New RBI KYC Rules Explained: 2025 Amendments

New RBI KYC Rules Explained: 2025 Amendments

RBI KYC (Amendment) Directions, 2025: A High-Level Legal Analysis

 

The Evolving Legal Framework for KYC in India

The legal and regulatory framework for Know Your Customer (KYC) in India is a dynamic system, continuously adapted by the Reserve Bank of India (RBI) to counter financial crimes and align with global standards.

The foundational legal authority for these directions stems from key Indian statutes, including the Prevention of Money-Laundering Act, 2002 (PMLA) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules). The PMLA and its subsequent rules constitute the primary legal framework for Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) in the country. The RBI exercises its powers under sections 35A of the Banking Regulation Act, 1949, sections 45JA, 45K, and 45L of the Reserve Bank of India Act, 1934, and other enabling laws to issue specific directives to Regulated Entities (REs).

As a member of the Financial Action Task Force (FATF), India is committed to implementing legal, regulatory, and operational measures to protect the integrity of the international financial system. The Master Direction – Know Your Customer (KYC) Direction, 2016 serves as a consolidated and evolving legal corpus, with a history of frequent updates to incorporate new regulations, technology, and policy goals.

June 2025 Amendments: A Strategic Policy Shift

The first major amendments of 2025 were introduced by the RBI Circular on Updation/ Periodic Updation of KYC – Revised Instructions dated June 12, 2025. These changes are not merely administrative; they signify a strategic policy shift by the central bank to address the practical challenges of compliance, particularly for low-risk customers and those in underserved communities.

The amendments directly respond to a significant backlog of pending KYC updates and a high number of inoperative accounts, particularly those linked to government benefit schemes like Direct Benefit Transfers (DBT) and the Pradhan Mantri Jan Dhan Yojana (PMJDY).

Extended KYC Updation Timelines for Low-Risk Customers

A primary highlight of the June circular is the relaxation of periodic KYC updation timelines for individual customers classified as “low-risk.” The amendment to Paragraph 38 of the Master Direction provides a crucial grace period. It mandates that REs must now allow all transactions for such customers and ensure their KYC is updated within one year of the due date or by June 30, 2026, whichever is later.

This extension also applies to low-risk customers whose KYC updation is already overdue. This provision allows for uninterrupted banking services for a large segment of the population, preventing accounts from being arbitrarily frozen due to documentation delays and thereby supporting financial continuity for rightful account holders.

Empowering Business Correspondents (BCs) for KYC Updation

To address the logistical challenges in rural and remote areas, the RBI has formally empowered Business Correspondents (BCs) to facilitate KYC updates. The amendment to Paragraph 38(a)(iia) permits banks to leverage their BC networks for this purpose.

The process allows customers to submit self-declarations for unchanged KYC information or changes only in their address details directly to an authorized BC. This can be done either physically or electronically after a successful biometric e-KYC authentication. The BC is required to authenticate and promptly forward the documents to the bank, providing an acknowledgment to the customer. This measure is a strategic move to decentralize the KYC process and enhance operational efficiency, especially for vulnerable populations who might find it difficult to travel to a distant bank branch.

Mandatory Proactive Customer Communication

The amendments introduce a new, structured communication protocol under Paragraph 38(e) to ensure customers are well-informed about their KYC updation obligations. REs is now legally required to send at least three advance intimations, including a minimum of one by physical letter, before the KYC update due date.

If a customer fails to comply, the RE must send three additional reminders, again with at least one by letter, after the due date before any account restrictions can be imposed. This new “six-notice rule” mandates that all such communications are logged in the RE’s system for audit purposes, ensuring a clear and documented trail of compliance. This proactive approach aims to prevent the sudden suspension of accounts and allows customers a reasonable opportunity to comply with the regulations.

Operational and Procedural Simplifications

The June circular also includes several other procedural simplifications aimed at enhancing customer experience. The amendment to Paragraph 38(c)(iv) allows customers to complete their KYC updation at any branch where they hold an account, eliminating the previous restriction to their “home” branch.

Furthermore, the amendments to Paragraph 38(a)(iv) and others explicitly permit the use of digital verification channels, such as Aadhaar OTP-based e-KYC and the Video-based Customer Identification Process (V-CIP), for periodic updation. These changes collectively demonstrate a purposeful segmentation of the RBI’s regulatory approach, where the central bank is pragmatically balancing AML/CFT principles with the real-world operational and accessibility challenges faced by customers.

August 2025 Amendments: Reinforcing Regulatory Vigilance

Following the June circular, the RBI issued the RBI (Know Your Customer (KYC)) (2nd Amendment) Directions, 2025 on August 14, 2025. While the June amendments focused on easing burdens, the August changes reinforce regulatory vigilance, signaling the central bank’s commitment to continuously strengthen the AML/CFT framework.

Expanded Scope of KYC for Transactions

A key legal reinforcement is the expansion of KYC requirements to cover a wider range of transactions. The amendments to Paragraph 13(b) and Paragraph 14 now explicitly extend mandatory due diligence procedures to “any international money transfer operations for a person who is not an account holder” of the RE.

This is in addition to the existing requirement for occasional transactions of rupees fifty thousand or more. This expansion is a deliberate move to close potential vulnerabilities in the financial system and tighten monitoring for high-value and cross-border transactions, which are often associated with money laundering and terrorist financing risks.

