Re-KYC -- short for Re-Know Your Customer -- is the periodic process through which financial institutions update and re-verify the identity and address records of their existing customers. Mandated by the Reserve Bank of India under its KYC/AML (Anti-Money Laundering) guidelines, Re-KYC ensures that the information a bank holds about its customers remains current, accurate, and compliant with evolving regulatory requirements. For banks managing millions of customer accounts, Re-KYC is one of the most operationally intensive compliance obligations they face.
Why RBI Mandates Re-KYC
The rationale behind Re-KYC is straightforward but critical. Customer circumstances change over time -- people move to new addresses, change names after marriage, update contact information, or experience changes in their financial profile and risk characteristics. Documents expire. Regulations evolve. The KYC information collected at the time of account opening may become outdated, incomplete, or non-compliant with current standards within a few years.
From a regulatory perspective, Re-KYC serves several purposes. It strengthens the institution's ability to detect and prevent money laundering and terrorist financing by ensuring that customer profiles remain accurate. It helps institutions maintain compliance with the Prevention of Money Laundering Act (PMLA) and RBI's Master Direction on KYC. It enables ongoing Customer Due Diligence (CDD), which is a requirement under international standards set by the Financial Action Task Force (FATF). And it provides regulators with confidence that the financial system's customer identification records are reliable and up-to-date.
The RBI has repeatedly emphasized that KYC is not a one-time exercise. In multiple circulars, the regulator has directed banks and NBFCs to treat KYC as an ongoing obligation that requires periodic review and refreshment of customer records. Institutions that treat Re-KYC as a mere administrative formality -- or worse, ignore it -- risk significant regulatory consequences.
Re-KYC Frequency: The 2/8/10 Year Rule
The RBI prescribes different Re-KYC frequencies based on the customer's risk classification. This risk-based approach ensures that higher-risk accounts are reviewed more frequently, while lower-risk accounts are not burdened with unnecessary verification cycles.
High-Risk Customers: Every 2 Years
Customers classified as high-risk must undergo Re-KYC every two years. High-risk classification is determined by factors such as: the nature of the customer's business (e.g., money service businesses, politically exposed persons, customers from high-risk jurisdictions), unusual transaction patterns, adverse media reports, or previous suspicious activity reports (SARs) filed against the customer. For these accounts, Re-KYC involves a thorough review of all identification documents, transaction history analysis, and often an enhanced due diligence (EDD) process that goes beyond standard KYC requirements.
Medium-Risk Customers: Every 8 Years
The majority of retail banking customers fall into the medium-risk category. These are individuals with standard banking relationships -- salary accounts, savings accounts, personal loans, and credit cards -- who do not exhibit any high-risk indicators. Re-KYC for medium-risk customers is required every eight years and typically involves confirming that the customer's identity documents and address remain valid, updating any information that has changed, and performing a standard CDD review.
Low-Risk Customers: Every 10 Years
Customers classified as low-risk -- such as salaried employees of reputed organizations, government employees, or senior citizens with long-standing relationships and no adverse indicators -- are subject to Re-KYC every ten years. While the frequency is lower, the process requirements remain the same: identity and address documents must be re-verified, and any changes in the customer's profile must be captured and documented.
Documents Required for Re-KYC
The document requirements for Re-KYC are identical to those for initial KYC, as prescribed under the PMLA rules. Customers must provide current, valid Officially Valid Documents (OVDs):
Proof of Identity: Aadhaar card, PAN card, Passport, Voter's ID, or Driving License. Aadhaar is the most commonly used document because it can be verified electronically in real-time and serves as both proof of identity and proof of address.
Proof of Address: Aadhaar, Passport, utility bills (not older than 2 months), bank statement, or registered rent agreement. If the customer's address has changed since the last KYC, updated address proof is mandatory.
Recent Photograph: A current photograph of the customer is required to update the bank's records. This is particularly important when Re-KYC is conducted through a branch visit, as the photograph helps verify that the person presenting the documents is the actual account holder.
Importantly, the RBI has clarified that if a customer's KYC documents have not changed since the last verification (e.g., their Aadhaar and PAN remain the same and have not expired), the institution may complete Re-KYC by simply re-verifying the existing documents electronically without requiring the customer to submit physical copies again. This provision significantly simplifies the process for customers whose details have not changed.
Consequences of Non-Compliance: Account Restrictions and Penalties
The consequences of failing to complete Re-KYC are severe -- for both the customer and the institution. The RBI's guidelines are clear: accounts where Re-KYC is overdue must be subjected to progressive restrictions until the customer completes the verification process.
For Customers
When a customer fails to complete Re-KYC within the prescribed timeline, their account is first flagged with a warning. If the Re-KYC remains incomplete after the grace period (typically 30-60 days after the due date), the bank begins restricting account operations. Initially, debit transactions may be limited -- the customer can receive funds but cannot withdraw or transfer money. If the Re-KYC is still not completed, the account may be partially frozen, allowing only credits up to a certain threshold. In extreme cases of prolonged non-compliance, the account can be fully frozen, with all transactions blocked until Re-KYC is completed. It is important to note that the bank cannot close the account solely due to Re-KYC non-compliance -- the account must remain open, albeit restricted.
