The Journey from Kyc to Aadhaar Based E-Kyc Service: the Much Needed Change Impetus For Financial Inclusion

In the last few years, there has been a series of disclosures around the world about how banks are compromising on customer identification procedures and are involving in money laundering and other objectionable activities. From the US to India and the shadow banking around the world including China, regulators have realized that unless they check the shady practices of banking, there would be chaos and disorder. A risky and compliance environment has become increasingly significant in financial institutions, and a bank's customer is a vital component of this progressively monitored and regulated environment. Financial institutions have been invariably working to identify and prevent the customers who are committing financial crimes and non-compliant activities and are using the financial institution to meet their illegal motives. Regulators around the world have been clamping down on banks to fool proof their procedures. An important step in this direction has been the directive to the banks to follow the KYC or Know Your Customer norms and procedures through which the customers and their details can be found out and recorded so that in the case of any wrongdoing, the regulators and the law enforcers would have the money trail leading to the individuals or entities. Know your customer (KYC) norms, introduced in 2002, mandated by regulators globally have become increasingly important to prevent identity theft, financial fraud, money laundering and terrorist financing. Institutions have been looking to their KYC controls to not only meet Although the efforts directed towards strengthening KYC norms has helped in preventing money laundering and reducing fraud, they are proving restrictive because of the hassles of documentation. As a result, the growth in investor numbers in various instruments is either declining or stagnating. The KYC requirement sometimes leads to futile and repetitive work, delaying operations. Consumers complain about the paperwork involved. Investors complain of being asked to furnish details repeatedly or face a freeze on their accounts. There is an urgent need to simplify KYC requirements. Uniformity in requirements for KYC recommended by all authorities would help making the filing easier. One important document that will make life simpler is - 'Aadhaar', the unique identification number to be provided to each citizen by Unique Identification Authority of India (UIDAI), a government initiative. Aadhaar card is already a valid KYC instrument, still the KYC process takes much longer time and involves documentation. The new offering, Aadhaar based e-KYC service (electronic repository of demographic details and photograph verifiable through biometric authentication) being offered by UIDAI will enable to electronically verify identity and address proof of the residents, which will reduce time required on many things like getting a mobile connection, opening a bank account or a trading account etc. “Not only will this service streamline the process of on-boarding new customers but it will also simplify the process of linking existing customer accounts to their respective Aadhaar numbers in an easy, yet secure manner. The e-KYC service will extend the power and convenience of Aadhaar KYC to paperless transactions. Using the eKYC service, residents can authorise the UIDAI to release their KYC data to a service provider,” says UIDAI Chairperson Nandan Nilekani. This process will eliminate the requirement of lengthy paperwork and facilitate quicker transactions. By making KYC norms simpler, it will make investments simpler. It is especially required if investing is to become more inclusive.

KYC to Banks is not a new concept. Traditionally the accounts were opened only with the introduction of existing clients. In the next phase with KYC, now it is done with a combination of 'Paper work' and introduction, the latter constituting a very small percentage. “KYC (Know Your Customer) is a framework for banks which enables them to know / understand the customers and their financial dealings to be able to serve them better.” It is the due diligence and banking regulation that financial institution and other regulated companies must implement to analyse their clients and ascertain relevant information documentation which sets out a business's approach to ensuring that it can effectively identify, verify and monitor its customers and the financial transactions in which they engage, relative to the risks of money laundering and terrorism financing (Australian Transaction Reports and Analysis Centre, 2008). KYC norms are norms or guidelines that attempt to identify and validate the identity of prospect clients to safeguard the service providers from possible risks. KYC is both a legal as well as a regulatory requirement in India. Accordingly, the formal remittance and finance system, the banking operations are most susceptible to the risks of money laundering and terrorist financing. Therefore, the Indian banking system needs to be vigilant to prevent the banks from being used for money laundering and financing of terrorism. Such vigilance calls for an effective and enforceable system in place for identifying and validating those who enter or wish to enter the banking system for its use. Supervisors around the globe are progressively realizing the importance of ensuring that their banks have adequate controls and procedures in place so that they know the customers with whom they are dealing. (Basel Committee on Banking Supervision, 2001). Without this due diligence, banks can become vulnerable to operational, reputational, legal and compliance risks, which can give rise to significant financial cost. In the USA, KYC is typically a policy implemented to tailor to a customer identification program mandated under the Bank Secrecy Act and USA Patroit Act. The main purpose of KYC norms was to restrict money laundering and terrorist financing when it was introduced in the late 1990s in the United States. The US government turned very stringent after attacks in September, 2001 and all regulations were finalised before 2002 for KYC. Till then, the US has made amendments in its major legislations – Bank Secrecy Act, USA Patriot Act, etc. to make KYC norms really effective for the banking sector. Taking a leaf out of the US book, the KYC norms were first introduced by the Reserve Bank of India in 2002 to combat money laundering and identification of customers in the banking structure. As a legal requirement , The Prevention of Money Laundering Act, 2002 which came into force effectively from 2005 ( after the creation of Financial Intelligence Unit in November , 2004 and formulation of “Rules” under the act) ,calls for a comprehensive know your customer (KYC) norms and standards for every banking company, financial services and non-financial service sectors like casinos etc. As a regulatory requirement, the regulator for AML controls in India for banking, financial services and non-financial sectors has been Reserve Bank of India along with Financial Intelligence Unit (FIU) which works in consonance with different

Your Customer (KYC) procedures mandatory for all new accounts in the second half of 2002 and issued the guidelines under Section 35(A) of the Banking Regulation Act, 1949.For existing accounts, imposing KYC norms was a little tough, so the RBI issued guidelines for the same at the end of 2004. Any contravention of the same will attract penalties under the relevant provisions of the Act. Thus, the bank has to be fully compliant with the provisions of the KYC procedures. Today other regulators too have made KYC mandatory. The Securities and Exchange Board of India (SEBI) has made it compulsory for mutual funds and broking accounts, the Insurance Regulatory Development Authority (IRDA) while buying insurance and the Forwards Markets & Commission (FMC) for commodity trading. We need to submit it even for making post office deposits. KYC in India has been the combined outcome of (i) the guidelines given by RBI taking into consideration the FATF recommendations; (ii) EU AML & Terrorist Financing Legislation ;(iii) Bank Secrecy Act; (iv) Local AML Legislation (Notice 626); (v) USA Patriot Act ;(vi) Sarbanes Oxley Act ; Section 49 in Indian Context (vii) Basel II.

