RBI’s insistence on Aadhaar details may backfire in face of fears of the colossal databank itself being compromised. However, its rule permitting opening accounts with ‘a single document’ will fetch relief, writes Gajanan Khergamker
In June 2014, it was revealed that the Unique Identification Authority of India (UIDAI) for the 12-digit unique Aadhaar number is possibly being scrutinised by NSA, the US spy agency.
Indian Intelligence agencies had forewarned the previous government two years ago about the vulnerability of Aadhaar data due to involvement of foreign players in what may be the colossal security breach of the world’s largest biometric data-base.
Intelligence agencies raised the contentious provision in the contract agreement that allows foreign vendors to keep the biometric data for next seven years making it easy prey for NSA.
The UIDAI also had arrangements with certain private software firms for technology assistance. Reportedly, NSA whistle-blower Edward Snowden recently revealed that the American intelligence agency has been covertly collecting biometric data of people from across the world.
Ironically, in March 2014, RBI gave the nod to most banks to consider Aadhaar Card or e-Aadhaar as a valid document for address proof to open a bank account.
An e-Aadhaar is an electronically-generated document that contains an image of your Aadhaar card and a letter from the Unique Identification Authority of India (UIDAI). The letter issued by UIDAI, contains details such as name, address and Aadhaar number and, is accepted as a valid identity proof when you go to open a bank account. The central bank has also told banks if the address provided by the customer is the same as that on the Aadhaar letter, it can be accepted as proof of both identity and address.
NOW, A SINGLE DOCUMENT TO OPEN BANK ACCOUNT
In view of the rampant fears of Aadhaar being misused or its data being compromised, RBI’s latest directive permitting one and all to open accounts in banks on the basis of a single document came as a pleasant surprise. After all, meeting Know Your Customer (KYC) norms that most banks insisted on which required excessive documents was a colossal task which defied logic.
RBI has recently decided to ease the KYC norms and, initiated work in the direction. It recently issued a notification stating from now on onwards only one address proof will suffice for opening a bank account. ‘Customers need to submit only one documentary proof of address, either current or permanent, while opening a bank account or while undergoing periodic updation,’ Reserve Bank of India said in its notification.
This comes as a breather for migrant workers and employees on deputation who find it especially difficult while having to open a bank account. “In case the proof of address furnished by the customer is not the local address or address where the customer is currently residing, the bank may take a declaration of the local address on which all correspondence will be made by the bank with the customer. No proof is required to be submitted for such address for correspondence/ local address.”
“In the event of change in this address due to relocation or any other reason, customers may intimate the new address for correspondence to the bank within two weeks of such a change,” the RBI stated. This address, however, may be verified by the bank through ‘positive confirmation’ such as acknowledgment of receipt of letter, cheque books, ATM cards; telephonic conversation; and visits.
Banks, all over the nation had gone in frenzy for quite a while after the RBI has issued KYC norms that banks were expected to follow. Customers all over have been complaining about being badgered by the banks for reconfirmation, additional documents and other fact checking measures that many banks had begun in accordance with ‘RBI guidelines.’
It did take a while for things to fall in place but it was a long struggle for consumers across India.
SEBI ELIMINATES PHYSICAL FILING OF DOCUMENTS
It may be recalled that, in March 2013, to streamline the process of KYC procedures for clients, even market regulator Securities and Exchange Board of India (SEBI) had done away with the filling of physical documents by investors to the KYC Registration Agencies (KRAs) in favour of the electronic format only.
The intermediaries, including mutual funds, would need to send scanned copies of investor documents to the KRAs and retain the physical documents with themselves.
However, it was said that the physical documents would need to be submitted whenever a KRA would demand so.
KRAs were before this, responsible for maintaining KYC records across all SEBI-regulated entities, were required to maintain the original KYC documents both in physical as well as electronic formats. To minimise the physical paperwork, SEBI amended its KRA regulations.
RBI RAPS HDFC BANK FOR ‘MAKING’ KYC
Under immense pressure from various quarters concerning KYC norms, particularly so when most Banks were seen going overboard, in April last, RBI had to reportedly tell HDFC Bank not to make its own KYC norms when consumer complaints on the issue continued to flow in.
HDFC Bank, which has been the subject of innumerable customer complaints about harassment to resubmit Know Your Customer (KYC) documentation, had to be told by the regulator, Reserve Bank of India (RBI), not to demand a full re-submission unless there is a significant change in customer profile.
Initially, HDFC Bank took the stand that it was only following RBI directives on KYC and that continuous re-submission of details was also a norm.
Later, it was revealed RBI had only asked the banks to ‘complete the review of risk categorisation.’ Even though this involved updating addresses and including photographs, if they did not exist on record, the address details reportedly, only needed a one-line confirmation from the account holder. This bank however, insisted on asking its customers to re-submit all KYC documents
BANKS PENALISED FOR VIOLATING KYC NORMS
In July 2013, RBI had penalised 22 banks for violating KYC norms and then again penalised 6 banks in August for the same. RBI had conducted a scrutiny of banks’ accounts, internal control and compliance systems in April 2013 to probe money laundering charges levelled online portal Cobrapost. Cobrapost has released a sting video in March 2103 which showed videos of bank officials helping decoy customers covert black or untaxed money into white.
In its report, RBI said there were flaws in banks’ customer identification procedure, KYC practice for walk-in customers and sale of third party products. It said banks have failed to prevent lapses in monitoring of transactions in dormant accounts and in following instructions on the import of gold on consignment basis.
In a reply to a RTI query, RBI appears to have taken a stand that it does not vet all the forex derivatives products sold by banks in the country. However, under pressure from all sides, RBI in April 2011 fined 19 commercial banks including the country’s largest, State Bank of India, for miss-selling derivatives products to clients. RBI has imposed a small fine of Rs 5 lakh –Rs. 15 lakh on these banks for not complying with its instructions on derivative products.
RTI FORCES RBI INTO DISCLOSURE
To make things worse, last year, when an RTI application was filed asking to the RBI asking for names of defaulters of Nationalised banks, the RBI had refused to disclose this information. Back then, the Chief Information Commissioner had to direct the RBI to share the data through RTI Act and that RBI shouldn’t have had any qualms about this since it anyways shares such data with CIBIL, a credit information company.
With inputs from Prerna Pandey
Aadhaar data may be compromised, reveals leak
- RBI Deputy Governor R Gandhi had in April 2014 said that banks need to regularly monitor customer transactions to mitigate risk of fraud. He further said that money laundering and terrorism-financing through fraudulent transactions have to be kept in check with proper KYC procedures.
- The Reserve Bank of India (RBI) stated that e-Aadhaar or electronic-Aadhaar will be considered as an officially valid document for opening a bank account.
- NSA whistleblower Edward Snowden’s recently revealed that the NSA is covertly collecting biometric data of people from across the world.
- Central intelligence agencies had, in 2012, warned the government about a possible security breach in Aadhaar, which is considered the world’s largest biometric database.
- The Aadhaar programme under UIDAI involved several foreign vendors and private companies for storage and collection of individual data, including iris scan and finger prints.
Readers keen on seeking help on drafting RTI applications may write in to email@example.com or call Gajanan Khergamker on 022-22841593 for any assistance on RTI or to have their findings / issue featured on this page