The Reserve Bank of India (RBI), through amended directions issued on 11 July 2025, expanded the scope of video-based customer identification process (V-CIP) to cover enhanced due diligence categories. The amendments to the RBI (Know Your Customer) Directions also introduced simplified periodic KYC updating procedures for customers classified under the low-risk category.
Background
The RBI's KYC framework, governed by the RBI (Know Your Customer) Directions, 2016, operates within the broader statutory framework of the Prevention of Money Laundering Act, 2002 (PMLA) and the rules made thereunder. The Directions prescribe the customer identification and due diligence procedures that regulated entities — banks, non-banking financial companies, and payment system operators — must follow.
Video-based customer identification was first introduced by the RBI in January 2020 as an alternative to in-person verification for customer on-boarding. However, its application was initially limited to standard-risk categories. Customers requiring enhanced due diligence — including politically exposed persons, high-net-worth individuals, and those from higher-risk jurisdictions — continued to require in-person verification, creating operational bottlenecks for digital banking services.
Key Provisions
The amended directions introduce the following changes:
V-CIP for enhanced due diligence: Regulated entities may now use video-based identification for customers falling under enhanced due diligence categories, subject to additional safeguards. These safeguards include recording of the entire video interaction, real-time verification against government databases, and mandatory involvement of a senior compliance officer in the approval chain.
Simplified periodic KYC for low-risk customers: Customers classified as low-risk under the risk-based approach need not visit a branch for periodic KYC updating. Such customers may update their KYC details through authenticated digital channels, including net banking portals and mobile applications, provided the entity maintains an up-to-date Aadhaar or other officially valid document on file.
Technology safeguards: Entities adopting V-CIP for enhanced due diligence must implement liveness detection technology to prevent spoofing, end-to-end encryption of video sessions, and tamper-proof storage of recorded interactions for a minimum of five years.
Compliance timeline: Regulated entities have been given six months from the date of the circular to update their internal KYC policies and technology infrastructure to implement the amended procedures.
Implications for Practitioners
For banking and fintech lawyers, the amendment broadens the digital on-boarding pathway and reduces a significant friction point in serving enhanced due diligence customers remotely. Institutions with robust digital infrastructure stand to benefit from expanded customer acquisition capabilities.
Compliance teams must ensure that V-CIP platforms used for enhanced due diligence meet the heightened safeguards prescribed in the amendment. The senior compliance officer involvement requirement adds a human oversight layer that technology solutions alone cannot fulfil, necessitating updated internal approval workflows.
The simplified periodic KYC process for low-risk customers should reduce the regulatory burden on both institutions and customers, potentially decreasing the volume of accounts frozen for KYC non-compliance. However, practitioners should note that the risk classification itself must be continuously reviewed — a customer re-classified from low-risk to a higher category would lose access to the simplified procedure.