very lax in following KYC norms: “The customer is being identified by his or her mobile number, period. And such wallets have been used for routing money which has been fraudulently taken from bank accounts,” said Dave. “When we have no details of customers with us, it is very difficult to even trace where that money has gone,” she said.
The framework for regulation, authorisation, and supervision of the PPIs are governed by RBI’s “Issuance and Operation of PPIs”. These were issued in April 2009 and thereafter amended from time to time.
Since regulations on PPIs have been very light with low entry barriers, it was necessary for RBI to impose stiff and stringent norms on them.
To address the same, RBI released a Draft Circular called the “Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India” in March last year. The circular was issued following the growing usage of PPIs for buying goods/services and for transferring money. In the circular, RBI recognized requests from stakeholders for relaxations in certain areas and also considered aspects that would strengthen the security and safety norms, mitigate risk, and protect customers using PPIs.
RBI took inputs from the different stakeholders on the provisions of the circular, following which, in a major step forward in this direction, RBI passed fresh rules for all prepaid payment licence and wallet companies. These include improved standards for safety, security, and flexibility of online transactions, interoperability of PPIs (and banks), full KYC, and more.
Let’s now take a look at a brief summary of these regulations.
The Updated Regulation Summary
Mandatory full KYC: As per the new directions, PPIs have to become full KYC compliant within 12 months. “The amount loaded in such PPIs during any month shall not exceed Rs 10,000 and the total amount loaded during the financial year shall not exceed Rs 100,000,” RBI said. If the compliance is not made further credit will be disallowed.
Interoperability: Interoperability can be enabled in only Full KYC (banking and non-banking) PPIs. This time-consuming process will be applied in phases with the first phase (spanning across the first 6 months) bringing interoperability between wallets, and the subsequent phases working on the interoperability between wallets and bank accounts, followed by the enabling of interoperability in PPI cards.
New capital requirements of Rs 15 crore for non-banks: For non-banking PPIs, new capital requirement is of Rs 15 crore (5 crore at the time of application and 15 crores within the next 3 financial years).
Cross border inward and outward remittances: Fully KYC complaint Wallets will now be able to undertake cross-border inward remittances. However, transaction limit can’t exceed Rs 5000 per cross-border transaction and the maximum wallet limit shouldn’t exceed Rs 50,000.
PPI issuers need to maintain records of transactions: PPI Issuers to maintain a record of all the transactions undertaken using the PPIs issued by them. They should also file Suspicious Transaction Report (STR) to Financial Intelligence Unit — India (FIU-IND).
Along with the new guidelines, RBI has also released a new Security Framework for PPI Issuers to prevent fraudulent activities and ensure user security.
The Newly Introduced Security Framework for PPI Issuers
Separate login for the PPI account: PPI issuers should maintain a separate login for PPI accounts and it should not be used to access any other services offered by the PPI Issuer or its associate/parent/group company etc.
Timeout features: PPI issuers should prevent invalid sign-in attempts and add inactivity timeout features.
Capping: PPI issuers should implement customer-enforced transaction caps on their users’ wallet transactions. The users should however be allowed to increase/exceed the caps with additional authentication and validation.
Cooling period for funds transfer: While opening an account/ loading funds/ adding a beneficiary, PPI issuers should place a cooling period for transfer of funds to prevent the fraudulent use of PPIs.
Other mechanisms: Issuers should place internal and external escalation mechanisms to prevent suspicious operations, loading and reloading of funds into the PPI and also alert the customer in case of such transactions.
Reporting frauds: PPI issuers should report frauds on a monthly/quarterly basis to the concerned Regional Office as per the directions. They should also monitor, handle, and follow-up on cyber security incidents and breaches immediately with the concerned authorities.
These updated regulations have raised a number of challenges for the wallet companies. Here’s a quick look into the most challenging aspects of the new norms.
The Key Challenges Wallet Companies Face Because of the New Norms
1. Full KYC compliance within 60 days
Complete KYC compliance will increase acquisition costs for wallet companies as it introduces tons of documentations and the paperwork. Cost of KYC per customer is estimated at nearly 150–200 Rs per customer by the industry.
2. Mobile wallet companies are required to have a minimum net worth of Rs 5 crore, hence will need fresh funding.
As per earlier guidelines, a minimum net worth of Rs 2 crore was required for mobile wallets. This net worth is now raised to Rs 5 crore at the time of application and Rs 15 Cr within 3 financial years after getting the authorization. This means, smaller wallet companies will need fundings to comply with the directions of RBI.
3. A one-year validity of the wallets. Also, auto-closing of wallets with zero balance.
Users’ wallets will be closed automatically if they continue to have zero balance for a year. A notice, however, will be issued to all such users before closure of their wallets.
