- News>
- Personal Finance
RBI amends KYC norms to further leverage video-based customer identification process
The RBI said regulated entities may undertake V-CIP to carry out Customer Due Diligence (CDD) in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorised signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.
Mumbai: The Reserve Bank on Monday amended its master direction on know your customer to further leverage the video-based customer identification process (V-CIP) and simplify the process of periodic updation of KYC.
V-CIP is an alternate method of customer identification with facial recognition and customer due diligence by an authorised official of the regulated entity by undertaking seamless, secure, live, informed-consent based audio-visual interaction with the customer to obtain identification information.
The RBI said regulated entities may undertake V-CIP to carry out Customer Due Diligence (CDD) in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorised signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.
Among others, RBI regulated entities (REs), include banks, NBFCs, and payment system operators.
REs may also undertake V-CIP for conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC authentication, and updation or periodic updation of KYC for eligible customers.
The central bank has also specified certain minimum standards which regulated entities will have to follow while opting to undertake V-CIP.
As per the amended provisions, an RE should have complied with the RBI guidelines on minimum baseline cyber security and resilience framework for banks.
"The technology infrastructure should be housed in own premises of the RE and the V-CIP connection and interaction shall necessarily originate from its own secured network domain. Any technology related outsourcing for the process should be compliant with relevant RBI guidelines," it said.
Also, the RE should ensure end-to-end encryption of data between customer device and the hosting point of the V-CIP application, as per appropriate encryption standards. The customer consent has to be recorded in an auditable and alteration proof manner.
It further said each RE should formulate a clear work flow and standard operating procedure for V-CIP and ensure adherence to it. The V-CIP process should be operated only by officials of the RE specially trained for this purpose.
The authorised official should record audio-video as well as capture photograph of the customer present for identification. The official can obtain the identification information using OTP based Aadhaar e-KYC authentication, offline verification of Aadhaar for identification, KYC records downloaded from CKYCR or equivalent e-document of Officially Valid Documents (OVDs) including documents issued through DigiLocker.
Further, the RE will have ensure to redact or blackout the Aadhaar number.