RBI's Requirements for V-CIP Agent Qualifications
The Reserve Bank of India's Master Direction on Know Your Customer (KYC), updated through various circulars including RBI/2023-24/03, lays down specific requirements for personnel conducting Video-based Customer Identification Process (V-CIP). Under the RBI framework, V-CIP must be carried out by an official of the Regulated Entity (RE) who has been specifically trained and authorised for this purpose. The agent cannot be an outsourced individual or a Business Correspondent acting independently; the RE retains full accountability for the process, its integrity, and the final decision on customer acceptance.
RBI mandates that V-CIP agents must possess a thorough understanding of the Prevention of Money Laundering Act (PMLA), 2002, and the rules framed thereunder. They must be trained to verify Officially Valid Documents (OVDs) as defined under Rule 2(1)(d) of the PML Rules, which include Passport, Voter's ID, Aadhaar (with consent under the Aadhaar Act, 2016), and Driving Licence. Agents must also understand the distinction between OVDs and deemed OVDs, such as NREGA job cards and letters issued by the National Population Register.
Beyond regulatory knowledge, agents are expected to demonstrate competence in operating the V-CIP technology platform. This includes the ability to capture clear screenshots of documents, initiate and record video sessions with proper encryption, and verify geo-location tags. The RBI's expectation is that each agent undergoes a formal certification process within the RE before being permitted to conduct live V-CIP sessions. Many institutions require agents to pass both a written assessment on PMLA/KYC regulations and a practical assessment involving mock V-CIP calls before certification.
It is also worth noting that the RBI expects REs to maintain a register of authorised V-CIP agents, including their training dates, certification status, and periodic re-certification records. During regulatory audits, this register is among the first documents inspected. Institutions that fail to demonstrate a robust agent training programme risk adverse observations in their Risk Assessment Reports (RARs) and may face restrictions on their V-CIP operations until compliance gaps are addressed.
Pre-Call Checklist: What Agents Must Verify Before Connecting
A well-structured pre-call checklist is the foundation of a compliant and efficient V-CIP session. Before initiating the video call, agents must confirm that the customer's application has been received through an authorised channel and that preliminary data validation has been completed. This includes verifying that the customer's name, date of birth, and PAN (or Form 60 declaration) have been captured in the system and match the details provided during the initial application stage.
The agent must check that the customer has been informed about the V-CIP process, including the fact that the session will be audio-video recorded and stored as part of the RE's records. Consent for recording is a mandatory prerequisite under the RBI framework. The system should ideally capture explicit digital consent before the call is even scheduled. Agents should also confirm that the customer has been advised to keep their original OVD (Aadhaar, Passport, Voter ID, or Driving Licence) readily available, along with their PAN card, and that they are in a well-lit environment with stable internet connectivity.
From a technical standpoint, the agent must verify that their own workstation meets the minimum requirements: a high-resolution webcam (720p or above as recommended by most REs), a noise-cancelling microphone, adequate lighting, and a stable broadband connection with a minimum bandwidth of 2 Mbps. The V-CIP software should be tested to ensure that screen capture, recording, and geo-location modules are functioning correctly. Many institutions mandate that agents perform a system diagnostic check at the start of each shift.
Finally, the pre-call checklist should include a review of any flags or alerts from upstream processes. For instance, if the customer's PAN verification returned a mismatch, or if the Aadhaar OTP authentication failed in a prior attempt, the agent must be aware of these issues before connecting. This prevents wasted call time and ensures that the agent can proactively guide the customer through resolution steps. A standardised digital checklist, enforced by the platform itself, is far more reliable than manual paper-based checklists that are prone to being skipped under time pressure.
Step-by-Step V-CIP Call Script (OVD Check, Liveness, PAN, Geo-tag)
A standardised call script ensures consistency, compliance, and professionalism across all V-CIP sessions. The script should begin with a warm greeting and a clear identification of the agent and the institution. For example: "Good morning, my name is [Agent Name] and I am a KYC officer at [Bank Name]. This video call is being recorded as part of our Video-based Customer Identification Process, in compliance with RBI guidelines. May I confirm that you consent to this recording?" The customer's verbal consent must be captured clearly on the recording.
After obtaining consent, the agent proceeds to identity verification. The script should instruct the agent to ask the customer to hold up their original OVD (for example, Aadhaar card) to the camera. The agent must visually inspect the document for signs of tampering, ensure the photograph on the document is clearly visible, and confirm that the name and other details match the application data. The platform should capture a high-resolution screenshot of the document at this stage. If the customer is using Aadhaar as the OVD, the agent must also verify the masked Aadhaar number and confirm that Aadhaar XML or DigiLocker fetch has been completed where applicable.
