The striking down of Section 57 of the Aadhaar Act was a major setback for the FinTech entities and payment systems. These companies were highly dependent on Aadhaar for verifying their customers. The Aadhaar verdict caused an adverse impact on the FinTech companies as compliance with the know your customer (KYC) guidelines for these companies became ambiguous. Earlier private entities and corporate bodies were allowed to use Aadhaar number for establishing identities of the customers, however, after the landmark judgement, private entities could not demand Aadhaar for verification of identity unless the same was pursuant to any law. Therefore, this unsettled the very basis on which these FinTech entities built their businesses.  

 

Subsequently, necessary amendments were made in the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, vide the notification of Prevention of Money-Laundering (Maintenance of Records) Amendment Rules, 2019  issued on 13 February 2019 (‘PMLA Notification’) so as to allow the use of Aadhaar as a proof of identity, albeit in a manner that protected the private and confidential information of the borrowers. However, despite the changes in the PMLA Rules and the Aadhaar and Other Laws (Amendment) Ordinance, 2019  issued on 2 March 2019 (“Ordinance”), the RBI did not bring changes in its operative guidelines. As a result, ambiguity with respect to usage of Aadhaar number for KYC purposes increased.

 

On 29 May 2019 , the RBI brought the much awaited amendments in the KYC Master Directions. 

 

Before we delve further into the issue, it is important to be mindful of the following:

 

---------------------------------------------------------------------------

 

The definition of Aadhaar number under the KYC Master Directions has been borrowed from the Ordinance, which means an identification number issued to an individual under sub-section (3) of section 3 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016), and includes any alternative virtual identity generated under sub-section (4) of that section.

 

Further, sub-section (4) provides that the Aadhaar number issued to an individual under sub-section (3) shall be a twelve-digit identification number and any alternative virtual identity as an alternative to the actual Aadhaar number of an individual that shall be generated by the Authority in such manner as may be specified by regulations.

 

Acceptance of Aadhaar as an ‘officially valid document’

 

The PMLA Notification, recognises proof of possession of Aadhaar number as an 'officially valid document' (OVD). As per the proviso to Rule 2(1)(d) of the said notification, whoever submits “proof of possession of Aadhaar number” as an officially valid document, has to do it in such a form as are issued by the Authority.

 

Pursuant to the amendment in KYC Master Directions, ‘Proof of possession of Aadhaar number’ has been added to the list of OVD with a proviso that where the customer submits ‘Proof of possession of Aadhaar number’ as OVD, he may submit it in such form as are issued by the Unique Identification Authority of India (UIDAI). 

 

Regulation 15 of the Aadhaar (Enrolment and Update) Regulations, 2016 (“Enrolment Regulations”) which deals with delivery of Aadhaar number stipulates that:

 

“Aadhaar number may be communicated to residents in physical form (including letters or cards) and/or electronic form (available for download through the Authority’s website or through SMS).”

 

The Authority in exercise of the provisions under Regulation 35 of the Enrolment Regulations has on 4 April 2019  notified that delivery of Aadhaar number under Regulation 15 shall mean and include the following:

 

(a) Aadhaar letter: Issued by the Authority carries name, address, gender, photo and date of birth details of the Aadhaar number holder.

 

(b) Downloaded Aadhaar (e-Aadhaar): Carries name, address, gender, photo and date of birth details of the Aadhaar number holder in similar form as in printed Aadhaar letter.

 

(c) Aadhaar Secure QR Code: A quick response code generated by the Authority containing name, address, gender, photo and date of birth details of the Aadhaar number holder.

 

(d) Aadhaar Paperless Offline e-KYC: An XML document generated by the Authority containing name, address, gender, photo and date of birth details of the Aadhaar number holder. 

 

It has been specified that the Aadhaar number holder can use any of the documents above to prove possession of Aadhaar number subject to the concerned entity’s right to verify the genuineness of the above mentioned documents. 

 

Further, as per the KYC Master Directions, in case an OVD, including Aadhaar, furnished by the individual does not contain updated address, certain deemed OVDs for the limited purpose of proof of address can be submitted, provided that the OVD updated with current address is submitted within three months.

