Home >Newsletters & Updates>JSA Prism>JSA Prism | FinTech | December 2025

JSA Prism | FinTech | December 2025

Aerial night view of a smart city with digital energy grid connections symbolized by glowing nodes and lines linking across the skyline.

Please click here to download the Prism as a PDF.

 

Navigating Reserve Bank of India’s new KYC Master Directions

The Reserve Bank of India (“RBI”), on November 28, 2025, issued new Know Your Customer (“KYC”) Master Directions which will apply to Payment Aggregators, namely, the consolidated ‘Reserve Bank of India (Commercial Banks – Know Your Customer) Directions, 2025’ (“KYC MD 2025”). This consolidation is part of RBI’s broader regulatory review exercise aimed at reducing compliance complexity by organising instructions separately for each class of regulated entity.

The primary intent was to consolidate the plethora of existing circulars and the KYC Master Direction, 2016 (“KYC MD 2016”) into a single, comprehensive document on an ‘as-is’ basis, removing obsolete instructions and improving clarity without introducing major substantive changes to the core KYC obligations.

While the RBI invited stakeholder comments on the draft versions to ensure completeness and accuracy, the final text largely retains the existing framework, barring minor editorial reorganisations and the inclusion of specific explanations or provisos to address ambiguities (listed in the table below).

 

The new structure

Notably, while the new KYC MD 2025 is explicitly titled for ‘Commercial Banks’, it has immediate legal implications for Payment System Providers (“PSPs”), including Prepaid Payment Instrument (“PPI”) issuers and Payment Aggregators (“PAs”). Concurrently with this issuance, RBI released a specific notification repealing the KYC MD 2016. Consequently, the notification mandates that all references to the KYC MD 2016 in existing payment system instructions (such as the Master Directions on PPIs and PAs) must now be read as references to the new KYC MD 2025. Therefore, despite the nomenclature, your compliance teams must map their KYC protocols to the specific paragraphs of this new KYC MD 2025.

A high-level summary of the structural shifts and relevant updates is provided in the table below:

Clause under the KYC MD 2025  Original clause Change made
KYC Identifier definition (Clause 5(xii)) KYC identifier was previously defined as the unique number or code assigned to a customer by the Central KYC Records Registry (“CKYCR”). It contained no explanation to explain how a customer can obtain their KYC identifier. An explanation has been added to the definition stating the following:

“A customer can obtain his KYC Identifier through the following way: (a) during the account opening process, once the customer’s KYC Identifier is generated by CKYCR and provided to the bank, the bank will share the same with the concerned customer; and (b) the customer has the option to access his KYC Identifier on CKYCR portal at www.ckycindia.in.
KYC policy (Clause 6(4)(i)) The KYC MD 2016 discussed due diligence measures to deal with requests by customers to change registered mobile numbers for non-face-to-face accounts. However, this requirement was only mentioned in the specific section on opening accounts via Aadhaar OTP in clause 17(ii), not as a mandatory element of the high-level board policy. KYC MD, 2025 requires the board-approved KYC policy to include a robust due diligence process for dealing with requests to change registered mobile numbers for non-face-to-face accounts.
Customer Due Diligence procedure in case of individuals (Clause 23) If the customer has a KYC Identifier, the regulated entity must fetch their KYC records from CKYCR. If e-KYC cannot be done due to illness, injury, old age or similar reasons, the regulated entity must take the Aadhaar number and verify the customer through offline verification or another Officially Valid Document (“OVD”), and record this as an exception in a centralised, auditable database. Aadhaar numbers must be redacted when authentication is not required. Biometric e-KYC can be done by authorised bank officials or business correspondents, and all Aadhaar users must comply with the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”). Explanation 4 has been added stating that the following:

Aadhaar number is not mandatory for purposes of KYC. However, in case the customer is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar Act , the customer will provide the Aadhaar number to the bank. In other cases, customers may provide the Aadhaar number voluntarily.
V-CIP infrastructure (Clause 27(1)(v)) The V-CIP infrastructure will have components with face liveness/spoof detection as well as face matching technology with high degree of accuracy, even though the ultimate responsibility of any customer identification rests with the bank. An explanation has been added stating that the following:

Making specific facial gestures, like blinking of eyes, smiling, frowning, etc. is not mandatory for liveness check. The bank will take due cognisance of special needs, if any, of the customer during liveness check.
Conditions for small accounts (proviso to Clause 28(4)(ix)) The conditions for small accounts require a self-attested photograph and certification by a bank officer (or the jail officer, for prisoners), confirming the customer signed or affixed a thumbprint in their presence. These accounts may be opened only at core banking solution linked or manually monitored branches, and banks must ensure monthly and annual transaction and balance limits are not exceeded.

They operate for 12 months, extendable by another 12 months if the customer shows proof of having applied for an OVD. All relaxations are reviewed after 24 months. Small accounts remain operational during Government-notified periods and must be monitored for suspicious activity, in which case full KYC is required. Foreign remittances cannot be credited unless the customer’s full KYC is completed.

 A proviso has been added stating the following:

If the bank renders any account ineligible for being classified as a small account due to credits/balance in the account exceeding the permissible limits, the bank may allow withdrawals within the limit prescribed for small accounts where the limits thereof have not been breached.

 

Conclusion

While the KYC MD 2025 largely preserves the ‘as-is’ framework of the previous regulations, it signals a shift toward a more organised and distinct regulatory architecture. For PAs and PSPs, the immediate challenge is administrative rather than structural; accurately mapping internal protocols to the new ‘Commercial Bank’ standards to replace the now-repealed KYC MD 2016 . By proactively addressing the specific nuances, ranging from V-CIP accessibility to CKYC identifier handling, compliance teams can ensure a seamless transition that aligns with the RBI’s ultimate goal of reducing compliance complexity.

 

This Prism has been prepared by:

Probir Roy Choudhary
Partner

Yajas Setlur
Partner

Shivani Bhatnagar
Senior Associate

Hrishikesh Reddy Kothwal
Associate

 

For more details, please contact [email protected]

 

POST TAGS

MORE NEWSLETTER BY THE AUTHOR

JSA Prism JSA Prism | Finance | December 2025
JSA Prism JSA Prism | Employment | December 2025
Newsletters JSA Newsletter | IFSCA | September and October 2025 Edition
 

Search

Popular Posts

Newsletters & Updates

  • JSA Prism
  • December 4, 2025

JSA Prism | Finance | December 2025
  • JSA Prism
  • December 2, 2025

JSA Prism | Employment | December 2025
  • Newsletters
  • December 1, 2025

JSA Newsletter | IFSCA | September and October 2025 Edition
  • KM Newsflash
  • November 29, 2025

KM Newsflash | RBI Master Directions | November 2025
  • Newsletters
  • November 28, 2025

JSA Newsletter | Healthcare | September-October 2025 Edition
  • JSA InVision
  • November 26, 2025

JSA Corporate InVision | October 2025 Edition
View More