Scroll Top

INDIA’S KYC FRAMEWORK – ARE WE LOSING OUR PRIVACY?

Introduction

International regulations and domestic legislation compel financial institutions to gather personal information from customers when opening accounts as well as on an ongoing basis to avoid the use of the legitimate financial system for unlawful purposes. These requirements raise privacy issues, not least because of the volume and type of personal data that financial organizations gather.

Before engaging in any transactions, users of the formal banking system are required by Know-Your-Customer (KYC) rules to prove their identity using particular identification documents. The World Bank estimates that 32 million adults in India lack access to a legally recognized form of identification. This makes it difficult for a large number of people to access the official financial system. KYC regulations increase compliance costs for organizations, particularly by increasing the time it takes to onboard new customers and raising regulatory risks, in addition to generating challenges for customers. The issues mentioned above still exist even though India has made progress in reducing financial exclusions, in part because of the implementation of Aadhaar-based verification and e-KYC systems.

Tracing global roots of domestic KYC requirements

The Financial Action Task Force’s standards served as the foundation for the creation of KYC norms (FATF). The FATF is an intergovernmental organization that works to stop the proliferation of weapons of mass destruction, money laundering, and terrorist financing (WPF). To this aim, it makes recommendations that set requirements for member nations to follow. Although the FATF’s recommendations are merely advisory, a member state’s economic interests may suffer if it does not follow them. As a result, domestic legislation is influenced by the FATF’s recommendations. One of the pillars of the FATF’s recommendations is the requirement that reporting organizations (financial institutions and other non-financial firms that have been designated) carry out the proper client identification and verification. These criteria, in general, are meant to guarantee increased accountability and transparency in the use of the formal financial system.

Before joining the FATF in 2010, India enacted client identification requirements under the “Prevention of Money Laundering Act of 2002” (“PMLA”) and rules made thereunder for several financial firms. Specific requirements are also outlined in this respect by sectoral regulators including the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance Regulatory Development Authority of India (IRDAI), and Pension Fund Regulatory and Development Authority (PFRDA). The collective term for these client identification processes is “Know Your Customer” or KYC norms. However, the PMLA framework has continuously been changed, purportedly due to India’s FATF responsibilities.

Key Challenges of the Indian KYC framework

Although the FATF permits certain flexibility in the creation of KYC requirements, this flexibility is not completely utilized in India. In comparison to nations like Australia, Germany, the UK, the EU, and the US, we find that India enforces extremely strict KYC criteria. According to the research, India’s implementation of KYC standards has three major issues:

  1. Address evidence requirements are overly stringent and comprehensive in Indian law, which places too much weight on them. At the KYC stage, Indian regulators demand that consumers show documentation of their current, permanent, and residential locations. For marginalized or vulnerable groups of the population, the requirement to provide documentation of several addresses and the lack of flexibility in this respect might be problematic. This is especially true considering the large proportion of Indians who may not have a stable or permanent address, including migrant workers, nomadic populations, vulnerable communities, the homeless, etc. Even in circumstances where the person has a permanent address, they may lack legally recognized documentation (OVDs) that attest to their “present address”.
  2. Regulators have tried to implement various technological techniques to increase efficiency to reduce expenses associated with completing KYC. However, we find that there is tremendous room for improvement in both the regulatory environment and the application of these techniques. For instance, companies governed by the RBI and SEBI can only accept ID documents that have been authenticated using the e-Sign function that is supplied by the DigiLocker system to complete the video KYC process. Therefore, customers without a DigiLocker account are unable to complete a video KYC process. Another potential barrier for users is the fact that only Aadhaar holders can open a DigiLocker account. According to Dalberg’s calculations, this restriction prevents about 8% of the population—28 million adults—from using the streamlined KYC process. A bank representative must also hold the live video call as part of the video KYC procedure. Scalability is restricted by this resource intensiveness.
  3. We find that, in contrast to many other foreign jurisdictions, the Indian regulatory structure does not offer many tools for enforcement that are scaled or proportionate. Even seemingly insignificant infractions can result in severe punishments, such as license cancellations, criminal sentences, and hefty fines. Comparatively speaking, authorities in the US, Australia, and the UK can use a far wider variety of enforcement measures, from issuing advice or cautionary notices to securing compliance obligations. The high penalties under the Indian framework, when coupled with the lack of an appeals mechanism, may encourage financial institutions to take a conservative, risk-averse stance. In particular, when it comes to customer segments with low-profit margins, this may cause organizations to quit markets and client segments that are linked to a higher risk of compliance failure. Contrarily, this increases the dangers of money laundering and other financial crimes, which KYC standards were initially intended to prevent. In addition, the high penalties that can be imposed under the Indian regulatory framework also make it more challenging for regulators to impose penalties consistently, especially for small violations.