Know Your Customer guidelines traces its origin since the international community's efforts to curb money laundering and influx of illegal proceeds of drug trafficking in the late 1980's in U.S with “Follow the Money Strategy”. In 1970, the U.S government enacted legislation, The Bank Secrecy Act, 1970 that effectively called on U.S bankers to identify their customers and to detect suspicious transactions by maintaining certain records and reports (Mulligan, 1998). Efforts in U.S in 1980's to combat increasing threat of organized crime and restrain use of proceeds of crime (drugs) from entering the financial system (through the practice of money laundering ) resulted in enactment of certain legislative and regulatory steps like Money Laundering Control Act, 1986. Furthermore, with the emergence of Financial Action Task Force (1989) and its 40 recommendations on Anti Money Laundering standards lead the movement further ahead. In 1991, the European Union's directive introduced these anti money laundering standards to the European Sphere. It included inter alia, norms for customer identification. Apart from the legal framework, the banks undertook several initiatives to protect themselves from fraud and from being used as an instrument for criminal motives. examples. This group of internationally orientated large banks developed a number of principles, the Wolfsberg principles (2000) , which serve as a voluntary code of conduct for banks worldwide. These principles aim at harmonising compliance, AML regulations and KYC rules, and motivate banks to exchange information on these subjects. However, after 9/11, anti-money laundering initiatives were raised to a stricter dimension. Before 9/11, governments had attempted to implement client-profiles and 'know your customer' procedures. But this was interrupted by the lobby of banks and privacy lobbyists (Verhage, 2009). Sultzer S (1995) in his paper titles “Money Laundering: The Scope of the Problem and Attempts to Combat it” , discussed the use of non-bank financial institutions , front companies , and payable through accounts as dynamic tools to avoid KYC guidelines and other money laundering regulation. Mulligan D. (1998) discussed the implementation of “Know Your Customer” regulations and its impact on international banking system. He suggested that consideration must be given to a framework that will permit countries to address the KYC issues in ways that their resources will permit; not by having they follow to blanket regulations. Basel Committee on Banking Supervision (2001) provided the benchmark KYC framework for supervisors to build national practices and for banks to design their own programmes. The Basel Committee's approach to KYC was broader than a simple money laundering perspective, targeting on managing banking risks. It emphasised for designing core elements in a KYC compliance program. The committee suggested implementation of KYC guidelines in banks, non-banking financial sector and professional intermediaries like lawyers and accountants. In 2004, the committee in the next report titled “Consolidated KYC risk Management” provided that consolidated KYC risk management should be followed as a centralized process for coordinating and promulgating policies and procedures on a group wide basis. Banks should have robust information sharing between the head office and all branches and subsidiaries. Ruce, P.J. (2011) observed KYC requirements being viewed by private bankers as a “stick” regulatory measure and suggested rather a “Carrot” (regulatory bonus in terms of detailed client data) view for the same. Sreekumar & Sai (2013) noted that regulations relating to Know Your Customer (KYC) procedures satisfy very significant internal and external objectives for banks. Compliance with these requirements serves as an important control in preventing money requirements was discovered as the sole contributor to frauds and other operational risks in banks. Poonam & Arun (2014) attempted to study the use and acceptance of Aadhaar as a KYC document in India. The public perception of Aadhaar as a KYC tool is influenced by a number of factors defining its different dimensions and utilities. They discovered that the risk mitigation attribute and the uniqueness associated with Aadhaar have been found significant dimensions of its acceptance as a KYC tool.They also observed that the integration of technological aspects like ability to capture biometrics as well as the facility of Electronic KYC (E-KYC) has found flavour with the people.

4. OBJECTIVES OF THE STUDY

• To study the KYC mechanism in the Indian context.

• To highlight the importance of a good KYC framework as the very foundation of an effective AML management regime.

• To identify significant issues, problems and challenges in implementing KYC norms.

• To identify the need to re-visit the present KYC norms keeping in view the reckless flouting of know Your Customer/ Anti Money Laundering standards directed by RBI.

• To analyse the reasons behind the introduction of e-KYC by UIDAI.

• To explore the role of e-eKYC as a much needed change catalyst for financial inclusion.

• Know – What you should know?

True identity and beneficial ownership of the accounts, permanent address, registered & administrative address, sources of funds, nature of customers' business etc.

• Your – Who should know? Branch manager, audit officer, monitoring officials, PO.

• Customer – One who maintains an account , establishes business relationship , on whose behalf the account is maintained (beneficial owner ) , beneficiaries of transactions conducted by professional intermediaries such as Stock brokers , Chartered Accountants etc., and one who carries potential risk through one off transaction.

Reserve Bank of India, based on the recommendations of the Financial Action Task Force (FATF) , provisions under the AMLA and the paper issued on Customer Due Diligence (CDD) for banks issued by the Basel Committee on Banking Supervision.

• To restrain the banks from being used, intentionally or unintentionally, by criminal elements for money laundering or financial terrorist activities.

• To enable the banks to know/understand its customers and their financial dealings better, which in turn would help it to manage its risks prudently.

• To lay down explicit criteria for acceptance of customers.

• To develop procedures to verify the bona-fide identification of individuals / non-individuals customers.

• To establish processes and procedures to monitor high value cash transactions and / or transactions of suspicious nature.

• To put in place appropriate controls for detection and reporting of suspicious activities .

• To adhere to applicable laws / laid down procedures and regulatory guidelines.

• To take vital steps to ensure that the relevant staffs are adequately trained in KYC/ AML procedures.

• To manage the risks relating to dealings with customers who are potentially in contravention of KYC and AML norms.

This policy is applicable across all branches / business segments of the Bank / Branches abroad and is to be read in conjunction with related operational guidelines issued from time to time. In case of branches abroad, if there is a divergence between the KYC / AML standards prescribed by the Reserve Bank and the host country regulations, the more stringent regulation of the two shall prevail. The contents of the policy shall always be read in tandem / auto-corrected with the changes / modifications which may be recommended by RBI and/or by (PMLA and its amendments)/ or by any regulators / or by Banks from time to time.

Supervision (BCBS) issued Customer due diligence for banks, subsequently reinforced by a General Guide to account opening and customer identification (CDD) in February 2003. The CDD paper outlines four key elements essential for a sound KYC programme. These elements are: (i) customer acceptance policy; (ii) customer identification; (iii) on-going monitoring of higher risk accounts; and (iv) risk management. These essential elements should be integrated into a bank's risk management and control procedures to ensure that all aspects of KYC risk are identified and can be appropriately mitigated. The principles laid down have been recognized and universally embraced by jurisdictions throughout the world as a yardstick for commercial banks and a good practice guideline for other categories of financial institution. 8.1 Customer Acceptance Policy A bank should develop clear customer acceptance policies and procedures that must ensure that explicit guidelines are in place on the following aspects of customer relationship in the bank. (i) No account should be opened in anonymous/ fictitious/ benami names. (ii) Parameters of risk perception should be clearly specified in terms of the nature of business activity , mode of payments , location of customers and his clients , volume of turnover , social and financial status etc. , to enable classification of customers into low , medium and high risk called Level I , Level II and Level III respectively ; Customers requiring very high level of monitoring e.g , Politically Exposed Persons (PEPs ) may be classified as Level IV.

Individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily determined and transactions in whose account collectively conform to the known profile may be categorized as low risk. In such cases, only the basic requirements of verifying the customer and locating the customer should be met. Examples could be salaried employees whose salary structures are well defined, people belonging to the lower strata of society whose accounts show small balances and low turnover etc.

Customers that are likely to pose a higher than average risk to the bank may be categorized as business/industry or trading activity where the area of his residence or place of business has a scope or history of unlawful trading / business activity. b) Where the client profile of the person/s opening the account according to the bank's perception is uncertain or dubious. Examples could be Non-Bank Financial Institution, sole practitioners or law firms, venture capital companies, Dot-com Company etc.

