The RBI has issued an update to the Operating Guidelines for Payments Banks with regard to KYC requirements while onboarding customers of telecom companies, in the wake of the Airtel Payments Bank rerouting of subsidies by creating Payments Bank accounts for subscribers validating mobile phone numbers.

The circular draws attention to Section 14 of the Master Direction on KYC from February 25, 2016:

For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, REs, shall at their option, rely on customer due diligence done by a third party, subject to the following conditions:

  1. Necessary information of such customers’ due diligence carried out by the third party is immediately obtained by REs.
  2. Adequate steps are taken by REs to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
  3. The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
  4. The third party shall not be based in a country or jurisdiction assessed as high risk.
  5. The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the RE.

Previously the Operating guidelines for Payments Banks. allowed Payments Banks to utilise same KYC details if they are “of the same quality as prescribed for a banking company.”

PBs should ensure that every customer, including customers of mobile companies on-boarded comply with the KYC regulations, which could include simplified account opening procedures. It is clarified here that if the KYC done by a telecom company, which is a promoter / promoter group entity of the PB, is of the same quality as prescribed for a banking company, PBs may obtain the KYC details of the customer from that telecom company, subject to customer consent.

However, now Payments Banks have to follow the RBI Master Direction of KYC, and any amendments made to the same:

A PB shall comply with the extant RBI Master Direction on KYC, as amended from time to time, for all its customers, including existing customers of telecom companies onboarded by the PB.

The update further refers to Paragraph 8(i) that states:

At their discretion, PBs may (like all other banks) decide not to take the wet signature while opening accounts and instead rely upon the electronic authentication/confirmation of the terms and conditions of the banking relationship/account relationship keeping in view their confidence in the legal validity and authenticity of such authentications/confirmations. However, all the extant regulations concerning KYC including those covering the Central KYC Registry, and any subsequent instructions in this regard, as applicable to commercial banks, would be applicable to PBs.

The update clarifies that these instructions continue to be applicable within the overall framework of the Operating Guidelines, but may not be treated a part of the KYC requirements. It is not clear what this means, as the paragraph is explicitly about KYC requirements.

This appears to have been done as an attempt to prevent the sort of “piggybacking” that was seen with the Airtel Payments Banks accounts being opened with a barely noticed pre-ticked box. This was enabled by the previous guidelines that explicitly allowed the reuse of the authentication done by telecom companies by the associated Payments Bank – possibly with an intent to simplify account opening – without explicitly forbidding it.

This update may create problems for the Payments Banks if it means that the Payments banks will have to obtain the KYC for all their customers enrolled through the telecoms all over again. However, it will prevent the creation of accounts in the name of telecom subscribers without their knowledge/noticing and is thus a more accountable process. It is unclear whether this is so, because while the update removes the explicit permission to obtain the KYC information from the telecom, subject to customer consent, it does not actually say that the Bank will have to reverify all their customers independently of the telecom and the master direction already allows for trusted third parties – given that the Aadhaar e-KYC data is identical for telecom customers as well as bank customers, it is unclear whether this can or cannot be used by the Payments Bank, as long as it is clear that the Payments Bank is responsible for the validity of the KYC of its customers.

Sort of like saying “Do as you wish, but if there is trouble, we’ll hold you responsible”.