When Unique Customer IDs Are Not Really Unique, Bank Customers Are Inevitable Victims
Every day, thousands of customers across the Indian banking system find that they have lost access to their own money because the bank has unilaterally ‘frozen’ their account for delay in updating their know-your-customer (KYC) details. This is done under the anti-money laundering rules foisted on the banking system by the finance ministry which require banks to allocate a unique customer ID code (UCIC) per customer and to ensure regular updation of KYC data, based on risk profile. Would it surprise you to know that banks still do not have unique customer IDs allocated to every customer, 11 years after the Reserve Bank of India (RBI) directed them to do so (https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=7263&Mode=0)? Or that banks, sometimes, allot more than one UCIC, defeating the very purpose of the anti-money laundering rules?
 
I stumbled upon this fact, when a private bank customer, Sudhir Desai (name changed) insisted on an answer to why his re-KYC happened smoothly in two accounts where he was a single holder, but not in the joint account that he held with his wife, which required a tedious process. After persistent follow-up failed, Moneylife Foundation intervened on his behalf and the bank responded to say that joint accounts are treated as ‘separate customer ID (code)’ requiring additional documents. It is understandable that the bank requires documents for the joint–holder; but how do you explain a second customer ID code for the same person? What happens to the concept of ‘unique’ customer ID in such cases?
 
The absence of unique IDs defeats the very objective of tracking all customer information and engagements with the bank (savings accounts, current accounts, credit cards, auto loans, demat account, home loans, etc). It also makes the harassment over KYC updation even more egregious. Unfortunately, neither the finance ministry, nor the RBI is aware of the enormity of the issue or its complexity. And what they don’t acknowledge, needn’t be fixed, no matter the hardship unleashed on customers. 
 
Unsurprisingly, I did not get credible answers even from the senior-most levels at the RBI, or from senior central bankers (retired) who I queried. RBI’s response conveniently skipped the point about a ‘separate customer ID’, merely repeating that the joint-holder would need to submit KYC documents, if not done at the respective UCIC level. 
 
How and why is the banking system carrying on with what seems to be an antiquated system?
 
The mystery was, finally, unravelled to me by a senior software expert who has written core banking software and overseen its installation in some of the largest banks in India, Canada, USA and Australia. He admits there is a huge problem about allocation of UCICs and traces the issue to legacy banking systems that have been developed over the past 25 to 30 years. They have made data centralisation an expensive and time-consuming process, even after introducing core banking, he says. 
 
When RBI asked for allocation of UCICs in 2012, its objective was clear enough: Availability of (UCIC will help banks to identify a customer, track the facilities availed, monitor financial transactions in various accounts, improve risk profiling, take a holistic view of customer profile and smoothen banking operations for the customer.
 
So where was the hitch?
 
Our expert, who did not want to be quoted, describes the situation as follows:  “A majority of banks have different banking applications, developed and deployed decades ago, to handle different products such as home loans, auto loans, demat account, etc. Each application was developed with the assumption that it contained all customer information within itself and then there was the core banking software which also contained customer information. The applications were bought from, and are supported by, different software companies and service-providers."
 
This means that when a customer opens a savings bank account, her information is stored in the core banking or universal banking app. If the same customer, later, decides to apply for an auto loan, that is handled by a separate auto loan app (developed by another vendor) and customer data is collected all over again, since that app, does not access any central database within the bank. 
 
Similarly, banks have different applications for credit cards, demat accounts, maybe even FastTag, etc, which do not access the bank’s central database. If this customer has changed homes and wants to update her address, this cannot be done as a centralised process. The reason why it appears to be centralised is that the bank will copy the application/request to update information and send it to each individual application to be entered and updated. This is perhaps why Mr Desai was asked to send his data by email or fill up a form and submit physical copies for the joint account, where his UCIC alone was not sufficient. In fact, most banks prefer physical, self-attested copies of identification documents.
 
Is there a solution to this problem?
 
Yes there is, says our expert. Over the past 14- years, larger banks in many countries have started implementing what is known as enterprise customer application (ECA) to consolidate fragmented data into a single record per customer. The process involves gathering and rationalising customer information from various sources, like the universal banking data, auto loan or demat application and creating a single unified record for each customer in the enterprise customer file.
 
Once this is done, banks have to put in place processes to ensure all future updates or changes are exclusively done through this centralised ECA file. If the KYC data collected/updated matches existing records, there is a smooth and automatic update. If there is a discrepancy or a mismatch, it is flagged for ‘human-eye’ verification. Once implemented, an existing customer seeking any new service from the bank will get it with minimal time on paper work.
 
This will also achieve the desired objective of RBI and the finance ministry and will eliminate much of the hassles of KYC updation and the many glitches in the process. Instead of implementing such a solution, banks find ways to work around the problem such as: a) creating multiple customer IDs and; b) manually updating data into discrete applications which do not communicate with one another. These methods are time-consuming and prone to errors.
 
Also, the customer data is constantly being updated, especially among younger customers and those in salary accounts of companies who are constantly changing their address while moving to different cities based on their jobs. So banks spend time and money to update and cross-check data, correct mistakes and de-duplicate information by checking all identification attributes such as PAN card, mobile number, Aadhaar/driving licence and address proof (often electricity bills). I understand that every large bank employs as many as 500-800 people solely for data-entry related to these tasks across various applications.
 
