The promise of neobanks, digital banks, embedded finance, and so on has changed how financial services are accessed and experienced. Players, ranging from banks to startups to big tech companies, are thus exploring the multifarious ‘as-a-service’ offerings and infrastructure, such as Open Banking APIs, UPI, and the upcoming Open Credit Enablement Network (OCEN). Many of the resulting arrangements manifest as a layer on top of banks and other regulated players. To access the financial services they offer, compliance with the KYC mandate applicable to the service and the player or the underlying player is an essential first step.
Customers expect a seamless and digitized identity verification procedure, particularly during the pandemic that has made traditional contact-based and in-person KYC processes a health risk. Integrating a completely digitized and scalable identity verification layer is thus essential for innovation in this space to achieve its full potential. Regulatory steps relaxing individual and business KYC and technological infrastructure for API-based verification play a crucial role in creating this layer.
The explosion of API-based services has facilitated numerous new arrangements. Take, for example, banks and FinTech companies partnering to launch digital banks to add new distribution and onboarding channels, companies signing up as TPAPs to launch UPI-based payments services, and tech/FinTech companies riding on the licenses of regulated players to offer digital lending and other services. In fact, dedicated financial infrastructure players that partner with multiple banks, NBFCs, and other entities via APIs enable companies to simply ‘plug and play’ to launch their financial services.
Services in the experimental stage and trying to scale, such as a new service or a new way to access a traditional service, must minimize customer onboarding friction—a valuable lesson learned the hard way by the m-wallet industry in its initial years. Business models in the m-wallet industry were originally built around low-cost Aadhaar-based eKYC (approximately INR 20, as opposed to INR 200–250 for regular KYC). The 2018 withdrawal of eKYC, combined with the mandate to convert to full KYC, took away convenience—a key factor that drove the early adoption of m-wallets. M-wallets have since completely reinvented themselves, but this still leaves lessons to be learned on the KYC front.
A digitized identity verification layer, much like IndiaStack’s integrated ‘presence-less’ and ‘paperless’ identity layer (via eKYC, DigiLocker, etc.), thus plays an essential role.
Neobanks, for example, can partner with multiple banks or other regulated players. Customers can access the services of a neobank if they have an account with any of the underlying partner banks. KYC compliance is then defined by the norms applicable to the banks.
A neobank and its partner bank can set up ‘connected banking’ models, enabling customers having accounts with the partner bank to simply link their account via a net banking process. KYC must be completed first if a new account needs to be opened. Account linking and KYC vary across banks, with varying levels of digitization. For example, a URL can be redirected from the neobank’s website/app to the bank’s website to complete the process. Alternatively, some or all of the required data—to be shared with the bank—can be collected at the merchant’s portal that conducts and confirms the verification via APIs. The bank can also conduct Aadhaar-based verification depending on the service.
Similar steps are deployed when accessing a new service requiring separate KYC, say, accessing insurance, lending, or mutual funds after linking an existing savings account. The same goes for an embedded finance offering, for example, a savings account or wallet service embedded as a feature directly in a merchant app.
KYC verification and account linking with API-based services are not yet completely digitized. Video KYC primarily eases individual KYC; business KYC is still a far cry from digitization. KYC here also often ends with a mandatory in-person verification by the bank before account activation.
An identity verification layer undoubtedly eases verification at the technological level, covering the multiple API integrations with banks, public databases, and other sources as required. In addition, API-based data access can further ease verification, for instance, allowing consent-based predictive auto-filling of KYC forms to reduce human error, accelerate onboarding, and support the overall due diligence and fraud checks.
While KYC has specific requirements such as accepting only official ‘equivalent e-documents,’ data from government databases and other sources can also be used for digital identity verification outside of the legal mandate for KYC. For instance, apart from KYC for customers, verification is equally important, say, for onboarding vendors, partners, and employees. Sector-specific rules can also have requirements that may not be KYC per se. For example, the Consumer Protection (e-commerce) Rules, 2020 require marketplace e-commerce entities to keep records, allowing identification of sellers.
Even with regulated entities, a modular approach can help platforms set up staggered KYC policies on a need-to-know basis instead of full KYC. A step in this direction was the RBI’s guidelines for payment aggregators (PAs), for which a clarification was shared differentiating between account-based and onboarding relationships. With these guidelines, PAs onboarding merchants with an underlying full KYC bank account need not conduct the entire KYC process again; a board-approved KYC policy will suffice.
