RBI introduced essential amendments to the Master Direction on Video KYC, reinforcing the importance of KYC in financial transactions and introducing Video KYC as a modern and secure method of customer identification for Banks, NBFCs, and other financial entities.
It is a significant step to enhance security and streamline the Know Your Customer (KYC) process through the Video-based Customer Identification Process (V-CIP).
This amendment’s major focus is on the Customer Due Diligence (CDD) process of improving KYC guidelines including Video KYC and Facial recognition systems. It allows businesses to adhere to CERT-in (The Indian Computer Emergency Response Team) compliance standards while onboarding new customers on their platform.
Download Free eBook : RBI’s New Compliance for Video KYC Guidelinee (2024)
What is Video KYC?
Video KYC or "Video-based Customer Identification Process (V-CIP)" refers to an alternative method of customer identification utilized by regulated entities (REs). This process involves the use of facial recognition technology and customer due diligence conducted by an authorized official of the RE. It entails a seamless, secure, live, informed-consent-based audio-visual interaction with the customer to gather the necessary identification information required for Customer Due Diligence (CDD) purposes.
RBI Video KYC Guidelines
What are the RBI guidelines on video KYC?
RBI Video KYC (Know Your Customer) is a method introduced by the Reserve Bank of India (RBI) to enable banks and other financial institutions to verify the identity of their customers remotely through video conferencing. This process allows customers to open accounts or avail various financial services without physically visiting a branch.
With Video KYC, customers can complete the KYC process from the comfort of their homes or offices using a smartphone or computer with internet connectivity. During the video call, the customer interacts with a bank representative who verifies their identity by asking for relevant documents and conducting necessary checks. This method is aimed at enhancing customer convenience while ensuring compliance with regulatory requirements for identity verification.
Which Fundamentals Regulation are Matters for Video KYC your app?
It's essential for all Regulated Entities as well as First Layer Video based Infrastructure provider who provides video banking service to all major Banks, Fintach, Payment aggregator and NBFCs to adopt these changes swiftly to ensure compliance and security in today's digital age. These measures not only protect customers but also strengthen the overall integrity of financial institutions and businesses.
🛡 Cyber Security & Frameworks
The REs should have complied with the RBI guidelines on the minimum baseline cyber security and resilience framework for banks. The infrastructure, including application software and workflows, should be regularly upgraded.
🌐 Spoof IP detection
To ensure the security and integrity of the V-CIP infrastructure/application, it must possess the capability to prevent connections from IP addresses outside of India or from spoofed IP addresses. This measure is essential in safeguarding against potential threats and unauthorized access, thereby enhancing the overall security of the system.
🔒 Seamless, Secure and Visual infrastructure
Financial institutions and regulated entities (REs) are required to verify the identity of their customers using secure and live, Informed-consent-based audio-visual seamless interactions. This process includes facial recognition and customer due diligence conducted by an authorized official of the RE. The official interacts with the customer to gather the required identification information for customer due diligence (CDD) purposes.
🔐 End-to-end encryption for protecting customer data
The RE shall ensure end-to-end encryption of data between the customer device and the hosting point of the V-CIP application, as per appropriate encryption standards. The customer consent should be recorded in an auditable and alteration-proof manner.
📍 Geo-tagging of customer interactions
The video recordings should contain the live GPS coordinates (geo-tagging) of the customer undertaking the V-CIP and the date-time stamp. The video recordings will serve as a reliable and secure source of evidence for the V-CIP procedure. This will provide a comprehensive V-CIP process record and help verify the customer's identity.
📸 Face-to-face CIP (Customer Identification Process)
The significance of Video-based KYC or V-CIP treated with Face-to-Face customer identification for regulatory purposes components with face liveness/spoof detection as well as face-matching technology with a high degree of accuracy, especially in the context of digital banking and remote customer onboarding, even though the ultimate responsibility of any customer identification rests with the REs.
Why CERT-in And VPAT Are Confidential Compliances For Video KYC Software?
It's essential for all Regulated Entities (REs) as well as First Layer Infrastructure (FLI) provider who provides video banking service to all major Banks and NBFCs, to adopt these changes swiftly to ensure compliance and security in today's digital age.
CERT-in Compliances
CERT-in is the national nodal agency for responding to cyber security incidents. CERT-in stands for The Indian Computer Emergency Response Team. It performs in the area of collection, analysis, and dissemination of information on cyber securities. Such tests should also be carried out periodically in conformance with internal/regulatory guidelines.
VAPT and Security Audits
To ensure the security and authenticity of video KYC software, every business should prioritize the use of Vulnerability Assessment and Penetration Testing (VAPT) and security audits. These measures are essential for independent verification of provided information and maintaining a secure audit trail. By conducting VAPT and security audits, businesses can identify and address any critical issues before implementing their video KYC software, ensuring its robustness and security.
Data Localization
To ensure data security and compliance, every business should host its software on Indian data servers. This includes conducting appropriate tests for functional, performance, and maintenance strength before using the V-CIP application software and its relevant APIs/web services in a live environment. It is also important to conduct periodic tests by internal regulatory guidelines to ensure compliance with data localization requirements.
Conclusion
RBI video KYC guidelines emphasize the importance of conducting necessary tests. Many Indian infrastructures shall undergo required tests such as Vulnerability Assessment, Penetration Testing, and a Security Audit to ensure their robustness and end-to-end encryption capabilities. Any critical gap reported under this process shall be mitigated before rolling out its implementation. It is recommended to conduct these tests with the empaneled auditors of the Indian Computer Emergency Response Team (CERT-In) periodically by internal and regulatory guidelines.
For detailed information and guidance on RBI's V-CIP and KYC updates, you can visit the official website of the Reserve Bank of India.
You can talk with our team if you have any questions regarding CERT compliance or Video KYC your app.
