The Reserve Bank of India (RBI), in its continued efforts to ease financial institutions’ operational routines while strengthening controls against financial crimes, updated its Frequently Asked Questions (FAQs) related to its Master Direction (MD) — KYC on June 9, 2025. Subsequently, RBI issued KYC (Amendment) Directions on June 12, 2025. These two together aim to enable financial institutions to streamline their processes while retaining strong controls and oversight.
This exhaustive walkthrough aims to aid compliance officers, regulators, financial institutions, and stakeholders in understanding these updated FAQs alongside the related amendment, their significance, their operational impacts, and their role in strengthening financial stability.
What Is KYC and When Is It Applicable?
Know Your Customer (KYC) forms the foundation for financial institutions’ controls against financial crimes, money laundering, fraud, and terrorist financing.
It involves verifying the identity and address of a customer in conformity with RBI’s regulations.
This process applies under various scenarios, including:
- Onboarding or opening a new account.
- Initiating financial transactions above certain thresholds.
- Periodically updating KYC information in keeping with a customer’s risk profile.
- Verifying customer details upon suspicion or unusual activity.
Acceptable Officially Valid Documents (OVD)
RBI’s updated FAQs enable REs to identify their customers employing a range of documents:
- Proof of Identity (POI) — Passport, voter’s voter-ID, driving license, or Aadhaar.
- Proof of Address (POA) — Passport, voter’s voter-ID, utility bills (electric, water, phone), rental agreement, or bank account statements.
- Small Accounts — If standard documents are unavailable, simplified documents or self-certification may be acceptable.
This flexible approach maintains strong controls while reducing customer friction — a crucial consideration for financial empowerment.
Customer Due Diligence Processes (CDD)
The updated FAQs outline Customer Due Diligence (CDD) routines:
- Risk-Based CDD: Higher-risk customers may warrant additional scrutiny.
- Enhanced CDD: Certain cases — for example, high-risk or PEP (politically exposed persons) — may require extensive scrutiny and additional verification measures.
- Simplified CDD: Small-risk and low-risk relationships may enable simplified verification with minimum documentation.
CKYCR, Aadhaar, and DigiLocker — The Digital Stack for KYC
RBI’s updated FAQs highlight the growing role of Central KYC Records Registry (CKYCR), Aadhaar, and DigiLocker in simplifying KYC routines:
- Central KYC Records Registry (CKYCR): REs can reuse CKYCR IDs for subsequent relationships, reducing redundancy in collecting documents.
- Aadhaar e-KYC: Biometric authentication with consent can enable paperless and instant KYC, reducing processing time while strengthening controls.
- DigiLocker: Citizens’ documents placed in DigiLocker can be accessed directly by financial institutions with consent, adding a convenient and trustworthy delivery method for KYC documents.
Customer Onboarding Methodologies
RBI’s updated FAQs enable REs to carry forward their customer onboarding through multiple methods:
- Face-to-face (with physical documents)
- Non-face-to-face (NFTF) (with documents and/or electronic authentication)
- V‑CIP (Video Customer Identification Process) — real-time video call with customer alongside document verification
- Business Correspondents (BCs) — BCs can aid in verifying documents and collecting customer declarations in hard-to-reach or financially excluded areas — extending financial services’ reach while retaining strong controls.
Periodic KYC Update Guidelines
The updated FAQs clarify timelines and processes for periodic KYC reviews:
- High-risk customers: Every 2 years
- Medium-risk: Every 8 years
- Low-risk: Every 10 years
Additionally:
- Customers can self-certify their details if there’s no change in their KYC profile — simplifying the process for both the customer and financial institution.
- Addresses can be updated with a self-certification through digital or physical channels.
Inoperative Accounts and Reactivation
The updated FAQs enable financial institutions to reactivate inoperative or dormant accounts gracefully:
- Customers can submit their updated KYC through face-to-face, video, or business correspondents.