The liveness verification step is critical for preventing spoofing and deepfake attacks. The agent should instruct the customer to perform specific randomised actions, such as turning their head left and right, blinking, or holding up a specific number of fingers. The RBI expects that the V-CIP platform incorporates AI-based liveness detection that can distinguish between a live person and a photograph, video replay, or digitally generated face. The agent should observe the customer's responses and flag any anomalies, such as unnatural movements, screen glare suggesting a projected image, or audio-video sync issues.
PAN verification follows the OVD and liveness checks. The customer should hold up their PAN card to the camera while the agent verifies the PAN number against the NSDL/UTIITSL database in real time. The agent must confirm that the name on PAN matches the name on the OVD and the application form. Any discrepancies, even minor spelling variations, must be noted and escalated as per the institution's SOP. Some institutions permit agents to accept minor variations (such as initials vs. full name) with proper documentation, while others require an exact match.
Geo-location tagging is the final technical step. The V-CIP platform must capture the GPS coordinates of both the agent's and the customer's devices at the time of the session. The customer's location should be within India for resident accounts (or verified as an acceptable overseas location for NRI accounts). The agent should confirm that the geo-tag has been captured successfully by the system. The call concludes with the agent informing the customer that their verification is complete and that they will be notified of the outcome within the prescribed timeframe, typically 24 to 48 hours.
Handling Edge Cases: Low Light, Elderly Customers, Language Barriers
Real-world V-CIP sessions rarely follow the textbook script perfectly. Agents must be trained to handle a wide range of edge cases with patience, professionalism, and a clear understanding of what the regulations permit. Low-light conditions are among the most common issues. If the customer's face or document is not clearly visible, the agent must not proceed with the verification. Instead, the agent should politely guide the customer to move to a better-lit area or adjust their device's flashlight. If the issue persists, the call should be rescheduled rather than completed with substandard image quality, as poor-quality recordings may be rejected during the checker review or regulatory audit.
Elderly customers and those unfamiliar with technology present another significant challenge. Agents should be trained to speak slowly, use simple language, and provide step-by-step instructions for actions like holding up the document or turning the camera. It is helpful to have a co-browsing or screen-sharing feature that allows the agent to visually guide the customer through the process. Under no circumstances should the agent express frustration or rush the customer. Institutions should track the average call duration for different customer demographics and adjust scheduling accordingly, allocating longer time slots for elderly or first-time digital users.
Language barriers require a thoughtful approach. India's linguistic diversity means that agents may encounter customers who are not comfortable speaking Hindi or English. The RBI does not prescribe a specific language for V-CIP, which means institutions operating in multiple states should ideally have agents fluent in regional languages such as Tamil, Telugu, Kannada, Bengali, Marathi, and Gujarati. Where a language match is not possible, the institution may use a translator, provided the translator's presence is disclosed to the customer and documented in the session record. Some institutions maintain a language preference field in the customer application, which is used to route V-CIP calls to agents with the appropriate language skills.
Other edge cases include customers with physical disabilities (such as hearing or speech impairments), customers in noisy environments, and customers using very old or low-end smartphones with poor camera quality. For hearing-impaired customers, agents may use text-based communication alongside the video feed, provided the institution's SOP permits this and the process is documented. For low-end devices, some platforms offer an adaptive bitrate mode that reduces video resolution while maintaining the minimum quality required for document verification. Training should cover all these scenarios with practical role-playing exercises so that agents develop the confidence and judgement to handle them in real time.
Red Flags and Fraud Indicators Agents Must Watch For
V-CIP agents serve as the first line of defence against identity fraud, and their ability to detect suspicious activity is critical to the integrity of the KYC process. One of the most common red flags is a mismatch between the person on the video call and the photograph on the OVD. While minor differences due to ageing, weight change, or grooming are normal, agents should be alert to significant discrepancies in facial features, skin tone, or apparent age. If the agent is not confident that the person on the call is the same individual depicted on the OVD, they must escalate the case rather than approve it.
Deepfake and spoofing attempts are an evolving threat. Agents should watch for telltale signs such as unnatural facial movements, blurring around the edges of the face, inconsistent lighting between the face and the background, and lip-sync issues where the audio does not perfectly match the lip movements. Some sophisticated attacks use real-time face-swapping software that can be difficult to detect visually, which is why AI-based liveness detection is an essential complement to human observation. However, agents should not rely solely on the AI system's verdict and must exercise their own judgement.
