As part of its efforts to modernise India’s customer due diligence (CDD) framework, the Reserve Bank of India (RBI) has released a draft circular titled “Updation/Periodic Updation of KYC – Revised Instructions.”
This draft outlines key reforms designed to improve compliance while making KYC procedures more convenient for customers.
For Regulated Entities (REs), the draft signals a fundamental shift from rigid, document-heavy KYC procedures to a fluid, risk-based, technology-enabled approach.
Here’s a breakdown of the key takeaways and what they mean for REs:
1. Risk-Based KYC Updates
One of the most significant proposals in the draft is the formalisation of a risk-based approach to KYC updates.
Customers are to be categorised as low, medium, or high risk, with the frequency and modality of KYC update aligned accordingly.
For low-risk individuals, the RBI has proposed that a self-declaration alone may suffice for updates such as address changes, provided there is no change in other KYC attributes.
This subtle, but powerful shift is aimed at minimising friction, especially for pensioners, students, and beneficiaries of Direct Benefit Transfers (DBT).
Implication for REs: Compliance teams must ensure that their KYC architecture can dynamically assess customer risk and trigger differentiated KYC actions, moving away from a one-size-fits-all model.
2. Digital-First KYC Updation Channels
RBI’s draft guidelines explicitly support the use of digital channels, including mobile apps, internet banking, ATMs, and Business Correspondents (BCs) for customer-initiated KYC updates. This is a decisive push for omnichannel compliance infrastructure.
REs will also be permitted to leverage Video KYC for periodic updates, further mainstreaming the digital KYC stack.
Implication for REs: Compliance and technology functions must work in tandem to implement secure, frictionless, and regulatorily compliant digital KYC touchpoints.
3. Customer Outreach Protocols
Under the proposed framework, REs must initiate at least three pre-deadline reminders (with one being physical mail) and three post-deadline follow-ups before considering account restrictions.
Each communication must include detailed instructions for updating KYC, and should highlight escalation and support options. This codifies what was previously considered best-practice into a regulatory mandate, thereby raising the bar for better customer engagement.
Implication for REs: Institutions must build auditable, automated communication workflows that are timely, multilingual, and channel-agnostic.
4. Extended Timelines
In a move to ease the KYC processes in rural and semi-urban geographies, RBI has proposed that all overdue periodic KYC updates (as of March 31, 2025) may be completed by June 30, 2026 or one year from their due date, whichever is later.
Implication for REs: While the extended timeline is welcome, it sends a clear signal that this extended window is to be used to implement systemic KYC reforms.
5. E-KYC, CKYC, and Digital Repositories
The draft encourages greater use of trusted digital ID platforms such as DigiLocker, the CKYC registry, and UIDAI-based e-KYC. It reflects the RBI’s trust in secure third-party systems to make KYC verification more reliable and easier to manage.
Implication for REs: Entities must have seamless integrations with these platforms and ensure that their use is compliant with the Information Technology Act, periodic Aadhaar regulations from UIDAI, and data privacy standards.
How ECS Facilitates Risk-based KYC
As India’s leading Digital Identity Solutions provider, ECS has spent years working with REs to build, implement, and expand strong KYC and AML systems.
Here’s how our solutions can help you comply with RBI’s new draft rules:
1. IVRS-Based KYC
ECS has developed a IVRS based KYC platform which can integrated with the Aadhaar eKYC platform of the RE and can be rolled out to facilitate OTP based eKYC of the end customers over a simple phone call. IVR KYC platform is capable of supporting multi-lingual implementation and can play an instrumental role in implementing a DIY KYC process
2. Standalone Video KYC (VCIP) & Aadhaar e-KYC
Fully compliant with RBI and UIDAI norms, ECS offers plug-and-play APIs and SDKs for Aadhaar-based e-KYC, offline Aadhaar XML processing, and AI-augmented video KYC workflows.
3. Versatile communication engine for Customer KYC Communication.
Our intelligent communication module integrates IVR KYC and the Video KYC Modules and is capable of initiating and completing customer KYC in a sequential manner (i.e. IVR KYC is followed by Video KYC to ensure completion of both limited as well as full KYC) without the requirement of any manual intervention from RE.
4. CKYC and DigiLocker Integration
ECS streamlines access to Central KYC and DigiLocker data, through a scalable and a fully compliant software stack.
5. KYC Status Monitoring Dashboard
Our real-time dashboards provide REs with a 360-degree view highlighting the details of completed KYC transactions, type of KYC completed, pending KYCs, as well as transaction logs.
Summing Up
RBI’s proposed updates hold the potential to shift India’s KYC regime towards a risk-based, digital-first model.
These new KYC directions aren’t just about reducing friction or updating paperwork, they’re about completely reimagining how identity is managed in the KYC ecosystem.
To learn how ECS can help you stay compliant with RBI’s ever-evolving regulatory mandates, please feel free to get in touch with our colleague Amit Joshi at 9820875525 / 7208155528 or via email at amit@eastcs.com.