30 essential terms every compliance professional should know
An electronic Know Your Customer process that uses Aadhaar-based authentication -- either OTP or biometric -- to verify a customer's identity. When a customer provides their Aadhaar number, the institution sends a verification request to UIDAI, which returns the customer's demographic data (name, date of birth, gender, address) and photograph. OTP-based eKYC is classified as reduced KYC by RBI (accounts may have transaction limits), while biometric eKYC using a UIDAI-certified device qualifies as full KYC. Only entities with specific UIDAI authorization can perform Aadhaar eKYC.
A framework of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. In India, AML obligations are governed by the Prevention of Money Laundering Act (PMLA) 2002 and enforced by FIU-IND. Financial institutions must implement AML programs that include customer due diligence, transaction monitoring, suspicious transaction reporting, record keeping, and employee training. Non-compliance can result in significant penalties and regulatory action.
An entity approved and authorized by UIDAI to perform Aadhaar-based authentication on behalf of requesting entities. AUAs connect to the UIDAI Central Identities Data Repository (CIDR) through Authentication Service Agencies (ASAs) to verify a person's identity using their Aadhaar number along with biometric or OTP-based authentication. Banks, telecom operators, and government departments typically hold AUA licenses to provide Aadhaar authentication services.
The process of verifying a customer's identity, understanding the nature of their activities, and assessing the money laundering and terrorist financing risk they pose. CDD involves collecting and verifying identity documents (OVDs), understanding the purpose and intended nature of the business relationship, identifying beneficial owners for non-individual customers, and performing ongoing monitoring of transactions to ensure they are consistent with the institution's knowledge of the customer and their risk profile.
The Central Registry of Securitisation Asset Reconstruction and Security Interest of India. CERSAI is a government-established body that operates the Central KYC (CKYC) registry under the direction of the Ministry of Finance. All regulated financial institutions -- banks, NBFCs, insurance companies, stock brokers, and mutual fund intermediaries -- are required to upload verified KYC records to CERSAI and search its registry before initiating fresh KYC for any customer.
A centralized KYC record registry managed by CERSAI that allows customers to complete KYC once and use their verified records across all financial institutions in India. Upon initial verification, the customer's records are uploaded to the registry and assigned a 14-digit KYC Identification Number (KIN). When the customer subsequently approaches a different institution, that institution can fetch the already-verified KYC records using the KIN, eliminating redundant document collection and verification.
India's comprehensive data protection legislation that governs the processing of digital personal data. The DPDPA establishes obligations for data fiduciaries (entities that collect and process data) including purpose limitation, data minimization, storage limitation, accuracy, and breach notification. For Video KYC operations, DPDPA directly impacts how financial institutions collect, store, and process customer biometric data, identity documents, video recordings, and geo-location information during verification sessions.
Additional verification measures applied to customers who present a higher risk of money laundering or terrorist financing. EDD goes beyond standard Customer Due Diligence and may include obtaining senior management approval for establishing the business relationship, taking reasonable measures to establish the source of funds and source of wealth, conducting enhanced ongoing monitoring of the relationship, and obtaining additional documentation. High-risk categories that trigger EDD include Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, complex ownership structures, and unusually large or unusual transactions.
An intergovernmental organization established in 1989 that sets international standards for combating money laundering, terrorist financing, and proliferation financing. FATF's 40 Recommendations form the basis for AML/CFT regulatory frameworks worldwide, including India's PMLA. India is a member of FATF, and its mutual evaluation assessments directly influence domestic regulatory policy. FATF also maintains lists of jurisdictions with strategic AML/CFT deficiencies (grey list and black list), which affect how Indian institutions must treat customers and transactions linked to those countries.
The central national agency responsible for receiving, processing, analyzing, and disseminating information related to suspect financial transactions to enforcement agencies and foreign Financial Intelligence Units. Established under the Ministry of Finance, FIU-IND is the nodal authority for all regulated entities to file Cash Transaction Reports (CTRs) for transactions exceeding INR 10 lakh, Suspicious Transaction Reports (STRs), and Non-Profit Organisation Transaction Reports (NTRs). All reporting entities must register with FIU-IND on the FINnet portal.
The process of capturing GPS coordinates of the customer's device during a Video KYC session to record their physical location at the time of verification. RBI mandates geo-tagging as part of V-CIP compliance to confirm that the customer is connecting from within India for domestic account opening and to create an auditable location record in the session trail. The geo-coordinates, along with the customer's IP address, are stored as part of the comprehensive audit trail for each verification session.
