By Anuradha Gandhi, Rachita Thakur and Abhishekta Sharma
Introduction
In 2025-26 budget speech, Finance Minister Ms. Nirmala Sitharaman highlighted the government’s commitment to simplifying the Know Your Customer (KYC) process through the rolling out of revamped Central KYC Registry. She also announced the introduction of streamlined system for periodic KYC Updates.[1] With over 103 crore individuals already registered with the Central KYC Record Registry (CKYCR), the government has urged Regulated Entities (hereinafter referred to as REs) to actively utilize this data for seamless customer onboarding.[2]
Further advancing this initiative, the Reserve Bank of India (hereinafter referred to as ‘RBI’) on June 12, 2025 issued three interlinked circulars[3] marking a significant reform in KYC framework.
Why has RBI issued these circulars?
To RBI has issued these circulars to amend the Master Direction – Know Your Customer (KYC) Direction, 2016[4] (hereinafter referred to as ‘KYC Master Directions’) in order to enhance procedural efficiency, eliminate redundancy, strengthen consumer protection and improve the overall security relating to KYC process. Additionally, RBI has observed a large pendency in periodic updation of KYC in different accounts.
Why is KYC important?
Customer KYC, specifically in the financial sector, is necessary in order to prevent banks and other financial institutions from being used as a channel for Money Laundering (hereinafter referred to as ‘ML’) or Terrorist Financing (hereinafter referred to as ‘TF’) and to ensure the integrity and stability of the financial system. REs are required to follow certain customer identification procedures while undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions. RBI prescribes these customer identification procedures in the form of KYC.[5]
KYC Amendment 2025
The KYC Amendment 2025 has brought changes to Paragraph 38 of the Direction which deals with Update/Periodic Updation of KYC. The major amendments under this circular includes:-
- Amendment in timeline for low-risk customer- Low risk customer now have until one year from their KYC due date or June 30,2026 (whichever is later) to update their KYC. During this period all transactions on such accounts will be under regular monitoring.
Who are low risk customer?
Master Circular – ‘Know Your Customer’ (KYC) Guidelines – Anti Money Laundering Standards (AML) – Prevention of Money Laundering Act, 2002 – Obligations of NBFCs in terms of Rules notified thereunder’[6] defines low risk customers as individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile. Salaried employees with well-defined salary structures, individuals from lower economic strata with accounts reflecting small balances and low transaction volumes, government-owned companies, regulators and statutory bodies are considered low risk customers.[7]
Empowerment of Business Correspondents (BC)- Business Correspondents are retail agents engaged by banks for providing banking services at locations other than a bank branch/ATM.[8] BCs are authorized to:-
- Accept self-declarations from customer for no change or change of address.
- The bank shall obtain self-declaration including the supporting documents, if required in the electronic mode through BC, after successful biometric based e-KYC authentication.
- The BC shall facilitate both physical and electronic submission of KYC information.
- Structured customer communication- REs are now required to implement structured reminder. Customer should be informed in advance about the pending KYC updates. At least three advance notifications should be given, including at least one notification sent by letter, at appropriate intervals. If customer has still not complied bank will sent three more reminders ensuring better communication and reducing the risk of accounts becoming inoperative due to non-compliance.
Updation/Periodic Updation of KYC– Revised Instructions
- Banks are adviced to organize camps focusing on periodic updation of KYC especially in rural and semi urban branches and branches having large pendency in periodic updation of KYC.
Further RBI has simplified customer onboarding and updation of KYC over the year:-
- Customer can be onboarded in person (face-to-face onboarding) using Aadhaar biometric based e-KYC and digital KYC.
- In case of Non-Face-to-Face Mode, Aadhaar OTP based e-KYC with certain conditions, such as accounts shall be placed under strict monitoring and Customer Due Diligence (CDD) shall be completed within a year. Further other digital and non-digital methods (like KYC identifier, equivalent e-documents, document issued through digilocker or certified OVDs for NRI/PIOs) are also permitted subject to conditions
- Video based Customer Identification Process (V-CIP) can be done by authorized official to verify customer through seamless, secure, live, informed and consent based audio visual interaction. It is considered same a face-to-face onboarding.
