Know your KYC

January 22, 2020

Update: April 25, 2020

  • SEBI put out this clarification on April 24, 2020 on the Know Your Client (KYC) process. It is in line with what we have described in the post below.
  • While we have explained authenticating AADHAR through DigiLocker, The Ministry of Finance has put out this notification on April 22nd allowing AADHAR authentication directly from UIDAI for Exchanges, Depositories, and RTAs. This means that a slightly faster non-DigiLocker route should be possible to authenticate AADHAR in the next few weeks for all SEBI registered intermediaries by partnering with any of the entities who have been given approval to authenticate directly in the gazette notification.

 

The KYC (Know Your Customer) process is the most important part of customer onboarding for any SEBI registered intermediary – Stockbrokers, Investment advisors (RIAs), Portfolio Managers (PMS), Asset Management Companies (AMCs), and more. The intermediary is required to obtain KYC details of the customer like PAN, Proof of Identity (POI), Proof of Address (POA), Bank details, and also perform In-person verification (IPV). These need to be validated by the intermediary and uploaded to the KYC Registration Agency (KRA). The customer can then use the KYC details available with the KRA to start a relationship with any other intermediary avoiding duplication of effort.

For an intermediary, not following the required KYC process would mean violating PMLA (Prevention of Money Laundering Act) apart from also violating the requirement set by SEBI and exchanges. Since the KYC details once uploaded are used by other intermediaries as well, it is important for all intermediaries uploading information to follow the requisite steps during KYC. In cases of financial fraud, the intermediary who performed the KYC and uploaded information can have serious repercussions if the KYC process wasn’t followed as mandated by SEBI. 

Traditionally, the KYC process was physical with an executive representing the firm meeting the customer and validating all the details being provided. As you’d imagine, it was not just a lot more expensive to onboard a client but also slowed down the growth of the industry significantly. Over the last 5 years, thanks to DigiLocker (for original digital IDs and documents), IMPS (for penny drop bank validation), and SEBI’s push towards digital onboarding, most client relationships today are started completely online without any executive having to meet customers in person. The digital process is not only faster but has a much better audit trail as compared to the physical alternative.  

As CEO of Zerodha and Rainmatter, I constantly get queries on KYC not only from other brokerage firms but also from startups trying to build a business around capital markets. We now have the experience of running completely online onboarding for nearly 4 years, having gone through multiple inspection cycles, and many instances where our KYC processes were scrutinized closely. With this experience, I thought of sharing what I think are the best practices to follow during the KYC process when allowing a customer to onboard completely online. 

The basic essence of KYC is to ensure that all the details provided by the customer are authenticated and verified against originals and that the details provided belong to a real person who is interested in opening an account.  While this might seem weird for many, money laundering is a huge problem in this country and is usually done by impersonating someone else or creating Benami accounts. This is the reason KYC is an important part of PMLA. This post is in the context of how to have a completely online KYC process while making sure that no financial fraudsters can onboard on the platform. 

Validating the authenticity 

Like I explained earlier, the following are the details that are required from a customer for the KYC process that also needs to be validated. 

  • PAN details 
  • Proof of Identity (POI)
  • Proof of Address (POA)
  • Bank account information
  • Person opening the account (In-person verification or IPV)

Before you read further, it is important to learn about DigiLocker, if you aren’t already aware. 

DigiLocker is a flagship initiative of the Ministry of Electronics & IT (MeitY) under Digital India programme. DigiLocker aims at ‘Digital Empowerment’ of the citizen by providing access to authentic digital documents to a citizen’s digital document wallet. The issued documents in DigiLocker system are deemed to be at par with original physical documents as per Rule 9A of the Information Technology (Preservation and Retention of Information by Intermediaries providing Digital Locker facilities) Rules, 2016 notified on February 8, 2017, vide G.S.R. 711(E).

Validating PAN

It is trivial for a fraudster to create the image of a PAN card with anyone’s details. There are also physical, fake cards that are so good that it is tough to spot it even if the fake PAN card is held in person. It is hence important that the intermediary doesn’t rely on just a scanned copy of the PAN. 

There are two ways to currently validate if the PAN details being shared is genuine or not. 

  • NSDL PAN verification service: PAN number and date of birth can be entered and the service returns if the PAN is valid or not, and the name as per PAN. 
  • DigiLocker: a customer can create a DigiLocker account, map his PAN and share the PAN through DigiLocker within the onboarding experience. Documents shared through DigiLocker comes with a digital signature by the issuer and by law can be considered as good as the original for electronic use.

PS: Even if the customer is onboarding physically, it is important that the PAN be validated using the NSDL PAN verification service. 

