SEBI Updates Clarification on Know Your Client (KYC) Process and Use of Technology for KYC


  1. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies as part of KYC are the foundation of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (hereinafter referred to as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor. 


2. The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary shall continue to ensure to obtain the express consent of the investor before undertaking online KYC. 


3. SEBI, from time to time has issued various circulars to simplify, harmonize the process of KYC by investors / RI. Constant technology evolution has taken place in the market and innovative platforms are being created to allow investors to complete KYC process online. SEBI held discussions with various market participants and based on their feedback and with a view to allow ease of doing business in the securities market, it has been decided to make use of following technological innovations which can facilitate online KYC: 
a. eSign service is an online electronic signature service that can facilitate an Aadhaar holder to forward the document after digitally signing the same provided the eSign signature framework is operated under the provisions of Second schedule of the Information Technology Act and guidelines issued by the controller. b. In terms of PML Rule 2 (1) (cb) “equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature, including documents issued to the Digital Locker account of the investor as per Rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016. c. Section 5 of the Information Technology Act, 2000 recognizes electronic signatures (which includes digital signature) and states that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of a digital signature affixed in such manner as prescribed by the Central Government. Therefore, the eSign mechanism of Aadhaar shall be accepted in lieu of wet signature on the documents provided by the investor. Even the cropped signature affixed on the online KYC form under eSign shall also be accepted as valid signature.


4. In order to enable the Online KYC process for establishing account based relationship with the RI, Investor’s KYC can be completed through online / App based KYC, in-person verification through video, online submission of Officially Valid Document (OVD) / other documents under eSign, in the following manner: i. The investor visits the website/App/digital platform of the RI and fills up the online KYC form and submits requisite documents online. ii. The name, photograph, address, mobile number, email ID, Bank details of the investor shall be captured online and OVD / PAN / signed cancelled cheque shall be provided as a photo / scan of the original under eSign and the same shall be verified as under:  a. Mobile and email is verified through One Time Password (OTP) or other verifiable mechanism. The mobile number/s of investor accepted as part of KYC should preferably be the one seeded with Aadhaar. (the RI shall ensure to meet the requirements of the mobile number and email as detailed under SEBI circular no. CIR/MIRSD/15/2011 dated August 02, 2011) b. Aadhaar is verified through UIDAIs authentication / verification mechanism. Further, in terms of PML Rule 9 (16), every RI shall, where the investor submits his Aadhaar number, ensure that such investor to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under sub-rule (15). RI shall not store/ save the Aadhaar number of investor in their system. e-KYC through Aadhaar Authentication service of UIDAI or offline verification through Aadhaar QR Code/ XML file can be undertaken, provided the XML file or Aadhaar Secure QR Code generation date is not older than 3 days from the date of carrying out KYC. In terms of SEBI circular No. CIR/MIRSD/29/2016 dated January 22, 2016 the usage of Aadhaar is optional and purely on a voluntary basis by the investor. c. PAN is verified online using the Income Tax Database. d. Bank account details are verified by Penny Drop mechanism or any other mechanism using API of the Bank. (Explanation: based on bank details in the copy of the cancelled cheque provided by the investor, the money is deposited into the bank account of the investors to fetch the bank account details and name.) The name and bank details as obtained shall be verified with the information provided by investor. e. Any OVD other than Aadhaar shall be submitted through Digiocker / under eSign mechanism.
iii. In terms of Rule 2 (d) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules) “Officially Valid Documents” means the following: a. the passport, b. the driving licence, c. proof of possession of Aadhaar number, d. the Voter’s Identity Card issued by Election Commission of India, e. job card issued by NREGA duly signed by an officer of the State Government and  f. the letter issued by the National Population Register containing details of name, address, or any other document as notified by the Central Government in consultation with the Regulator. 
iv. Further, Rule 9(18) of PML Rules states that in case OVD furnished by the investor does not contain updated address, the document as prescribed therein in the above stated Rule shall be deemed to be the OVD for the limited purpose of proof of address. 
v. PML Rules allows an investor to submit other OVD instead of PAN, however, in terms of SEBI circular dated April 27, 2007 the requirement of mandatory submission of PAN by the investors for transaction in the securities market shall continue to apply. 
vi. Once all the information as required as per the online KYC form is filled up by the investor, KYC process could be completed as under: a. The investor would take a print out of the completed KYC form and after affixing their wet signature, send the scanned copy / photograph of the same to the RI under eSign, or b. Affix online the cropped signature on the filled KYC form and submit the same to the RI under eSign.   
vii. The RI shall forward the KYC completion intimation letter through registered post/ speed post or courier, to the address of the investor in cases where the investor has given address other than as given in the OVD. In such cases of return of the intimation letter for wrong / incorrect address, addressee not available etc, no transactions shall be allowed in such account and intimation shall also sent to the Stock Exchange and Depository. 
viii. The original seen and verified requirement under SEBI circular  dated October, 5 2011 for OVD would be met where the investor provides the OVD in the following manner: i. As a clear photograph or scanned copy of the original OVD, through the eSign mechanism, or; ii As digitally signed document of the OVD, issued to the DigiLocker by the issuing authority.    
ix. SEBI vide circular dated December 23, 2011 had harmonized the IPV requirements for the intermediaries. In order to ease the IPV process for KYC, the said SEBI circular pertaining to IPV stands modified as under: i. IPV/ VIPV would not be required when the KYC of the investor is completed using the Aadhaar authentication / verification of UIDAI.  
ii. IPV / VIPV shall not be required by the RI when the KYC form has been submitted online, documents have been provided through digiocker or any other source which could be verified online. 


5. Features for online KYC App of the RI – SEBI registered intermediary may implement their own Application (App) for undertaking online KYC of investors. The App shall facilitate taking photograph, scanning, acceptance of OVD through Digilocker, video capturing in live environment, usage of the App only by authorized person of the RI. The App shall also have features of random action initiation for investor response to establish that the interactions not pre-recorded, time stamping, geo-location tagging to ensure physical location in India etc is also implemented. RI shall ensure that the process is a seamless, real-time, secured, end-to-end encrypted audiovisual interaction with the customer and the quality of the communication is adequate to allow identification of the customer beyond doubt. RI shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations. The RI shall before rolling out and periodically, carry out software and security audit and validation of their App. The RI may have additional safety and security features other than as prescribed above.  

6. Feature for Video in Person Verification (VIPV) for Individuals – To enable ease of completing IPV of an investor, intermediary may undertake the VIPV of an individual investor through their App. The following process shall be adopted in this regard: i. Intermediary through their authorised official, specifically trained for this purpose, may undertake live VIPV of an individual customer, after obtaining his/her informed consent. The activity log along with the credentials of the person performing the VIPV shall be stored for easy retrieval. ii. The VIPV shall be in a live environment. iii. The VIPV shall be clear and still, the investor in the video shall be easily recognisable and shall not be covering their face in any manner. iv. The VIPV process shall include random question and response from the investor including displaying the OVD, KYC form and signature or could also be confirmed by an OTP. v. The RI shall ensure that photograph of the customer downloaded through the Aadhaar authentication / verification process matches with the investor in the VIPV. vi. The VIPV shall be digitally saved in a safe, secure and tamper-proof, easily retrievable manner and shall bear date and time stamping. vii. The RI may have additional safety and security features other than as prescribed above.  

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these

Skip to content