Video KYC — The Banking future is here!

At a macro level, India seems to be going through an “identity crisis”. Not in terms of whether she is a potential superpower or a grappling economy, but instead which papers and bills identify its constituents as Indian citizens.

Zooming in to the fintech ecosystem of the country, constantly identifying individuals through Know Your Customer (KYC) processes is imperative, but the latest developments in the sector are far from bleak. The past few years have seen rapid developments in ideas and technologies, with the regulatory space dishing out amendments to keep up.

With concepts like Artificial Intelligence (AI), face-matching, and Computer Vision now a practical reality instead of something fresh out of a sci-fi movie, the processes of authenticating customers have taken a step away from the physically daunting and expensive task of onboarding. Along the same tangent, the regulatory body RBI is also tasked with updating their KYC compliance norms. The fintech space is fast changing, and sometimes companies developing futuristic tech have solutions relegated to waiting in the wings until official norms give them the green light. This may require sitting back with a tub of popcorn for a few years.

The build up here is to introduce an esrtwhile non-compliant, yet simple, secure, and scalable method to establish the identity of an individual: Video KYC (VCIP).

Reaching Compliance: The past

  • In an earlier phase of “identity crisis”, the question was whether the unique identification card “Aadhaar” had constitutional validity itself. On 26 September 2018, the Supreme Court affirmed its constitutional validity but scrapped Section 57 of the Aadhaar Act that allowed private companies to use Aadhaar authentication and eKYC.

With the 1,448-page judgment up for interpretation, a cloud of ambiguity loomed over India’s booming fintech industry; when was Aadhaar authentication to be stopped, and would the private space have to sacrifice the paperless, cashless and presence-less verification method it had adopted? Potential customers were seen on the opposite side of the regulations door as the industry suffered hiccups to onboard new customers after the judgement.

  • About six months later, on June 26, 2019, an expert committee on Micro, Small and Medium Enterprises (MSMEs), headed by UK Sinha, former chairman of the Securities and Exchange Board of India (SEBI) proposed the need for online video KYC. The panel recognized the drawbacks of physical presence and the sheer data handling required for even eKYC. Video-KYC was seen as a simple seamless process that could be done through a video chat where the customer can display documents. At that time the committee recommended it could be done through apps like Google Duo or Apple FaceTime.

Experts pointed out that considering these applications were of foreign origin, the RBI was unlikely to allow them. Under the Data Protection Bill, and the debate around data localization, the central bank was unwilling to let companies store customer data in foreign locations.

  • In the latest installment of updates, the RBI approved Aadhaar-based video authentication as an alternative to e-KYC on January 9, 2020. The amendment to the KYC norms allow banks and other lending institutions regulated by it to adopt a Video based Customer Identification Process (V-CIP) as a consent based alternate method of identity verification for customer onboarding.

Explaining Compliance: The present

Making sense of the latest amendments to regulations is not easy. We at Signzy have distilled it down to a 20-point cheat sheet to make sure it is. The changes due to the introduction of V-CIP are:

  1. Informed consent to be obtained from individual customer before the live V-CIP process
  2. RE (Regulated Entities) official to record video of the customer present for identification
  3. RE official is to capture a photograph of the customer during the session
  4. RE official to obtain identification information. This can be done through two methods depending on the entity type:
    Banks: OTP based Aadhaar eKYC authentication
    Non-bank RE: only Offline Verification of Aadhaar
  5. RE official to capture a clear image of PAN card which is to be displayed during the process
  6. Live location is to be recorded during the session
  7. RE official to ensure customer’s photograph matches them
  8. RE official to ensure provided identification details match the details on the Aadhaar/PAN
  9. Randomization of questions to ensure there is no pre-recording. This means that the sequence and/or type of questions during video interactions should be varied in order to establish that the interactions are in real-time
  10. The Aadhaar XML or Secure QR provided for offline verification should not be more than 3 days old
  11. Accounts opened through the V-CIP process will only be operational after a concurrent audit
  12. RE official to carry out a liveliness check
  13. The audiovisual interaction should be triggered from the domain of the RE itself
  14. An activity log along with the credentials of the official carrying out the process should be preserved
  15. Video to have a timestamp and be safely stored
  16. The amendment encourages the use of AI and face-matching technology
  17. RE official to redact/blackout Aadhaar number as per standard guidelines
  18. The interaction is to be necessarily done by a bank official and not an agent
  19. The process is to be operated only by specifically trained officials
  20. RE to ensure security, robustness and end to end encryption of the V-CIP application

This is a monumental step towards digitizing the authentication process for banks, lending startups and non-banking financial institutions.