For Institutions
Banks and NBFCs that fail to ensure timely Re-KYC of their customer base face regulatory penalties from the RBI. These can include monetary fines (which have ranged from lakhs to crores depending on the scale of non-compliance), adverse observations in RBI inspection reports, restrictions on branch expansion or new product launches, and reputational damage in the form of public enforcement orders. The RBI has penalized several banks in recent years specifically for Re-KYC lapses, sending a clear signal that compliance is not optional.
Digital Re-KYC Channels: Moving Beyond Branch Visits
Historically, Re-KYC required customers to visit a bank branch with their original documents -- the same cumbersome process as initial KYC. For customers who had to update millions of records within regulatory deadlines, this created an enormous operational bottleneck. Banks would send SMS and email reminders to customers, many of whom would ignore them until their accounts were frozen. The result was a cycle of customer frustration, branch congestion, and compliance backlogs.
The RBI has progressively expanded the channels through which Re-KYC can be completed, recognizing that branch-only processes are unsustainable at scale:
Aadhaar OTP-based e-KYC: For customers with Aadhaar linked to their bank account, Re-KYC can be completed electronically through Aadhaar OTP authentication. The customer authenticates via OTP, and the bank pulls the latest Aadhaar data (name, address, photograph, date of birth) directly from UIDAI. This is the simplest channel and can be completed in under 2 minutes through the bank's mobile app or internet banking portal.
DigiLocker-based verification: Customers can share verified documents from their DigiLocker account directly with the bank. This eliminates the need for physical document submission while providing government-verified records.
Video KYC (V-CIP): For cases where Aadhaar e-KYC is insufficient or the customer requires a more comprehensive verification, Video KYC provides a face-to-face interaction without the branch visit. This is particularly valuable for high-risk Re-KYC where enhanced due diligence is required, or for customers who have multiple changes to their profile that require visual verification.
Self-service through mobile apps: Many banks now allow low-risk Re-KYC to be completed entirely through their mobile banking app. The customer uploads a selfie (matched against their existing photograph using facial recognition), confirms or updates their details, and authenticates via OTP. The bank's system verifies the documents electronically, and the Re-KYC is completed without any human intervention.
How Video KYC Simplifies Re-KYC at Scale
Video KYC is particularly well-suited for Re-KYC because it combines the rigor of face-to-face verification with the convenience of remote completion. For banks managing Re-KYC backlogs of millions of accounts, Video KYC offers several specific advantages:
Higher completion rates: The primary challenge with Re-KYC is getting customers to actually complete the process. Branch-based Re-KYC has notoriously low completion rates because customers procrastinate, forget, or simply cannot find the time to visit a branch. Video KYC removes this friction -- a customer can complete Re-KYC from their home in 5 minutes, at a time that suits them. Institutions using Video KYC for Re-KYC report completion rates 3-4x higher than branch-only channels.
Handling high-risk accounts: For high-risk customers requiring enhanced due diligence, a simple e-KYC via Aadhaar OTP may not be sufficient. Video KYC allows the institution to conduct a face-to-face interaction where the official can ask questions, verify documents visually, and make a judgment call on the customer's risk profile -- all while the session is recorded for audit purposes.
Capturing address changes: One of the most common Re-KYC updates is a change of address. In a Video KYC session, the customer can display their new address proof (updated Aadhaar, utility bill, or rent agreement), the official verifies it visually and electronically, and the record is updated in real-time. No photocopies, no courier, no branch visit.
Scalable operations: A bank branch can process perhaps 20-30 Re-KYC verifications per day per staff member, limited by physical space and customer scheduling. A Video KYC agent can process 40-60 Re-KYC sessions per day because there is no travel time, no document handling, and no queue management. For banks facing deadlines to clear Re-KYC backlogs of hundreds of thousands of accounts, this scalability is decisive.
BASEKYC's Re-KYC Automation
BASEKYC provides a purpose-built Re-KYC workflow that addresses the unique challenges of periodic KYC renewal at scale. Our platform goes beyond basic Video KYC to offer end-to-end Re-KYC lifecycle management:
Bulk scheduling and notifications: Upload your Re-KYC due list (CSV or API integration with your core banking system), and BASEKYC automatically sends personalized SMS and email reminders to each customer with a self-scheduling link. Customers pick a time slot that works for them, reducing no-shows and improving completion rates. The system sends escalating reminders as the due date approaches.
Smart routing: BASEKYC intelligently routes Re-KYC sessions based on the customer's risk classification. Low-risk customers with no changes are directed to self-service e-KYC (Aadhaar OTP). Medium-risk customers or those with profile changes are routed to a Video KYC session. High-risk customers are routed to senior officials for enhanced due diligence. This tiered approach ensures that agent time is spent where it matters most.
Change detection and delta updates: When a customer completes Re-KYC through BASEKYC, the system automatically compares the new information against the existing record and highlights changes. If the customer's address has changed, if a document has been renewed with a new number, or if any demographic details differ from the previous KYC, the system flags these for the agent's attention and updates the record accordingly. This eliminates the manual comparison work that makes Re-KYC so labor-intensive.
Compliance dashboards and reporting: Track your Re-KYC completion rates in real-time across customer segments, risk categories, and due dates. Generate audit-ready reports showing completed, pending, and overdue Re-KYC cases. Monitor agent productivity, average session duration, and approval/rejection rates. When the RBI auditor asks for your Re-KYC compliance status, the answer is one click away.