Changes to expect in fintech with digital KYC

By Shilpa Mankar Ahluwalia and Himanshu Malhotra, Shardul Amarchand Mangaldas & Co

Fintech players are now offering the Aadhaar-based know your customer (KYC) authentication services (Aadhaar e-KYC) made available by the Unique Identification Authority of India (UIDAI) to customers quickly and at a fraction of the cost of paper-based onboarding methods. However, in September 2018, the Supreme Court in Justice (Retd) KS Puttaswamy and Anr v Union of India, prohibited private bodies from undertaking Aadhaar KYC in the absence of legislative backing. In July 2019, the Aadhaar and other Laws (Amendment) Act, 2019 (act) introduced legislation enabling banks (and other entities that may be notified by the government) to obtain Aadhaar numbers to undertake Aadhaar e-KYC while onboarding customers.

Shilpa Mankar Ahluwalia
Shardul Amarchand Mangaldas & Co

Non-banking financial institutions (NBFC) are excluded and cannot therefore conduct Aadhaar e-KYC. The Finance Minister recently announced that NBFCs would be allowed to undertake Aadhaar e-KYC, but no formal notification has yet been issued. Following the Aadhaar judgment, the fintech sector in India has been struggling with KYC and customer onboarding costs.

The Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 have been amended and are in force from 19 August 2019 to enable: (i) ‘Digital KYC’; and (ii) acceptance of e-documents stored in digital lockers as valid documents, for the purposes of KYC verification by all reporting entities, that is banks and financial institutions. The amendments make procedural changes to the way in which KYC can be undertaken and allow for a completely digitized mechanism to onboard customers.

Key changes

Digital KYC is defined to allow the photographing of a client, the copying of Aadhaar documents and the capturing of geolocation data. Digital KYC enables paperless KYC while onboarding new customers. A digital lender that intends to undertake digital KYC must develop an application accessible only to authorised officials through login ID and password or one-time password (OTP) or OTP time-controlled mechanisms (KYC App). The rules prescribe in detail the way in which digital KYC is to operate, including the duties and obligations of the authorized official of the reporting entity. The authorized official appears to be allowed to visit the customer to carry out his duties.

Himanshu Malhotra
Shardul Amarchand Mangaldas & Co

The digital locker infrastructure was introduced by the Ministry of Communications and Information Technology in the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016. A digital locker is an online repository where subscribers may securely store digitally issued documents (issued by central or state government authorities or other body corporates). Subscribers may retrieve these documents from the digital locker to upload them to a requesting entity towards completion of KYC verification. Subscribers may also authorize such requesting entities to access the documents stored in their digital lockers for the purposes of verification.

The rules expressly recognize e-documents stored in a digital locker as an officially valid document that may be accepted by banks and financial institutions as valid documents when completing KYC of a customer. This will greatly assist in the digitization of KYC verification procedures. Customers and requesting entities may rely on digital lockers to complete KYC verification without the need to collect physical documents for verification purposes.

Impact of new KYC rules

Digital KYC eliminates the need for paperwork when onboarding a customer, significant in terms of procedural convenience and the simplification of the document collection process for reporting entities. However, the fintech sector has been struggling to onboard customers remotely, that is in a non-face-to-face situation. The requirement to undertake a face-to-face verification (as contemplated in the Reserve Bank of India [RBI] KYC Master Directions dated 25 February 2016) has not been eliminated by the rules. Digital KYC requires the authorized official of the reporting entity to be in the physical presence of the customer (verifiable by the GPS coordinates and time and date stamp in the “live photographs” captured as part of the process).

Next steps

While the rules have introduced digital KYC, the RBI will still need to amend its KYC Master Directions to recognize Digital KYC as a valid means of customer onboarding before starting account based relationships or offering financial services. The RBI should also consider whether to include a set of rules allowing for non-face-to-face digital KYC subject of course to implementing appropriate transactional thresholds and safeguards.

Shilpa Mankar Ahluwalia is a partner at Shardul Amarchand Mangaldas & Co and leads the firm’s Fintech practice. Himanshu Malhotra is an associate at the firm.


Shardul Amarchand Mangaldas & Co
Amarchand Towers
216 Okhla Industrial Estate, Phase 3
New Delhi- 110 020

Executive Chairman: Shardul Shroff
Managing Partner Delhi:Pallavi Shroff
Contact details
Tel: +91 11 4159 0700, 4060 6060
New Delhi | Mumbai | Gurugram | Chennai | Bengaluru | Ahmedabad | Kolkata