Signzy: The future

Signzy’s video technology came into existence before the license to use it did. In 2016, bankers told us our tech was too futuristic and not practical, but now the future is here! Keeping up to its promise of delivering future ready digital onboarding solutions, Signzy is ready with a plug and play end-to-end digital Video KYC solution with V-CIP features.

Our systems are designed for banking grade technology which means they meet the strictest infosec regulations and data security requirements. Signzy’s video KYC is being used to onboard thousands of customers every month by SEBI regulated institutions. This solution has matured over dialects, browsers and low-internet scenarios. And also has one of the best facial recognition technology at the background (Can read more here)With RBI’s progressive move to bring Video KYC (Video Customer Identification Process) 2020, we look forward to onboarding RBI regulated institutes on our battle-tested solution!

If you would like to know more then look at the Video KYC section on our website

www.signzy.com

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Ankit Ratan, CEO-Signzy

 

Know all about RBI’s New PPI Guidelines

Know all about RBI’s New PPI Guidelines

The RBI has recently released a revised set of directions in the PPI regulator framework. In its 20-point notification, RBI has asked all the PPIs (Prepaid Payment Instruments) to improve how they operate. With the latest regulations, in effect already, RBI will treat PPIs more or less like banks subjecting them to full compliance in the provisions like Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT), and more.

In this article, we’ll look at the most significant changes that the RBI has introduced to the PPI framework.

But before that, we’ll see how the world has fought money laundering with a powerful tool called “KYC” because the biggest change that the updated RBI regulations bring to the PPI players is a mandatory full KYC.

Fighting money laundering with KYC

The UN General Assembly declaration in 1990 (precursor to the PMLA) — which was the first constructive global step against money laundering — focused on prevention of financing to illicit drug trade. Today the objective of the legislation is to stop money earned through illegal means from coming into traditional financial system and getting converted into legitimate money. Also, the same being used to fund such illegal activities including terrorism.

In pursuance of this noble objective, regulators have defined a KYC regime for financial institutions to follow. The Financial Action Task Force (FATF) is an intergovernmental body which recommends to countries regulatory regime for prevention of money laundering. Very recently FATF has defined a more risk based approach to counter money laundering.

One of the most important functions of financial regulators is to manage the risk within the financial system. This function manifests into a massive regulatory regime of KYC, which quite literally means know your customer and in essence know if he is a fraud, a money launderer or a terrorist.

Adopting KYCs as an AML measure in India

With a view to curb money laundering, terrorist financing, and fraudulent activities, RBI introduced KYC norms for banking institutions in 2002. These norms directed banking authorities to carry out tests and audits and freeze any accounts with suspicious activities (transactions).

RBI has always stressed on strict compliance of these guidelines and several big banks like Bank of Maharashtra, Dena Bank and the Oriental Bank of Commerce faced heavy penalties (1.5 crore each) for violation and non-compliance of certain KYC regulations and Anti Money Laundering (AML) norms.

Until now, October 2017, the RBI’s KYC guidelines were only applicable to banks. However, the latest regulation brings PPI players into its ambit.

A quick note about PPIs

In 2009, RBI paved the way for a new payment instrument which would not require the two factor authentication for small payments and will help in easier acceptance of payments by merchants. These pre-paid instrument (“PPI”) could be recharged with money and then used upto the recharged amount.

The initial PPI had allowed PPI to be issued for upto Rs. 1000 by accepting any customer identity document and upto Rs. 5000 by accepting an Officially Valid Document (OVD). This went through a transformation and in 2014 was relaxed by allowing PPI upto Rs. 10,000/- (total usage in a month) by accepting “minimum details of the customer”. Which transformed the PPI industry into what it is today and led to opening of wallets through mobiles and emails. Somehow though this was a boon for the industry, it did not go down well with the regulator.

In October 2016, an RBI senior official Nanda Dave stated that PPIs have been very lax in following KYC norms: “The customer is being identified by his or her mobile number, period. And such wallets have been used for routing money which has been fraudulently taken from bank accounts,” said Dave. “When we have no details of customers with us, it is very difficult to even trace where that money has gone,” she said.

The framework for regulation, authorisation, and supervision of the PPIs are governed by RBI’s “Issuance and Operation of PPIs”. These were issued in April 2009 and thereafter amended from time to time.

Since regulations on PPIs have been very light with low entry barriers, it was necessary for RBI to impose stiff and stringent norms on them.