Banks may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive 'due diligence' for higher risk customers such as non-resident customers, firms with 'sleeping partners', high net worth individuals, companies having close family shareholding or beneficial ownership, customers based in high risk countries / jurisdictions or locations etc., especially those for whom the sources of funds are not clear. (iii) Documentation requirements and other information should be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of PML Act, 2002 and guidelines issued by RBI from time to time. The documentation may be reviewed by Dealing Officer periodically based on emerging business needs. Mandatory details required under KYC norms are proof of identity and proof of address. (iv) Circumstances in which a customer is permitted to act on behalf of another person/entity as there could be occasions when an account is to be operated by a mandate holder or by an intermediary in fiduciary capacity, should be clearly spelt out. (v) Necessary checks before opening a new account should be conducted so as to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc. RBI has been circulating lists of terrorist entities notified by the Government of India so that banks remain vigilant against any transaction detected with such entities. (vi) The banks should close an existing account or should not open a new account where it is unable to apply appropriate customer due diligence measures i.e bank is unable to verify the identity and/or obtain documents required as per the risk categorization due to ensured that there is no harassment to the customer. (vii) Customers should be accepted after verifying their identity as laid down in customer identification procedures. (viii) A profile for each new customer based on risk categorization should be prepared. The customer profile should contain information relating to customer's identity, social/financial status, nature of business activity, information about clients' business and their location etc. The banks have devised a revised Composite Account Opening Form for recording and maintaining the profile of each new customer. Revised form is separate for Individuals, Partnership firms, Joint Customer, Corporates and other legal entities or special accounts e.g accounts in the name of domain names, brand names, etc. For the purpose of risk categorisation, banks should obtain relevant information from the customer at the time of account opening. While doing so, it should be ensured that information sought from the customer is significant to the perceived risk and is not intrusive.

(i) The policy approved by the Board of banks should clearly spell out the Customer Identification Procedure to be carried out at numerous stages i.e while establishing a banking relationship; carrying out a financial transaction or when the bank has a doubt about the authenticity / veracity or the adequacy of the previously obtained customer identification data or when bank feels it necessary based on conduct or behaviour of account. (ii) Customer Identification means identifying the person and verifying his/her identity by using reliable, independent source documents, data or information. Banks need to gather sufficient information essential to establish, to their satisfaction, the identity of each new customer, whether regular or occasional, and the objective of the intended nature of banking relationship. (iii) Identity should be verified for: (a) the named account holder; (b) beneficial owners; (c) authorized signatories to an account; (d) intermediate parties. (iv) The nature of documents / information would depend upon the type of customer. For customers that are natural persons, banks photograph, route of transaction and legality and document/s for verifying signature. (v) For customers that are legal persons / entities, banks should (a) verify the legal status of the legal person / entity through proper and relevant documents; (b) verify that any person purporting to act on behalf of the legal person/entity is so authorized and identify and verify the identity of that person; (c) understand the ownership and control structure of the customer and determine who are the natural persons who ultimately control the legal person. ; (d) to verify passport / voter identity card , PAN card and (e) DIN (Direct Identification Number) wherever applicable and a copy should be obtained. (vi) Whenever there shall be any suspicion of money laundering or terrorist financing or when other factors shall give rise to a notion that the customer does not , in fact , pose a low risk , full scale customer due diligence (CDD) shall be executed before opening an account. (vii) In order to smoothen the banking operations for the customers, Banks should have one unique Customer Identification Number (CIN) for all the accounts of a customer. A customer cannot have multiple CIN for multiple accounts opened at various locations of the bank. (viii) Customer identification data (including photographs) should be periodically updated after the account is opened. Periodicity of such updation (Obtaining full KYC) should not be less than once in ten years in case of low risk category customers, not less than once in eight years in case of medium risk categories and not less than once in two years in case of high risk categories.

(i) Continuous monitoring is an essential ingredient of effective KYC procedures. Banks can effectively control and reduce their risk only if they have an understanding of the normal and reasonable activity of the customer- to identify transactions that fall outside the regular pattern of activity. However, the extent of monitoring should depend on the risk sensitivity of the account. (ii) Special attention should be paid to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. Transactions that involve large amount of cash

accounts should be subjected to extensive monitoring. The AML cell should generate the alerts for such accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. (iii) The Banks should prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Banks should ensure that its branches continue to maintain proper record of all cash transactions (deposits and withdrawals) of Rs. 10 lakh and above. It must also be ensured that transactions of suspicious nature and/or any other type of transaction under section 12 of the PML Act, 2002 is reported to the appropriate law enforcement authority. (iv) The internal monitoring system should have an inbuilt procedure for reporting of transactions of suspicious nature to controlling / head office on a fortnightly basis.

(i) Banks are exposed to the following risks which arise out of Money Laundering activities and non-adherence of KYC standards: o Reputation Risk: Risk of loss due to severe impact in bank's reputation. This may be of particular concern given the nature of the bank's business, which requires the confidence of Regulators, depositors, creditors and the general market place. o Compliance Risk: Risk of loss due to failure of compliance with key regulators governing the bank's operations. o Operational Risk: Risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. o Legal Risk: Risk of loss due to any legal action the bank or its staff may face due to failure in complying with the law of the land. (ii) The Board of Directors of the bank should ensure that an effective KYC programme is put in place by establishing appropriate procedures and ensuring their effective implementation. It should cover proper management oversight, systems and controls, segregation of duties, training and other implemented effectively. (iii) For the purpose of effective implementation of KYC policy and AML standards, Anti Money Laundering Cell headed by the Principal Officer should monitor transactions in all customer accounts on concurrent basis with AML software and IT support to meet the requirements of KYC policy and AML standards. (iv) Banks' internal audit and compliance functions have a significant role in evaluating and ensuring adherence to the KYC policies and procedures. Banks should ensure that their audit machinery is staffed sufficiently with individuals who are well-versed in such policies and procedures. Concurrent / Internal Auditors should specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard. The compliance in this regard may be put before the Audit Committee of the Board on quarterly intervals. (v) Banks should conduct training for sensitising staff so that they are adequately trained in KYC procedures. Training requirements should have different rationale for frontline staff, compliance staff and staff dealing with new customers. Apart from the key elements, the other things that a bank should look into :

Implementation of KYC procedures requires banks to demand certain information from the customers which may be personal in nature or which has hitherto never been called for. This may lead to discomfort. Banks should recognize the need to spread awareness, to prepare specific literature/ pamphlets etc. so as to educate the customer of the objectives of KYC programme.

Banks will have to ensure that appropriate KYC procedures are duly applied for new technology driven products such as smart cards, credit cards, gift cards, travel cards, including Internet banking/ Mobile banking facility or such other product which may be introduced by the bank in future that might favour

Banks should apply KYC to existing clients based on materiality and risk. RBI suggested that all the existing accounts of companies , firms , trusts , charities , religious organisations shall be subjected to minimum KYC requirements which would establish the identity of the natural/legal person and those of the 'beneficial owners'. If bank is unable to apply appropriate KYC measures due to non-furnishing of information and/or non-cooperation by the customer, the bank may consider closing the account after issuing due notice to the customer explaining the reasons for taking such a decision.