- This process lets financial institutions reactivate previously inactive accounts efficiently — adding financial inclusivity while retaining strong controls against financial crimes.
CDD for Transactions — Suspicious Activity & Large Transactions
Enhanced Customer Due Diligence applies to high-risk or suspicious transactions:
- Large deposits, unusual fund movements, high-risk profiles, or other atypical signals may trigger additional scrutiny.
- Suspicious transactions must be investigated and reported to the Financial Intelligence Unit-India (FIU-IND) under applicable regulations.
This two-pronged approach safeguards financial institutions while honoring their financial crimes compliance obligations.
Grievance Redressal Mechanism
RBI’s updated FAQs advise financial institutions to:
- Implement accessible, documented grievance redressal mechanisms for customers experiencing KYC-related issues.
- Provide timely resolution and clear explanations for customer complaints or delays.
- Allow for escalation if the customer is not satisfied with the initial resolution.
This guarantees fairness, credibility, and a strong complaints framework — strengthening customer trust in financial institutions’ compliance routines.
Impact for Regulated Entities (REs)
RBI’s updated FAQs will profoundly affect financial institutions’ operations and compliance controls:
Enhanced Clarity and Standardization:
Provides a clear framework for REs to implement their KYC routines in conformity with regulations.
Risk-Based Approach:
Offers flexibility in designing controls tailored to respective risk profiles — freeing resources while strengthening safeguards.
Technology Enablement:
Encourages reuse of CKYCR IDs, Aadhaar, and DigiLocker for faster, less-cumbersome, yet trustworthy KYC processes.
Audit and Record-Keeping:
Maintaining extensive records and audit trails for their KYC routines is a key requirement — a process regulators can subsequently inspect.
Training and Awareness:
Staff must be trained to handle KYC processes efficiently and in conformity with regulations — especially when employing business correspondents and digital mechanisms.
Key Highlights from June 12, 2025 — KYC (Amendment) Directions, 2025
RBI further amended its KYC Master Direction with a set of critical policy tweaks and clarifications:
Grace Period for Low-risk Customers:
Individual low-risk customers may be allowed to carry forward their transactions and update their KYC within one year of their KYC becoming due or by June 30, 2026, whichever is later — while their accounts remain operational with appropriate monitoring.
Business Correspondents’ Role:
BCs may aid in self-certification by collecting customer declarations and documents (with appropriate consent) for KYC updation.
Banks remain ultimately responsible for their customers’ KYC compliance, retaining oversight and control.
Structured Communication to Customers:
Banks must send at least 3 advance notices — including at least 1 by physical letter — before KYC is due for periodic update.
If the customer fails to update their KYC after these notifications, banks must follow up with at least 3 additional reminders (with at least 1 by physical letter), stating instructions, consequences, and assistance mechanisms.
Audit Trail and Accountability:
All notifications, customer responses, and related documentation must be duly recorded in bank systems for eventual audits by regulators.
This requirement underscores the necessity for strong operational controls and oversight mechanisms within financial institutions.
Final Takeaway
RBI’s updated FAQs and subsequent KYC (Amendment) Directions collectively reflect its policy intent to make KYC more flexible, convenient, trustworthy, and adaptable to changing financial landscapes — while retaining strong controls against financial crimes.
This updated guidance lets financial institutions ease their operational routines, enable financial access for the underbanked, and provide greater operational excellence — all while strengthening their controls against money laundering and fraud.
- For Regulated Entities: This is a crucial opportunity to align their processes with updated guidance, leverage technology for operational ease, and assure regulators and stakeholders of their robustness in compliance.
- For Customers: This signals greater financial inclusivity, simplified routines, less redundancy in submission of documents, faster account openings, and convenient processes for updating KYC — all adding up to a strong financial ecosystem anchored in trust.
- #RBI
- #KYC
- #FAQs
- #Amendment
13 Jun 2025
