Post-infection by the Aadhaar bug, every organisation in India has been suffering inability to recognise those that they have recognised for decades. Suddenly, they need an Aadhaar and an annual know-your-customer (KYC) to allow the relationship of decades to be continued till yet another KYC next year.
The ministry of corporate affairs (MCA) is the latest to have been hit by the KYC bug. Calling for conducting KYC of all directors of all companies annually through a new e-form, DIR-3 KYC, the MCA mandated the Aadhaar, unique personal mobile number and personal email ID duly verified by one time password (OTP) using their own DSC (Class 2) and duly certified by a practising professional chartered accountant (CA) / company secretary (CS)/ certified management accountant (CMA).
Directors on various companies for more than a decade expressed shock as some of them have changed mobiles and email IDs several times in the past 20 years and many have stayed away from Aadhaar for different reasons. Several directors still prefer landlines and postal services. Some with an Aadhaar have discovered, to their utter shock, that their biometrics do not work like the science fiction projected by the Unique Identification Authority of India (UIDAI).
Section 154 of the Companies Act
provides for the allotment of a directors identification number (DIN). It states, “The Central Government shall, within one month from the receipt of the application under section 153, allot a Director Identification Number to an applicant in such manner as may be prescribed.”
There is no provision in the Companies Act to require a director, who has been allotted, a DIN to undergo KYC process. There are no provisions in the Act to require a DIN to be validated again once it has been allotted or for it to be cancelled. It is obvious that the government is infected with the Aadhaar bug that is causing every ministry to create illegal and invalid procedures and requirements to include Aadhaar numbers into its databases.
There is no rule or notification on the MCA website
that provides any legal base to the DIR-3 KYC process. Letters issued to directors registered with the MCA do not give reference to any legal provision, thus making them ab initio ipso jure
RS Sharma, the chairman of Telecom Regulatory Authority of India (TRAI), in a Twitter session on #AskTRAI, refused to answer a question on the regulator’s policy about recycling mobile numbers.
Mobile numbers get recirculated to different subscribers when subscribers do not renew their subscription or lose their numbers for other reasons. They are neither bound to a unique subscriber for life nor are they bound to a single user over the period of subscription. The same is true for email IDs. If the MCA requires a unique channel for each director, isn't it more appropriate for them to just allot a mobile number and email ID for the life of the director?
If demanding a unique mobile number and unique email ID are not absurd as demanding a unique address, the KYC using Aadhaar is even more bizarre.
In fact, the UIDAI does not even know how many unique biometrics exist in the entire database. Astonishingly UIDAI’s affidavit to the Supreme Court in the WP 494 of 2012 and associated matters
indicates that at least 600 million Aadhaar numbers out of 1,200 million have never been used to authenticate any transaction ever.
Clearly, there is no merit in any claim that the biometrics can be the basis for unique entries in the Aadhaar database and the Aadhaar database is free from ghosts and duplicates. From the looks of it, at least 600 million numbers in the database are ghosts and duplicates.
It cannot serve any KYC or transparency to replace certified IDs that have been the basis of governance for last seven decades with uncertified, unverified and unaudited Aadhaar by an agency, the UIDAI that takes no responsibility to any Aadhaar number turning out to be a ghost or to any transaction undertaken with the Aadhaar numbers.
Unfortunately, most bureaucrats have not realised that merely including Aadhaar in the database makes indistinguishable such records from those that were painstakingly created through legal processes over decades. What neither the UIDAI, nor the government seem to have recognised is that the issue, use and mandating Aadhaar under these circumstances appears to be considered as offences under various sections of Chapter XI of the Indian Penal Code.
The use of Aadhaar, therefore, by any stretch of imagination, cannot serve any legitimate and legal purpose or any national interest.
In India, where every government document had to be attested by a gazetted officer, the pendulum has swung to the other extreme. Suddenly, biometric and demographic data submitted by private operators to UIDAI is being used to replace legally valid or legitimate identification documents issued and certified by government officers. Once Aadhaar replaces existing documents, it causes unprecedented harm to the country as there is no way to distinguish real individuals, on-boarded through careful legal process by government officials, from those added through the Aadhaar database.