A series of draft KYC Capability Maturity Model papers were published and shared with a range of international KYC practitioners in 2009-2011. An updated and peer-reviewed version was published in ACAMS Today, the journal of ACAMS, the Association of Certified Anti-Money Laundering Specialists. The KYC Maturity Model is positioned on the typical 5 levels of the standard Capability Maturity Model. These levels are commonly defined as Initial, Repeatable, Defined, Managed and Optimized and have very strict meanings .The KYC maturity has however been somewhat simplified, re-built and renamed as follows: Chaotic, Reactive, Proactive, Service Managed and Value Managed. The application of common manufacturing and IT productivity methodologies have introduced practical process improvement methods such as Lean, Agile, 6-Sigma, ITIL and Balanced Scorecard.

The key aspect about banking is that one must follow the money or in other words investigate the money trail to see where it starts and where it ends. Once the money trail is well-established, it is effortless to track down the culprits and this is the reason that banks must have accurate, reliable and updated KYC norms in place for all customers. Banks must ensure that high value transactions are monitored and insist on proper identification when customers withdraw or deposit large sums of money. This is where proper KYC norms become useful as the contact information provided in the KYC database can be used by law enforcers and the regulators to locate the source and the destination of the money trial. One reason that proper KYC norms can be helpful is that if a particular customer or entity is in the red list or the black list being monitored, they can help spot and track transactions made by these entities. This means that proper identification of customers leads to better compliance and better monitoring. Further, KYC norms out of such transactions can be resolved through documentation and data which would pinpoint the source of the dispute and help the arbitrators decide on who is guilty. The adoption of effective know your customers (KYC) procedures is a vital element of banks' risk management practices. Banks with inadequate KYC risk management programmes may be exposed to significant risks, especially operational and legal risks. Sound KYC policies and procedures have particular relevance to a bank's overall safety and soundness. They help to safeguard banks' reputation and the integrity of the banking system by reducing the possibility of banks becoming a vehicle for or a victim of money laundering, terrorist financing etc. and suffering consequential reputational damage. They provide an essential part of sound risk management system (basis for identifying, limiting and controlling risk exposures in assets & liabilities).

The Financial Action Task Force (FATF) develops and promotes policies that prohibit money laundering , financial terrorism and financing weapons of mass destruction, requiring financial institutions of member countries to implement 'Customer Due Diligence' (CDD) for a range of financial activities and circumstances. India is a member of FATF and Indian regulators are required to apply CCD. Regulators in India have exercised CDD through excessive forms of 'Know Your Customers' (KYC) requirements, which go well beyond the principles-based risk-sensitive requirements of CDD. Therefore, financial firms in India face increased costs. Companies and distributors say that KYC requirements have pressurized them with substantial administrative obligations. The verification rule places a financial burden on banks, mutual funds and insurance companies due to the costs involved. Currently, every entity has to individually carry out this verification which results in duplication of effort for customers as well as the institutions. The KYC requirement results in delayed operations due to repetitive and unnecessary operations. Customers have to run from pillar to post for complying with the KYC norms due to the detailed paperwork involved .Investors face problems in repeatedly providing details or facing a freeze on their accounts, resulting in reduction in the growth in investor numbers in various instruments. Hence, KYC norms are proving restrictive because of the hassles of documentation. The KYC norms, which are meant to mitigate risks in the Indian banking sector, are themselves fraught with the danger of being trapped in the web of operational

process. During the investigation, it was discovered that HSBC had a vastly understaffed compliance department. At times, only one to four employees were responsible for reviewing alerts identifying suspicious wire transactions. When HSBC processed bulk cash, a business it calls banknotes, only one or two compliance officials oversaw transactions for 500 to 600 customers, which shows a clear cut case of under-staffing. This can be understood well within the context of the famous saying: a chain is as strong as the weakest link in the chain. The weakest link in any chain in the operational process is the human resource. The weaknesses arising from human resource gets worsened if they are not duly supported by strong processes and technology, the two other critical pillars of operational risk management. The weakness in the overall operational procedure can derail the successful implementation of AML and KYC process. Following is an indicative list of risk associated with the people, process and technology. It has been noticed in many cases that banks and financial institutions have not been very particular about the strict implementation of KYC and AML. Even the Regulator has also been lenient in this regard. The RBI diluted the full KYC process for medium and low risk clients by issuing a circular, which stated that the full KYC exercise will be required to be done at least by the staff at the bank counter and transaction monitoring is assumed to be completed if a customer furnishes his PAN card, which is more of a tax compliance document. The check box is dominating the bank system. This means mapping the documents and control points with what customer has declared at the time of account opening. How the prevailing operational risks can be managed remains a subject of debate. There is no need to say that the three-prolonged approach of regulators, policy makers and banks is required. India has been granted. While the Financial Action Task Force ( on Money Laundering ) , has stated in its 8th follow report of mutual evaluation that India has addressed the shortfall in fight against money laundering , much needs to be done at the ground level to plug operational risks. In addition, when an Indian Financial service provider deals with a low value customer, the cost of performing the KYC norms that is required is often a substantial one when compared with the lifetime NPV of the customer. This has hampered financial inclusion by reducing the profitability of small value customers in the eyes of financial firms. A key challenge in implementing sound KYC policies and procedures is how to put in place an effective group wide approach. The legal and operational risks identified above are global in nature. As such, it is essential that each group develop a global risk management programme supported by policies that incorporate group wide KYC standards. Policies and procedures at the branch-or subsidiary-level must be consistent and supportive of the group KYC standards even where for local or business reasons such policies and procedures are not identical to the group's.