Validating POI & POA

POI is any document that carries the photo of the customer, name, and date of birth. The POA, in addition to the details required for the POI also requires the customer’s address. If the POA has all the required data, it can also be used as POI. Currently when onboarding customers online, there are only two documents which can act as POI and POA and can be validated. 

  • Aadhaar (masked copy)
  • Driving License (DL)

The reason only these two is because the customer can currently share digitally signed copies of Aadhaar and DL through DigiLocker which by law can be considered as the original document. UIDAI also has an offline e-KYC process through which details on Aadhaar can be shared as POI & POA, but is slightly more complicated to implement.

Through DigiLocker we also receive the photo of the person along with all the other details required for the proof to be considered as both POI and POA.  

There are platforms that require customers to upload a copy of Aadhaar and the details are validated using QR code on the Aadhaar code. The issue with this is that QR code doesn’t return the photo of the person and hence, like PAN, can’t be used as proof of identity (POI). Asking clients to create a DigiLocker account (if they don’t already have one), mapping their documents, and then sharing can be a reason for drop-offs. But currently, there is no other alternative.

Can PAN also be used as POI? 

Both, the NSDL and DigiLocker services for PAN, don’t share the photo of the person which is required for any document being used as POI. A fraudster can quite easily forge a PAN Card using his own photo on another person’s PAN Card and use it as POI. As such, PAN shouldn’t be relied upon as POI. Of course, you could match the photo of the scan copy of the PAN with Aadhaar or DL from DigiLocker and then accept it as POI. 

Validating the person opening the account (IPV or In-Person verification)

While documents from DigiLocker can be considered authentic, since it is an online, mobile OTP based process, it is not possible to know whether the person going through the process is actually the person described in the documents. Someone who has gained access to a person’s DigiLocker account and mobile phone can onboard pretending to be them.

Here, a video IPV can be performed to make sure that the person is alive and is indeed the person onboarding. This can be done in multiple ways. We at Zerodha send an OTP which has to be displayed by the customer during the IPV to make sure that it isn’t a pre-recorded video on the other side of the IPV. The face from the IPV is matched against the photo from the POI submitted. 

Validating bank account details 

Finally, it is important that the bank account that will be used to transfer and receive funds is also validated. Using IMPS, a fund transfer of a small amount (penny drop) can be initiated. This transaction returns the holder’s name and IFSC of the account number to which the money was transferred. This way, the bank account submitted can be validated to ensure that it belongs to the person opening the account. 

I am guessing the next question would be if all funds move in and out of the bank account which is already KYC compliant, shouldn’t SEBI take it a little easy on KYC? The capital market industry has been pushing for this, which saw the creation of a central repository of KYC (CKYC), similar to KRA but covering all intermediaries covered by SEBI, RBI, and IRDAI. The initiative is still not accepted by all the regulators as a central KYC repository and I am guessing we are still many years away from CKYC turning into a common KYC accepted by all intermediaries. 

By the way, we might soon have depositories (NSDL, CDSL) offering KYC as a service, where all the KYC processes mentioned above will be offered as a service. This should hopefully solve the KYC pain-point that all financial services businesses face today.

If there are any follow up queries, do post in the comments below. 

 

Best, 

Founder & CEO @ Zerodha


Post a comment




71 comments
  1. Mukesh says:

    Mera zerodha me Re-Kyc nai ho rja hai ab kya kare sir..

  2. Saravanan says:

    Kyc docment

  3. Rajesh says:

    Can the entire KYC process be completed without providing Aadhaar either through Digilocker or through masked copy?

    Is production of PAN and DL and in person verification sufficient?

  4. VIJAY JAIN says:

    how do i know my zerodha kyc uploaded documents complete and correct or not

  5. Sarika Akhare says:

    Hi, I am unable to contact anyone as my trade is completely closed. Please let me know the process.

  6. Ananthula Srinu says:

    Kyc

  7. Lakshmi.V says:

    sir,
    I have opened an account with zerodha in august and had done ekyc and IPV as required. But on the CVLKRA website the IPV status shows ‘E’. What does that mean and what do I have to do to get ‘Y’ under IPV status?
    Lakshmi

  8. Krishan kumar panday says:

    Zerodha me acount kholne par like kar Ata h your pancard all redy exists pls slove

  9. Dinesh Thomas says:

    it is very attractive

  10. Dinesh Thomas says:

    I will reactivation these account

  11. av says:

    Hey Nithin,

    Sorry to say this but your guys have done a shit-ass job of parsing the XML they get from digilocker. My address on my aadhar card is correct to the last t, but when your code imports it from there you mess it up badly, and you put me in Ghaziabad instead of Noida.

