FinTechKYCGrey Areas of KYC: Challenges arising in Digital World

November 5, 20210


The “Know Your Customer” (”KYC”) policy as the name suggests is a mechanism which stands for verifying the true identity of its customer, at the ‘time of’ or ‘before’ boarding on a financial platform to avail financial services.

In India, the banks were required to implement KYC policy as a formal policy and regulatory compliance after the global financial crisis occurred 2008 because the 2008 crisis brought down plethora of challenges for financial institutions including banks, in terms of series of major frauds, money laundering, tax evasion cases etc.

The rationale behind introducing KYC is to protect banks from being intentionally or unintentionally used for fraudulent activities such as, money laundering, terrorist financing activities, financial frauds etc., and to ensure that companies indulged in providing financial services including FinTech companies is being used by legitimate, legal, and genuine entities and parties.

In recent years, as a result of rapid development in digital delivery of financial services, especially with the rapid boom in digital transformation as a result of unprecedented pandemic, the Governments around the world have started implementing regulatory policies in a stringent manner to clamp down money laundering activities.

The KYC policy serves as a check-and-balance mechanism, which shows that financial institutions are well-armed to counter any wrongdoings. However, lack in compliance of the regulatory policies depicts weak line of defence.

Therefore, in order to safeguard financial system, the financial institutions are required to rise up and address the increase in pressure of complying with regulatory requirements, especially KYC policy to avoid fraudulent activities. Nonetheless, a comprehensive KYC policy acts as risk mitigator, there are various challenges that are being faced in complying with the KYC policy.

In this article we shall be discussing about the issues and challenges faced in implementation of KYC policy.

Objectives of KYC norms

Following are the objectives of KYC Master Direction in India-

  1. To protect banks from being used for unscrupulous or criminal activities;
  1. To mitigate risk and avoid financial frauds;
  1. To avoid opening of accounts with fictitious address and name.
  1. To ensure companies providing financial services is being used by legal and legitimate customer.
  1. KYC procedures also help the banks to know and understand their customers and their financial dealing better which in turn offer assistance to them to manage their risks prudently.


As discussed earlier, The Reserve Bank of India (“RBI”) in order to ensure a seamless, secured and robust system for financial data sharing has asked each financial entity to conduct KYC of each customer either before or at the time of enrolling to avail financial services and has laid down the regulatory mechanisms for KYC vide Master Direction – Know Your Customer (KYC) Direction, 2016 [RBI/DBR/2015-16/18] under Section 35A of Banking Regulation Act, 1949 (“Banking Regulation Act”), and Rule 9(14) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.

RBI coordinated with all the financial institutions including banks to execute the KYC rules in order to ensure that the financial institutions conduct Customer Identification Process (“CIP”) while undertaking transaction to ensure that customer availing such financial services is legitimate, legal and genuine entity. In case any financial institution fails to comply with the KYC Master Direction, is required to face the punishment imposed under the Banking Regulation Act.


The checklist for compliances to be undertaken for KYC varies from jurisdiction to jurisdiction. However, here is a list of common rules that are required to be complied with under KYC Master Direction –

  • Undertake a thorough customer due diligence process before entering into a transaction;
  • Undertake a vigorous customer identification programme to ensure the authenticity and accuracy of clients’ information, and to identify any discrepancies.
  • Conduct rational soundness checks to ensure information submitted by client is authenticate in comparison of the records stored with the regulators, which contain details of unscrupulous individuals and organizations that are disallowed from conducting business transactions.
  • In case the customer is a Politically Exposed Person (“PEP”), additional caution and due diligence is required.
  • Monitor customer’s transactions in a routine manner to keep an eye on any suspicious activities.


  1. Costly Affair

Implementation of KYC policy for all the financial institutions i.e. Banks and FinTech companies have become a costly venture, as with the rapid acceleration in businesses digital transformation and increase in demand for digital delivery of financial services, it has resulted into huge increase in the volume of KYC data, which needs to be collected, stored, processed, monitored and screened along with faster onboarding process.

2. Complex Procedure

Implementation of KYC policy is a very complex process, as it requires all the customer data which is collected, stored and processed to be monitored and screened on recurring basis to undertake risk assessment of such transaction. Besides, constant monitoring of the data to follow any change in the data requires integrated computer frameworks and a specialized team for such an undertaking.

3. Money and time exhaustive mechanism on false positives

Under this KYC mechanism, the identification process of customers often gets delayed due to false positives, as the name of a genuine customer gets flagged for detailed screening, as his/her name matches with the name of PEP or a person listed in the sanction list. Although screening of each false positive is a cumbersome and time consuming task, if financial institution fail to screen the name flagged, the company can be asked to pay fines for not complying with the regulations.

4. Undetected risks due to poor data

With the multiple applications of the KYC mechanism and rapid surge in digital delivery of financial services, it has become mandatory for companies to incorporate a robust framework for KYC to verify the identity and authenticity of its customers before entering into a transaction. However, in view of the current mechanism being used for undertaking KYC, a lot of customers KYC data is not being screened and stored properly, which might open up companies to unidentified market risks.


