Despite multiple warnings and committee recommendations, the Reserve Bank of India (RBI) continues to evade the core issue: issuing clear, enforceable directions to banks on resolving the continued harassment of customers over know-your-customer (KYC) updates and arbitrary account freezes.
India’s banking regulator has never lacked committees, circulars, or proclamations about its commitment to consumer protection. Over the years, it has introduced internal and external ombudsmen, mandated customer service committees at banks, and published customer charters—each touted as an achievement in its annual reports. In March this year, governor Sanjeev Malhotra delivered a fiery speech, where he recounted the famous Nordstrom tyre story, and asserted that even a single customer complaint is unacceptable. His words raised hopes; but, as I pointed out in my column, it was unclear if this intent would finally translate into action.
Two months later, RBI has issued an undated draft circular inviting public comments on proposals to simplify KYC requirements—particularly for those whose accounts were opened under the Pradhan Mantri Jan Dhan Yojana (PMJDY).
Anyone who has searched online for ‘KYC updation’ will find thousands of horror stories involving frozen accounts and repeated bank visits, despite the mandatory obligation on banks to send three warning notices. But RBI appears satisfied with simply tweaking the rules and offering minor concessions, instead of a concrete, enforceable framework with strict accountability. The draft circular, once again, stops short of instituting standard operating procedures (SOPs), timelines, or penalties for violations by banks.
While RBI repeatedly asserts its commitment to consumer protection, its reluctance to make banks accountable is puzzling. A high-level committee on customer services, chaired by former deputy governor BP Kanungo produced an excellent report in 2023 that covered nearly every friction point faced by bank customers, including KYC, transmission and inheritance. It recommended model operating procedures, standardised claim forms, rationalised documentation, customer awareness initiatives and automation of KYC reminders to make them traceable. Crucially, it emphasised that banks had no right to freeze accounts arbitrarily.
The Latest Draft: What’s New?
Two years later, RBI is amending the KYC rules for the 16th time since issuing its master directions in 2016. Yet again, the measures fall short of what is required to end customer harassment. One reason is that banks have failed to fully integrate data with the central know your customer registry (CKYCR) which the RBI governor mentioned in his speech. Top RBI officials now say this integration may take ‘years’ because banks use hundreds of apps and different vendors who are not fully integrated into their core banking systems.
Ironically, most bank apps are aggressively pushing users to link their accounts, credit cards and payments—ostensibly for convenience, but primarily in their own interest, to give themselves comprehensive access to a customer’s financial profile. Why don’t we see the same drive to ensure seamless KYC compliance?
Let’s examine the RBI’s key proposals.
1. One-year Breather for KYC
The big concession offered in RBI’s draft proposal is to allow customers classified as ‘low-risk’ to operate their accounts for one more year—even if their KYC is overdue—until 30 June 2026, or one year from the due date, whichever is later. Banks have to monitor these accounts for suspicious activity without freezing them. However, RBI has not clarified whether banks must unfreeze accounts that are already locked. Will this ensure that this vulnerable segment—largely direct benefit transfer (DBT) beneficiaries and Jan Dhan account-holders—is not subjected to continued cruel injustice? Moneylife Foundation’s study on KYC hardships documented numerous cases of frozen accounts disrupting welfare payments to the poor. Fixing this requires a lot of work.
2. Banking Correspondents to the Rescue?
RBI wants to empower banking correspondents (BCs) to facilitate KYC compliance by verifying documents, collecting self-declaration documents, helping perform e-KYC and issuing acknowledgments. On paper, this sounds promising. In reality, BCs have frequently faced serious complaints about cheating rural customers. They have been accused of charging illegal fees, earning illegal commissions through ghost transactions, delaying payments and falsifying records. These issues and poor grievance mechanisms have been flagged by RBI’s own committees. Yet, the draft circular makes no mention of safeguards or oversight mechanisms.
Moneylife Foundation has pointed out that the unique identification authority of India’s (UIDAI’s) plan to set up Aadhaar SevaKendras—modelled after the highly successful Passport SevaKendras run by TCS (Tata Consulting Services)—offers a far more robust and accountable solution. RBI, which has over Rs72,000 crore in its depositor education and awareness fund (DEAF), could collaborate with UIDAI or independently create customer service ‘Kendras’. These centres would serve the purpose far better than RBI’s vague directive to banks to conduct ‘KYC awareness campaigns’ and KYC updation camps.
3. Traceable Notices—Still No Compensation
Banks are required to send three reminders for KYC updates. RBI now wants one reminder to be a physical letter and for all notices to be logged digitally in bank systems. While this may help customers escalate issues to the ombudsman, it still stops short of holding banks accountable. No provision is made for compensation in cases where accounts are frozen without due notices. The absence of deterrents will perpetuate a culture of impunity.