“There are a large number of inactive wallets with no money in them,” said Gupta. “By enforcing this rule, RBI is all set to weed out those numbers and bring out actual figures around how many wallets are there in the system.
4. Implementing interoperability.
At present interoperability is limited to only UPI-based banks. However, with the new requirement of interoperability, PPIs will have to deal with a lot of technical and operational requirements of safety, security, and risk mitigation. The implementation is very complicated.
How the industry is gearing up to comply with the new PPI Guidelines
From the reactions that are coming in from the different payment players, it’s clear that they’ve already begun working on their KYC.
“ Interoperability with KYC is a great leveller and catalyst towards Collaborative Innovation for the ecosystem. We commend the RBI for its proactive stride and look forward to ongoing progressive regulations also for micro-payments use-cases with minimum or risk-based compliances. Especially if we need to transition to less-cash the digital alternatives need to be as seamless, frictionless and at par with other sectors like gold purchases which are completely anonymous up to Rs. 2 Lacs. Additionally the Finance Ministry and RBI have commissioned noteworthy committees like the Watal Committee on Digital Payments and Ramadorai Panel on Household Finance with apt findings and recommendations that as they get incorporated into regulations would fast forward in achieving the India FinTech potential.”
MobiKwik, another popular digital payments company, is also planning to increase its agent strength for the same and also trying for Aadhaar-based KYC through a one-time password.
“We have set a target of achieving 20 million full KYC wallets within the next one year and we are expecting an expenditure of around Rs 50 per customer,“ said Bipin Preet Singh, founder of MobiKwik wallet. “Though we have 65 million users, KYC formalities cannot be done with all of them.”
Oxigen Services, will give incentives to it’s retailers to look after the KYC process of the customers.
The long-term approach payment wallets must take (as RBI expects bank-level preparedness from them when dealing with money laundering)
Bringing at Par with Banks
The updated KYC norms for PPIs have made their KYC regime at par with banks. Therefore, there needs to be greater focus on compliance and audit. This move by RBI also indicates that wallet companies will now face KYC and AML audits like banks and may have to face heavy fines and penalties in case of non-compliance, thus necessitating more investment toward customer KYC.
The current wallet onboarding only includes email and mobile number verification. This will now have to upgrade to systems that can capture KYC documentation and data. Not only that, it will also need to have a risk and compliance check inbuilt for AML/CFT risk of the customer as well as a backend operations team to process these applications. The cost of customer onboarding for wallets will also raise as a result of this full KYC process.
The way forward for wallet providers is to find and use modern KYC solutions that will not only help them overcome this challenge but also ensure that they are able to scale operations without incurring heavy costs. Failing to do so would mean even these wallets will face the same challenges as banks face when scaling their KYC operations.
Investing in security and laundering protocols
In the long run, wallet companies, too, should aim for the same degree of security that banks offer. This includes:
Performing due diligence. Due diligence should be performed on the initiator and recipient who make/receive payments to ensure compliance of transactions with the anti-money laundering (AML) and counter-terrorism financing checks. Frequent screening that identifies accounts with unauthorised and unusual transactions should also be conducted and such accounts should be freezed.
Implementing transaction monitoring. To view transaction patterns of the customer base, machine learning models should be used. With the help of such AI, shady transactions can be detected. Moreover, transaction monitoring should be combined with AML and KYC screening to alert against suspicious financial activities of the customers. Transaction profiles should be maintained with all the account details of the customers such as cash deposits, withdrawals, transfers and payments.
Wallet apps have become a mainstream payment method as they offer convenience and value (by offering several coupons, membership cards, event passes, loyalty points, cashback and more) Customers can indeed save a lot of time and resources by using these wallet apps. However, instead of signing up for 10s of e-wallets with nil balances in each, users must use just one or two that support maximum apps/payments and keep them active. Also, the money transfer feature these wallets offer must also be used responsibly.
Wrapping it up…
Thanks to the growing government initiatives to push toward a cashless economy and the acceptance from the masses, the PPI space has grown exponentially in India. So there’s no doubt we need better regulation over PPIs. This update in the regulation — however strict it may seem — is needed, because even PPIs wouldn’t want their users to engage in money laundering or terror funding activities.
By bringing the PPI market tightly under the ambit of the more serious financial regulations, RBI has taken a big step toward a safer, cashless economy. So while the updated PPI norms do challenge several smaller companies in the short term, they will pave way for a safer, more user-friendly wallet experience eventually. Also, the security framework laid out by RBI is a big step toward ensuring the security of crores of Indians who are now actively opening up to the possibilities of a cashless economy.
About Signzy
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