Inoperative Accounts/ Unclaimed Deposits in Banks
Banks must allow KYC updation for reactivating inoperative accounts and unclaimed deposits at all branches including non-home branch.
KYC for these accounts can also be updated via V-CIP or through authorized BCs reinforcing the role of BCs in activation of inoperative account.
Data privacy and KYC
The KYC processes in India governed by a combination of regulatory requirements and data privacy principles especially following Digital Personal Data Protection Act, 2023. Currently KYC in India aligns with data privacy principles on the following grounds:
- Consent management and purpose limitation:
- Authority mandates KYC verification for purpose of obtaining information on identity and address of the customer, nature of business and financial status of a customer.
- Data security and confidentiality:
- REs must now ensure secure handling, storage and processing of customer data.
- Customers are better protected against unauthorized use or leakage of personal data.
- Further, electronic KYC (e-KYC) uses biometric authentication and encrypted digital channels, enhancing data security.
- The entire data and recordings of Video based Customer Identification Process (V-CIP) shall be stored in a system / systems located in India.
- RBI KYC Master Direction require to maintain all necessary records of transactions between the RE and the customer including, both domestic and international, for at least five years from the date of transaction.
- Having a central registry for KYC will eliminate repeated collection and reduce duplication and number of entities storing personal data
- Transparency
- Fetching and uploading KYC through Central KYC Records Registry (CKYCR) requires customer consent. Further mandating logged notices and reminders support transparency and traceability.
- Accountability and accuracy
- KYC updation by banks and its intimation to customers align with accuracy and accountability principle.
Impact of the amendments
- These amendments primarily impact customer by simplifying and easing the periodic KYC update process, benefitting low risk individuals and customers in rural and semi urban areas.
- The extended timeline for low risk customers will relax compliance pressure and prevent service disruption for many account holders.
- The empowerment of BCs will ease the process of KYC at various levels and help customers to get KYC done by BCs.
- The amendment will also help customers stay updated about their data and increase transparency and accuracy aligning with data privacy.
Conclusion
The notifications amending the KYC process is a significant step towards more inclusive, convenient and efficient banking ecosystem. Further implementing CKYCR integration and consent first practices it align with data privacy practices.
https://ssrana.in/articles/regulating-the-upi-ecosystem-ensuring-consumer-rights-and-privacy/
https://ssrana.in/articles/handling-of-personal-financial-data-by-payment-gateways/
https://ssrana.in/articles/guidelines-on-esakshya/
[1]https://www.indiabudget.gov.in/doc/budget_speech.pdf
[3]https://website.rbi.org.in/web/rbi/-/notifications/reserve-bank-of-india-know-your-customer-kyc-amendment-directions-2025-Reserve Bank of India (Know Your Customer (KYC)) (Amendment) Directions, 2025 (DOR.AML.REC.30/14.01.001/2025-26);
https://website.rbi.org.in/web/rbi/-/notifications/updation/-periodic-updation-of-kyc-revised-instructions-1 – Updation/Periodic Updation of KYC– Revised Instructions (DOR.AML.REC.31/14.01.001/2025-26); https://website.rbi.org.in/web/rbi/-/notifications/inoperative-accounts/-unclaimed-deposits-in-banks-revised-instructions-amendment-2025-1 – Inoperative Accounts/ Unclaimed Deposits in Banks – Revised Instructions (Amendment) (2025DOR.SOG(LEG).REC/32/09.08.024/2025-26)
[4]https://www.rbi.org.in/CommonPerson/english/scripts/notification.aspx?id=2607
[5]https://www.rbi.org.in/CommonPerson/english/scripts/notification.aspx?id=2607#1
[6] https://www.rbi.org.in/commonman/english/scripts/Notification.aspx?Id=866
[7] https://www.rbi.org.in/commonperson/english/Scripts/Notification.aspx?Id=866
[8] https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=2234#A3