In 2004, RBI slapped a penalty of Rs. 5 Lacs on Citi Bank, the first bank to face such action for flouting KYC norms, as it failed to comply with 'Know Your Customer' guidelines by letting fake stamp scam accused Abdul Karim Telgi and associates to open accounts with the foreign bank. In 2012, ICICI Bank, India's largest private lender and Bangalore-based ING Vysya Bank were penalised by the Reserve Bank of India for violating KYC norms. ING Vysya was fined Rs.55 lacs ICICI bank Rs.30 lacs for contravention of various directions and instructions issued by the RBI on KYC norms. These banks failed to obtain adequate documents for of natural persons behind entities and delay in filing suspicious transaction reports. In June 2013, RBI penalized Axis Bank, HDFC Bank, ICICI Bank Rs. 5 crore, Rs.4.5 crore and Rs 1 crore respectively for flouting KYC guidelines. The penalty followed scrutiny carried out by RBI of books of accounts, internal control, compliance systems and processes of these three banks at their corporate offices and some branches during March/ April 2013.The violations included non-observance of certain safeguards in respect of arrangement of “at-par” payment of cheques drawn by cooperative banks, non-adherence to certain aspects of KYC and AML guidelines like risk categorisation and periodical review of risk profiling of account holders. They did not adhere to the KYC norms for walk in customers for sale of third party products and failed to file cash transaction reports in respect of some cash transactions and sale of gold coins for cash beyond Rs. 50000.In certain cases, the banks failed to obtain permanent account number (PAN) card details 0r form 60/61 and verify the source of funds credited to a few non-resident ordinary (NRO) accounts. One of the biggest violations of KYC/AML norms by banks was exposed in a sting operation by investigative media portal Cobrapost in July 2013. After investigating the allegations made by the portal , the RBI imposed a total fine of Rs. 49.5 crores on 22 banks. The list includes banks such as SBI , Bank of Baroda and Canara Bank all of whom were fined Rs.3 crore each, in addition to well-known banks like Punjab National Bank, Yes Bank ,Bank of India etc. The RBI came to the conclusion that some of the violations were substantiated and warranted imposition of monetary penalty. Though it imposed penalties, RBI said that its investigation did not reveal any prima facie evidence of money laundering. Any conclusive inference in this regard can be drawn only by an end to end investigation of the transactions by tax and enforcement agencies. Again in August 2013, the RBI fined six more public sector banks – Allahabad Bank, Bank of Maharashtra, Corporation Bank, Dena Bank, IDBI Bank and Indian Bank – for similar violations. The penalties ranged between Rs. 50 lakh to Rs. 2 crores. In December 2014, the central bank imposed a penalty of Rs.50 lacs on ICICI Bank and Rs.25 lacs on Bank of Baroda for KYC/AML violations. Before imposing a fine, RBI serves a showcause notice to the banks. A fine is imposed only if the regulator is not satisfied with the bank's reply. In response to all these violations identified in the past, RBI is likely to adopt a zero tolerance policy on KYC / AML norms. At present, a small violation of KYC/AML is overlooked by the central bank during inspection. penalties for such violations is small. RBI is currently looking at a proposal to increase this. One proposal is to put operational curbs such as not allowing a bank to disburse loan for three months or not allowing them to participate in treasury operations for a limited period. Branch expansion is another area where restrictions could be imposed. Banks could also see the monetary policy rising sharply from the present Rs. 5 lac per violation. Earlier, the thinking in the central bank was to 'name and shame' errants, rather than impose a heavy penalty. In 2013, the Banking Regulation Act was amended and gave powers to RBI to impose a penalty of Rs. 1 crore for a single violation.

KYC has two components, Identity and Address. While Identity remains constant, the address of customer might change over a period and hence banks are required to periodically update their records. Under KYC norms, all customers of the bank are expected to submit the PAN card details, address proof details and proof of identity issued by a government authority such as Passport authority etc. From recent events, it seems to appear that these KYC norms have not been implemented and followed by several banks. The main reason behind this is that the KYC procedure in the Indian Banking sector still stands un-standardized. Recent allegations of money laundering and breach of KYC norms brings forth few key questions. In one of the most populous nations in the world, is it possible to effectively implement KYC norms across all bank branches? How can RBI effectively implement all its KYC norms for people who don't hold PAN card and other address proofs? Are banks fully equipped to trace money laundering activities if a fully compliant customer engages in such dubious activities? Few may argue that just because PAN card details were not submitted during account opening, does not testify that these accounts were engaged in malicious money laundering transactions. To reduce money laundering transactions in India, RBI can direct banks to automate the transaction chain monitoring. In order to effectively monitor the entire chain of transactions and to identify suspicious transactions, a better integration among all the banks and their branches is of pivotal importance. Considering that since Indian Banking Industry is riding on financial transformation driven by Information Technology, in this context launch of Aadhaar based e-KYC service (electronic repository of demographic details and photograph verifiable through biometric authentication) could prove to be curing all in order to

Aadhaar eKYC is a service offered under Aadhaar project by Unique Identification Authority of India (UIDAI). Under this service, organizations can establish the positive identity of their customers by validating their name, address and other information against their biometric identity with Aadhaar data center. Usually, customers provide verification for the Proof of Identity (PoI) and Proof of Address (PoA) in physical documents, which is a key requirement for access to financial products (payment products, bank accounts, insurance products, market products, etc.), SIM cards for mobile telephony, buying LPG, and access to various Central, State and Local Government services. The number of documents being valid as PoI and PoA vary across banks as well as across product offerings by the banks. In a country like India, where a person can be thought of carrying multiple cards with multiple identities, where forgery of documents and identity theft are prevalent, it becomes difficult to ensure the reduction of threat of a poor KYC check, even when the required documents are collected and verified. Morever, currently only a few set of documents like PAN card, Passport and Electoral card are accepted at a national level. Several agencies only rely upon documents issued by other state agencies for the purpose of identity creation and validation. This ends up in non-standardization and ambiguity in the process of identity creation and validation. Morever, it may result in wrong full identity validation that may carry serious consequences. The present approach of identifying and validating a client with “what the person has” poses certain risks and challenges as under :

• Chances of multiple identities of a single entity.

• Chances of document forgery and identity theft.

• Limited extent of mobility of identification.

• Financial exclusion of the poor and marginalised.

• Leakages in delivering benefits or services.

• Limited extent of mobility of identification.

• Identification on basis of what the person possesses rather than who the person is.

2012 the Unique Identification Authority Of India (UIDAI) ,earlier headed by former Infosys CEO Nandan Nilekani, conceptualized the e-KYC (Electronic- Know Your Customer ) service, which promises to substantially improve customer services in the near future. E-KYC service tends to mark a paradigmatic shift in identity management from knowing “what the client knows” and “what the client has” to establishing “who the user is”. The new offering , e-KYC allows an Aadhaar number-holder to authorize UIDAI to release his personal details to any service provider to allow instant activation of services like bank account, mobile connection etc. Reserve Bank of India (RBI) had communicated to all banks (excluding RRBs) , payment system providers , and prospective prepaid payment instrument issuer to treat the information made available from UIDAI as an ' Officially Valid Document' under the Prevention of Money Laundering guidelines to open a bank account. It would be a leap of faith by bank/few banks to take this lead of e-KYC. Good news is that at least one bank has already done this and it is one of the largest private sector banks, Axis Bank. The case of Mrs. Boudevi is not an ordinary one. Rather in times to come by, it may prove to be historic one. She is the first person whose account has been opened through e-KYC facility of Aadhaar. In coming few years, it may be thing of yore that it used to take minimum of 15 days for lucky ones to open accounts. And for the unlucky ones, those who did not have proper documents they could very well remain without accounts. And that's how it has been till now. Identity crisis still haunts people in various parts of India and prevents them from availing even the fundamental services. This is precisely what Aadhaar as e-KYC is set to change. It seems to be the game changer for affecting the KYC procedure aptly.

UIDAI offers the e-KYC service, which enables a resident having an Aadhaar number to share their demographic information and photograph with a UIDAI partner organisation in an online, secure, auditable manner with the residents consent. The consent by the resident can be given via a biometric authentication or a onetime password (OTP) authentication. Some of the key features of the e-KYC service are:

• Consent based: Data is shared by the resident consent through Aadhaar authentication, thus protecting resident privacy.

• Secure and compliant with the IT Act : Both end-points of the data transfer are secured through the use of encryption and digital signature as per the Information Technology Act , 2000 making e-KYC document legally equivalent to paper documents. In addition, the use of encryption and digital signature ensures that no unauthorized parties in the middle can tamper or steal the data.