    Your customer support likely has no access to your tech team, so I’m leaving this comment here in the hopes that the marketing folks who operate this blog do see it and and get one of your programmers to have a look at that code.

    You made what was an otherwise seamless onboarding process for me, a nightmare once I got to know from CVLKRA that this mess has happened. Now two months in I’m regretting why I ever shifted brokers.

  12. Prateek says:

    When I’m filling PAN and DOB it is showing PAN verification failed.
    Please help why it is showing?

    • Matti says:

      Hey Prateek, this happens if we aren’t able to verify your PAN with the ITD. Please get in touch with our support team for help.

  13. zI says:

    Has Zerodha initiated AADHAR authentication directly from UIDAI ie. the non Digilocker route?

  14. Sunita says:

    Let me know that how can we open joint account online
    My mobile no. 7017149309

  15. Vinod says:

    My Re: KYC with AADHAR always fails because the AADHAR downloaded from Digilocker is not clear (XML to PDF conversion is not clear). How Can I fix this? Is there a way to physically mail the Re: KYC at the end of the process instead of digitally signing the document?

  16. Aditya Wad says:

    I have given all verification details still it is showing DOB not matching while account opening.
    If you are not capable return my amount paid for account opening.

  17. Jitendra Singh says:

    Kyc issue

  18. saswatachatterjee says:

    Why I can’t update my financial proof

  19. Subhadip Samanta says:

    Need to update KYC with my Email and Contact number.
    I have done the reKYC also but details are not updated in KRA.
    Due to this problem I am unable to open MF. It’s displaying my old Mail and Contact number which are actually not updated in KRA.
    In my place there is no AMC offices…
    Kindly help me to update my KYC.

    Thanks

  20. maninder Singh says:

    signature update your demat account. pls contact your dp for information ye likha aa rha hai ?kyc form ka mail b aa gya hai .ab muje kya krna hoga ? pls help

  21. Sneha sraang says:

    Me account open kari thi but jese fees 300/- pay kiya wese application close hua…..

  22. Rani Kumari says:

    My CKYC is not showing in my profile section.I had opened account in first week of November,2020.In second week ,I asked on support portal for the reason ,I got response in mail that its taking more time in kyc process due to COVID-19 situation,okay I understand but no update till November last week.Finally I requested for rekyc and it got approved on 30 November,2020.As of today its still not showing my ckyc number.I am not adding funds because of this to my account.I am not getting is it due to technical problem or document ation problem?

  23. Gajendra singh says:

    My name is wrong in my old pan so I have made new pan as per my aadhar so I have want to the new pan kyc in my Dmart account please new kyc procser tell me. Your faithfully Gajendra singh.

  24. ASHISH BISANI says:

    DOB updated in PAN card but during KYC , zerodha portal showing DOB mismatched. it is accepting old DOB. what to do ?

  25. RAVINDRANATH says:

    SIR, PLEASE ARRANGE FOR A ADDITIONAL SUPPORT EMAIL THROUGH WHICH A CUSTOMER CAN APPROACH TO COMMUNICATE THE FAQ NOT COVERED IN ZERODHA SUPPORT PORTAL. FOR EXAMPLE WHEN I AM INPUT MONEY IN COMMODITY SEGMENT IT REPEATEDLY WRONGLY GOES TO EQUITY SEGMENT. BUT WITHDRAWAL IS ALLOWED CORRECTLY.

  26. Arshad says:

    Hi,
    I am 22 years old but my pan card is minor and i want to create account on zerodha so can i upload minor pan with digilocker pan or i HAVE TO make my pan card major and then create an account??

    Thanks for reading.

  27. Senthil says:

    My DOB was wrongly updated in KYC. How do rectified?

    • Pavan says:

      Yes, even I am facing the same issue,
      Please help, there are no centers here near my town to update cvl kra, Is there a way we can do it after opening the account..?

  28. Akshay Kokate says:

    Sir my account is dormant(SA0375) Equity Cash. I have done ekyc for that and have been approved but still orders are rejected how to activate please guide.

  29. pruthiraj Das says:

    Sir my account RP 7695 is dormat.I tried to ekyc but failed.How my account acctive.

  30. Abhishek verma says:

    Hi,

    I would like to update my Zerodha account address online. Can it be done through Aadhaar based e-kyc process?

  31. Raja says:

    Hello, how much time does it take for address to change in KRA records after we have done re-kyc in Zerodha?

  32. Ravi kant says:

    How do i complete kyc as the phone number which was registered on aadhar card is no more in use and it become difficult to correct as only few govt bodies has authority of corrections and there are lot rush their i m trying from 2 weeks…

  33. Savitri says:

    Hi, thanks for the really informative post! For this entire process, do I need to be registered as a sub-KUA?