 

Obtaining certified true copy 

 

As per the requirement of the amended KYC Master Directions, for undertaking Customer due-diligence (CDD), non-banking financial companies (NBFCs) shall have to obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity (section 16): 

 

 

(a) a certified copy of any OVD containing details of his identity and address 

 

(b) one recent photograph 

 

(c) the Permanent Account Number (PAN) or Form No. 60 as defined in Income-tax Rules, 1962, and 

 

(d) such other documents pertaining to the nature of business or financial status specified by the reporting entities (REs) in their KYC policy

 

Here, obtaining a certified copy by regulated entity shall mean comparing the copy of officially valid document so produced by the customer with the original and recording the same on the copy by the authorised officer of the regulated entity.

 

It has been clearly specified by the RBI that the individuals (apart from those desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016) while submitting Aadhaar for Customer Due Diligence, shall redact or blackout their Aadhaar number in terms of sub-rule 16 of Rule 9 of the amended PML Rules, as per the PMLA Notification.

 

The relevant provision of the sub-sections is reproduced herein below:

 

“(16) Every reporting entity shall, where its client submits his Aadhaar number, ensure such client to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under sub-rule (15).”;

 

In case where simplified procedure have been followed for opening accounts by NBFCs, the CDD as mentioned above (as per section 16 of the KYC Master Directions) must be carried out within a period of twelve months. Even at the time of periodic verification, CDD as per section 16 has to be carried out.

 

Offline Verification

 

The Ordinance defined the term “offline verification”. Section 2 (pa) states – 

 

“offline verification” means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by regulations.

 

It is pertinent to note that the offline modes are not specified in the regulations. However, Unique Identification Authority of India (UIDAI) had proposed two methods of using offline Aadhaar verification–

 

1. Using the Quick Response (QR) codes

Companies may seek the Aadhaar QR code from the customers. The same has to be downloaded and printed by the customer and submitted to the company who shall read it using a QR code reader. Scanning of QR code, from the QR code reader will provide the name, address and photograph of the customer, without providing the Aadhaar number. 

 

2. Using paperless local e-KYC

The paperless local e-KYC involves generation of a digitally signed XML which can be stored in a laptop or phone and be communicated by the customer to the company, as and when required. Companies can receive the Aadhaar Paperless Offline e-KYC XML from the customers. The XML file provides the name, address and photograph of the customer, without providing the Aadhaar number. 

 

Further, section 8A of the Ordinance specifies the process of offline verification to be conducted by the offline-verification seeking entity. The entity seeking offline verification must obtain the consent of the customer before performing such offline verification. The entity must also ensure that the demographic information or any other information collected from the customer is used only for the purpose of such verification.

 

RBI has also specified in the KYC Master Directions that the NBFCs may identify a customer through offline verification under the Aadhaar Act with his/her consent, for identification purpose.

 

The Ordinance provides that banking companies shall verify the identity of the customers by authentication under the Aadhaar Act or by offline verification or by use of passport or any other officially valid documents. Further distinguishing the access, the Ordinance permits only banks to authenticate identities using Aadhaar. Other reporting entities, like NBFCs, are permitted to use the offline tools for verifying the identity of customers provided they comply with the prescribed standards of privacy and security. The use of Aadhaar shall be a voluntary choice of every customer who is sought to be identified. In order to safeguard the interests of the customers, the reporting entity must inform the customer of the other alternatives available to them. 

 

PAN submission

 

The KYC Master Directions require non-individual customers such as legal entities, to submit either PAN or Form No. 60 of the entity apart from other entity related documents as a mandatory KYC document. Further, in case of companies and partnership firms, the PAN itself is mandatory. Additionally, the PAN or Form No. 60 of the authorised signatories shall also be obtained by the reporting entities.