• Non-reputable: The use of resident authentication for authorization, the affixing of a digital signature by the service provider originating the e-KYC request, and the affixing of a digital signature by UIDAI when providing the e-KYC data makes the entire transaction non-reputable by all parties involved.

• Instantaneous: The service is fully automated, and KYC data is furnished in real-time, without any manual intervention.

• Regulator friendly: The service providers can provide a portal to the Ministry/ Regulator for auditing all e-KYC requests. The Ministry/ Regulator can establish rules for secure retention of e-KYC data (eg. Storage method, period of storage, and retrieval among other things).

• Eliminates Document forgery: Elimination of photocopies of various documents that are currently stored in premises of various stakeholders reduces the risk of identity fraud and protects resident identity. In addition, since the e-KYC data is provided directly by UIDAI, there is no risk of forged documents.

• Inclusive: The fully paperless, electronic, low-cost aspects of e-KYC make it more inclusive, enabling financial inclusion.

• Low cost: Elimination of paper verification, movement, and storage minimises the cost of KYC to a fraction of what it is today.

• Machine Readable: Digitally signed electronic KYC data provided by UIDAI is machine readable, making it possible for the service provider to directly store it as the customer record in their database for purposes of service, audit, etc. without human intervention making the process low cost and error free.

In August 2012, UIDAI released the API SPECIFICATION – VERSION 1.0 (DRAFT) outlining in detail the approach to be adopted by software companies to incorporate Aadhaar e-KYC API into their applications. The Aadhaar e-KYC service has been designed as a layer on top of the Aadhaar authentication service. Thus, it uses an operating model that is very similar to that of Aadhaar authentication. 15.1 Aadhaar authentication Aadhaar authentication is a process where the Aadhaar number , along with other attributes (demographic/biometrics/OTP) are submitted to UIDAI's Central Identities Data Repository (CIDR) for verification. The CIDR verifies whether the data submitted matches the data available in CIDR and responds with either a yes or a no. 15.2 Stakeholders The UIDAI authentication ecosystem consists of a number of stakeholders, which also holds true for the e-KYC ecosystem. 1. Unique Identification Authority of India (UIDAI): UIDAI is the overall regulator and overseer of the Aadhaar authentication system. It owns and manages the Central Identities Data Repository (CIDR) that contains the personal identity data (PID) of all Aadhaar-holders. 2. Authentication Service Agency (ASA): ASAs are entities that have secure leased line connectivity with the CIDR. ASAs transmit authentication requests to CIDR on behalf of one or more AUAs. An ASA enters into a formal contract with UIDAI. 3. Authentication User Agency (AUA): An AUA is any entity that uses Aadhaar authentication to enable its services and connects to the CIDR through an ASA. An AUA enters into a formal contract with UIDAI. 4. Sub AUA: An entity desiring to use Aadhaar authentication to enable its services through an existing AUA. Examples: (i) The IT Department of a State/UT could become an AUA and other departments could become its Sub AUAs to access Aadhaar authentication services. (ii) A Hoteliers Association becomes an AUA and several hotels could access Aadhaar authentication as its Sub AUAs. UIDAI has no direct contractual relationship with Sub AUAs.

holders, transmit the authentication packets and receive the authentication results. Examples include PCs, kiosks, handheld devices etc. They are deployed, operated and managed directly by the AUA/Sub AUA, or through a Technology Service Provider. 6. Aadhaar holders: These are holders of valid Aadhaar numbers who seek to authenticate their identity towards gaining access to the services offered by the AUA. The key stakeholders could involve with each other in multiple ways. For example, an AUA could choose to become its own ASA , an AUA could access Aadhaar authentication services through multiple ASAs for reasons such as business continuity planning , an AUA transmits authentication requests for its own service delivery needs as well as on behalf of multiple Sub AUAs. Similarly, it may also be possible to use a single authentication device for servicing multiple AUAs. For example, the authentication device at a fair shop may also be used for carrying out financial transactions for banks. 15.3 e-KYC data flow: Currently, all ASAs and AUAs are approved by the UIDAI to access the e-KYC service. Hence, every ASA is also a KYC Service Agency (KSA), and every AUA is also a KYC User Agency (KUA). The following diagram depicts the relationship between various entities in the e-KYC transaction. The operating model for e-KYC is the same as that for authentication.

a) The interested resident authorizes UIDAI (through Aadhaar authentication) to provide their basic demographic data for PoI (Proof of Identity) and PoA (Proof of Address) along with their photograph (digitally signed) to service providers. b) The resident's record is first selected using the Aadhaar Number and then the demographic/biometric inputs are matched against the stored data which was provided by the resident during enrolment/update process. Another option for authentication can be done c) KYC front-end application captures Aadhaar number along with the biometric/ OTP of resident and forms the encrypted PID block. d) The KUA forms the e-KYC XML by encapsulating the PID block, affixes the digital signature and sends it to the KSA (the digital signature step can be delegated by the KUA to the KSA). e) The KSA forwards the e-KYC XML (affixing the digital signature if delegated by the KUA to the KSA) to UIDAI’s Aadhaar KYC service; f) The Aadhaar KYC service authenticates the resident. If the authentication is successful, it responds back with a digitally signed and encrypted demographic and photograph in XML format; g) The demographic data and photograph in response is encrypted by default with the KUA’s encryption key. Upon the KUA’s request, this may be instead encrypted with the key of the KSA. h) The KSA sends the response back to KUA enabling paper-less electronic KYC. i) For security reason, data collected for Aadhaar KYC must not be stored in the devices or log files. It is essential for ASA and AUA to maintain audit records for all the authentication request metadata along with the response. j) KYC front-end application must ensure it takes an explicit “resident consent” authorizing the AUA to retrieve the resident data, only if the resident has provided the consent (in the application UI, either in self-service mode or operator should prompt the resident and get consent), this should be populated as “Y”. No other values are valid. k) The process can be confirmation of proof of identity or confirmation of the information provided by the resident. l) Resident's privacy is of utmost importance, hence the Aadhaar authentication service can only respond with a 'yes/no' nothing more, nothing less. m) No Personal Identity Information is returned as part of the response. KYC service can be used:

a) In this case, the KUA captures resident authentication data and invokes the Aadhaar e-KYC API through a KSA network. b) The KYC data returned within the response of the e-KYC API is digitally signed and encrypted by the UIDAI and can be used for electronic audit at a later stage. c) Using the resident data obtained through this KYC API, the agency can service the customer instanteously.

a) The KUA captures resident authentication data, invokes e-KYC API through a KSA network. b) The KYC data returned within the response of the KYC API is digitally signed by UIDAI and can be used for electronic audit; c) Since the resident is already a customer/beneficiary, the agency can use a simple workflow to approve the Aadhaar linkage by comparing data retrieved through the e-KYC API against what is on record (in paper or electronic form ) ; and d) Once verified, the existing customer/beneficiary record can be linked to the Aadhaar number. 15.5 Pricing of e-KYC transactions E-KYC services are offered free of cost as of now, till a pricing policy decision is announced.

