At CAPIOT, we have been helping our clients – banks, SFBs, NBFCs – to comply with CKYC guidelines. In our conversations with people from operations, compliance and technology team, we came across several questions which we have answered and compiled in this blog post. This will be helpful for all those who are responsible for CKYC related compliance in their organizations. (You may want to skip to the last few questions if you already have some knowledge of CKYC but want to know how to automate it.)
What is CKYC?
CKYC which stands for Central Know Your Customer is an initiative by the Government of India under which a registered customer is given a unique CKYC identifier that is valid and used across the BFSI segment – banking, insurance, mutual funds, provident funds, stockbroking, and other services. This is very convenient as the customer doesn’t have to register himself separately with every other service provider he interacts with.
Who will manage this initiative?
The government of India set up CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest of India) and has authorized it to perform the functions of a Central KYC Registry. Central KYC Registry is a centralized repository of KYC records where it receives, stores, safeguards and retrieves the KYC records in digital form.
Which entities are covered under this initiative?
All reporting entities that come under the financial sector regulators like RBI, SEBI, IRDA, PFRDA, and others have to comply with the CERSAI guidelines.
What are these entities supposed to do to comply with CERSAI guidelines?
- Reporting Entities(REs) need to register with the Central KYC Registry
- Every reporting entity needs to file an e-copy of the client’s KYC records with the CKYC registry within 10 days of on-boarding the customer
- If a customer submits a CKYC identifier, RE is supposed to retrieve it from the CKYC Registry without needing to ask documents from the customer unless there is a change in the customer information
- If there is a change in the customer information to that of the data in the CKYC Registry, Reporting Entity is responsible to send the updated information after verifying it’s authenticity
What capabilities does CKYC Registry offer?
- Upload of KYC record
- Search and Download of KYC record
- Update of KYC record
What are the different channels available for Regulated Entities to exchange information with CKYC Registry?
- Webpage based Search, Upload, Download, and Update of records (record-wise)
- SFTP bulk upload for Search, Upload, Download, and Update of records (SFTP access is provided to Reporting Entities to upload/download files over a secure connection)
- API service call for Search and Download of records
What changes do entities need in their IT systems?
- CRM system needs to be updated to incorporate new fields: With CERSAI guidelines, CRM requires to capture new fields in addition to the earlier KYC form fields like investor’s maiden name, mother’s name, and FATCA information, etc.
- A new system in place to generate files in CERSAI format: To bulk upload KYC records, they need to generate a digitally signed zip file containing metadata (in pipe separated TXT file) and images (customer wise separate zip folder). They will have to bring in a new system to automatically generate CERSAI format files.
- A new system that can automate a bunch of manual processes: CKYC Registry server generates response files that need to be read and acted upon. They will have to bring in a new system to do this automatically.
How are they handling it currently?
Several small finance banks, NBFCs we are in touch with are using either of the below two methods
- Shell scripts to generate and send files in the CKYC Registry format
- Have a huge operations team and use CERSAI UI to manually upload each KYC record
Are there better ways of handling the CKYC process using any tools?
CAPIOT offers Digital Customer Hub(DCH) that can help a business to comply with CERSAI guidelines.
- Collate KYC data: DCH collates required KYC information by integrating with multiple source systems like CRM, DMS
- Search and Download KYC: It allows enterprise-level search and if required, download of KYC from CERSAI CKYC registry
- Bulk KYC file generation: DCH generates files in CERSAI format and automatically uploads it to the CKYC server
- Dashboards: A user interface that shows exceptions and status of the files/transactions
- Output file validation: The CKYC server generates files that are automatically processed and presented on the UI for any subsequent user intervention. The UI also allows you to review probable matches and work on decisions.
What benefits does CAPIOT’s DCH offer?
- Improve operational efficiency: DCH automates a lot of manual processes that otherwise would need a large operations team to complete them. For instance, the operations team using Shell scripts to generate files had to rework multiple times on the file before you upload a correct file into CKYC Registry. DCH auto validates and shows errors on it’s UI(according to the CERSAI validations) reducing the number of incorrect uploads to the server.
- Incorporate changes quickly: Recently CERSAI made some changes to the fields to make them mandatory. Incorporating this change using DCH is a click of a button on the UI; under a minute you can change and deploy it. In another instance, they changed their API version and again it didn’t require a big Change Request(CR) for us to incorporate this change.