Why NBFCs Need Video KYC
Non-Banking Financial Companies (NBFCs) are the backbone of credit access in India, serving segments that traditional banks often overlook -- small businesses, rural borrowers, gig economy workers, and first-time credit seekers. With over 9,500 registered NBFCs in India and a combined asset base exceeding INR 54 lakh crore, the sector's scale demands efficient, compliant onboarding processes. Yet most NBFCs still rely on physical document collection and in-person verification, a process that takes 3 to 7 days on average and costs INR 300 to 800 per customer.
Video KYC changes this equation dramatically. By enabling real-time identity verification through a live video call, NBFCs can onboard customers in under 10 minutes from anywhere in India. The RBI extended V-CIP (Video-based Customer Identification Process) eligibility to NBFCs in its updated Master Direction on KYC, creating a clear regulatory pathway for digital-first onboarding. For NBFCs operating in competitive lending markets, Video KYC is no longer a nice-to-have -- it is a competitive necessity.
However, NBFCs face unique compliance challenges that differ from those of scheduled commercial banks. The Aadhaar verification restrictions, technology infrastructure requirements, and data handling obligations for NBFCs have distinct nuances that must be understood and addressed correctly. Getting it wrong can result in regulatory penalties, audit failures, and reputational damage.
RBI Requirements Specific to NBFCs
The RBI's V-CIP framework applies to NBFCs with some important distinctions. All NBFCs conducting V-CIP must employ trained officials who conduct the video verification -- the process cannot be fully automated or outsourced to untrained personnel. The video interaction must be end-to-end encrypted and recorded in its entirety. The recording must be stored securely with tamper-proof timestamps and must be retrievable for audit purposes for a minimum of five years.
NBFCs must capture a clear photograph of the customer during the live video session and match it against the photograph on the customer's officially valid document (OVD). The OVD must be verified in real time -- the customer is required to display the original document on camera, and the agent must verify its authenticity. For PAN card verification, the NBFC must cross-verify the PAN number against the Income Tax database in real time.
A critical compliance requirement often missed by NBFCs is the mandate for geo-tagging. The system must capture the customer's location at the time of the video session using GPS coordinates from their device. This geo-tag becomes part of the KYC record and serves as evidence that the customer was physically present in India during the verification process. NBFCs must also maintain a detailed audit trail that includes the agent's identity, session timestamps, documents verified, and the verification outcome.
Aadhaar Verification: Offline XML for NBFCs vs OTP for Banks
One of the most significant differences between bank and NBFC Video KYC processes lies in Aadhaar verification. Scheduled commercial banks that are licensed as Authentication User Agencies (AUAs) by UIDAI can perform real-time Aadhaar OTP authentication -- the customer enters their Aadhaar number, receives an OTP on their registered mobile, and the bank verifies the identity directly against the UIDAI database. This provides instant, authoritative verification.
Most NBFCs, however, do not have AUA licenses and therefore cannot perform direct Aadhaar OTP authentication. Instead, they must use Aadhaar Offline Verification -- the customer downloads their Aadhaar XML file or generates a Masked Aadhaar with a Share Code from the UIDAI website or mAadhaar app, and provides this to the NBFC during the Video KYC session. The NBFC then verifies the XML file's digital signature to confirm it was issued by UIDAI and extracts the customer's demographic and photograph data.
This offline process introduces additional friction for the customer, who must know how to download and share the XML file. It also means the NBFC's Video KYC platform must include a robust Aadhaar XML parsing and signature verification module. The platform should guide the customer through the XML download process during the video session, validate the file in real time, and extract the photograph for face-matching -- all while maintaining the flow of the live verification interaction.
Technology Infrastructure Requirements
The RBI expects NBFCs to maintain technology infrastructure that meets several specific criteria. The video communication channel must use end-to-end encryption with TLS 1.2 or higher. The system must support minimum video resolution of 720p to ensure document legibility and accurate facial recognition. Audio quality must be sufficient for clear communication between the customer and the verification agent.
The platform must include real-time document OCR (Optical Character Recognition) capabilities to extract and verify information from identity documents displayed on camera. Face-matching algorithms must compare the customer's live face against their document photograph with a minimum accuracy threshold. The system must also include liveness detection to prevent spoofing attacks using photographs, pre-recorded videos, or deepfakes.
For NBFCs that lack in-house technology teams, these requirements can seem daunting. Building a compliant Video KYC platform from scratch requires expertise in real-time video communication, AI/ML for face matching and document verification, secure data handling, and regulatory compliance. This is why most NBFCs choose to partner with specialized Video KYC platform providers rather than building in-house.
Data Localization and Storage
Data localization is a non-negotiable requirement for NBFCs conducting Video KYC. All customer data collected during the verification process -- including video recordings, photographs, document images, and extracted personal information -- must be stored on servers physically located in India. This applies regardless of whether the NBFC uses cloud infrastructure or on-premise servers.
The RBI's data localization directive, originally issued for payment system data, has been interpreted broadly to cover all sensitive customer data including KYC records. NBFCs using cloud-based Video KYC platforms must ensure their provider offers Indian data center deployment. The data must be encrypted at rest using AES-256 or equivalent encryption, and access must be controlled through role-based permissions with comprehensive audit logging.
Retention requirements add another layer of complexity. Video KYC records must be retained for a minimum of five years after the business relationship ends (not from the date of verification). NBFCs must have a documented data retention and destruction policy that specifies how records are stored, who has access, how long they are retained, and how they are securely destroyed after the retention period expires.
Implementation Roadmap
NBFCs planning to implement Video KYC should follow a structured approach. The first phase involves regulatory preparation: review the latest RBI Master Direction on KYC, document your compliance requirements, and obtain any necessary board approvals. Appoint a compliance officer responsible for the Video KYC program and establish an internal policy document that covers the end-to-end process, agent training requirements, and escalation procedures.
The second phase is technology selection and integration. Evaluate Video KYC platform providers against your compliance requirements, paying particular attention to Aadhaar offline verification support, data localization capabilities, liveness detection robustness, and API integration flexibility. Run a pilot with a small customer segment before full rollout. The pilot should test the complete flow including edge cases like poor network conditions, document verification failures, and agent escalation scenarios.
The third phase is agent training and operations setup. Video KYC agents must be trained on regulatory requirements, fraud detection techniques, customer handling best practices, and the specific technology platform. The RBI expects agents to be employees of the NBFC -- outsourced agents are not permitted for V-CIP. Establish quality assurance processes including random session audits, agent performance metrics, and regular compliance reviews.
How BASEKYC Serves NBFCs
BASEKYC was built with NBFCs in mind. Our platform includes native support for Aadhaar offline XML verification, including a guided flow that walks customers through the XML download and upload process during the live video session. The XML is parsed, its UIDAI digital signature is verified, and the photograph is extracted for automated face-matching -- all in real time without breaking the session flow.
Our document OCR engine handles PAN cards, Voter IDs, Driving Licenses, and Passports with high accuracy, extracting key fields and cross-verifying them against government databases where permitted. Geo-tagging, session recording, and audit trail generation are built into every session by default. All data is stored in India-based data centers with AES-256 encryption, role-based access control, and automated retention management.
BASEKYC also offers on-premise deployment for NBFCs with strict data sovereignty requirements, ensuring that all customer data remains within the institution's own infrastructure. Our implementation team provides end-to-end support including integration, agent training, compliance documentation, and ongoing regulatory updates as the RBI framework evolves. Whether you are a large systemically important NBFC or a smaller NBFC-MFI, BASEKYC scales to fit your needs.