To address the same, RBI released a Draft Circular called the “Master Directions on Issuance and Operation of Pre-paid Payment Instruments (PPIs) in India” in March last year. The circular was issued following the growing usage of PPIs for buying goods/services and for transferring money. In the circular, RBI recognized requests from stakeholders for relaxations in certain areas and also considered aspects that would strengthen the security and safety norms, mitigate risk, and protect customers using PPIs.

RBI took inputs from the different stakeholders on the provisions of the circular, following which, in a major step forward in this direction, RBI passed fresh rules for all prepaid payment licence and wallet companies. These include improved standards for safety, security, and flexibility of online transactions, interoperability of PPIs (and banks), full KYC, and more.

Let’s now take a look at a brief summary of these regulations.

The Updated Regulation Summary

  • Mandatory full KYC: As per the new directions, PPIs have to become full KYC compliant within 12 months. “The amount loaded in such PPIs during any month shall not exceed Rs 10,000 and the total amount loaded during the financial year shall not exceed Rs 100,000,” RBI said. If the compliance is not made further credit will be disallowed.
  • Interoperability: Interoperability can be enabled in only Full KYC (banking and non-banking) PPIs. This time-consuming process will be applied in phases with the first phase (spanning across the first 6 months) bringing interoperability between wallets, and the subsequent phases working on the interoperability between wallets and bank accounts, followed by the enabling of interoperability in PPI cards.
  • New capital requirements of Rs 15 crore for non-banks: For non-banking PPIs, new capital requirement is of Rs 15 crore (5 crore at the time of application and 15 crores within the next 3 financial years).
  • Cross border inward and outward remittances: Fully KYC complaint Wallets will now be able to undertake cross-border inward remittances. However, transaction limit can’t exceed Rs 5000 per cross-border transaction and the maximum wallet limit shouldn’t exceed Rs 50,000.
  • PPI issuers need to maintain records of transactions: PPI Issuers to maintain a record of all the transactions undertaken using the PPIs issued by them. They should also file Suspicious Transaction Report (STR) to Financial Intelligence Unit — India (FIU-IND).

Along with the new guidelines, RBI has also released a new Security Framework for PPI Issuers to prevent fraudulent activities and ensure user security.

The Newly Introduced Security Framework for PPI Issuers

  • Separate login for the PPI account: PPI issuers should maintain a separate login for PPI accounts and it should not be used to access any other services offered by the PPI Issuer or its associate/parent/group company etc.
  • Timeout features: PPI issuers should prevent invalid sign-in attempts and add inactivity timeout features.
  • Capping: PPI issuers should implement customer-enforced transaction caps on their users’ wallet transactions. The users should however be allowed to increase/exceed the caps with additional authentication and validation.
  • Cooling period for funds transfer: While opening an account/ loading funds/ adding a beneficiary, PPI issuers should place a cooling period for transfer of funds to prevent the fraudulent use of PPIs.
  • Other mechanisms: Issuers should place internal and external escalation mechanisms to prevent suspicious operations, loading and reloading of funds into the PPI and also alert the customer in case of such transactions.
  • Reporting frauds: PPI issuers should report frauds on a monthly/quarterly basis to the concerned Regional Office as per the directions. They should also monitor, handle, and follow-up on cyber security incidents and breaches immediately with the concerned authorities.

These updated regulations have raised a number of challenges for the wallet companies. Here’s a quick look into the most challenging aspects of the new norms.

The Key Challenges Wallet Companies Face Because of the New Norms

1. Full KYC compliance within 60 days

Complete KYC compliance will increase acquisition costs for wallet companies as it introduces tons of documentations and the paperwork. Cost of KYC per customer is estimated at nearly 150–200 Rs per customer by the industry.

2. Mobile wallet companies are required to have a minimum net worth of Rs 5 crore, hence will need fresh funding.

As per earlier guidelines, a minimum net worth of Rs 2 crore was required for mobile wallets. This net worth is now raised to Rs 5 crore at the time of application and Rs 15 Cr within 3 financial years after getting the authorization. This means, smaller wallet companies will need fundings to comply with the directions of RBI.

3. A one-year validity of the wallets. Also, auto-closing of wallets with zero balance.

Users’ wallets will be closed automatically if they continue to have zero balance for a year. A notice, however, will be issued to all such users before closure of their wallets.

“There are a large number of inactive wallets with no money in them,” said Gupta. “By enforcing this rule, RBI is all set to weed out those numbers and bring out actual figures around how many wallets are there in the system.

4. Implementing interoperability.

At present interoperability is limited to only UPI-based banks. However, with the new requirement of interoperability, PPIs will have to deal with a lot of technical and operational requirements of safety, security, and risk mitigation. The implementation is very complicated.