Recommendations and conclusion

Within the framework of the current FATF, we propose relaxing and standardizing the requirements for address proof. Regulators must distinctly define the goals of acquiring an address proof as a first step in reform. Several easier techniques can be employed, for instance, if the goal of safeguarding paperwork is just to enable communication with the customer (as demonstrated by the fact that many KYC forms use the terms “correspondence address” and “current address” interchangeably). For instance, the Supreme Court has acknowledged that e-mail and instant messaging might be considered genuine forms of service.

In addition, organizations that fall under the purview of SEBI, IRDAI and PFRDA require clients to provide documentary evidence of their present residence in addition to the verification of the presence of a bank account. However, a self-declaration of current residence is required to open a bank account (where an OVD has been submitted for a permanent address). Therefore, it seems that SEBI, IRDAI, and PFRDA’s additional demand of confirming the current address lacks much reason. However, even if the need to demonstrate a current address is maintained, the process for doing so could be loosened. For instance, in some nations, including the United States, a client is allowed to simply specify a post box or even a referee’s address as their mailing address.

Analysis suggests that efforts to streamline the KYC process by implementing video and eKYC standards have also fallen short of their full potential. This is due to several factors involving both the regulatory framework and execution problems. For instance, the simplification initiatives are mostly restricted to banks (and not NBFCs). A crucial pathway for financial inclusion is provided by NBFCs. However, the limited applicability of streamlined KYC processes has made it more difficult for them to reach clients by driving up operating expenses and restricting expansion. In this regard, one can think about allowing NBFCs to make use of streamlined KYC procedures (though this may come at a cost to privacy interests). Regulators must also take into account India’s digital divide problem. Therefore, it might not be a good idea to rely on technical infrastructure, including internet facilities. To facilitate numerous routes of verification, authorities must seek to simplify the KYC standards themselves. You might also think about how KYC procedures need to be separated apart. Notably, the report of the High-Level Committee on Deepening Digital Payments promotes the elimination of numerous tiers of KYC compliance requirements. It suggests, for instance, lowering KYC criteria when a customer uses a verified KYC-compliant account to open a second account, an account with a mutual fund, or an account with a payment’s wallet.

Finally, it is necessary to expedite enforcement procedures and provide regulators more flexibility in selecting “softer” corrective measures. RBI judgments must be subject to an appeals mechanism. In its report, the Financial Sector Legislative Reforms Committee (FSLRC) offered suggestions along the same lines. A uniform Financial Sector Appellate Tribunal should be established to hear appeals from all financial sector regulators, according to the FSLRC report, which is now almost ten years old. In addition, it recommends that sanctions and enforcement methods be examined to guarantee their proportionality. Although the banking industry has advocated for the recommendations of the FSLRC to be adopted and talks about this have occurred at the highest levels of government, no legal developments have yet occurred.

Author(s) Name: Khushi Mandal (Shreemati Nathibai Damodar Thackersey Women’s University Law School, Juhu, Mumbai, Maharashtra – 400049)