Document fraud is another major concern. Agents should look for signs of physical tampering on OVDs, such as misaligned text, inconsistent fonts, smudged lamination, or visible cut-and-paste marks. For Aadhaar cards, agents should verify the QR code (where possible) and cross-check the details against the Aadhaar authentication or XML response. Agents must also be alert to the use of colour photocopies or high-quality printouts presented as original documents. The original document typically has a distinct texture and reflectiveness that differs from a photocopy, which a trained agent can identify even over a video call.
Behavioural red flags are equally important. If the customer appears to be reading from a script, receiving instructions from someone off-camera, or seems unusually nervous and evasive when answering basic questions about their identity or address, these are potential indicators of impersonation or coercion. The agent should note if the customer repeatedly avoids showing their full face or the complete document, or if there are unexplained interruptions during the call. Any of these indicators should be documented in the session notes and escalated to the compliance team for further investigation under the institution's Suspicious Transaction Reporting (STR) framework, as required by PMLA and FIU-IND guidelines.
Quality Audit and Checker-Maker Workflow
The RBI mandates a maker-checker (or dual-control) workflow for V-CIP, meaning that the agent who conducts the video call (the maker) cannot be the same person who approves the KYC verification (the checker). This segregation of duties is a fundamental internal control that reduces the risk of collusion, errors, and fraud. The maker completes the V-CIP session, captures all required data and media, and submits the case for review. The checker, who is typically a senior compliance officer, reviews the entire recording, verifies the document screenshots, and confirms that all regulatory requirements have been met before approving or rejecting the case.
Quality audits go beyond the checker review and involve a systematic sampling of completed V-CIP cases to assess overall process quality and compliance. Most institutions audit between 10% and 100% of V-CIP cases, depending on their risk appetite and the maturity of their programme. The audit evaluates multiple dimensions: was consent properly obtained? Was the OVD clearly visible and verified? Was liveness detection performed? Were geo-tags captured? Was the call duration adequate (sessions under 2 minutes may indicate that proper checks were skipped)? Were session notes comprehensive?
Audit findings should feed directly into the agent training programme as a continuous improvement loop. If audits reveal that a particular agent consistently fails to capture clear document images, that agent should receive targeted retraining. If a systemic issue is identified, such as agents not performing the liveness check correctly, the SOP and training materials should be updated accordingly. Many institutions maintain a scorecard for each agent based on audit results, with metrics such as compliance score, average session quality, customer satisfaction rating, and first-time approval rate.
From a regulatory perspective, the checker's decision and the audit trail must be preserved as part of the KYC record for the period prescribed under PMLA, which is currently five years from the date of cessation of the business relationship or closure of the account. The entire chain of evidence, from the video recording to the maker's notes to the checker's approval, must be available for inspection by the institution's internal auditors, the RBI's inspection team, or the Financial Intelligence Unit (FIU-IND) in the event of an investigation. A robust digital workflow that timestamps every action is far superior to paper-based processes in meeting these evidentiary requirements.
How BaseKYC's AI and Checker Module Simplify Agent Workflows
BaseKYC has been purpose-built to address the operational challenges of V-CIP at scale. The platform's AI-assisted agent interface provides real-time guidance during the video call, automatically prompting the agent to complete each step of the SOP in the correct sequence. If the agent has not yet captured the OVD screenshot or performed the liveness check, the system displays a clear visual reminder, making it virtually impossible to skip critical steps. This guided workflow reduces training time for new agents and ensures consistent compliance across the entire team.
The platform's AI engine performs automated document verification in real time during the video call. When the customer holds up their Aadhaar or PAN card, the system uses OCR and machine learning to extract the document details, verify them against backend databases (such as UIDAI and NSDL), and flag any discrepancies to the agent immediately. This reduces the agent's cognitive load and allows them to focus on observing the customer and watching for behavioural red flags rather than manually transcribing document details.
BaseKYC's liveness detection module employs multi-factor analysis including 3D depth mapping, texture analysis, and randomised challenge-response prompts to detect deepfakes, face swaps, and replay attacks with high accuracy. The AI provides a confidence score for each liveness check, and agents can see this score in real time. If the score falls below the institution's configured threshold, the system automatically flags the session for enhanced scrutiny. This combination of AI detection and human oversight provides a layered defence that is significantly more robust than either approach alone.
The Checker Module in BaseKYC is designed to make the review process fast and thorough. Checkers see a structured summary of each V-CIP session, including automatically extracted document data, AI verification results, liveness scores, geo-location data, and flagged anomalies. They can review the video recording at variable speed with key moments bookmarked by the AI. The module enforces the maker-checker separation at the system level, preventing the same user from both conducting and approving a session. Comprehensive audit trails with tamper-proof timestamps ensure that every action is fully traceable, meeting the evidentiary standards required by PMLA and the RBI's inspection framework.