KYC (Know Your Customer) is the mandatory process of verifying the identity, address, and risk profile of customers by financial institutions and other regulated entities before establishing a business relationship, designed to prevent identity fraud, money laundering, and terrorist financing. Under Indian law, KYC obligations are imposed by Section 12 of the Prevention of Money Laundering Act, 2002, operationalised through the RBI's Master Direction — Know Your Customer (KYC) Direction, 2016, and corresponding guidelines from SEBI, IRDAI, and other regulators.
Legal definition
The PMLA, 2002 and subordinate rules establish the KYC framework:
Section 12(1) of PMLA: "Every reporting entity shall — (a) maintain a record of all transactions, including information relating to transactions covered under clause (b), in such manner as to enable it to reconstruct individual transactions; (b) furnish to the Director [FIU] information relating to such transactions... in such form, at such intervals and in such manner as may be prescribed."
Rule 9 of PML (Maintenance of Records) Rules, 2005: Requires every reporting entity to verify the identity and address of the customer using "officially valid documents" (OVD), which include passport, Aadhaar card, voter's ID card, driving licence, NREGA job card, and letters from the National Population Register.
The RBI's Master Direction on KYC (updated periodically) prescribes detailed procedures for Customer Due Diligence (CDD), including identification and verification of customers, classification of customers based on risk, ongoing monitoring of transactions, and enhanced due diligence for politically exposed persons (PEPs) and high-risk customers.
How courts have interpreted this term
Justice K.S. Puttaswamy (Retd.) v. Union of India [(2019) 1 SCC 1]
The five-judge Constitution Bench of the Supreme Court, while upholding the core of the Aadhaar framework, struck down Section 57 of the Aadhaar Act which permitted private entities (including banks) to use Aadhaar for authentication. The Court held that mandatory linking of bank accounts with Aadhaar for KYC purposes by private entities violated the right to privacy under Article 21. Following this judgment, the government amended the law through the Aadhaar and Other Laws (Amendment) Act, 2019, permitting voluntary Aadhaar-based KYC with the customer's explicit consent.
Loknete Shri Bapusaheb Mahadik v. RBI [(2020) SCC OnLine Bom 1120]
The Bombay High Court held that RBI's KYC requirements must be implemented in a manner that does not unreasonably deny financial services to vulnerable populations. The Court directed banks to provide alternative KYC mechanisms for customers who do not possess standard identity documents, ensuring financial inclusion alongside regulatory compliance.
Types of KYC processes
India's KYC framework offers multiple verification methods:
- Physical KYC: In-person verification with original documents at a bank branch or through business correspondents
- Aadhaar eKYC: Electronic verification using Aadhaar-based authentication (OTP or biometric) — the fastest method, completed in real time
- Video KYC (V-CIP): Video-based Customer Identification Process introduced by RBI in January 2020, allowing remote KYC through a live video interaction with a bank official
- CKYC (Central KYC): A centralised KYC registry maintained by CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest), allowing one-time KYC that can be accessed by all regulated entities through a KYC Identifier (KIN)
- Digi-locker based KYC: Verification using documents stored in the government's DigiLocker platform
Why this matters
KYC is the foundational compliance obligation for every financial institution in India. No bank account, demat account, insurance policy, mutual fund folio, or digital wallet can be opened without completing KYC. The process serves as the first line of defence against financial crime by establishing the identity of the customer and creating an audit trail for transactions.
For financial institutions, KYC compliance involves significant operational costs and technology investment. Banks must implement Customer Identification Programs (CIP), maintain updated customer records, conduct periodic KYC reviews (annually for high-risk customers, every two years for medium-risk, and every ten years for low-risk), and report any failures to the RBI. Non-compliance attracts penalties under Section 13 of the PMLA and regulatory action by the RBI.
For consumers, KYC requirements directly affect their ability to access financial services. Incomplete or outdated KYC can result in account restrictions, transaction limits, and even account freezing. The introduction of Video KYC and Aadhaar eKYC has significantly simplified the process, reducing the time from days to minutes for new account openings.
Related terms
Parent frameworks:
Related concepts:
Frequently asked questions
What documents are accepted for KYC in India?
Officially Valid Documents (OVDs) for KYC include: Aadhaar card, passport, voter's ID card, driving licence, NREGA job card, and letters from the National Population Register containing name, address, and photograph. For address verification, utility bills, bank statements, and property tax receipts are accepted as supplementary documents.
Is Aadhaar mandatory for bank KYC?
No. Following the Supreme Court's Puttaswamy judgment, Aadhaar cannot be made mandatory for bank KYC. However, customers may voluntarily provide Aadhaar for eKYC, which offers the fastest verification. Banks must accept any officially valid document (passport, voter ID, driving licence) as an alternative to Aadhaar.
How often must KYC be updated?
Under RBI's Master Direction, KYC must be updated periodically based on risk classification: annually for high-risk customers, every two years for medium-risk customers, and every ten years for low-risk customers. Banks may also require ad hoc KYC updates when there is a material change in the customer's information or when a suspicious transaction is detected.
This entry is part of the Veritect Indian Legal Glossary, a comprehensive reference of Indian legal terminology grounded in statutory text and judicial interpretation.
Last updated: 2026-03-27. Veritect provides this content for informational purposes and does not constitute legal advice.