KYC or Know your customer, simply put is the process of identifying a customer with a goal of detecting and avoiding fraud in financial transactions, as such it is legally binding to financial institutions including banks and NBFC’s.
Over the years KYC has extended from banking and financial institutions to organisations of varied industries including tech, Outsourcing, Insurance among others. It has gone from confirming a customer’s identity to verifying the identity of the employees, contractors, distributors and anyone else who works in your organisations.
KYC is heavily dependant on identity documents especially the ones provided by the central or state governments these include PAN, Aadhaar cards, Driver’s licence and Passport among others. Identity documents are quite old and have been used extensively after the first world war, though identity as a part of KYC due diligence is a recent development.
In India for example RBI introduced KYC guidelines in 2002 and mandated it in 2004 for all banking institutions.
Why is it required?
Know your customer, alternatively known as know your client or simply KYC, is the process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the business relationship.– Wiki
KYC is a part of the CDD (Customer Due Diligence) and EDD(Enhanced Due Diligence) measures required by most financial institutions and relevant service providers to incorporate in their internal risk management mechanism for regulatory compliance requirements.
As to why is it required, the predominant reasons remains to be prevention of fraud, money laundering and terrorist funding. The idea being knowing who the banks deal with would allow government and the banks themselves to keep track of potential fraudulent transactions and might eventually lead to prevention of use of bank resources for such activities.
Who is covered under Indian KYC Laws?
Though most organisations or registered entities follow KYC in one form or another(private non-banking companies ask for identity documents), not all of them are required by law to do so.
Organisations that fall in the category are listed below,
- Banks and merchant banks
- Insurance companies
- Housing and non-banking finance companies
- Payment system operators
- Authorized money changers and remitters
- Chit fund companies
- Charitable trusts that include temples, churches and non-profit organizations
- Stock brokers
- Share transfer agents
- Trustees, underwriters, portfolio managers and custodians
- Investment advisors
- Depositories and depository participants
- Foreign institutional investors
- Credit rating agencies
- Venture capital funds
- Collective schemes including mutual funds
- The Post office
For the rest of us, though not necessary it makes sense to know who we work with.
How to KYC?
KYC verification process consists of 3 parts
- Document Verification – Verify the authenticity of the document provided
- Identity Verification – Verify the identity
- Address Verification – Verify the address provided in the document
Each of these can be either executed separately or together. One of the best options in India would be to use Aadhaar by UIDAI to verify all three, backed by biometric data each Aadhaar is unique and can act both as an identity and address proof.
Though government and government organisations can us Aadhaar API’s to verify KYC. Private sector has to rely on “Offline Aadhaar” based verification, wherein a UIDAI delivered Aadhaar XML packet contains the demographic information of the customer required for a KYC verification, albeit an exclusive consent needs to be taken before you can use this data from the customer.
Another way would be to automate this by using services like Yoti or AadhaarBridge to drive automated KYC with Aadhaar XML or any other document that your customer might have.