V-CIP stands for Video-based Customer Identification Process. It is the Reserve Bank of India's official regulatory framework that allows banks, NBFCs, and other regulated entities to verify a customer's identity through a live video interaction instead of requiring them to be physically present at a branch. First introduced in the RBI's Master Direction on KYC in January 2020, V-CIP has since become the backbone of digital customer onboarding across India's financial services industry.
The Origin of V-CIP: RBI Master Direction 2020
Before V-CIP, the only way to complete KYC for a new banking relationship was through In-Person Verification (IPV) -- a customer had to physically appear before an authorized official with original documents. The RBI recognized that this requirement was a significant bottleneck to financial inclusion and digital banking adoption, particularly in a country where millions of potential customers live far from the nearest bank branch.
On January 9, 2020, the RBI issued an amendment to its Master Direction on KYC (Direction DBR.AML.BC.No.18/14.01.001/2019-20) introducing V-CIP as an officially recognized method of Customer Due Diligence (CDD). This was a landmark regulatory decision -- for the first time, a live video call conducted over a compliant platform would carry the same legal weight as a face-to-face meeting at a bank branch.
The timing proved prescient. When the COVID-19 pandemic forced branch closures across India just two months later, V-CIP became the only viable path for customer onboarding. Institutions that had invested in V-CIP infrastructure early were able to continue operations, while those that had not scrambled to build or procure compliant systems. The pandemic accelerated V-CIP adoption by years, and by 2022, it had become the default onboarding channel for most digital-first financial institutions.
Mandatory V-CIP Requirements Under RBI Guidelines
The RBI's framework is specific about what constitutes a valid V-CIP session. These are not suggestions -- they are mandatory requirements, and failure to meet any of them can invalidate the verification and expose the institution to regulatory action.
Geo-Tagging
The customer's geographic location must be captured during the video session through GPS coordinates. This serves two purposes: it creates an audit trail confirming where the customer was physically located during verification, and it enables the institution to flag sessions originating from unexpected locations. For domestic account opening, the customer must be connecting from within India. The geo-coordinates, along with a timestamp, must be stored as part of the permanent session record.
Liveness Detection
The V-CIP platform must employ technology to confirm that the person appearing on the video call is a live human being, physically present at the time of the session. This requirement exists to prevent impersonation through photographs, pre-recorded videos, masks, or deepfake technology. Liveness detection must operate in real-time during the session. The RBI does not prescribe a specific technology, but the industry standard combines active challenge-response (asking the customer to perform random actions) with passive AI-based analysis (continuous assessment of facial micro-movements, skin texture, and depth perception).
Customer Consent
Before the video session begins, the customer must provide explicit, informed consent for the verification process. This consent must cover: the recording of the video session, the capture and storage of document images, the collection of biometric data (live photograph, potentially fingerprint or iris if using Aadhaar biometric authentication), geo-location capture, and data processing for verification purposes. The consent must be recorded -- either through a digital signature, an OTP-based confirmation, or a clear verbal statement captured in the video recording.
Indian IP Address
For domestic account opening, the customer's internet connection must originate from an Indian IP address. This is a technical control to prevent cross-border fraud and ensure that the verification is being conducted within India's jurisdiction. The system must detect and block VPN connections that mask the customer's actual location, as well as proxy servers and TOR exit nodes.
OVD Verification
The customer must present Officially Valid Documents (OVDs) during the live video session. The authorized official must visually examine the original documents displayed by the customer and verify their authenticity. Simultaneously, the platform must perform electronic verification of the documents -- Aadhaar through UIDAI's authentication service and PAN through NSDL/Protean's verification API. The live photograph captured from the video must be matched against the photograph on the identity document.
Authorized Official
The video session must be conducted by an official who has been specifically authorized by the regulated entity for V-CIP. This is not a general authorization -- the institution must maintain a list of V-CIP-authorized officials, and each session record must identify which official conducted the verification. The official must be trained in document verification, fraud detection, and the regulatory requirements of V-CIP. Their assessment and decision (approve, reject, or escalate) forms a critical part of the audit trail.
V-CIP vs VIPV vs VBIP: Understanding the Regulatory Landscape
One of the most common sources of confusion in the Indian financial services industry is the proliferation of similar-sounding video verification frameworks issued by different regulators. While they share the same underlying concept -- verifying identity through video -- each framework has distinct requirements and applies to different types of entities.
V-CIP (RBI)
Video-based Customer Identification Process is the RBI's framework, applicable to banks, NBFCs, payment banks, small finance banks, housing finance companies, and other RBI-regulated entities. V-CIP requires a live video interaction conducted by an authorized official, with real-time document verification, liveness detection, geo-tagging, and comprehensive audit trail creation. It is the most detailed and prescriptive of the three frameworks.