 

In case of existing customers also the PAN or Form No.60, shall be obtained by such date as may be notified by the Central government, failing which the reporting entities shall temporarily cease operations in the account till the time the PAN or Form No. 60 is submitted by the customer. In case of asset accounts such as loan accounts, for the purpose of ceasing the operation in the account, only credits shall be allowed. However, before temporarily ceasing operations for an account, the customer shall be given an accessible notice and a reasonable opportunity to be heard. 

 

Conclusion

 

The amendments in the KYC Master Directions allow verification of customers by offline modes and it permits NBFCs to take Aadhaar for verifying the identity of customers if provided voluntarily by them, after complying with the conditions of privacy to ensure that the interests of the customers are safeguarded. The amendments clearly specify the regulatory approach to resume the KYC process by using Aadhaar through offline modes.

 

(The writer is senior manager, Vinod Kothari Consultants P. Ltd.)

Unique Identification Authority of India (UIDAI) aka was started with great fanfare. Nandan Nilekani will not even admit that it has security issues. Forget security issues, one of the service providers is Karvy and he has a wealth/ registrar/mutual fund selling business. Did Karvy use the database to build its business? I leave it to your imagination.

 

So how can one build such a robust database and keep the data from leaking? Simple! by hiding the number. LOL. Yes you heard it right. Here is a letter issued by a mutual fund to one of its agents.

 

Dear Sir/ Madam…

 

I wish to inform you about the changes in KYC documentation under the Prevention of Money Laundering (Maintenance of Records) Amendment Rules, 2019, effective 13 February, 2019. Accordingly, when your clients submit their AADHAAR Number as a KYC proof, they need to redact or black out their AADHAAR Number details through appropriate means. 

 

I therefore request you to ensure that your clients black-out (redact) the AADHAAR Number when the Aadhaar Card Copy is attached as an officially valid document (OVD) either as a KYC proof or along with any other request given to us. The AADHAAR details if mentioned anywhere in the form, needs to be redacted as well. In cases where AADHAAR number is fully visible, such documents shall be deemed to be “Not in Good Order.”

 

Please note that all KRAs (KYC Registration Agencies) have started holding back KYC processing in cases where AADHAAR details are not redacted or masked. However, no further action is needed if Aadhaar documents are already masked (i.e., only last 4 digits are visible). 

 

Request you to adhere to the above guidance to avoid delays.

 

I remember watching a play by “Cho” Ramaswamy – it was based on the life of Mohammad Bin Tughlaq.

Need I say more.

 

In case you have finished laughing, get on with life. I am sure I have made your day. That was the purpose. It was not to criticise the chairman of Infosys. With a net worth of Rs200 crores, he cannot be wrong I presume?

 

Source:  http://www.subramoney.com/2019/05/aadhar-the-joke/ 

Seventy-year old Sathya Narayanan (name changed to protect identity) had a valid Aadhaar number until a month ago, when he decided to update his residential address. He submitted a photo of his driving licence on Unique Identification Authority of India (UIDAI) website but it was not accepted and that triggered a whole new nightmare for him. He says, "However for some reason it got rejected on some quality level checks. The licence copy submitted by me was very clear. Instead of giving me a chance to send them (UIDAI) a new copy, they informed me that I would have to re-enrol and provide new demographics and biometrics."

 

Now, after running from pillar to post, trying the helpline and working to find other options to re-enrol, he is at a standstill. "I am mentally anguished and stressed because of this and have not even slept well for the past week,” says Mr Narayanan, who is most reluctant to go through the trauma of enrolling again. "I spent nearly five hours at the bank (where the enrolment centre is) taking off from work. I was so very tired standing for such a long time that I could not go back to work. And now they want me to go through this entire exercise all over again. I do not know how a simple address update can trigger something like that?" he asks.

 

How can people be put to so much inconvenience, he asks and wants to know whether people can get together to challenge the whole Aadhaar law. The irony is that UIDAI has been spending a bomb on advertising the importance of Aadhaar, but if every update is going to inconvenience people so much, then people in transferrable jobs are going to face a never-ending nightmare. 