Features to ease the process have already been introduced. For instance, using GSTIN, data such as legal entity name, business address, registration date, GST status, and beneficial owner information can be pulled from the GST portal and auto-filled. Trusted sources such as the account aggregator framework and other Banking-as-a-Service (BaaS) facilities can all be leveraged here. Even payment credentials need to be verified, for instance, verifying payment credentials prior to processing employee salaries and vendor payments. The traditional ‘canceled check’ technique can also be made instant and paperless with online bank account verification via APIs.
Open Banking, thus, has tremendous potential to create reliable ‘instant’ identity verification.
Several factors impact how a digital identity verification layer works—what KYC and verification entail, restrictions on data storage, etc. Although regulatory steps have eased the process, several challenges still need to be addressed.
KYC—a multi-step process that starts from pre-onboarding and continues until the relationship ends—includes checking identity documents, such as Aadhaar and passport, and business documents (licensing, registration), verifying PAN and GSTIN, beneficial owner KYC, and bank account verification. Many of these steps can be digitized via a verification layer, thanks to regulatory relaxations and government databases that have opened API access to enable direct verification.
KYC norms vary from service to service and, sometimes, entity to entity. Businesses, therefore, need to assess their business requirements, applicable regulatory norms, and the facilities their verification layer requires. For example, consider a business using an embedded finance feature for wallets to credit salaries to its unbanked vendors/partners or facilitate specific authorized purchases by employees. Seamless issuance of wallets will also require an integrated ability to complete KYC. The following points specific to KYC for wallets must be kept in mind:
Regulatory steps to digitize KYC play a crucial role with seamless identity verification. With m-wallets, the initial regulatory flip-flop around KYC was a big part of the challenge. Moreover, the respite that came (permitting minimum KYC low-limit wallets and increasing time for converting to full KYC to two years) was slow. However, steps are now being taken to digitize and relax KYC.
In addition to relaxing KYC for wallets, there are initiatives that relax KYC for particular services or entities where customers can link an underlying bank account for which the bank has already conducted full KYC. Currently, this relaxation can be found in three cases:
i) PA guidelines that allow board-approved KYC policies when onboarding merchants with such accounts. The distinction drawn between account-based and onboarding relationships in the guidelines is important and is, in fact, also found in the KYC direction that requires the ‘customer due diligence aspect’ of KYC to be carried out only when “establishing an account-based relationship.”
ii) Another example is UPI that requires linking the account to the UPI app, which greatly eases UPI’s adoption, compared to say wallets.
iii) Minimum KYC wallets, loaded only from such accounts, are also an example.
Yet another step toward digitizing KYC is using Aadhaar OTP-based eKYC as a simple KYC option for opening savings and lending accounts. While these are subject to limits of INR 100,000 and INR 60,000, respectively, and must be converted to full KYC (via V-KYC again) within a year, these are a good option, say, for issuing short-term, small-ticket loans.
For digitizing KYC, in general, important steps have been taken such as permitting the use of ‘equivalent e-documents’ for KYC from DigiLocker or the issuing authority (e-PAN, e-AoA, and e-MoA). Operationalizing C-KYC for individuals and, recently, businesses and permitting V-KYC for individuals first and now businesses are among the other steps. V-KYC was eased recently to accept identity documents apart from Aadhaar via the C-KYC Identifier and DigiLocker. The increase in API-accessible government databases (such as NSDL for PAN, GST Portal, and MCA) is another benefit.
All these steps increase the possibility of an end-to-end digital KYC process. The key benefit at present, however, is for individuals. For businesses, KYC is still not adequately digitized.
Individual KYC is comparatively more digitized than business KYC, thanks to V-KYC, C-KYC, and DigiLocker, though practically, even these run into issues. V-KYC, for example, still hasn’t been adopted widely. KYC sharing via C-KYC is not highly reliable due to the risk of fraud at the other institution. For business KYC, despite recent welcome steps, there are several additional challenges:
A verification layer thus takes many factors into consideration and plays a crucial role in easing customer onboarding for businesses. Regulators can certainly take the next steps, like increasing the number of API-accessible business documents, recognizing API-based verification as original seen and verified, resolving operational issues with C-KYC, and increasing data available on merchant fraud. These steps can play a pivotal role in digitizing onboarding, particularly for business KYC, including small businesses and MSMEs. The regulatory focus and initiatives in this regard cannot be undermined. Each step brings fully digitized and real-time verification closer to reality.
To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.