On 26 September 2018, the Supreme Court of India announced its verdict on the Aadhaar framework and declared the Aadhaar Act as constitutionally valid. The judgement has been said to take into account the dignity and privacy of individuals, not only from a personal perspective but also from a community point of view. The most important points to consider from a FinTech perspective are the amendments to section 57 of the Aadhaar Act and Rule 9 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 which gives permission to private entities to perform Aadhaar-based authentication. The Court has, however, also observed that if a person wishes to voluntarily offer his/her Aadhaar card as a proof of identity it may be allowed.
The decision has raised several points that need immediate clarification and direction from policy makers to determine the course of action for FinTech entities. These include:
This judgement, coupled with previous regulatory mandates such as localisation of payments data storage, has created an air of uncertainty in the FinTech ecosystem. While the industry awaits specific directions from regulators such as Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI) and Telecom Regulatory Authority of India (TRAI), it is worthwhile to evaluate the immediate plausible short-term impact and discuss ways for FinTech entities to be ready for the future.
One of the critical cogs in achieving the vision of financial inclusion is easy access to financial services. Digital know your customer (eKYC) process has played a vital role in significantly reducing the time and cost involved in on-boarding of customers.
In the aftermath of the Supreme Court verdict, it will be an immediate challenge for new age entities to convince customers to share their Aadhaar details for identification purposes during the customer on-boarding process. It is envisaged that digital-only platforms could, also, possibly face initial hiccups and reluctance from customers, which would impact the growth rate of customer acquisition. Hence, such platforms would have to add alternatives for customer verification which would result in increased customer acquisition cost. With available options of traditional and digital customer verification, the customer cost of acquisition is expected to increase six to ten times post-verdict.i New age, tech-savvy lenders, who have been using eKYC to expand their customer base to small towns and migrant labourers, will also see a major impact in the rate of customer acquisition in near future.
To address this, FinTechs can explore some workarounds. Unique Identification Authority of India (UIDAI) had introduced an offline QR code for Aadhaar that holds users’ non-sensitive details such as name, address, photo, and date of birth and the user is not required to share 12 digit Aadhaar number along with biometrics or mobile number with private bodies. FinTechs can look at leveraging such features as a workaround, after taking voluntary consent of the customer, and as permitted by the law.
While the development over next few days is expected to provide more clarity on the way forward, FinTechs and financial institutions (FI) will need to work on strategies to handle various on-going projects in various areas:
In light of the Supreme Court’s verdict on Aadhaar, service providers will be compelled to change their business model of on-boarding customers. Although service providers cannot mandate the usage of Aadhaar, they can incentivise the customer for its usage by adjusting against cost of physical verification of customers.
A few ways of adapting to these new ground realities are suggested below:
The reading of the judgement indicates that requesting entities may on-board and service customers using Aadhaar as an identity card, if the customer so desires, i.e., voluntarily. FinTech service providers will be required to inform customers about various alternatives available to them, while also assuring them of the confidentiality of their Aadhaar details under such circumstances. While entity-level marketing is likely to have high cost implications, it is necessary for associations or communities to educate their existing and target customers.
One of the pain-points of physical on-boarding is the manual entry of details of identification documents such as PAN card or passport into a form. The data on various documents is manually entered into systems and then cross-checked manually by the document verification unit at the backend. This manual comparison can take a few minutes per case and are prone to errors including incomplete data entry, mismatch, etc. Irrespective of the issues, the entities will need to on-board customers who do not wish to share their Aadhaar card for physical on-boarding. Entities can then look at reducing costs and errors on manual data entry by implementing solutions such as Optical Character Recognition (OCR) and Robotic Process Automation (RPA) to read data fields in scanned copies of identity documents. This will take care of Identity and Address out of ISA (Identity, Signature and Address) at the time of on-boarding.
Start-ups can also build a shared model of Blockchain-based customer verification after taking customer consent. If the customer has been verified with a service provider, let’s say a mobile operator, his data will get stored on cloud and same can be used by other service providers based on the customer’s consent, which could be in the form of OTP. In this model, customers will not be sharing Aadhaar data and it will purely be based on customers’ consent. Any updates to customer details will need to be approved by all nodes in the Blockchain, thereby minimising the probability of frauds. A person wishing to delete or modify personal details frequently could be flagged off as suspicious, based on certain rules and his or her transactions can be monitored.
In this case also, necessary provisions and guidelines related to consent-based access need to be studied before implementation.
Central KYC Registry (CKYCR) is a centralised repository of KYC records of customers in the financial sector with uniform KYC norms and inter-usability of KYC records across the sector, with an objective to reduce the burden of producing KYC documents and getting them verified every time the customer starts a new relationship with a financial entity.1 Various entities are at different stages of implementation of CKYCR. With the new Aadhaar ruling, CKYCR could be seen as an efficient method of customer on-boarding and verification. A customer, using multiple financial products, will have to be verified only once, but can subsequently get verified using CKYCR for any other financial services or products.
While more clarity is expected from respective regulators in the next few weeks to months, it is clear that FinTech entities need to consider alternative modes for customer verification. While this is likely to have cost implications, it could be net positive in the future, since it will help FinTech entities build a sustainable model, which is not dependent on a single identifier. For instance, removing mandate of Aadhaar for banks and telecom operators could also be seen as additional ways available for entities to on-board more customers. Emerging start-ups who are going to get most impacted would have to find a sustainable and economical way of customer verification by developing a solution around traditional way of customer verification. The ultimate objective will be to help people remain comfortable with options provided by FinTech players and assure them of their benefits, while safeguarding their privacy.
1 Central KYC registry. Retrieved from https://testbed.ckycindia.in/ckyc/index.php. Last accessed on 1st October 2018
Partner, India FinTech Leader, PwC India
Director, Financial Services - Regulatory, PwC India
Payments Transformation, PwC India