VIPV (SEBI)
Video In-Person Verification is SEBI's equivalent for securities market intermediaries -- stockbrokers, depository participants, mutual fund distributors, and portfolio managers. Introduced through SEBI Circular SEBI/HO/MIRSD/DOP/CIR/P/2020/73, VIPV allows intermediaries to verify client identity through a video call. While conceptually similar to V-CIP, VIPV has some differences: it allows the video to be recorded and verified by a separate official (not necessarily the one on the call), and the technology requirements are somewhat less prescriptive than the RBI's framework.
VBIP (IRDAI)
Video Based Identification Process is IRDAI's framework for insurance companies. Applicable to life insurers, general insurers, and health insurers, VBIP was introduced to enable remote policy issuance and claims verification. IRDAI's framework places additional emphasis on the insurance-specific context -- for example, verifying the proposer's identity for high-value life insurance policies and conducting video-based verification for claim settlement in cases where physical verification is impractical. The technology requirements broadly align with V-CIP but include insurance-specific documentation and disclosure requirements.
Technology Infrastructure Requirements for V-CIP
Building or procuring a V-CIP-compliant platform requires meeting specific technology standards. The RBI does not endorse specific vendors, but the guidelines imply a minimum technology stack that institutions must have in place:
Video infrastructure: WebRTC or equivalent real-time communication protocol capable of maintaining stable, low-latency video at a minimum resolution of 720p. The connection must use end-to-end encryption (TLS 1.2 or higher) with certificate pinning to prevent man-in-the-middle attacks.
AI and ML capabilities: Liveness detection models (both active and passive), face matching algorithms (comparing the live face against document photos), OCR for document data extraction, and increasingly, deepfake detection models. These must operate in real-time with latency under 2 seconds.
Integration APIs: Connections to UIDAI (for Aadhaar verification), NSDL/Protean (for PAN verification), and potentially CERSAI, CKYC registry, and other government databases. These integrations must be secure, reliable, and capable of handling verification requests in real-time during the video session.
Storage and compliance: Encrypted, tamper-proof storage for video recordings, document images, audit logs, and session metadata. Storage must comply with Indian data localization requirements (data must reside within India) and support retention periods of 5-8 years. Access controls must ensure that only authorized personnel can retrieve session records.
Agent workspace: A dedicated interface for verification officials that integrates all session data -- video feed, AI outputs, document verification results, geo-location, and customer application details -- into a single, efficient workspace. The interface must support real-time decision-making and include tools for flagging, escalating, and annotating sessions.
V-CIP Compliance Checklist
For institutions implementing or auditing their V-CIP process, here is a comprehensive compliance checklist based on current RBI requirements:
- Live, real-time video interaction (not pre-recorded or asynchronous)
- Session conducted by an officially authorized V-CIP official
- AI-based liveness detection (active and/or passive) operational during session
- GPS geo-tagging of customer location captured and stored
- Customer IP address verified as originating from India
- Explicit customer consent obtained and recorded before session start
- OVDs (Aadhaar, PAN) displayed and visually verified during video call
- Electronic verification of Aadhaar (UIDAI) and PAN (NSDL) completed in real-time
- Live photograph captured from video feed and matched against document photo
- Complete video recording stored with end-to-end encryption
- Comprehensive audit trail with timestamps, AI scores, and official decision rationale
- Data stored within India with minimum 5-year retention (8 years recommended)
How BASEKYC is V-CIP Ready
BASEKYC was built from the ground up around the V-CIP framework. Rather than retrofitting a generic video calling tool for compliance, we designed every component of our platform to meet V-CIP requirements natively. Every session conducted through BASEKYC automatically satisfies the full compliance checklist above -- geo-tagging, liveness detection, consent capture, document verification, encryption, and audit trail generation happen seamlessly within the workflow, not as bolted-on afterthoughts.
For institutions that also operate in the securities or insurance space, BASEKYC supports configurable compliance profiles. You can run V-CIP sessions for banking customers, VIPV sessions for demat account holders, and VBIP sessions for insurance policyholders -- all from the same platform, with each profile enforcing the specific requirements of the respective regulator.
Our compliance team continuously monitors regulatory updates from the RBI, SEBI, and IRDAI, and our platform is updated proactively when requirements change. When the RBI issues a new circular or amends V-CIP guidelines, BASEKYC customers receive updated platform configurations before the compliance deadline -- not after. This means your team can focus on serving customers while we handle the regulatory complexity.