Video-based customer identification process (V-CIP) for KYC:
An RE should have followed the RBI guidance on a minimum standard cyber protection and resilience system for banks, according to the amended provisions.
The Reserve Bank of India(RBI) updated its master direction to know your customer on Monday to make better use of the video-based customer identification process (V-CIP) and to make the process of updating KYC easier.
V-CIP is an alternative method of consumer identification that uses face recognition and customer due diligence to collect identification information from the customer in a smooth, safe, live, informed-consent based audio-visual contact with the customer.
According to the RBI, controlled organisations can use V-CIP to conduct Consumer Due Diligence (CDD) for new customers, including individuals, proprietors in proprietorship firms, authorised signatories, and Beneficial Owners (BOs) in the case of Legal Entity (LE) customers.
RBI controlled organisations (REs) include banks, NBFCs, and payment system operators, among others.
REs can also use V-CIP to convert current non-face-to-face accounts to Aadhaar OTP-based e-KYC authentication, as well as update or occasionally update KYC for qualifying customers.
The central bank has also established a set of minimum requirements that controlled organisations must adhere to if they want to participate in V-CIP.
An RE should have followed the RBI guidance on a minimum standard cyber protection and resilience system for banks, according to the amended provisions.
“The RE’s technology infrastructure should be located on its own property, and V-CIP connections and interactions must come from its own protected network territory. Any technology-related outsourcing for the process should adhere to RBI guidelines,” it said.
Also, according to acceptable encryption requirements, the RE can ensure end-to-end encryption of data between the consumer system and the V-CIP application hosting point. Customer approval must be registered in a way that is auditable and tamper-proof.
It goes on to say that each RE can create a simple V-CIP workflow to standard operating procedure and ensure that it is followed. Only RE officials who have been specially qualified for this function can operate the V-CIP procedure.
For identifying purposes, the approved official can record audio-video and take a snapshot of the customer present. Officials can acquire identity information by using OTP-based Aadhaar e-KYC authentication, offline Aadhaar identification
verification, KYC records downloaded from CKYCR, or similar e-documents with Officially Valid Documents (OVDs), including documents released by DigiLocker.
Furthermore, the RE must ensure that the Aadhaar number is redacted or blacked out.