The Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), which oversees the centralised repository of KYC records of all Indians, will soon migrate to a new upgraded repository--CKYCRR 2.0--with better-streamlined processes for reporting entities (REs) besides throwing it open to citizens for the first time.
The development comes amid series of discussions to make central know your customers (CKYC) as the “single source of truth for KYC”, and encourage REs to leverage CKYC records to avoid doing the process again and again for the customers at different sources.
The new system upgrade also comes at a time when the regulator has been tightening its grip on KYC compliances, with recent restriction on business payment solution providers (BPSPs) and Paytm Payments Bank Ltd (PPBL).
The challenges grow further as financial intermediaries, including banks, PoS, gateways, payments apps, and aggregator platforms, in the flow of money grow. Multiple firms have been under ED investigation for violating PMLA as well as using single KYC for multiple accounts.
The move is likely to enhance transparency and facilitate better monitoring of the money flow in the system, including crypto and gambling.
The new upgraded system—named Central KYC Records Registry (CKYCRR) Solution 2.0—is proposed to flag fraud identities or forged customer documents to the REs like banks, insurance firms, mutual fund houses, etc.
It also plans to implement a graded framework of KYC assigning, wherein each record will be assigned a "confidence level" based on a predetermined criterion by the regulator.
In a first, the new portal will be thrown open to citizens who can access their KYC records, and get an update via email or SME every time their KYC is uploaded, updated, or downloaded by a financial institution or their partner fintech platforms.
More importantly, citizens will be able to raise direct complaints on the new app in case they find unauthorised REs downloading or updating their data from the repository.
A tender was floated on February 19 by CERSAI inviting a large ‘system integrator’ to build this new and scalable repository.
The pre-bid meeting with the prospective bidders is scheduled to be held on March 18 in New Delhi, the document reveals.
A tender was floated on February 19 by CERSAI inviting a large ‘system integrator’ to build this new and scalable repository.
The big plans
As per the details of the tender, the chosen IT company will be tasked to migrate the entire data to the new system from the existing CKYCRR, and develop advanced features, post-review.
This includes face recognition technology, plugin framework for integration with third party systems like PAN, Aadhaar, and other Officially Valid Documents (OVD) like driving license, passport, voter ID cards, etc. issuing authorities, MCA and so on.
“The existing application has been in operation since 2016. In order to meet evolving technological standards, security protocols, and user expectations, to enhance the feature of CKYCRR, enhance operational efficiency, data security, and overall system performance, a new application can bring fresh perspectives, leverage new technologies, and a tailored approach to meet the unique needs,” the CERSAI notes in the tender document.
The protocol
Set up in 2016, the CKYCRR caters to REs under all four major regulators -- RBI, SEBI, IRDA and PFRDA.
As on January 2024 end, the CKYCRR application had KYC records of 83 crore individuals uploaded via 1 crore legal entities and 7166 REs.
This includes all private and government banks like HDFC, Canara Bank, SBI, RBL; fintech apps Paytm, PhonePe, Razorpay, Mobikwik, Lendingkart, Pine Labs, traditional and new-age broking firms like Zerodha, Groww; mutual fund houses like SBI Mutual Fund, Nippon, Kotak, JM financial, Tata mutual fund; and insurance aggregators like Acko and Go Digit among many others.
The number of downloaded records has also been increasing over the years with total downloads of 93.12 crore which signifies the benefit and ease this repository has provided to the REs and their clients, a previous report by CERSAI notes.
Set up in 2016, the CKYCRR caters to REs under all four major regulators -- RBI, SEBI, IRDA and PFRDA.
Under the mandate of PML (Maintenance of Records) Rules 2005, more particularly Rule 9, all REs are mandated to file electronic copy of KYC records of the client to the repository, CKYCRR.
Once the customers submit their KYC details, say at the time of opening a bank account, they are assigned a unique 14 digit KYC identifier which can be used by them whenever they are establishing an account-based engagement with any other reporting entity.
The idea is to avoid undergoing KYC repeatedly at various sources and instead have the REs retrieve it from a common pool.
Now comes the problem.
Despite the utility and convenience of the CKYCRR, REs have been hesitant to leverage the same and continue to do Video/Aadhaar/ DigiLocker-based KYC or a face-to-face KYC of their customers separately to authenticate them.
Reason—unreliability of CKYCRR data and incomplete information of the customer’s records. Sometime the scanned documents uploaded are blurry and unclear.
“Even if we use CKYC to onboard a customer, we eventually have to use video or a physical KYC which is more expensive,” a junior banker explained.
The new system is aimed at mitigating these issues, encourage REs to leverage CKYC, for better compliances and a more transparent system.
Astha Srivastava, Principal Associate, Ikigai Law terms this as a big move as this will encourage more REs to use CKYCR.
“CKYC has a strong value proposition. However, its potential remains unrealised. This is largely because its use is costly and friction-ridden. It is also hard for REs to ascertain the reliability of the CKYCR data. The initiative to make CKYCR’s use more seamless and assign trust scores to its records can help address these issues,” she said.
“If adoption of CKYCR picks up, REs may rely on it for most of their KYC needs, and turn to costlier options like V-KYC only in high-risk scenarios.”
CKYCRR 2.0: Fraud detection, avoiding duplication
One the major offering of the new system would be its ability to detect frauds.
For instance, the new system proposes that every time an RE accesses data of a particular customer, the system will be able to flag if their verification is pending or if they are prohibited, restricted or in any of the fraud list of say, UNSC sanctions list, FIU, digital fraud registry of the RBI (other regulators), etc.
In case the KYC of a person has been deactivated or suspended previously, the system should be able to flag the RE about the same and provide reason as to why this was done.
Meanwhile, the government is developing a statistical model which will have the system automatically assign a “confidence level” (viz., Level 1: Declared; Level 2: Basic; Level 3: Strong and Level 4: Very Strong) to each KYC record, a key feature to be a part of the new system.
As per the CERSAI documents, this grading will be based upon some predetermined criteria to be decided by CERSAI/regulators.
“The KYC process will be simplified adopting a “risk-based” instead of “one –size fits all” approach. In order to implement this, a task force is operational which inter alia is working on finanlisation of statistical model for assigning confidence level to each KYC record in the CKYCR data,” the budget document read.
What’s in it for citizens?
Every person with a KYC record in the CKYCC would have “view only” access to their data, including seeing details of the entities which uploaded, updated, downloaded his/her KYC records.
This is an important development as KYC-related frauds, identity theft and mis-selling of KYC data have become prevalent in the past few years. The new system has proposed to send intimations to customers every time their KYC details are uploaded, downloaded and updated.
They can further raise complaints in case they find unauthorised REs doing the same.
This is also important as a customer would know which entity to approach to rectify their records, and be aware of how and by whom their KYC data is being used.
Upgrading the CKYCRR is one of parts of the broader initiatives which the government has been working on since past one year to curb possible misuse of KYC.
The government has also been deliberating on bringing in simplified and uniform KYC norms for financial institutions. A committee headed by the finance secretary TV Somanathan is looking into various aspects of this. Some enhanced KYC requirements are also being explored for certain class of corporates.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
