Licensing NBFCs & PSOs to Authenticate Aadhaar

Payment System Operators (PSOs) and NBFCs can apply for authentication licenses to become KYC User Agency (KUA). These entities may also apply for a Sub KUA license to perform the authentication process through a KUA. The Reserve Bank of India, on Monday, September 13, 2021, invited Non-Banking Finance Companies (NBFCs), Payment System Participants, and Payment System Providers to apply for Aadhaar e-KYC Authentication License.

Presently, banks are the only institutions allowed to do customer identification and verification. It is through one –time password (OTP) based on the Aadhaar card. The OPT is received through a mobile device.

The Prevention of Money Laundering Act, 2002, provides that the Central Government may permit through a notice to a non-banking entity to perform Aadhaar authentication using the e-KYC authentication facility. However, the entity in question should comply with standards of security and privacy as prescribed in the Aadhaar Act, 2016.  

In addition, consultation with the appropriate regulator and UIDAI should happen before the issuance of the notice of permit. The credentials of the reporting entity should satisfy the regulator and UIDAI.

According to the Circular issued on May 9, 2019, the process of application by Non-Banking Finance Companies, Payment system Participants, or Payment System Providers starts by applying through the respective regulator. The regulator determines the format of applications. 

The regulator reviews the submitted applications and can reject them if unsatisfied. If satisfied, regulators forward applications to UIDAI for further scrutiny. UIDAI finally sends a recommendation to the Department of Revenue, Ministry of Finance for notification. UIDAI may issue some conditions when submitting its recommendations. If satisfied, the Central Government issues the notification. UIDAI will then authorize the applicant to do authentication upon payment of required fees and adherence to terms outlined in the Aadhaar Act.

These are the possible implications of permitting Non-Banking Finance Corporations and Payment System Participants to obtain e-KYC authentication license:

Simplify the process of onboarding customers. Instead of relying on the cumbersome process of verifying physical KYC documents, e-KYC authentication will make the process smooth through digitization.

In addition, NBFCs, Payment System Participants, and Payment System Providers will save on the cost per transaction by eliminating manual paperwork and adopting Aadhaar e-KYC verification. It is because customer information is already pre-captured.

Save on the cost of operation. Through digitization, NBFCs and PSOs will realize savings through a reduced staff. A digitized process requires less staff than a manual one. In addition, the entities seeking e-KYC authentication would eliminate travel expenses to verify the physical address of clients since this information is in the Aadhaar card. 

NBFCs and PSOs will experience a faster authentication process. As a result, they will serve a large population in a short period rather than the slower manual processing of KYC documents.

E-KYC authentication will help NBFCs, and Payment Operators reach more micro, small and medium enterprise (MSME) borrowers. Turnaround time for loan processing will reduce. Ultimately, a broader population will have easier and faster access to credit, resulting in a positive impact on GDP and the general growth of the economy.

Improve trust and confidence levels. Customers will have more trust and confidence to engage with NBFCs and PSOs that are licensed. Approved entities will have met the cut after undergoing the rigorous application and vetting process. More trust would translate to more business for non-banking entities as they strive to offer accessible and affordable financial services. 

KUA or Sub-KUA licensing would help curb incidences of fraud that would pass through a manual validation process by NBFCs and PSOs. E-KYC is robust and foolproof. It would safeguard NBFCs reputation and prevent loss of resources through impersonation and other fraudulent activities, making it a safe platform for customers.

Improve compliance. NBFCs offering financial services have been relying on third parties to onboard customers. Once they acquire a KUA license, they can directly authenticate clients and be more compliant.

It is a novel program. The need for a ready and central data repository is unprecedented. Invitation to Non-Banking Finance Companies to come on board is a testament that the demand is high. There is no need to reinvent the wheel. Licensed entities will leverage the online database and verify the identity of customers. It will enable better and convenient service delivery by entities that tap into this system.

On the other hand, possible misuse of customer data is one of the biggest challenges this authorization will create when more entitles could access customer data. Regulations to address the same are in place, but enforcement to ensure compliance will be necessary. 

For example, in 2018, the Supreme Court of India had banned Private Entities to use Aadhaar numbers for verifying customers. It was due to complaints following allegations of commercial exploitation. The cabinet, through an ordinance later, allowed private companies to authenticate via Aadhaar. However, the customer will voluntarily choose to avail their Aadhaar information with these private entities such as banks and telecom operators.

Supreme Court has in the past recognized privacy as a fundamental human right. This ruling delivered on August 24, 2017, should be a constant reminder to those who have access to people’s data to protect it by all means. Privacy recognizes each person’s autonomy and the right to make personal choices. 

Hackers can find a way of interfering with servers and access Aadhaar data for malicious use. Technology is good, and with it comes challenges. However, Aadhaar data is secure and in the Central Identities Data Repository of UIDAI and has not been breached. NBFCs and PSOs will have to ensure their systems are foolproof so that they can protect customers’ data and deter any possible system hacking.

Besides, service providers with the authority to access the Aadhaar system are required to use data only for the intended purpose. This helps in data protection. By granting more entities access to the Aadhaar system, all Aadhaar number holders hope that effective data protection measures will hold.


The notification inviting other players besides government and banking institutions to apply for e-KYC authentication to address the growing demand of social and financial inclusion by various players is a step in the right direction. It will be interesting to see how entities that pass approval will revolutionize their operations. Customers will also reap greatly.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit for more information about us.

You can reach out to our team at

Written By:

Rahul Raj