5. Inefficacy due to lack of detail of alerts

Under this KYC mechanism, in cases when a customer alters its personal detail or changes its proprietorship details, the same gets intimated to the compliance officer. However, such intimation fails to provide sufficient details for the Compliance Officer to take a real-time risk choice and instead has to undergo in detail screening of such customer details from scratch, which make it time consuming and inefficient.

6. Poor record keeping

That with the help of development in technology, the CIP of a customer for onboarding of a customer on a financial platform including banks is done through digital mode, However, the biggest challenge for financial institutions under KYC is that the data of such customers is stored and processed manually, which makes it harder for the regulatory bodies to authenticate and verify every bit of information collected by the financial institutions in an efficient manner.

7. Post Covid-19 Scenario

The way companies operate in the post Covid-19 crisis world has changed drastically, it has made remote working the new normal as more and more companies are shifting towards digital medium, which in turn has accelerated the demand for digital transformation of businesses and adoption of new technology.

Although the crisis helped in adopting digital medium in a matter of days, which would have taken years, it came with its own set of problems, as it has deeply affected key operation process of a lot of businesses especially the financial sector i.e. CIP, due diligence and onboarding.

In the post Covid-19 scenario, where most business operations and transactions have shifted online, although digitalisation enables resilience and business continuity, it also exposes organisations to a greater risk of financial crime, including market abuse and fraud.


That RBI keeping in mind the complexities of the KYC process, recently relaxed few KYC norms to simplify the process such as, single document is enough for proof of identity and address, no additional document required to transfer account from one branch to another branch of the same bank, the persons who does not have “OVD” are allowed to open small account with bank. However, in case such customer undertake a large transaction than financial institutions may ask for additional document

Although the KYC norms has been relaxed a little, there are still few challenges ahead, as in this new dawn of technology the synchronization of the KYC process, roles and responsibilities is a complex and extensive task, for example the entire KYC process becomes difficult to undertake when a customer has multiple accounts with different financial institutions or had split his account with different holders, as it makes it difficult for the financial institutions to carry out proper background checks. Therefore, financial institutions need stronger technology platforms to weed out these discrepancies

New developments in KYC regulation has given birth to numerous challenges that financial institutions must tend to and among the common challenges financial institutions face to establish an effective KYC mechanism include –

  • Failing to interpret the guidelines properly which may lead to compliance gaps.
  • The regulatory body i.e. RBI have imposed numerous fines and penalties on financial institutions for not complying with KYC norms and maintaining proper database.
  • Lack of proper communication between business department, which may result into unconsolidated and unverified data, providing false and unreliable customer intel.
  • As discussed earlier manual processing of KYC data is exposed to human blunders, which might have far reaching effects if left unnoticed.
  • Lack of efficient technology, as accuracy of the customers profile and data is highly crucial towards achieving the objective of KYC.
  • Financial institutions face numerous difficulties in successfully onboarding, screening and monitoring customers data, which makes it a cost intensive task and along with onboarding of customer, the KYC checks for CIP adds unwarranted cost.

 Challenges in Global Era

It is crucial for a business to learn about its customer before entering into a transaction with them, especially for businesses indulged in providing financial services, as the stakes are higher. Therefore, it is of paramount importance for financial institutions to undertake KYC process before entering into transaction to safeguard their company from any potential financial fraud, money laundering activities, manipulation etc.

Now, considering the fact that implementation of KYC norms vary from jurisdiction to jurisdiction and interconnectedness of this world, it is crucial that financial institutions and FinTech companies take into consideration myriad of numerous legislation to form a robust KYC policy to tackle and challenge thrown at them in this global era.

The biggest challenge in scaling KYC norms to a worldwide level, where it can deal with multiple jurisdiction regulations all at once, is a very difficult task if relied on manual process, as manual process is cost intensive and inefficient, as with the number of customers’ increase, the number of compliance officers to undertake KYC process will also increase. Further, manual process of KYC is prone to human error, which if left unchecked might have serious repercussions.

Therefore, to be able to effectively scale KYC norms to a global level, while still keeping intact the most elevated standard of KYC compliance, financial institutions are required to adopt digital KYC and CIP at least at the introductory level such as onboarding of customers. The adoption of encompassing technology and shift towards digital KYC is the only viable option for viable scale.


The rationale behind introducing KYC mechanism was to safeguard financial institutions from potential frauds, money laundering and terrorist financing activities. However, as mentioned above financial implementation faces numerous challenges while implementing KYC policy in an efficient manner.

The unprecedented Covid-19 crisis has further made it more difficult for the financial institutions to undertake KYC in an efficient manner. Since, it has accelerated the need of business for digital transformation, which in turn has resulted into higher demand for adoption of technology which can safeguard financial institutions from higher risk of financial crime, including market abuse and fraud.

The RBI has recently relaxed few KYC norms to ease up some difficulties. However, considering the interconnectedness of the world and vary in KYC norms in different jurisdictions, it is crucial for the regulatory bodies to take into considerations the myriad of numerous legislation to form a robust KYC policy to scale the KYC norms to a global level and tackle any challenge thrown at them in this global era.


For any query or feedback, please feel free to get in touch with or

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.