RBI Clarifies Accountability Of Customer Verification Under Central KYC Framework

The Reserve Bank of India (RBI) has revised its Know Your Customer (KYC) guidelines to All India Financial Institutions (AIFIs) in order to tighten the responsibility of verifying the identity and address of customers as per the Central KYC Records Registry (CKYCR). These amendments are announced in the form of the Reserve Bank of India (All India Financial Institutions - Know Your Customer) Amendment Directions, 2025, which were issued on December 29, 2025, and are effective immediately.

The amendment is based on an office memorandum of the Department of Revenue of September 2025, which was concerned with the ultimate responsibility of regulated entities (REs) in uploading and using KYC data via CKYCR. According to the RBI, the clarification was necessary to eliminate the ambiguity on the accountability of a centralised KYC system.

What the Amendment Says

Conforming to the modified guidelines, the RE that uploaded or updated KYC records of a customer in CKYCR will verify the identity of the customer and or address of the customer, as the case may be. This involves making sure that the documents and information uploaded are accurate, authentic, and in accordance with the applicable laws.

Meanwhile, any AIFI who downloads and uses KYC records based on CKYCR will not have to re-check the aggregate identity and address of the customer, so long as the records are up-to-date and in compliance with the Prevention of Money Laundering Act, 2002 (PMLA) and Prevention of Money Laundering Rules, 2005.

RBI has clarified that while re-verification of identity and address is not required in such cases, the AIFI relying on downloaded KYC data will continue to be responsible for all other elements of customer due diligence (CDD) as prescribed under the KYC directions.

The Central KYC Records Registry

CKYCR is a central database containing KYC files of those customers of financial institutions. After a customer has gone through KYC with one RE, the data is posted in CKYCR, and a KYC identifier is issued. This enables other REs to share the same KYC information during the onboarding of the customer, avoiding wastage of time and resources.

The information that the customers provide, like their address or official documents, might vary over time, causing updates to be made by various institutions. The amendment comes in case of multiple REs using the same KYC information, yet the verification has not been defined as a responsibility previously.

Implications for Uploading and Downloading Entities

In the case of the REs that post or update KYC data in CKYCR, this amendment clearly assigns the responsibility of verifying identity and address. This implies that such bodies should have healthy verification systems prior to loading or updating the records of customers.

The amendment gives regulatory relief to AIFIs that download KYC records on CKYCR. These institutions do not have to undergo identity/address verification again as long as the records are up-to-date and in accordance with PMLA and other policies. This would assist in shortening the onboarding schedules and duplication of operations.

Nevertheless, RBI has stressed that the use of CKYCR data does not compromise wider compliance requirements. The downloading institutions are in charge of the risk profiling, the due diligence, the process of transactions, and compliance with all other CDD requirements within the framework of the KYC.

Conformity to Anti-Money Laundering Laws

Under PMLA and PML Rules, the anti-money laundering structure has been specifically associated with the amendment. RBI has said that KYC records used should be in conformity with these laws in order that the exemption of re-verification should be availed.

This makes use of centralised KYC data remain relevant to the overall goal of money laundering and terrorist financing protection, as well as enhances efficiency in the financial system.

Effective Date and Legal Support

The amended directions have come into force with immediate effect. They were issued through the powers which were granted to RBI by various statutes such as the Banking Regulation Act, the Reserve Bank of India Act, the Payment and Settlement Systems Act, the Foreign Exchange Management Act, and the PML Rules.