The traditional KYC method where an authorized official physically meets the customer to verify their identity documents and photograph. IPV requires either the customer to visit a branch or an official to visit the customer's location. The official examines original documents (Aadhaar, PAN, passport, etc.), verifies the photograph against the person, and attests copies. While IPV remains the baseline for identity assurance and is still mandatory for certain high-risk categories, its cost, logistical constraints, and geographic limitations have driven adoption of remote alternatives like Video KYC (V-CIP).
A unique 14-digit identifier assigned to each customer record in the Central KYC (CKYC) registry managed by CERSAI. The KIN serves as a universal reference number that any regulated financial institution -- whether a bank, NBFC, insurance company, or stock broker -- can use to fetch a customer's previously verified KYC records from the central registry. This eliminates the need for the customer to submit documents and undergo fresh verification with each new financial institution they engage with.
Agencies registered with the Securities and Exchange Board of India (SEBI) that maintain KYC records for securities market participants. KRAs store and manage KYC data submitted by SEBI-registered intermediaries such as stock brokers, depository participants, mutual fund distributors, and portfolio managers. Investors who complete KYC through one SEBI-registered intermediary can use their KRA-held records with other intermediaries, avoiding duplicate verification. Major KRAs in India include CDSL Ventures, NSDL, KFintech, and CAMS.
An entity authorized by UIDAI to use Aadhaar-based eKYC services specifically for the purpose of Know Your Customer verification. KUAs access Aadhaar eKYC through licensed Authentication User Agencies (AUAs) and must comply with the Aadhaar Act provisions, including obtaining explicit customer consent before each authentication, maintaining authentication transaction logs, adhering to data handling and security standards prescribed by UIDAI, and using the data only for the stated KYC purpose.
The verification process for corporate and business entities, analogous to KYC for individuals. KYB involves verifying the legal existence and registration of the entity (through MCA records, GST registration, etc.), its ownership structure, directors and authorized signatories, registered and operational addresses, and ultimately identifying the Ultimate Beneficial Owners (UBOs) who control 25% or more of the entity. KYB is essential for merchant onboarding, business banking, corporate lending, and payment aggregator compliance.
The mandatory identity verification process that financial institutions must perform before establishing a business relationship with a customer. In India, KYC is governed by the Prevention of Money Laundering Act (PMLA) 2002 and RBI's Master Direction on KYC. The process involves verifying the customer's identity and address using Officially Valid Documents (OVDs), understanding the nature and purpose of the business relationship, and assessing the customer's risk profile. KYC can be performed through multiple methods including In-Person Verification, Aadhaar eKYC, Video KYC (V-CIP), and Digital KYC.
Technology used during Video KYC to verify that the person on camera is a live, physically present individual rather than a spoofing attempt using a photograph, pre-recorded video, silicone mask, or AI-generated deepfake. Liveness detection can be active -- requiring the user to perform specific actions like blinking, smiling, or turning their head -- or passive, using AI-based continuous analysis of facial micro-movements, skin texture, light reflection, and depth. RBI's V-CIP guidelines mandate liveness detection as a core requirement for compliant Video KYC sessions.
A government-issued identity document accepted for KYC verification under the Prevention of Money Laundering (Maintenance of Records) Rules. The six OVDs recognized in India are: Aadhaar letter or card issued by UIDAI, Passport issued by the Ministry of External Affairs, Driving License issued by the state transport authority, Voter's Identity Card (EPIC) issued by the Election Commission, NREGA Job Card, and a letter issued by the National Population Register containing the name, address, and Aadhaar number of the individual. During Video KYC, customers must display original OVDs to the camera for verification.
A ten-character alphanumeric identifier issued by the Income Tax Department of India to individuals, companies, and entities. PAN is mandatory for financial transactions above specified thresholds, including opening bank accounts, investing in securities, purchasing insurance policies, and property transactions. During Video KYC, PAN is validated in real-time against the Income Tax database to confirm the customer's identity. PAN also serves as a key linking identifier across financial institutions and is used for CKYC record retrieval.
An individual who is or has been entrusted with a prominent public function, including heads of state, senior politicians, senior government or judicial officials, military officials of high rank, senior executives of state-owned corporations, and important political party officials. PEPs, their family members, and close associates are classified as higher-risk customers under PMLA and FATF guidelines. Financial institutions must apply Enhanced Due Diligence (EDD) when onboarding PEPs, including obtaining senior management approval, establishing the source of funds and wealth, and conducting enhanced ongoing monitoring of the business relationship.
