With the recent amendment in the Prevention of Money Laundering Act, 2002 (PMLA), the Ministry of Finance now allows different ways to capture client’s details electronically; Digital KYC. We have tried to explain the amendment in our post here.
In this article, we try to simplify it further to include what we (read legal team) thinks you should consider before you move your system towards a Video-based KYC process.
To begin with, we need to understand
What is KYC?
KYC (know your customer), is the process where businesses identify and verify various clients and also assess potential risks of illegal transactions during the business relationship. This is done to detect and avoid fraud in financial transactions quickly and has a legal bound on financial institutions, including Banks and Non-Banking Financial Companies (NBFC).
KYC as of now can be done in 2 ways i.e. using traditional methods where an agent visits your customer’s place to collect documents and verify their identity. The second way is to use Digital methods combined with the latest in identity to technology to do the same. This method is called Digital KYC.
You can also read about KYC in our posts here
Traditionally, Digital KYC was the act of capturing a live picture of the customer with valid official documents like the Aadhaar card or other government documents. Some of the regulators like SEBI allowed using a digital signature, photo, and other e-documents to complete the digital KYC process. This also included eKYC and video-based KYC among others.
With the latest changes made in PMLA guidelines, RBI has mandated a Video call requirement between the company and the customer in addition to the Digital KYC above to create what we call V-CIP or video-based customer identification process.
With RBI’s consent now, a RE like you can use the traditional paper-based KYC process or Aadhaar Offline KYC process or eKYC (for banks) and VCIP to identify and KYC their customers.
In this article, we try to list down everything that we think you should know about before you go ahead and choose a VCIP provider.
Use of Modern Technology
Financial institutions like Banks and even Non-Banking Financial Companies (NBFC) use various authentication technologies for KYC, such as Artificial Intelligence, blockchain, face matching tools, and cloud-based API technology. These tools are used to ensure the integrity of the Video KYC and the information provided by clients and also face match between the clients’ ID and the live video. These technologies are futuristic as they extend the use of facial recognition for authentication in carrying out financial transactions. For instance, facial recognition used at ATM terminals and to carry out e-transactions.
Though these haven’t been mandated by RBI, but it suggests using technologies like face match to make sure the VCIP system is not being manipulated. i.e. you can use them but it’s not mandatory.
Data Security
One of the major concerns that popped up time and again during the year was data privacy. RBI took a stand of not using a third-party provider to collect documents from customers. In case of VCIP RBI allows the use of third-party service providers to assist customers during the VCIP process, provided the details of the agent are logged and the data shared by the customer is only verified by the employee of the RE.
Cheaper than traditional business
Performing a video-based KYC comes with ease as it is cost-effective and saves businesses a lot of time. Business owners lead their clients through some steps to perform a video KYC, and immediately the verification is complete, the company representative then confirms the completion of the video KYC. Immediately the verification process is complete, the client will is then informed, and if the client is not comfortable with the digital process, there’s always an option for a physical visit.
Paperless and has Remote Access.
One of the most apparent and outstanding features of the digital KYC is that it is paperless, which further reduces stress and is highly cost-effective. Not only it allows for the digital images of the physical document that can be used for KYC but also allows the use of e-documents like ePAN and Offline Aadhaar XML /e-Aadhaar for verification.
Another huge factor that makes the video KYC stand out is the feature of digital KYC is that it is entirely remote. Unlike the usual digital KYC that requires a representative to visit the client’s home or the nearest access point, the video KYC is done from the convenience of the client’s office completely done via a video call, which is recorded along with the images of the document, photo of the customer and details of the agent plus time and date of the call. Allowing REs and banks service locations that might not have been accessible to them previously.
Done In Real-Time and Not Pre-Recorded
If you have had the time to look at some of the previous Video KYC solutions (like the one we had too) you would see it followed a pre-recorded AI-enabled and analyzed methodology. In the new VCIP process, though you can use these solutions to collect documents, the actual KYC has to happen live between an official of RE and the customer in question. You would also ensure that the process is seamless, secure, and have end-to-end encryption.
Training of Officials
The organization ensures that the videos are stored safely and securely and also bears the date and time stamp. Officials go through specialized training for this purpose. The activities carried out, and the credentials of the officials handling the video process are preserved for future records.
Essentially you would need dedicated agents that are trained in the process of VCIP before they are asked to verify KYC.
Geo-tagging and REs domain
Another thing to notice is that VCIP process is only for customers in India and the VCIP system needs to ensure that the client is present in India and not outside of it. It is done through geo-tagging; geo-tagging helps in locating the exact place the video is taken and also the current time.
Additionally, The audiovisual interaction is triggered by the entity’s domain, and not a third-party service provider. This means Google Duo and Face time can’t be used.
Other points that are worth noting:
- The client and the organization’s representative have to be present simultaneously
- The client must have consented to it before the commencement of the KYC process
- The Aadhaar number should be concealed or masked
- A clear PAN card image and verified PAN credentials from the government database would be needed
- Aadhaar offline verification should not be more than three days old
That’s about it folks. Until next time!