The Aadhaar e-KYC service can drastically reduce cost and can help drive instant service delivery in the following ways : 16.1 Instant service provisioning The Aadhaar e-KYC service can be used for instant service provisioning wherever KYC details are needed. In some cases, the KYC requirements are regulatory, whereas in other cases, the KYC requirements are for the purpose of fetching basic customer data for service provisioning.

Government applications is the seeding of Aadhaar in the various Government Schemes for service delivery. The Budget Speech 2012-13 recognised the need for Aadhaar-based payments for MGNRES wages, old age, widow, and disability pensions, and various education scholarships. The Prime Minister has constituted a National Committee on Direct Cash Transfers under his chairmanship and an Executive Committee on Direct Cash Transfers to give a thrust to roll out a cash transfer programme across the country , leveraging the Aadhaar platform, The Task Force on Direct Transfer of Subsidy for Kerosene , LPG , and Petroleum , the Task Force on IT Strategy for PDS , and the Task Force on an Aadhaar enabled Unified Payment Infrastructure have given a comprehensive roadmap for the implementation. The e-KYC service can be helpful in linking existing beneficiary records with Aadhaar numbers. Examples include linkage of existing ration cards, pension accounts, scholarships, etc. with Aadhaar. This has the twin benefit of achieving de-duplication and elimination of fakes and ghosts, while ensuring that the benefits reach the targeted beneficiaries. In cases where residents are applying for various Government-issued documents such as Ration card, Driver's license, Passport, Birth certificate, Caste certificate, etc., the e-KYC service can be utilised for efficient service delivery, based on instant and accurate identification of the person.

The e-KYC service can greatly mitigate frauds and KYC risk in the financial and telecom sectors. With e-KYC through Aadhaar, possible misuse of proof documents will be removed. It will reduce the risk of identity theft. The government has amended the PML rules in 2010 to include Aadhaar e-KYC as a valid document for availing products and services. This is being followed by the concerned sector regulators with IRDA notifying the same for insurance sector and SEBI stating acceptance of e-KYC (Know Your Client) service of UIDAI as a valid proof of identity and address for opening accounts with brokerage firms, portfolio managers and other capital market entities and purchasing capital market products such as mutual funds. The Aadhaar e-KYC service is in full compliance with the provisions of the Information Technology Act, 2000. Both end-points of the data transfer are secured through the use of encryption and digital signature as per the IT Act, 2000 making e-KYC document legaly equivalent to paper documents. 16.2 Instant opening of a bank account Banks can simplify the process of opening a bank account using the Aadhaar e-KYC service. It makes it possible to open an account from the comforts of

instanteously, without needing any physical form of identity or address proof. E-KYC eliminates the movement and storage of verification papers, and therefore costs of document management. Error-free data is obtained from the Aadhaar database, at a much lower cost when compared with the costs of typing in and removing the errors in human-created data. E-KYC is a game changer when it comes to opening accounts for poor people. 16.3 Enhancing customer convenience and increasing business efficiency The Aadhaar number has the property of being a globally unique address for every resident of India. This property makes it attractive to use Aadhaar as a payment address. The Aadhaar Payments Bridge has been recommended by the Task Force on an Aadhaar-enabled Payments Infrastructure, as a system that can route money to any resident on the basis of the Aadhaar number. used to create innovative products. For example, money can be sent to anyone with an Aadhaar number, irrespective of whether they have a bank account. If the receiver has an Aadhaar-enabled bank account, money can be transferred into it. If the receiver does not have an Aadhaar-enabled bank account, an instant account can be created on the basis of the Aadhaar number, with a debit freeze. Money transferred is credited into the instant account. The instant account can be activated during the first withdrawal on the basis of e-KYC. Morever, e-KYC is not only beneficial to consumers, but also to service providers because they do not have to store any kind of photo copies. Everything is centralized and stored digitally helping them save on paper costs. Since the entire data is machine readable, it is possible for the service provider to directly store it as the customer record in their database for purposes of service, audit, etc. without human intervention making the process low cost and error free. In this way, e-KYC being instanteously will enhance customer convenience and satisfaction and greatly increase business efficiency across sectors. 16.4 Dramatic Reduction in Cost Use of online authentication system for transaction processing could help banks save the cost of issuing smart cards. For transaction processing, the customer could simply be authenticated based on various attributes including biometric information and Aadhaar number, thus eliminating the need for issuing smart cards. The saving of smart card itself could lead to substantial cost savings for the banking system (UIDAI, 2009-2012).

“One reason preventing people from accessing banks is not having a proper proof of identity. So, Aadhaar cards can be very important for those who are not included in the system…it is easily accepted by any financial institution”. - Ajay Bhushan Pandey It is a well-documented fact that low level of financial inclusion in rural India is primarily due to low penetration of formal financial institutions, especially the banks. Another equally important reason of this is lack of acceptable proof of identity and address documents. Though, a number of initiatives had been endeavoured by the Central/ State Governments and With use of Aadhaar as e-KYC, banks can deepen their outreach in the unbanked segment of population. In the short run, it will help them in meeting their social banking targets but banks will be missing the opportunity if they stop at that. They should start looking at this segment as potential customers. As is fairly documented, poor do save and they save for various purposes, hence they need access to financial products. It can even be argued that access to financial services should be fundamental right. Hitherto unbanked population could not have access in want to not having KYC documents to meet the requirements of banks. Aadhaar as backbone of this platform gives banks opportunity to offer financial products that suit the requirements of poor and unbanked population segment.

As per the latest figures put out by the UIDAI, 72.24 crores Aadhaar cards have been generated and issued till December 2014 while the UIDAI has spent Rs. 5,311.6 crore on the project till November 30, 2014. A total outlay of Rs. 13663.22 crore has been approved by the government for implementation of Aadhaar project upto March 2017. Of this , a total amount of Rs. 5,311.6 crore has been spent as on November 30, 2014. The government spent 946.32 crore on the project till November 30 as against revised expenditure estimates of Rs. 1417 crore for 2014-15. With 72.24 crore Aadhaar generated across the country as on 14th December , 2014 , nine States/UTs have achieved an Aadhaar saturation level exceeding 90 percent and another seven States/UTs between 75-90 percent . The Aadhaar platform is fully functional for authentication and e-KYC services , with more than 30 crore authentication and over 31 lakh e-KYC transactions carried out since inception. A total of 166 authentication agencies are operational for a variety of applications that leverage the authentication and e-KYC services. Currently, a number of government schemes/ programmes are already leveraging Aadhaar for implementation on a non-mandatory basis. The progress has not been even across the country. Though, the process of issuing Aadhaar cards began in September 2010, a large number of city dwellers are still fence sitters, not being able to see much of the perceived benefits accruing to them. The launch of e-KYC which promises to remove KYC hassles is expected to work as a motivator for large number of people to enrol for Aadhaar in the near future. UIDAI Chairperson Nandan Nilekani expected to issue 60 crore Aadhaar cards by 2014.To facilitate issue of Aadhaar cards, the UIDAI has announced setting up of permanent enrolment centres in various states. low income informal sector workers to accumulate micro-savings for their old-age. It has faced KYC challenges in the past, and is an early adopter of e-KYC. IIMPS's target population, i.e. the informal sector poor, cannot gain access to formal financial products as they have insufficient identity documentation (due to factors such as migration), or a complete lack thereof. As a result of this, and due to differences in KYC compliance across regulators, a host of interested low income workers are unable to join the integrated micro-pension program. This is only the first half of the problem. Lengthy KYC application and verification procedures cause significant cost and time overhead expenses for IIMPS while processing each micro-pension application. E-KYC has resolved both of these issues. Payment solution provider Oxygen too has launched e-KYC services with NPCI, to help unbanked masses of the country make use of Oxygen Mobile Wallet Service without the hassle of paperwork/documentation of 'Know Your Customer' information as cited by regulatory bodies. Importantly, it's the first non-banking body to launch the e-KYC service. But all this may come to naught if there are not enough banking outlets to access these services. As recent study by Microwave highlighted in the sample of five districts, only 4% of 1000+ population villages have access to bank CSPs. It can be safely said that Aadhaar based e-KYC service can turn out to be much needed change catalyst for financial inclusion in rural India. A good start has been made but there are many more chapters untold an it will be interesting to see how this story unfolds? Till now, e-KYC is a valid document for all financial services, under The Prevention of Money Laundering Act Rules. E-KYC has been accepted as valid proof of identification and address by five regulators in the financial sector, namely the Reserve Bank of India (RBI); the Securities and Exchange Board Of India (SEBI); the Pension Fund Regulatory and Development Auhority (PFRDA); the Insurance Regulatory and Development Authority (IRDA); and the Forward Markets Commission.

