Why Indian Fintech Startups Struggle With KYC Compliance

The last quarter saw several of India’s leading fintech companies getting notices or receiving penalties and fines from the Reserve Bank of India (RBI) for their failure to comply fully with the ‘Know Your Customer’ (KYC) rules issued by the regulator. 

As the news spread, muted protests and grumbles were heard over excessive regulatory oversight, even as fintech companies with compliance loopholes rushed to put their internal processes in order. 

The entire episode has contributed significantly to the maturing of the Indian fintech industry. However, it is necessary to understand what exactly happened that triggered RBI to take action, and why fintech companies allowed these compliance loopholes to exist until now.

Understanding The Loopholes In The KYC Process

To start with the basics, it is mandatory for banks in most regulated economies around the world to fulfil their KYC obligations for all account holders to prevent fraud, scams, money laundering or other financial crimes. 

In India, the RBI issued its first KYC rules and guidelines in 2002 and later mandated all banks to be fully compliant by the end of 2005.

Today, any person opening an account with a bank for the first time needs to provide their photo identity and address proof, which needs to be verified and approved as per the KYC rules issued by the RBI before the bank opens and makes their new account operational.  

Now, this KYC process was entirely paper-based, manual and therefore time-consuming until a few years ago. New bank account opening (or ‘customer onboarding’ in industry parlance) took days or at least several hours. 

The arrival of Aadhaar and later the introduction of video KYC dramatically shortened the time, but it still required time and effort on the part of a new customer to complete the KYC process. 

Unlike banks, the new age fintech startups thrived on speed — promising new account openings or loan disbursals in minutes instead. To achieve this feat, instead of performing full KYC, many fintech startups started performing partial KYC based simply on the user’s mobile number. They had perfectly valid reasons for it though.

These fintech startups were spending thousands of rupees on marketing their apps and getting potential customers to download them and open accounts. Of course, full KYC would create unnecessary friction and would inevitably lead to a significant proportion of potential customers abandoning the new account creation process altogether — what the industry terms as ‘drop-offs’. 

The RBI seemed to have gotten wind of it in May when some banks reportedly wrote to the regulator, expressing their concerns over KYC compliance issues with fintech startups. 

Notably, neither are these first cases of penalties nor are RBI’s penalties limited to fintech companies. Even banks have had issues in complying with the KYC norms in the recent past, leading the RBI to impose hefty fines of up to INR 10 Cr on some of them. 

In August 2021, a payment system operator was fined INR 3 Cr for non-compliance with KYC norms among other reasons. The regulator even cancelled the licence of a digital lender for several transgressions, including failing to comply with the KYC norms.

Coming back to the recent episode where at least three fintech companies were fined, leading to an industry-wide scramble for ensuring full compliance, it is quite probable that these companies quite likely ended up misinterpreting the RBI circulars and guidelines on KYC compliance. 

Ensuring 100% Regulatory Compliance: The Only Way Ahead

The procedure for full KYC is well defined by the RBI and it mandates the presence of an individual, along with their identity and address proof. 

In 2020, the regulator allowed video KYC, which meant that an individual no longer had to physically visit a branch or office for KYC. They could complete this process from the comfort of their home or office using just an internet-enabled smartphone. 

Yet, many fintech companies including digital payments and lending platforms were not performing in-person or video-KYC for reasons we noted earlier, including minimising drop-offs at the time of signing up. 

Remember that RBI started issuing circulars and directives to fintechs for various compliance-related matters only about two years ago. This was at a time when the business priority for the fintechs was to get more customers in and grow their revenues. 

Therefore, many fintechs followed the path of least compliance — committing only to what they think is the minimum possible level of compliance that they must ensure.

Finally, this entire episode ought to be seen pragmatically as a learning experience for the fintech industry on its path to maturity. Several fintech companies are changing or rewriting their processes in order to be fully compliant not just with KYC norms, but all other regulatory directives as well. 

Reducing Drops-Offs Through CKYC

The RBI is also playing an important role in building consumer trust in the fintech ecosystem. India took a long time to transition from cheque books to digital payments via NEFT and IMPS, but only because the regulator ensured that there was sufficient trust in digital transactions. 

Ensuring KYC compliance should therefore be seen as a necessary precondition to prevent fraud and mitigate risks for both fintech companies as well as their customers. For example, if there are frequent frauds in digital lending, customers will simply stop using digital lenders. 

Of course, full KYC compliance also means that fintech companies have to prepare for an increase in new customer drop-offs. Fortunately, they can now access a potential customer’s existing KYC records by searching the ever-expanding CKYC registry. 

Our estimate is that around 30% of all new customers will have an existing CKYC record, which means that a fintech company will not need to conduct new KYC to onboard these customers. However, for the remaining 70% of people who do not have a CKYC record, there is no other option but to conduct full KYC in person or via video.