Enhancing Inclusivity and Accessibility

The August amendments also contain important provisions that address financial inclusion from a different angle. The amendment to Paragraph 11 mandates that no KYC application including those submitted by “Persons with Disabilities (PwDs)” can be rejected without a valid, recorded reason. This is a crucial legal provision designed to prevent arbitrary service denials and ensure that all individuals, regardless of their physical condition, have equitable access to banking and financial services.

A further, more technical, amendment to the V-CIP procedure under Paragraph 18(b)(i) ensures that liveness checks do not exclude persons with special needs, demonstrating a nuanced approach to building an equitable and robust technological framework.

Formal Recognition of Aadhaar Face Authentication

In a significant move to leverage technology for both security and convenience, the amendments to Paragraph 16 formally recognize “Aadhaar Face Authentication” as a valid method for customer identification. This new provision offers REs a more advanced and secure digital verification option, complementing existing biometric and OTP-based methods. This twin-pronged approach broadening the regulatory net while also enhancing the efficiency of the verification process is a defining characteristic of the 2025 amendments.

Legal and Operational Implications for Regulated Entities

The 2025 amendments, when viewed collectively, impose a complex and dual obligation on REs. On one hand, the June circular encourages a more flexible, customer-centric approach, particularly for low-risk individuals. On the other hand, the August circular reinforces the need for heightened vigilance and a broader scope of due diligence, especially for high-value and cross-border transactions.

This balanced approach necessitates significant operational and systemic changes within REs. First, there is an immediate requirement to upgrade IT infrastructure. The new mandates for structured customer communication, including the “six-notice rule”, require a robust system for tracking and logging customer interactions. Furthermore, the formal recognition of Aadhaar Face Authentication means that REs must integrate this technology into their onboarding and updation workflows, ensuring end-to-end security and compliance with the Information Technology Act, 2000.

Second, the amendments highlight the critical need for a refined Risk-Based Approach (RBA). REs must enhance their internal risk assessment models to accurately categorize customers as low, medium, or high-risk, as this categorization now directly determines the applicable due diligence procedures. This requires continuous monitoring of customer profiles and transaction patterns, as mandated by Paragraph 35, to ensure consistency with the RE’s knowledge of the customer’s business and source of funds.

Third, a comprehensive employee training program is essential. The amendments to Paragraph 70 emphasize the need for ongoing training on KYC/AML/CFT policies. Frontline staff and BCs must be trained not only on the new technical procedures but also on adopting an “empathetic and facilitative approach” for vulnerable customers, as advised by the RBI, while remaining vigilant for suspicious activities.

Conclusion

The RBI’s 2025 amendments to its KYC framework represent a sophisticated and balanced regulatory approach. The June circular is a policy measure that addresses the very real-world challenges of financial inclusion and compliance bottlenecks, particularly for low-risk customers and those in rural areas.

The RBI seeks to prevent the financial exclusion of millions of citizens without diluting the overall integrity of the system by providing a generous grace period and empowering BCs. This move demonstrates that the regulator is responsive to operational realities and is willing to adopt a tiered, risk-based approach to ensure that AML/CFT regulations do not impede legitimate financial activity.

In a complementary yet distinct manner, the August circular fortifies the regulatory perimeter by extending the scope of KYC to international and high-value occasional transactions. The simultaneous embrace of new technologies, such as Aadhaar Face Authentication, further demonstrates a proactive and forward-thinking regulatory stance.

These changes indicate that the RBI is not merely reacting to past events but is proactively building a more robust and technologically advanced financial system. The explicit inclusion of protections for Persons with Disabilities also underscores that enhanced regulatory standards and social responsibility can be pursued in parallel through well-defined, specific legal provisions.

For Regulated Entities, the path forward requires a holistic response. The changes impose a dual imperative: to be more facilitative and customer-friendly while simultaneously being more vigilant in monitoring and reporting. This requires a comprehensive review of internal policies, a strategic investment in IT infrastructure to support the new digital and communication mandates, and an intensive training regimen for staff at all levels.

Successfully adapting to these amendments will not only ensure compliance with the law but will also strengthen institutional resilience and reinforce confidence among customers and stakeholders in India’s evolving financial ecosystem.

Curious about the legal impact of RBI’s revised digital lending guidelines? Click to learn more.

agrud partners mumbai logo
Disclaimer

The Bar Council of India Rules expressly prohibit law firms from soliciting work and advertising directly or indirectly. The contents of this website are intended solely for general information and knowledge of the user and are not an offer of legal services or advertising, and neither does accessing the website create an advocate-client relationship. We do not provide legal advice through this website. Publications and thought leadership content published on the website are for informative purposes only. Hyperlinks to third-party websites are only for reference and do not imply endorsement by Agrud Partners. Agrud Partners and its partners/authors assume no liability for the accuracy or reliability of information on third-party websites or for any loss due to reliance on such information. The contents of this website and linked publications are protected under intellectual property laws. Restricted access areas on this website may be subject to additional usage terms.

This website uses cookies to enhance user experience and for website improvement. By using this website, you consent to our use of cookies.

For inquiries regarding our website’s compliance, please contact mumbai@agrudpartners.com

Agree