4. Easing Address Requirements
The draft allows a self-declared current address that differs from UIDAI records and enables digital KYC through ATMs, net banking, letters, or BCs. Again, while this looks good in theory, the technology does not support smooth implementation. My own recent experience with KYC updates showed that practices across banks vary. The CKYCR systems may also be a problem. In one instance, the system even accepted two identical addresses uploaded by a bank as the old and updated one. Clearly, the backend infrastructure may also be inconsistent and unreliable. If India’s financial capital struggles with implementing these rules, what chance do rural areas have—where internet access, staff and infrastructure are all lacking?
The Real Issue: No Accountability
What’s truly meaningful in this draft circular? Only the one-year reprieve from account freezing. Even here, the burden of compliance continues to fall on consumers. RBI must mandate that banks create seamless systems, establish grievance redress protocols and set up permanent infrastructure—like SevaKendras—to help customers update their KYC with dignity and ease during this one-year period. Until then, banks should be prohibited from freezing accounts on KYC grounds. Draft rules and master directions mean little when not backed by enforceable systems and consequences for failure.
The real tragedy is that RBI knows exactly what needs to be done. Its own Kanungo committee is clear that banks simply cannot freeze customer accounts. Yet, instead of acting decisively, RBI continues to issue unworkable directions without any accountability, while customers continue to suffer.
Comments
Girish Mittal
1 month ago
Two points are important in RBI KYC circular (not the draft one):
(a) You can give self declaration that there is no change in KYC and banks have to accept it.. However, banks are not accepting the same - Axis, IndusInd, RBL are not accepting declaration based ReKYC. Matter pending with Ombudsman. HDFC did not initailly accept - but then sent a declaration form, which did the ReKYC. We all should insist on doing declaration based ReKYC - as most times there is no change. Ujjivan is the only bank, which provided option to send an email for no change declaration.
(b) CKYC - even if there is change in any KYC - if it has been updated - banks should do the change based on CKYC- for which they have unfettered access and they have to update mandatorily - based on ML guidelines. ICICI is the only bank in my experience who updates the address based on any change in CKYC without any action from the customer, which is better than the best.
Dear Sucheta Dalal
The article is incisive.
Is it not possible for someone like you to connect with top government officials and let them hear your views and suggestions?
Individuals are scurring in old age just for KYC all the time.
Sucheta you are the only beacon for the Indian masses who are being fooled cheated and harrassed every day every moment with impugnity . It seems MODI is trying to TERRORISE people to even go the banks and make withdrawls as the withdrwals are going to be tortured through denials like signatures differ. The bank staff are not trained on how to tally the signatures and there are proper protocols to be followed for signature tallying which the trained staff does not follow .Please launch a page where all customer grievances are recorded and indexed for public awareness campaign .
Sucheta you are the only beacon for the Indian masses who are being fooled cheated and harrassed every day every moment with impugnity . It seems MODI is trying to TERRORISE people to even go the banks and make withdrawls as the withdrwals are going to be tortured through denials like signatures giffer. The bank staff are not trained on how to tally the signatures and there are proper protocols to be followed for signature tallying which the trained staff does not follow .Please launch a page where all customer grievances are recorded and indexed for public awareness campaign .
The malaise in regulation, in general, is that regulators (whether RBI or SEBI) think that everything else around them is a cause of malfunction but not themselves. It's very clever and scheming ploy. By forming committees, inviting for public comments, this and that, they engage in intellectual masturbation and pretend that they are trying to solve a problem (that they created) in the garb of "consumer protection". This reminds me of a Monty Python skit long time back.
One more issue related to this is mule accounts opened and routing fraudulent transactions. In this case both the remitter and beneficiary are handling in glove and banks are made to pay even if accounts are KYC compliant at the time of opening the account and the customer becomes untraceable after the transactions.
Even in classes where funds are available they can be reversed with the revoking order from the authorities who have advised for blocked the account.
Another issue related to this is that the insurance for debit confirmation from the customer. Another impediment to banks is how along to wait for the untraceable customer.
Genuine customers suffer and Banks are help less fraudsters are becoming cash rich.
Many more issues related to this have no proper SOP or guidance
The KYC is done when the account is opened. It is the bank's responsibility to ensure that the person is who s/he say they are. Thereafter, if the person updates the driving licence or passport when it is renewed, it should be sufficient for a re-KYC. Only if it is a Aadhaar which is perpetual, a renewal should be asked for every 5 /10 years.
Banks are forcing Aadhaar based KYC for almost everything, even during branch visits. They refuse to accept other OVDs like driver’s license or voter ID. RBI doesn’t seem to want to act on this either. If you’re providing feedback to RBI, please emphasise that all OVDs must be accepted and treated equally, and that REs must not force or choose one OVD.
In the case of Current Accounts opened online, the customer has one year time to submit additional supporting documents for verification. Do the Banks complete this verification within an year. During this first year if there is a fraudulent activity in the account (by the account holder) the BANK must be made answerable for the lapse.
2. In case of Cyber Frauds
The Banks say customer “Not Traceable” in the KYC -VERIFIED ACCOUNTS. What is the use of KYC?
