Re-KYC: A double-edged sword in safeguarding customer security

As per the RBI guidelines, it is crucial for Re-KYC to be conducted on a regular basis. Financial institutions, including banks and NBFCs, are required to carry out Re-KYC in alignment with a risk-based methodology. Re-KYC, while a regulatory necessity aimed at maintaining the accuracy and currency of customer data, has inadvertently opened doors for fraudsters to exploit unsuspecting victims by posing as bank representatives. Customers are assessed and categorized based on various risk factors such as identity, credit appetite, social and financial standing, business activities, etc., and are then classified into various risk profiles: High Risk, Moderate Risk, and Low Risk. High Risk customers are required to undergo Re-KYC every 2 years, Moderate Risk customers every 8 years, and Low Risk customers every 10 years. Compliance with the RBI’s Customer Identification and Risk Categorization Process is mandatory. Failure to adhere to these protocols can lead to penalties and directives for corrective measures. Persistent non-compliance could result in severe penalties akin to those faced by entities like Paytm. However, the leniency with which banks and NBFCs have approached the Re-KYC process has significantly contributed to fraud incidents. Notably, 70% of frauds occur post-KYC, underscoring the necessity for Re-KYC and continuous customer monitoring to map out and mitigate potential fraud risks.

The Root of the Issue: Re-KYC Process Vulnerabilities: 

1. Access to Personal Information:Fraudsters can easily access personally identifiable information (PII), such as customer bank branch, bank name, and customer name, just by using the mobile number linked to UPI—data points that are sufficient to map the customer.
2. Unsolicited Communications:By sending unsolicited communications for Re-KYC, fraudsters can ensnare customers, who are already accustomed to receiving such communications from their banks. This often leads to confusion among customers, who struggle to verify the authenticity of the communications.

Proposed Solution: Strengthening the Re-KYC Strategy:

1. NPCI, banks, and NBFCs need to collaboratively develop a more secure Re-KYC strategy, considering that NPCI/UPI is the most widely used form of payment.
2. Communication with customers should primarily occur through the app or website, which will significantly reduce the opportunity for fraud. Shobhit Goyal, Founder of Befisc, emphasizes the need for enhanced security measures. “The real challenge isn’t just conducting Re-KYC; it’s ensuring that it’s done in a way that doesn’t expose customers to new risks. We need to innovate our approach to customer authentication and interaction, leveraging technology to create barriers against fraud, while making the process seamless and secure for genuine customers,” says Goyal. By addressing the flaws in the Re-KYC process and implementing robust, tech-driven solutions, banks and NBFCs can better protect their customers from the evolving tactics of fraudsters.