On May 29, 2019, the Reserve Bank of India (“RBI”) introduced certain amendments to the Master Direction – Know Your Customer (KYC) Direction, 2016 (“KYC Direction”), which sets out the customer identification procedures that need to be followed by entities regulated by the RBI such as banks, non-banking financial companies, payment system operators (“Regulated Entities”) to establish an account-based relationship and for monitoring their transactions.
These amendments come in the wake of the changes to the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (“PML Rules”) framed under the Prevention of Money Laundering Act, 2002 (“PMLA”), notified by the Government of India (“Government”) in February 2019.
In September 2018, the Supreme Court of India while upholding the constitutional validity of ‘Aadhaar’ in the matter of Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors, read down certain provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”), the Indian Telegraph Act, 1885 and the PML Rules.
The Government, pursuant to the directions of the Supreme Court, introduced amendments to the PML Rules and presented the Aadhaar and Other Laws (Amendment) Bill, 2019 (“Bill”) before the Parliament. The Bill was proposed to ensure that the aforesaid legislations conform to the Supreme Court directive and the report of the committee on data protection headed by Justice Srikrishna. While the Bill was passed by the Lok Sabha in January 2019, it could not be considered by the Rajya Sabha, as the latter got adjourned. So, the Government pushed through the Aadhaar and Other Laws (Amendment) Ordinance, 2019 (“Ordinance”) in March 2019 that amended, inter alia, the PMLA. Consequently, the RBI has now amended the KYC Direction.
- Banks have been permitted to carry out Aadhaar authentication or offline verification of individuals voluntarily using their Aadhaar number for identification purposes.
- ‘Proof of possession of Aadhaar number’ has been added to the list of Officially Valid Documents (“OVD”). Along the lines of the amendment to the PML Rules, the KYC Direction also clarify that where an individual provides Aadhaar as an OVD, such individual may submit Aadhaar in a form issued by the Unique Identification Authority of India (“UIDAI”).
- For identification of ‘individuals’:
(a) who wish to receive any benefit or subsidy under any scheme (so notified under Section 7 of the Aadhaar Act), the banks are required to obtain the Aadhaar number of such individuals and carry out their e-KYC authentication based on a declaration that they are desirous of receiving benefit / subsidy under the Aadhaar Act;
(b) who are non-direct benefit transfer (“DBT”) beneficiaries, the Regulated Entities are required to obtain a certified copy of any OVD containing details of the individual’s identity and address, along with one recent photograph.
- For non-individuals, the Regulated Entities are required to submit PAN or Form No. 60 of the entity apart from other entity related documents and the PAN or Form No. 60.
- Regulated Entities, other than banks can carry out offline verification of individuals who consent to such Aadhaar offline verification for identification purposes. However, such Regulated Entities need to ensure that the individuals (non-DBT beneficiaries) while submitting Aadhaar for customer due diligence, redact or blackout their Aadhaar number in accordance with the PML Rules.
The amendments to the KYC Direction only allow banks to use Aadhaar e-KYC authentication facility of the UIDAI for opening accounts of their customers (if they voluntarily use their Aadhaar number for identification purposes).
The non-bank Regulated Entities (for instance, the prepaid payment instrument issuers), can use offline Aadhaar verification mechanisms (such as QR code), which do not involve sharing of Aadhaar number or biometrics. Such Regulated Entities have not been authorised by the RBI to use the Aadhaar e-KYC authentication facility.
That said, the Ministry of Finance issued a circular in May 2019 that allows non-bank entities regulated by certain sector-specific regulators (such as the RBI, the Securities & Exchange Board of India, the Insurance Regulatory and Development Authority etc.) to apply for an authorisation for carrying out authentication of their clients / customers using Aadhaar e-KYC authentication facility provided by the UIDAI. Such authorisation is granted to non-bank entities after the UIDAI is satisfied that such entities comply with the requisite conditions relating to the standards of privacy and security laid down under the Aadhaar Act.
It will be interesting to see if the RBI relaxes its stance in the near future to permit the non-bank Regulated Entities to conduct paperless, transparent, safe and secure authentication of its customers using e-KYC authentication facility offered by the UIDAI.