RBI/2013-14/242

RPCD.RRB.RCB.AML.BC.No.32/07.51.018/2013-14 September 10, 2013

The Chairmen / CEOs of all Regional Rural Banks /

State and Central Co-operative Banks

Dear Sir,

Know Your Customer (KYC) Norms /Anti-Money Laundering (AML) Standards/

Combating of Financing of Terrorism (CFT)/Obligation of banks under
Prevention of Money Laundering Act (PMLA), 2002 e-KYC Service of UIDAI
Recognising on-line Aadhaar authentication (electronic verification process) to
be accepted as an Officially Valid Document under PML Rules

Please refer to our circulars RPCD.CO.RRB.AML.BC.No 21/03.05.33(E)/2011-12 and

RPCD.CO.RCB.AML.BC.No.23/07.40.00/2011-12 dated October 13, 2011 and
October 17, 2011 respectively on 'Know Your Customer Norms - Letter issued by
Unique Identification Authority of India (UIDAI) containing details of Name, Address
and Aadhaar Number' which state that letter issued by the Unique Identification
Authority of India (UIDAI) containing details of name, address and Aadhaar number
may be accepted as an Officially Valid Document. Further in terms of paragraph 2(iii)
of our circular RPCD.CO.RRB.RCB.AML.No.6097/07.51.018/2012-13 dated
December 13, 2012, Regional Rural Banks and State and Central Cooperative Banks
were advised that, while opening accounts based on Aadhaar, if the address provided
by the account holder is the same as that on Aadhaar letter, it may be accepted as a
proof of both identity and address.

2. In order to reduce the risk of identity fraud, document forgery and have paperless
KYC verification, UIDAI has launched its e-KYC service. Accordingly, it has been
decided to accept e-KYC service as a valid process for KYC verification under
Prevention of Money Laundering (Maintenance of Records) Rules, 2005. Further, the
information containing demographic details and photographs made available from
UIDAI as a result of e-KYC process (which is in an electronic form and accessible so
as to be usable for a subsequent reference) may be treated as an Officially Valid
, , 10 , , ....10014, 400 001
:Tel: 022-22601000 Fax: 91-22-22621011/22610948 E-mail: [email protected]
Rural Planning & Credit Department,Central Office, 10th Floor, Central Office Building, S. B. S. Marg,P. Box No.10014, Mumbai 400001
,

: -, , ,

Caution: RBI never sends mails, SMSs or makes calls asking for personal information like bank account details, passwords,
etc. It never keeps or offers funds to anyone. Please do not respond in any manner to such offers.
Document under PML Rules. In this connection, it is advised that while using e-KYC
service of UIDAI, the individual user has to authorize the UIDAI, by explicit consent, to
release her or his identity/address through biometric authentication to the bank
branches/business correspondents (BCs). The UIDAI then transfers the data of the
individual comprising name, age, gender, and photograph of the individual,
electronically to the bank/BCs, which may be accepted as valid process for KYC
verification. The broad operational instructions to banks on Aadhaar e-KYC service is
enclosed as Annex.

3. Regional Rural Banks and State and Central Co-operative Banks are advised to
have proper infrastructure (as specified in Annex) in place to enable biometric
authentication for e-KYC.

4. Physical Aadhaar card/letter issued by UIDAI containing details of name, address

and Aadhaar number received through post would continue to be accepted as an
Officially Valid Document.

5. Regional Rural Banks and State and Central Co-operative Banks may revise their
KYC policy in the light of the above instructions and ensure strict adherence to the
same.

Yours faithfully,

(A. Udgata)
Principal Chief General Manager
 ANNEX

Operational Procedure to be followed by banks for e-KYC exercise

The e-KYC service of the UIDAI is be leveraged by banks through a secured network.
Any bank willing to use the UIDAI e-KYC service is required to sign an agreement with
the UIDAI. The process flow to be followed is as follows:

1. Sign KYC User Agency (KUA) agreement with UIDAI to enable the bank to
specifically access e-KYC service.

2. Banks to deploy hardware and software for deployment of e-KYC service across
various delivery channels. These should be Standardisation Testing and Quality
Certification (STQC) Institute, Department of Electronics & Information
Technology, Government of India certified biometric scanners at bank
branches/ micro ATMs/ BC points as per UIDAI standards. The current list of
certified biometric scanners is given in the link below:

http://www.stqc.gov.in/sites/upload_files/stqc/files/UID_Auth_Certlist_250613.pdf

3. Develop a software application to enable use of e-KYC across various

Customer Service Points (CSP) (including bank branch, BCs etc.) as per UIDAI
defined Application Programming Interface (API) protocols. For this purpose
banks will have to develop their own software under the broad guidelines of
UIDAI. Therefore, the software may differ from bank to bank.

4. Define a procedure for obtaining customer authorization to UIDAI for sharing e-

KYC data with the bank. This authorization can be in physical (by way of a
written explicit consent authorising UIDAI to share his/her Aadhaar data with the
bank/BC for the purpose of opening bank account) /electronic form as defined
by UIDAI from time to time.

5. Sample process flow would be as follows:

a. Customer walks into CSP of a bank with his/her 12-digit Aadhaar

number and explicit consent and requests to open a bank account
with Aadhaar based e-KYC.

b. Bank representative manning the CSP enters the number into banks e-
KYC application software.

c. The customer inputs his/her biometrics via a UIDAI compliant biometric

reader (e.g. fingerprints on a biometric reader).

d. The software application captures the Aadhaar number along with

biometric data, encrypts this data and sends it to UIDAIs Central
Identities Data Repository (CIDR).

e. The Aadhaar KYC service authenticates customer data. If the Aadhar

number does not match with the biometrics, UIDAI server responds with
 an error with various reason codes depending on type of error (as
defined by UIDAI).

f. If the Aadhaar number matches with the biometrics, UIDAI responds with
digitally signed and encrypted demographic information [Name,
year/date of birth, Gender, Address, Phone and email (if available)] and
photograph. This information is captured by banks e-KYC application
and processed as needed.

g. Banks servers auto populate the demographic data and photograph in

relevant fields. It also records the full audit trail of e-KYC viz. source of
information, digital signatures, reference number, original request
generation number, machine ID for device used to generate the
request, date and time stamp with full trail of message routing, UIDAI
encryption date and time stamp, banks decryption date and time stamp,
etc.

h. The photograph and demographics of the customer can be seen on the

screen of computer at bank branches or on a hand held device of BCs
for reference.

i. The customer can open bank account subject to satisfying other account
opening requirements.