Digital KYC Norms Impose Additional Compliance Costs On NBFCs

Tighter regulations surrounding the KYC regime could mean higher compliance costs on NBFCs and fintechs.

An Aadhaar biometric identity card, issued by the Unique Identification Authority of India (UIDAI), is arranged for a photograph in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)
An Aadhaar biometric identity card, issued by the Unique Identification Authority of India (UIDAI), is arranged for a photograph in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)

The government has promised to give non-banking finance companies and fintech firms access to the Aadhaar database for bringing new customers on-board once again. Tighter regulations surrounding the KYC regime, however, could mean higher compliance costs on NBFCs and fintechs rather than ease the burden on these firms.

While announcing a package to support the economy last week, Finance Minister Nirmala Sitharaman said NBFCs would re-gain access to the Aadhaar database in order to fulfill KYC requirements. The necessary amendments and changes to the Prevention of Money Laundering Act, 2002 and the Aadhaar Act, 2016, would be made to reflect this development, the finance minister said.

Ahead of the announcement, on Aug. 19, the government had amended PMLA rules to allow entities to use digital documents and digital signatures as part of the KYC process.

Increased KYC Costs

The PMLA amendment included detailed guidelines on the procedure to be followed by banks or any reporting entity when they bring new customers on-board through an entirely paper-less process.

Entities will now have to authenticate the customers’ identity either through the e-KYC facility provided by the UIDAI or do an offline verification of the Aadhaar details. Companies can also complete the process by seeking a digital signature on e-documents on any officially valid document.

In case e-KYC authorisation cannot be conducted or if the Aadhaar details have been taken offline and if customers provide other officially valid documents, the digital KYC process has to be followed, the notification stated.

Arpit Ratan, co-founder, Signzy Technologies, said while the guidelines allow for a one-time-password verification by customers, it still does not allow remote verification by a company. Signzy provides digital on-boarding software for lenders.

Remote verification is when a customers’ demographic details are verified (through e-KYC) without any physical contact by the NBFC, bank, fintech or any other entity.

The PMLA notification stated that digital KYC process will involve banks or entities “capturing” a live photo of the customer and their officially valid documents, including capturing of an individuals’ Aadhaar card in an offline manner based on their consent. It will also have to include a geo-tag of the location where the “live photo is taken by an authorised officer of the reporting entity,” the rules said.

The guidelines highly emphasise on the fact that authorised officers and employees have to conduct the whole digital KYC process, which could be done ideally at company branches of the reporting entity. But this is slightly onerous as many payments players and fintechs work with agents.
Naveen Suryva, Chairman Emeritus, Payments Council of India

He said the industry is awaiting directions from the RBI with regards to the PMLA amendment and the government’s announcement on access to Aadhaar e-KYC for NBFCs.

Access of NBFCs and fintech firms to the Aadhaar database was constrained after the Supreme Court ruling in September 2018. Following the ruling, telecom companies, payments companies and fintechs could not access the e-KYC system through the UIDAI’s Central Identities Data Repository. This led to increased burden on compliance and operational costs.