Excellently articulated the reality. You have rightly highlighted the inherent risks in engaging the Business Correspondents for KYC-related confirmations
1. An effective way to automate the periodic KYC reconfirmations is to mandate all banks to designate a ReKYC email ID and a mobile number with missed call from regd mobile no. to submit confimation for all cases with no change of data., where each of the joint account holders can also confirm from any location.
2. Alternate long term solution is to develop a periodic KYC identifier system similar to Aadhaar authenticated JeevanPramaan for pensioner life certificate every year, which can be pulled by any bank system which needs to validate a ReKYC. IBA can even out source this electronic online process to NSDL Protean, CAMS, Kfintech etc where each PAN or Aadhaar can be certified for KYC reconfirmation, which can be pulled by any bank on need basis with a nominal charge paid to the agencies for each txn. Many financial instituions are doing something similar with CERSAI which should be good to go for all banks.
The author has done an excellent job in bringing out the deficiencies and issues in the implementation and adherence of KYC in banks . It is really unfortunate to observe that the basic issue of updating and stabilising the KYC even after it’s inception of more than two decades back has been evading the regulator’s care and supervision despite with the backing of several committees findings , suggestions and practical recommendations . The net result is Customers suffer , banks suffer more and the regulators suffer the worst for want of adequate checks and balances to fix the lapses , accountability and ensure that the strict observance of KYC norms adds to the strength of banks and turns out to be a win win situation for all stake holders particularly customers and the regulators .
Of course, RBI is not interested in accountability.
It was obvious that some officials in RBI were responsible for ignoring the precarious situation in a bank, as a recent article in MLF pointed out, that led to enormous losses for shareholders and customers.
Yet, there was no investigation and no one was held accountable.
Unless the rot within RBI is exposed and rooted out, nothing will change.
If everything goes smoothly then where is the opportunity for malfeasance.
Rbi is an expert in washing down hands. In no circular you will find anything moving upwards from regulated entities to regulator, as a routine check or for purposes of verification. More than 2,000 commercial and Co operative banks under its regulations. It regulates not by technology, but vide paltry penalties at time of audit.
In a candid interview with The Indian Express, Tuhin Kanta Pandey, the newly-appointed chairman of the Securities and Exchange Board of India (SEBI), acknowledged a significant lapse in the regulator's transparency standards. He noted...
Unchecked fraud in initial public offerings (IPOs), especially listings by small and medium enterprises (SMEs) should set off loud alarm bells for retail investors, especially those hunting for multi-bagger in this segment. As many as...
Fiercely independent and pro-consumer information on personal finance.
1-year online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
30-day online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
Complete access to Moneylife archives since inception ( till the date of your subscription )
(a) You can give self declaration that there is no change in KYC and banks have to accept it.. However, banks are not accepting the same - Axis, IndusInd, RBL are not accepting declaration based ReKYC. Matter pending with Ombudsman. HDFC did not initailly accept - but then sent a declaration form, which did the ReKYC. We all should insist on doing declaration based ReKYC - as most times there is no change. Ujjivan is the only bank, which provided option to send an email for no change declaration.
(b) CKYC - even if there is change in any KYC - if it has been updated - banks should do the change based on CKYC- for which they have unfettered access and they have to update mandatorily - based on ML guidelines. ICICI is the only bank in my experience who updates the address based on any change in CKYC without any action from the customer, which is better than the best.
(b)
The article is incisive.
Is it not possible for someone like you to connect with top government officials and let them hear your views and suggestions?
Individuals are scurring in old age just for KYC all the time.
Even in classes where funds are available they can be reversed with the revoking order from the authorities who have advised for blocked the account.
Another issue related to this is that the insurance for debit confirmation from the customer. Another impediment to banks is how along to wait for the untraceable customer.
Genuine customers suffer and Banks are help less fraudsters are becoming cash rich.
Many more issues related to this have no proper SOP or guidance
2. In case of Cyber Frauds
The Banks say customer “Not Traceable” in the KYC -VERIFIED ACCOUNTS. What is the use of KYC?
2. Alternate long term solution is to develop a periodic KYC identifier system similar to Aadhaar authenticated JeevanPramaan for pensioner life certificate every year, which can be pulled by any bank system which needs to validate a ReKYC. IBA can even out source this electronic online process to NSDL Protean, CAMS, Kfintech etc where each PAN or Aadhaar can be certified for KYC reconfirmation, which can be pulled by any bank on need basis with a nominal charge paid to the agencies for each txn. Many financial instituions are doing something similar with CERSAI which should be good to go for all banks.
It was obvious that some officials in RBI were responsible for ignoring the precarious situation in a bank, as a recent article in MLF pointed out, that led to enormous losses for shareholders and customers.
Yet, there was no investigation and no one was held accountable.
Unless the rot within RBI is exposed and rooted out, nothing will change.
If everything goes smoothly then where is the opportunity for malfeasance.