A Digital Lender's Guide to KYC
The four KYC methods Indian digital lenders can run today — physical, video, Aadhaar e-KYC, and C-KYC — plus the regulatory map, the cascade, and the checklist that survives an RBI audit.
A Digital Lender's Guide to KYC
The four KYC methods Indian digital lenders can run today — physical, video, Aadhaar e-KYC, and C-KYC — plus the regulatory map, the cascade, and the checklist that survives an RBI audit.
No paywall. Email required to receive the file.
types of KYC — physical, video (V-CIP), Aadhaar e-KYC, and C-KYC — plus the cascade that minimises drop-offs.
Built for credit teams. No paywall, no sales follow-up unless you ask.
Why this matters now
Why KYC is the compliance backbone for digital lending
Fraudulent apps drew RBI attention
Sham digital lending apps and harassment by unlawful lenders triggered targeted RBI action. Rigorous KYC has moved from competitive advantage to regulatory baseline.
Aadhaar regulation keeps moving
The 2018 judgment, the 2019 Finance Ministry circular, the 2021 RBI notification, the 2022 CERSAI rectification window — lenders that stopped tracking after Aadhaar's quash are working off stale rules.
Outsourcing concentrates risk
RBI views fintech-as-tech-provider arrangements as exposing lenders to financial, operational, and reputational risk. The compliance burden sits with the regulated entity, not the fintech.
Get exclusive access — free, no paywall.
What the rules actually say
Three things lenders get wrong about KYC
Decision-making cannot be outsourced
RBI is explicit: regulated entities cannot outsource the decision on KYC compliance. The fintech's role is operational; the call sits with the lender. Most fintech-bank arrangements miss this until an audit catches it.
C-KYC has a rectification window now
Until 2022, a CERSAI record was treated as final. The new rectification provision lets lenders request corrections to misstated customer particulars during audits — which means lenders should now actively use it instead of accepting bad records.
Periodic updation has timing rules
High-risk customers re-KYC every 2 years, medium 8, low 10. The cycle must be digitised but personalised — no-change confirmation, address change, status change (minor to adult). Bulk re-KYC campaigns ignore the cycle and burn customer trust.
How to attempt KYC
The KYC cascade
C-KYC first, then offline e-KYC, then online or video. Following the cascade reduces friction, drop-offs, and ops cost without compromising compliance.
Download the guide — the full version, free.
What's covered
What this guide walks through
KYC has moved from a one-time onboarding step into the compliance backbone of Indian digital lending. The 2018 Aadhaar judgment, the 2021 RBI circular on KUA licenses, the 2022 CERSAI rectification window — each shifted what is permitted. This guide walks through the four KYC methods, the regulatory entanglement with Aadhaar, the data-storage rules, and the operating model that lets fintechs build responsibly.
The four KYC methodsPhysical, Video (V-CIP), Aadhaar e-KYC (online OTP/biometric and offline XML/QR), and C-KYC — what each requires, when each works, and where regulation has shifted.
Aadhaar after the 2018 judgmentWhat Section 57 quashed, what the RBI's 2021 KUA-license circular permits, and the workarounds non-banks now use without holding the Aadhaar number itself.
Storing and processing Aadhaar dataThe Aadhaar Data Vault rules, encryption requirements for scanned copies, and the SPDI Rules every lender's processing pipeline must conform to.
The KYC cascadeC-KYC, then offline e-KYC (XML/QR), then online e-KYC or video — the preferred order, why it minimises friction, and where it breaks for thin-file customers.
Building a responsible KYC programmeUI/UX patterns that keep drop-offs low, periodic updation cycles (2/8/10 years for high/medium/low-risk customers), automation, and the outsourcing rules every fintech-bank partnership runs into.
Download the guide — free
Email it to yourself in under 30 seconds. No paywall, no sales follow-up unless you ask.