There is prima facie enough case, and national security at stake, for the Central Bureau of Investigation (CBI) to investigate into the use and propagation of the Aadhaar.
Citizens across the country have written to various government ministries and agencies highlighting these issues. Senior bureaucrats, who realise this for the first time, are utterly shocked. They have never realised how the Trojan Horse of Aadhaar got into their department or ministry. An uncertified biometric or demographic has no legal value and causes incalculable harm to the country.
While some ministries are making an effort to protect their databases from Aadhaar, they have yet to ensure that the Aadhaar bug is destroyed before it destroys the country.
The Central Board of Direct Taxes (CBDT) has already enabled a process to allow filing of income-tax returns (ITRs) without Aadhaar. The MCA has announced that it will not insist on Aadhaar although it has not yet clarified the legal basis of the DIR-3 KYC. Directors from at least four different states have been preparing to challenge the vires of the DIR-3 KYC and the Aadhaar mandate in their respective High Courts.
This, however, has become a matter of national security that is far more serious and important than a misinformed and misplaced case for governmental expediency or the right of the government to create procedures for its functioning.
(Dr Anupam Saraph is a renowned expert in governance of complex systems and advises governments and businesses across the world. He can be reached @anupamsaraph.)
1. Some statements made in third paragraph about Directors appear to be superficial.
â€˜Directors â€¦ â€¦ â€¦ have changed mob nos / email IDs several times â€¦â€™
So what? The current valid ones only matter. So provide them and stick to them. Whenever any changes are made, it is incumbent on the person to make commensurate amendments to the appropriate records.
â€˜Several directors still prefer landlines and postal servicesâ€™ - a very flimsy, laughable argument!
â€˜Some with an Aadhaar have discovered â€¦ â€¦ their biometrics do not work â€¦â€™ â€“ this is not a dead - end, remedies can be / are being found.
' many have stayed away from Aadhaar for different reasons' â€“ this is the crux â€“ why? Under the garb of privacy?
2. Provisions in Companies Act wrt DIN and legality of DIR-3KYC Process â€“ this is an area obviously the Government needs to move, keeping the proceedings in Supreme Court in mind.
3. Mobile numbers may get changed, but it is incumbent on the current User to keep a track of which all records have this number registered and make changes whenever he changes the number. Even changing the Mobile Number in Aadhaar is simple procedure. A person working at the Director level knows importance of being organised. He will also have resources at his command for ensuring it.
4. UIDAI statement - â€˜the biometric and demographic information associated with any Aadhaar number is not certified, verified or audited by anyoneâ€™.
Question is - How does it matter, as long as this information in Aadhaar Database matches the actuals of the Person claiming that Identity.
5. That â€™60 crore numbers in the database are ghosts and duplicatesâ€™ is a far-fetched deduction. To consider an Aadhaar number as â€˜ghostâ€™ just because it was not used for a transaction, is preposterous. Hordes of people â€“ including those of different age-groups, kids, very advanced in age, home-maker women - were seen queuing up and getting themselves registered for Aadhaar. A large number from them may not have an occasion or need to carry out any transaction to warrant authentication.
6. Unfortunately seven decades of governance has yielded proliferating cases of multiple Pan Cards, Fake Pan Cards, fake Ration Cards â€“ which was considered to be THE most important proof in many government processes. So the very basis of governance for last seven decades is a highly questionable basis. There has never been any dearth of super brains in Legal and Accounting domains to find and exploit loop holes in the processes and the men managing these processes.
7. The objection â€˜Suddenly, biometric and demographic data submitted by private operators â€¦â€¦ issued and certified by government officersâ€™ is irrelevant, in light of what is stated in 7 above â€“ no need to repeat it.
8. Many ministries, CBDT, MCA are obviously waiting for the Supreme Court decision on the issue of Aadhaar.
Let us just ignore the tags â€˜utterly shockedâ€™, â€˜Trojan Horseâ€™, â€˜incalculable harmâ€™, â€˜Aadhaar bug â€¦. destroys the countryâ€™ etc. I rather wish the author had dilated more on his concerns on â€˜a matter of national securityâ€™. That would help the concerned authorities to create a formidable defence system.