How the industry is gearing up to comply with the new PPI Guidelines

From the reactions that are coming in from the different payment players, it’s clear that they’ve already begun working on their KYC.

Bhavik Vasa, chief growth officer, EbixCash says:

“ Interoperability with KYC is a great leveller and catalyst towards Collaborative Innovation for the ecosystem. We commend the RBI for its proactive stride and look forward to ongoing progressive regulations also for micro-payments use-cases with minimum or risk-based compliances. Especially if we need to transition to less-cash the digital alternatives need to be as seamless, frictionless and at par with other sectors like gold purchases which are completely anonymous up to Rs. 2 Lacs. Additionally the Finance Ministry and RBI have commissioned noteworthy committees like the Watal Committee on Digital Payments and Ramadorai Panel on Household Finance with apt findings and recommendations that as they get incorporated into regulations would fast forward in achieving the India FinTech potential.”

MobiKwik, another popular digital payments company, is also planning to increase its agent strength for the same and also trying for Aadhaar-based KYC through a one-time password.

We have set a target of achieving 20 million full KYC wallets within the next one year and we are expecting an expenditure of around Rs 50 per customer,“ said Bipin Preet Singh, founder of MobiKwik wallet. “Though we have 65 million users, KYC formalities cannot be done with all of them.”

Oxigen Services, will give incentives to it’s retailers to look after the KYC process of the customers.

The long-term approach payment wallets must take (as RBI expects bank-level preparedness from them when dealing with money laundering)

Know all about RBI’s New PPI Guidelines

Bringing at Par with Banks

The updated KYC norms for PPIs have made their KYC regime at par with banks. Therefore, there needs to be greater focus on compliance and audit. This move by RBI also indicates that wallet companies will now face KYC and AML audits like banks and may have to face heavy fines and penalties in case of non-compliance, thus necessitating more investment toward customer KYC.

The current wallet onboarding only includes email and mobile number verification. This will now have to upgrade to systems that can capture KYC documentation and data. Not only that, it will also need to have a risk and compliance check inbuilt for AML/CFT risk of the customer as well as a backend operations team to process these applications. The cost of customer onboarding for wallets will also raise as a result of this full KYC process.

The way forward for wallet providers is to find and use modern KYC solutions that will not only help them overcome this challenge but also ensure that they are able to scale operations without incurring heavy costs. Failing to do so would mean even these wallets will face the same challenges as banks face when scaling their KYC operations.

Investing in security and laundering protocols

In the long run, wallet companies, too, should aim for the same degree of security that banks offer. This includes:

Performing due diligence. Due diligence should be performed on the initiator and recipient who make/receive payments to ensure compliance of transactions with the anti-money laundering (AML) and counter-terrorism financing checks. Frequent screening that identifies accounts with unauthorised and unusual transactions should also be conducted and such accounts should be freezed.

Implementing transaction monitoring. To view transaction patterns of the customer base, machine learning models should be used. With the help of such AI, shady transactions can be detected. Moreover, transaction monitoring should be combined with AML and KYC screening to alert against suspicious financial activities of the customers. Transaction profiles should be maintained with all the account details of the customers such as cash deposits, withdrawals, transfers and payments.

User and data security- Multiple authentication factors such as passwords, OTPs, and biometric should be used to protect the users against security breaches. A mix of authentication factors goes a long way in providing an extra layer of security that helps prevent fraud instances. Read our in-depth article on how financial institutions can design safe authentication processes using the different authentication factors.

How the end-user can use wallet apps responsibly

Wallet apps have become a mainstream payment method as they offer convenience and value (by offering several coupons, membership cards, event passes, loyalty points, cashback and more) Customers can indeed save a lot of time and resources by using these wallet apps. However, instead of signing up for 10s of e-wallets with nil balances in each, users must use just one or two that support maximum apps/payments and keep them active. Also, the money transfer feature these wallets offer must also be used responsibly.

Wrapping it up…

Thanks to the growing government initiatives to push toward a cashless economy and the acceptance from the masses, the PPI space has grown exponentially in India. So there’s no doubt we need better regulation over PPIs. This update in the regulation — however strict it may seem — is needed, because even PPIs wouldn’t want their users to engage in money laundering or terror funding activities.

By bringing the PPI market tightly under the ambit of the more serious financial regulations, RBI has taken a big step toward a safer, cashless economy. So while the updated PPI norms do challenge several smaller companies in the short term, they will pave way for a safer, more user-friendly wallet experience eventually. Also, the security framework laid out by RBI is a big step toward ensuring the security of crores of Indians who are now actively opening up to the possibilities of a cashless economy.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 14 15 16