    • Savitri Bobde says:

      Hi,
      Also, if we are following this process, where do we get the client sign from to send to RTAs in the Account Opening Form? That is required by CAMS at least. In this process, is the physical sign then not required?

      Thanks!

  34. Sayyed Rehman says:

    Hi Nithin
    My user ID is DM1967, I’m a active client having commodity and trading account since 2015. Now I want to trade in equity as per rules I fill the demat application form and send to zerodha HO which was received by zerodha team on 13th Aug 2020 and also done ekyc successfully but not yet open my demat yet and not even received any updation regarding my account inspite of repeatedly reminder.
    Please me to solve is issue as soon as possible.

  35. Krishna says:

    Hi Zerodha Team,

    I submitted my documents in-person in CAMS office for KYC. It is still under progress and not sure how long it would take because of the COVID situation. I want to open a Zerodha demat account and have been waiting for KYC to be complete. Can I go ahead and do an online KYC through Zerodha and open the account, would it be faster and would it create any conflict?

    Thanks!

  36. Virag says:

    My PAN card has first and last name whereas Aadhaar card has only first and PAN card has real DOB which is noteworthy in all documents whereas Aadhaar card has second. So, can there be a bottleneck in doing e-kyc?

    • Matti says:

      There is a chance that you will have some difficulty, yes. Best update your Aadhaar to accurate information.

  37. ImvestingMuni says:

    Hi,

    Name in pan card has first and last name where as aadhar has first name and initials(first letter of last name). Bank account name is same as in aadhar. Will there be a problem in kyc process? Which one needs to be corrected for kyc to be smooth?

  38. Siddharth says:

    Hi,

    I am currently working on building a digital onboarding solution for Mutual Fund investors and had a major doubt. In case of a completely new investor ( with no KRA KYC done) would fetching the e-PAN and its details (through Digilocker) and sharing the same with the KRA be valid enough as a Proof of PAN and/or Proof of Identity? Had a doubt here since the Digilocker version of the PAN does not have any image of the person.
    Or is a scanned image of the physical PAN necessary for this? (Since Zerodha asks us to upload a copy of the PAN seperately, instead of fetching it like the Aadhaar from Digilocker)

    Regards

    • Matti says:

      PAN cannot be used as a proof of identity, as explained in the post above. You need to take a picture of the PAN simply to validate against the details you fetch from NDSL/DigiLocker.

  39. Saurabh Sinha says:

    Whan I was opening my account it said “You’re already KYC verified”, Where as I have never given ay KYC documents to Zerodha. How is this possible.? From where did Zerodha fetch my details of KYC?

    • Matti says:

      Hey Saurabh, once you enter your PAN and DoB, these details can be fetched from the KRA.

      • Saurabh Sinha says:

        If my data is fetched from the PAN server, how come my address is fetched wrong.? If you can explain plz.

        • Matti says:

          Hey Saurabh, it’s not fetched from the PAN database, it’s fetched from the KRA database, which means a previous KYC that was done for you is fetched. If the address is incorrect in the old KYC, that is what is fetched.

          • SIPAK says:

            Tere are so many KRA registered in SEBI, so how can i know that you collect my address from particular KRA,
            so that we can change it,,, or how i can change my old address in mentioned KRA

  40. Praveen Kumar says:

    After initiating account opening process the call started coming. How can we know that it’s the genuine call from your company?

  41. Chandrashekhar Gowda says:

    How do we validate video IPV in case of twins?

  42. Ramesh Babu says:

    Excellent. you are the only person who shares knowledge with everyone in the financial market. Hats off to you sir. Great Work. Your blog is like an encyclopedia for the financial market. Heartfull thanks to you sir for the updations.

  43. Krishna Prasad says:

    Hey Nithin,

    Thanks for this. I am building a MF investing platform. I was checking out all the online MF platforms, they don’t seem to be following the steps you have suggested. They just ask for scan copy of POI and POA, which I am guessing can’t be validated like you have mentioned. There is also no Video IPV. Does that mean they are not compliant?

  44. Falak Kalyani says:

    Hi Nithin, really appreciate your thoughts for spreading the knowledge. Few thoughts and suggestions here.

    Why don’t you leverage your tech by providing seamless client onboarding (non-kyc too) in MF to distributors? They cover large portion of market esp. in rural.

    In connection to the same, adding insurance product (life and general) to distributors and direct of multiple companies through same platform will complete the basket. We have e-insurance account platform for that too.

    Lastly, connecting the dots by becoming Account Aggregator.

    Just a suggestion. BTW you are doing great work.

    -Falak

  45. Raj Kumar says:

    Thanks a lot, this is very helpful.