India's primary anti-money laundering legislation that establishes the legal framework for KYC obligations, record keeping, transaction monitoring, and suspicious transaction reporting by financial institutions and designated non-financial businesses. The PMLA (Maintenance of Records) Rules prescribe the specific KYC procedures, document requirements (OVDs), customer identification standards, and record retention periods that all regulated entities must follow. The Act also establishes the Enforcement Directorate's authority to investigate and prosecute money laundering offences and provides for attachment and confiscation of proceeds of crime.
The periodic updating and re-verification of customer KYC records as mandated by RBI's Master Direction on KYC. Financial institutions must refresh KYC data at intervals determined by the customer's risk classification: every 2 years for high-risk customers, every 8 years for medium-risk customers, and every 10 years for low-risk customers. Re-KYC can be performed through the same methods as initial KYC, including Video KYC (V-CIP), and typically involves confirming or updating the customer's identity, address, occupation, and transaction profile. Failure to complete Re-KYC within the prescribed period can result in account restrictions.
A report that regulated entities must file with FIU-IND when they have reasonable grounds to suspect that a transaction involves proceeds of crime, is related to terrorist financing, or appears unusual with no apparent economic or lawful purpose. STRs must be filed within 7 working days of the suspicion arising and must include comprehensive details of the transaction, the parties involved, and the grounds for suspicion. Institutions are prohibited from tipping off the customer about the STR filing. All regulated entities must have internal systems and trained personnel to identify and escalate suspicious transactions for STR filing.
The natural person who ultimately owns or controls a legal entity or arrangement, or on whose behalf a transaction is being conducted. Under PMLA rules, for companies, the UBO is the individual who holds more than 25% of shares, capital, or voting rights, or who exercises control through other means such as the right to appoint a majority of directors. For partnerships, it is any partner with more than 15% of capital or profits. For trusts, UBOs include the author, trustee, beneficiaries, and any person exercising ultimate control. Identifying UBOs is a mandatory part of Customer Due Diligence for all non-individual customers.
The RBI-prescribed framework for conducting KYC verification through a live video interaction between a customer and an authorized official of the regulated entity. V-CIP was introduced in January 2020 and is classified as equivalent to in-person verification for full KYC. Mandatory requirements include a real-time, bi-directional video call conducted by a trained authorized official, AI-powered liveness detection, GPS-based geo-tagging, Aadhaar and PAN verification through integrated APIs, explicit consent recording, full session video recording, and end-to-end encryption of all data transmitted during the session.
IRDAI's framework for remote identity verification in the insurance sector. VBIP enables insurance companies to verify policyholders and claimants through a live video call conducted by an authorized official, similar in concept to RBI's V-CIP but tailored to insurance-specific requirements and workflows. VBIP is used for policy issuance, high-value claim verification, customer onboarding, and periodic verification in both life and general insurance. The framework requires liveness detection, document verification, consent recording, and secure session storage.
The broad, commonly used term for remote Know Your Customer verification conducted through a live, real-time video call between a customer and an authorized official of a regulated financial institution. Video KYC encompasses the specific regulatory frameworks prescribed by different Indian regulators: RBI's V-CIP for banks and NBFCs, IRDAI's VBIP for insurance companies, and SEBI's VIPV for securities market intermediaries. It enables fully digital customer onboarding with the same legal validity as in-person verification, typically completing the entire process in 3-8 minutes compared to 2-5 days for traditional branch-based KYC.
SEBI's framework for conducting identity verification through video for securities market participants. VIPV allows SEBI-registered intermediaries -- stock brokers, depository participants, mutual fund distributors, and portfolio managers -- to verify customer identities remotely via a live video call instead of requiring physical in-person verification. This enables digital opening of demat and trading accounts while maintaining SEBI's identity assurance requirements. VIPV sessions must be recorded and stored as part of the intermediary's compliance records.
An offline Aadhaar verification method where the customer downloads a digitally signed XML file from the UIDAI website or mAadhaar app containing their demographic data (name, date of birth, gender, address) and photograph. The XML file can be shared with the verifying institution, which validates UIDAI's digital signature to confirm the data's authenticity and integrity without requiring a live connection to the UIDAI server. This method supports data minimization by allowing customers to choose which fields to share, and is accepted as a valid means of Aadhaar-based verification during Video KYC sessions under RBI guidelines.
Our compliance experts can walk you through Video KYC implementation for your institution.