RBI Recognises E-Aadhaar as an Officially Valid Document under Money Laundering Rules

E-KYC Service is a Valid Process for KYC Verification under PML Rules

[RBI Circular No. 09 dated 21st July 2014]

Sub: Know Your Customer (KYC) Norms/Anti-Money Laundering (AML) Standards/ Combating of Financing of Terrorism (CFT)/ Obligation of Authorised Persons under Prevention of Money Laundering Act (PMLA), 2002 – Money Changing Activities – Recognising E-Aadhaar as an ‘Officially Valid Document’ under PML Rules

Attention of Authorised Persons is invited to F-Part-II of our A.P. (DIR Series) Circular No.17 [A.P. (FL/RL Series) Circular No.04] dated November 27, 2009 on the captioned subject, as amended from time to time. F-Part-II of the above mentioned circular lists officially valid documents for customer identification.

2.  Authorised Persons are advised that, physical Aadhaar card/ letter issued by the Unique Identification Authority of India (UIDAI) containing details of name, address and Aadhaar number may be accepted as an ‘Officially Valid Document’. If the address provided by the customer is same as that on the Aadhaar letter, it may be accepted as a proof of both identity and address.

3.  In order to reduce the risk of identity fraud, document forgery and have paperless KYC verification, UIDAI has launched its e-KYC service. Accordingly, it has been decided to accept e-KYC service as a valid process for KYC verification under Prevention of Money Laundering (Maintenance of Records) Rules, 2005. Further, the information containing demographic details and photographs made available from UIDAI as a result of e-KYC process (“which is in an electronic form and accessible so as to be usable for a subsequent reference”) may be treated as an ‘Officially Valid Document’ under PML Rules. In this connection, it is advised that while using e-KYC service of UIDAI, the individual user has to authorize the UIDAI, by explicit consent, to release her or his identity/address through biometric authentication to the Authorised Persons. The UIDAI then transfers the data of the individual comprising name, age, gender, and photograph of the individual, electronically, to the Authorised Person, which may be accepted as a valid process for KYC verification. The broad operational instructions to Authorised Persons on Aadhaar e-KYC service are enclosed as Annex.

4.  Authorised Persons are advised to have proper infrastructure (as specified in Annex) in place to enable biometric authentication for e-KYC.

5.  Further, it is clarified that, Authorised Persons may accept e-Aadhaar downloaded from UIDAI website as an officially valid document subject to the following:

a)  If the prospective customer knows only his/her Aadhaar number, the Authorised Person may print the prospective customer’s e-Aadhaar letter directly from the UIDAI portal; or adopt e-KYC procedure as mentioned in the para 3 above.

b)  If the prospective customer carries a copy of the e-Aadhaar downloaded elsewhere, the Authorised Person may print the prospective customer’s e-Aadhaar letter directly from the UIDAI portal; or adopt e-KYC procedure as mentioned in the para 3 above; or confirm identity and address of the resident through simple authentication service of UIDAI.

6.  The directions contained in this Circular have been issued under Section 10(4) and Section 11(1) of the Foreign Exchange Management Act, 1999 (42 of 1999) and also under the, Prevention of Money Laundering Act, (PMLA), 2002, as amended from time to time and are without prejudice to permission /approvals, if any, required under any other law.

Annex

Operational Procedure to be followed for e-KYC exercise

The e-KYC service of the UIDAI is be leveraged by Authorised Persons through a secured network. Any Authorised Person willing to use the UIDAI e-KYC service is required to sign an agreement with the UIDAI. The process flow to be followed is as follows:

1.  Sign KYC User Agency (KUA) agreement with UIDAI to enable the Authorised Person to specifically access e-KYC service.

2.  Authorised Persons to deploy hardware and software for deployment of e-KYC service across various delivery channels. These should be Standardisation Testing and Quality Certification (STQC) Institute, Department of Electronics & Information Technology, Government of India certified biometric scanners at Customer Service Points (CSPs) as per UIDAI standards. The list of certified biometric scanners is available on the following website: http://www.stqc.gov.in

3.  Develop a software application to enable use of e-KYC across various CSPs (including franchisee locations) as per UIDAI defined Application Programming Interface (API) protocols. For this purpose Authorised Persons will have to develop their own software under the broad guidelines of UIDAI. Therefore, the software may differ from Authorised Person to Authorised Person.

4.  Define a procedure for obtaining customer authorization to UIDAI for sharing e-KYC data with the Authorised Person. This authorization can be in physical (by way of a written explicit consent authorising UIDAI to share his/her Aadhaar data with the Authorised Person/franchisee for the purpose of money changing) /electronic form as defined by UIDAI from time to time.

5.  Sample process flow would be as follows:

a.  Customer walks into CSP of an Authorised Person with his/her 12-digit Aadhaar number and explicit consent and requests to avail of money changing facility with Aadhaar based e-KYC.

b.  Representative of the Authorised Person manning the CSP enters the number into the e-KYC application software of the Authorised Person.

c.   The customer inputs his/her biometrics via a UIDAI compliant biometric reader (e.g. fingerprints on a biometric reader).

d.  The software application captures the Aadhaar number along with biometric data, encrypts this data and sends it to UIDAI’s Central Identities Data Repository (CIDR).

e.  The Aadhaar KYC service authenticates customer data. If the Aadhar number does not match with the biometrics, UIDAI server responds with an error with various reason codes depending on type of error (as defined by UIDAI).

f.   If the Aadhaar number matches with the biometrics, UIDAI responds with digitally signed and encrypted demographic information [Name, year/date of birth, Gender, Address, Phone and email (if available)] and photograph. This information is captured by e-KYC application of Authorised Person and processed as needed.

g.  Servers of Authorised Person auto populate the demographic data and photograph in relevant fields. It also records the full audit trail of e-KYC viz. source of information, digital signatures, reference number, original request generation number, machine ID for device used to generate the request, date and time stamp with full trail of message routing, UIDAI encryption date and time stamp, Authorised Person’s decryption date and time stamp, etc.

h.  The photograph and demographics of the customer can be seen on the screen of computer at CSPs for reference.

i.   The customer can avail of money changing facility subject to satisfying other necessary requirements.