So why are banks not implementing enterprise solutions after 11 years?
 
According to our expert, centralisation of data is important, because it can greatly improve efficiency and reduce redundancies in managing their customers' records over time and will also lead to significant cost and manpower savings. But at this stage, banks do not see it as such. This is because implementing ECA is such a huge, expensive and time-consuming process that only a few large banks are even attempting it. Matters are complicated, says the expert, because banks, over time, have accumulated hundreds of business applications containing fragmented customer data. Banks have as many as 50 software partners and have large internal teams to just to interface with them.
 
A centralised system will cut costs on updating, de-duplication and dealing with multiple vendors. It will also allow banks to target their marketing campaigns far more effectively, leading to more efficient conversion, instead of carpet bombing their database. Interestingly, the problem of converting to an enterprise solution is not unique to India. Banks across the world have struggled with it and taken their time to adopt change because it is a slow and tedious process.
 
Implementing an enterprise solution, with meticulous testing and deployment requires at least five years, says our expert. Unfortunately, most bank chief executive officers (CEOs) are unwilling to commit crores of rupees to this kind of time-horizon. In most cases, their RBI-sanctioned term is less than five years, so implementing the solution would only mean sunk costs, with no results to show during their term or even to seek an extension.
 
Moving to an enterprise solution is imperative for the finance ministry to achieve its objective of tracing money flows (if it is serious about it); but the government and the regulator has to compel all banks to earmark resources to make the switch in a finite period. A collateral benefit will be a huge reduction in harassment of customers over KYC issues and repeated submission of the same documents!
 
 
Comments
morris
1 year ago
KYC so frequently open the door to cheating and risk. Also many accounts are unoperated becasue it s vey difficult to close an account. Every financial company particularly broking firms would soon not be able to operate due to detailed painful and worthless regulation. The problem of money laundering does not mean that the regulator has to seen to be worrying everyone. The actual money lauderer can easily operate otherwise.. One way to examine the veracity of a statement that all swans are white is to look at swans and examine their color. The government though is hell bent on picking up all non white objects and proving that they are not swans!
ppindia18
1 year ago
KYC is a big fraud on customer to harass customer, Banks send one sms and are done with their duty about KYC expiry. CKYC was supposed to solve this but this does not work. In mutual fund and demat accoutnt this was supposed to work but if you update address it is never updated in other mutual fund and demat account. now even Insurance also insisting KYC during renewal and the KYC process fails because this system is not tested and have to run from pillar to post to resolve the issue.
S.SuchindranathAiyer
1 year ago
Good article.The core problem is not just one of core banking but of core governance.The Colonial Legacy. There is no accountability and it is the defenseless and helpless customer or citizen who is made to pay for all the errors of omission, commission, and dereliction of duty by those in authority.
tenkaraimohan
Replied to S.SuchindranathAiyer comment 1 year ago
Very true
Blank indian
1 year ago
I had a similar experience with Bank of Baroda branch at my hometown.I used to deposit few cash in my SB acct. and withdraw at once when in an emergency.Bank accepted all deposits without any murmur. When I went to withdraw my deposit ,I was informed that 'KYC had not been updated'.Mind you,Bank had all the KYC-related documents like PAN, AADHAR etc, and no problem when you are depositing.It is only when u start withdrawing, you are blocked.

Funnily BOB has been in the news for giving loans to fictitious Cos,and persons and losing thousands of crores.I wonder how this was done under what kyc scheme.
tenkaraimohan
1 year ago
Excellent article which exposes the incompetence of the regulator in implementing their own rules, regulations and directions
Kamal Garg
1 year ago
All ERP system (whether EVA or not) require only one customer id for all the applications and this solves the problem. How come, when Banks implemented their CBS, they did not integrate other applications into it. That's the basic culprit of these things.
sanjay.khandkar
1 year ago
Sharing my two cents on this.

Even while banks have issued multiple UCID to the same customers for different bank accounts, the PAN Card and Aadhaar cards would be the same for the same customer, if that is the case - why can't the banks use this information to minimize the hassle for the customer.

Further - in developed countries - the ID and address (usually in Driver's license) is obtained at the time of account opening. Thereafter the bank NEVER asks for these again. If you need to change address - you can do so online (including for the driver license or utilities).

Why can't have a system where if someone commits fraud - he is hunted down prosecuted and jailed - instead of subjecting crores of people to KYC who are not committing any fraud.

Why do we have the concept of inactive account - where the account holder is looked at with suspicion for the "crime" of not having done any transaction?

Girish Mittal
1 year ago
The simpler solution is to us CKYC.. Anyone wants to do KYC, just give them CKYC #.. Banks are very hesitant to use CKYC, but you must insist... If required appeal to banking ombudsman... Banks will ultimately give in.. Have tried successfully with 3 private sector banks... Next experiment is to use with PSU banks
saurabh.agarwal89
1 year ago
Is this true for new banks? Like PayTM, Airtel.
Array
Free Helpline
Legal Credit
Feedback