With the RBI setting up various committees like the Nachiket Mor Committee, which have dealt with the issue of use of Aadhaar in the banking system for various modes of e-payment, not only can they open a bank account but also do banking through various methods like mobile etc. All of this is possible through the Aadhaar and the e-KYC infrastructure. Aadhaar can be very important for those people who are not

The Aadhaar e-KYC service gives the Indian people their first mobile identification, which they can use anywhere in the country, with an agency, to prove their identity. The e-KYC service has the potential to revolutionize service delivery in the public and private sector, and drive innovation in the market. It does not compromise security for inclusion, and instead offers a solution that is secure as well as inclusive, and protects data privacy by eliminating paper trail on the field. Although there are certain concerns relating to issuance of Aadhaar to “residents” rather than “citizens” and issues of third party verification and access to personal information of individuals which need to be addressed before a shift to such a revolutionary validation mechanism is made, the e-KYC facility still seems quite promising to the current scenario as banking and insurance is concerned. However, it is quite new to the contemporary market and will require some time to enter the market in full fledge.

• Aelbers, E. 2013. Financial Inclusion, Know Your Customer and Financial Action Task Force. Asian Development Bank Institute. http://www.adbi.org/files/2013.03.21.cpp.sess6.1.aelbers.financial.task.force.pacific.pdf. Aelkers 2013 Accessed on November 04, 2013.

• Australian Transaction and Reports Analysis Centre(AUSTRAC). 2008. Know your customer.http://www.austrac.gov.au/elearning/pdf/intro_amlctf_know_your_customer.pdf Accessed on November 04, 2013.

• Basel committee on banking supervision. 2001. Customer due diligence for banks. Bank for international settlements.

• Basel committee on banking supervision. 2004. Consolidated KYC risk management. Bank for International Settlements.

• Business Standard. 2013. Sebi to accept UIDAI e- KYC as address, identity proof. October 09, 2013.

• Desai, M. 2013. Aadhar e-KYC: Fast, Secure & Cost Effective. Press Information Bureau, Government of India. http://pib.nic.in/newsite/efeatures.aspx?relid=98437 Accessed on November 14, 2013.

• Government of India. 2002. The Prevention of Money Laundering Act. New Delhi

• Government of India. 2012. The Prevention of Money Laundering (Amendment) Act. New Delhi.

• Koker, L. de. 2006. Money laundering control and suppression of financing of terrorism: Some thoughts on the impact of customer due diligence measures on financial exclusion. Journal of Financial crime, 13(1): 26-50.

• KPMG. 2012. India Anti Money Laundering Survey, 2012. http://www.kpmg.com/IN/en/IssuesAndInsights/ThoughtLeadership/AML_Survey_2012.pdf Accessed on November 05, 2013.

• Malhotra, N. and Dash S. 2011. Marketing Research: An Applied Orientation. New Delhi: Pearson Education India.

• Mulligan, D. 1998. Know your customer Regulations and the International Banking System: Towards a General Self-Regulatory Regime. Fordham International Law Journal, 22(5): 11.

• Reserve Bank of India. 2013. Master Circular – Know Your Customer (KYC) norms / Anti-Money Laundering (AML) standards/Combating of Financing of Terrorism (CFT)/Obligation of banks under PMLA, 2002. http://www.rbi.org.in/scripts/BS_ViewMasCirculardetails.aspx?id=8179 Accessed on November 05, 2013.

• Ruce, P.J. 2011. Anti-Money-Laundering: The Challenges of Know Your Customer Legislation for Private Bankers and the hidden benefits for Relationship Management (“The Bright Side of Knowing your Customer”). The Banking Law Journal, 128(6): 548-564.

• Sen, K.M. 2013. Aadhaar-what next after the SC ruling? http://kafila.org/2013/09/30/aadhaar-what-next-after-the-sc-ruling-kalyani-menon-sen/ Accessed on November 13, 2013.

 Sreekumar, G. & Sai, L.P. 2013. Examining Regulatory Compliance in Indian Banking: Some Issues in the context of Anti Money Some_Issues_in_the_context_of_Anti_Money_Laundering_Regulation_Examining_Regulatory_Compliance_in_Indian_Banking_Some_Issues_in_the_context_of_Anti_Money_Laundering_Regulation . Accessed on November 13, 2013.

• Sultzer, S. 1995. Money Laundering: The Scope of the Problem and Attempts to Combat it. Tennessee Law Review, 63(143).

• The Wealth Wisher. 2011. Know Your Customer (kyc) Guidelines. http://www.thewealthwisher.com/2011/01/14/know-your-customer-kyc-guidelines/ Accessed on October 24, 2013.

• UIDAI. 2012. Aadhaar E-KYC service. http://uidai.gov.in/images/ekyc_policy_note_18122012.pdf Accessed on November 14, 2013.

• UIDAI. 2009-2012. Aadhaar enabled service delivery. http://uidai.gov.in/images/authDoc/whitepaper_aadhaarenabledservice_delivery.pdf Accessed on November, 2013.

• Verhage, A. 2009. Between the hammer and the anvil? The anti-money-laundering complex and its interactions with the compliance industry. Crime Law Soc Change, 52:9-32.

Web Links

• http://www.axisbank.com/downloads/kyc-booklet.pdf. Accessed on October 19, 2013..

• http://www.yorku.ca/ptryfos/f1400.pdf . Accessed on October 12, 2013.

• Http://www.jstor.org

• www.medianama.com

• www.biometricsintegrated.com

• www.ucobank.com

• www.microsave.net

• www.itsallaboutmoney.com

• www.allonmoney.com

• www.thehindu.com

• www.rbi.org.in

• www.rediff.com

• www.timesofindia.indiatimes.com

• www.business-standard.com

 www.en.wikipedia.org