 

It is important to remember that UIDAI has been legally structured in a manner that is not answerable to people, nor is it obliged to complete any updations or explain why something takes so long. This is over and above the fact that the Aadhaar identity is deeply flawed because UIDAI does not independently verify any documents. And yet, the website says that it can take up to 90 days for UIDAI to 'process' an application or update and you will get no answers from the website or helpline until then.

 

@UIDAI @UIDAIBengaluru Why is it this #painful (i.e. difficult) to #update a phone number in #Aadhaar ... my mum has had to make 13 trips to different banks, post offices ...so called permanent centers ... are rarely open and if they are ... no one’s willing to help

— Nihal Pasham (@npashi) April 22, 2019

 

This is exactly what Ramvilas Mishra, who works as security guard in Mumbai, is facing. In fact, the man is waiting for several months to be able to claim his savings in a nationalised bank, because his permanent account number (PAN) as well as Aadhaar had mistakes committed at the time of enrolment. 

 

After obtaining a birth certificate from his hometown in Uttar Pradesh (UP), Mr Mishra decided to update his Aadhaar. After spending only half a day in the local post office due to help from a friendly postman who ensured he jumped the queue, he manged to enter the new details on the UIDAI website. But after 40 days, his date of birth remains un-changed on the website, while he nervously seeks help to find out if there is any progress. Accessing the UIDAI website is not easy for Mr Mishra and each effort to check means missing several hours of work and losing out on income. 

 

When people go back to enrolment centres like banks to check if there is a problem, they are told: "We only collect and transfer all information to UIDAI”. This is the situation when UIDAI claims that 123.62 crore people already have an Aadhaar.

 

Calling the helpline of UIDAI is of no help at all since the call centre executives are trained to provide ready-made answers only, and not the solution. Their first response is to check after 90 days, which is the long time that UIDAI has given itself.

 

Executive at Aadhaar centre Pragati maidan New Delhi said. "We don't have machines to do update work for mobile no. And we don't do any #updates here" please close this centre, if centre is unable to do update work @UIDAIDelhi @UIDAI
People are coming from RJ,HR and UP.#Aadhaar

— saurabh kumar (@Saurabhk2310) April 22, 2019

 

Last month, three people together enrolled for Aadhaar at a bank branch in central Mumbai. Two of them received their Aadhaar number after two days. The third person is yet to receive the Aadhaar number with the online status remaining static with this message, "This enrolment is under process. Please check again after few days".

 

During the enrolment process at the bank, it was found that high-tech machine for fingerprint recording was unable to capture fingerprints easily and it required several desperate attempts including using water and hand-sanitiser before the fingerprints were recorded — they were no senior citizens or even persons involved in physical labour. Getting the photograph right was also an issue that required multiple attempts for one of the three. If this was the horror at the time of enrolment, what can these people expect during a fingerprint authentication, which has been forced on the toiling masses who depend on the process to get their subsidised ration every month? 

 

Interesting, two of the three people found that their enrolment was smooth and have received the Aadhaar card, the third person is in limbo. These were people rushing to catch the 31st March deadline for linking Aadhaar to PAN. So it is safe to say that at least one of the three would have been in default for no fault of his, if the deadline had not been extended.  

 

Another activist, who enrolled for Aadhaar last month, is yet to receive his number despite several follow-ups with the bank branch, and numerous calls to the UIDAI call centre. 

 

As Mr Narayanan points out, if this is the situation with educated, urban people, what must be the horror being inflicted on economically disadvantaged and less literate people all over the country? Especially where data connectivity as well as getting machines to work in the heat and dusty of rural areas will be a serious challenge? 

 

We wonder who can answer Mr Narayan’s very basic questions” "Can they not just give me a simple opportunity to re-submit the proof of address again? I shudder to think that if a simple address update could cause so much issues. What will happen when I have to do entire biometrics and demographics again? I am a senior citizen and comparatively educated. What must be happening to the uneducated and less educated folks who do not understand anything?”  Nobody has any answers. Yet, Aadhaar is being touted as the biggest tool of empowerment in India by highly educated tech-czars who stand to profit from its widespread use, doesn’t matter the hardship caused to ordinary people.