September 2025

BFSI

What Is The GST Appellate Tribunal? Read All Key Details Here

What Is The GST Appellate Tribunal?

Since its introduction, GST has been the pillar of India’s economic reforms under the idea of “One Nation, One Tax, One Market.” While it has expanded the tax base, encouraged formalisation, and strengthened revenues, the absence of a dedicated appellate tribunal often meant disputes reached the High Courts directly, creating delays and inconsistencies across states. The launch of GSTAT aims to close this gap.

On 24 September 2025, the Union Finance and Corporate Affairs Minister, Smt. Nirmala Sitharaman formally launched the Goods and Services Tax Appellate Tribunal (GSTAT) in New Delhi. The Tribunal is a statutory appellate body created under the GST laws (Section 109 of the Central Goods and Services Tax Act, 2017) to hear appeals against orders passed by the GST Appellate Authorities under Sections 107 and 108.

Where And How Will The GSTAT Operate

Principal And State Benches

The GST Appellate Tribunal will function through a Principal Bench in New Delhi and 31 State Benches spread across 45 locations in India. This network has been deliberately designed to ensure that every taxpayer, be it an MSME in a small town or a large corporate operating across multiple states, can access the Tribunal without being bothered by distance or administrative hurdles.

Bench Composition

Each Bench of GSTAT will include:

Two Judicial Members
One Technical Member (Centre)
One Technical Member (State)

In addition, the framework provides for single-member benches for simpler matters, a measure that enhances flexibility and allows speedier disposal of straightforward cases.

Structure, Scale, And Synergy

Revenue Secretary Shri Arvind Shrivastava described GSTAT’s design around the three pillars of Structure, Scale, and Synergy.

Structure brings together judicial and technical perspectives.
Scale ensures reach, with multiple benches operating across the country.
Synergy lies in combining human expertise with technology and streamlined processes to deliver justice efficiently.

The GSTAT e-Courts Portal

An important highlight from the GSTAT’s launch was the unveiling of the GSTAT e-Courts Portal, built by the Goods and Services Tax Network (GSTN) in collaboration with the National Informatics Centre (NIC). The platform is designed to anchor the Tribunal in a digital-by-default framework from the very start.

Key Features Of The e-Courts Portal

e-Filing of Appeals: Taxpayers and practitioners can file cases online without needing to visit offices physically.
Case Tracking: Parties can monitor the progress of their appeals transparently and in real time.
Virtual Hearings: The system allows participation in hearings digitally, reducing cost and time, and increasing accessibility.

To ensure a smooth transition, the Tribunal has allowed staggered filing of appeals until 30 June 2026. In addition, the portal includes comprehensive support material such as FAQs, explanatory notes, and instructional videos. These resources aim to simplify the process, even for smaller businesses and individual taxpayers who may not be familiar with formal legal procedures.

Finance Minister Nirmala Sitharaman outlined her expectations clearly by suggesting jargon-free decisions in plain language; simplified formats and checklists; digital-by-default filings and virtual hearings; and time standards for listing, hearing and pronouncement.

Impact Of GSTAT On Businesses And Compliance

From a practitioner’s perspective, the launch of GSTAT finally addresses a weakness in the GST framework: the absence of a uniform, specialised appellate body. Taxpayers across sectors have struggled with appeals moving directly from the Appellate Authority to the High Courts. This not only created heavy dependency but also led to variations in how similar matters were interpreted across states.

With a Principal Bench in Delhi and State Benches across 45 locations, GSTAT offers reach and consistency. For MSMEs, this means disputes over refunds or input tax credit can now be handled within a structured timeframe, preventing working capital from being locked away for months or years. For exporters, faster resolution of refund disputes can directly impact competitiveness, since delayed refunds have long been a pain point.

Larger corporations, especially those with operations in multiple states, stand to benefit from uniformity of interpretation. One of the challenges under GST has been the lack of predictability — identical issues being treated differently across jurisdictions. GSTAT is expected to bring alignment, supported by judicial and technical members sitting together. Justice Sanjaya Kumar Mishra, President of GSTAT, pointed out that the Tribunal will also play a role in reducing the existing backlog of appeals.

From Dispute Resolution To Dispute Prevention

The launch of GSTAT provides a long-awaited mechanism for appeals under GST. With its network of benches, digital filing system, and commitment to timely hearings, the Tribunal is expected to reduce pendency and bring uniformity to rulings. For taxpayers, that means disputes will now move through a clearer and more predictable channel.

But an appellate forum, however efficient, is still the last stop in the chain. For businesses, the real efficiency gain lies in preventing issues from reaching that stage at all. Many GST disputes originate from routine oversights such as invalid GSTINs, registrations that do not match PAN details, or entities that fail to file returns regularly. These problems can amplify into contested demands or refund delays if left unchecked.

By validating GSTINs, confirming their linkage with PAN, and monitoring filing behaviour at the point of onboarding and during periodic reviews, companies can cut down the chances of avoidable conflicts and also create a ready-made audit trail.

Solutions like those provided by AuthBridge help businesses put this verification discipline into practice. There are two significant outcomes from this:

Fewer disputes escalate to the Tribunal,
When they do, organisations are better prepared with consistent, verifiable records.

GSTAT now provides the structure for fair and independent adjudication. Complementing it with strong verification processes ensures businesses engage with the GST framework not just reactively, but proactively, reducing friction, protecting cash flows, and operating with higher confidence.

By Abhinandan, 2 weeksSeptember 29, 2025 ago

BFSI

The 7 Best RegTech Platforms In India

Introduction

Regulatory compliance has now become a boardroom priority, from being a back-office necessity. In India, this transition is a lot more prominent: financial regulators such as the RBI and SEBI have introduced strict frameworks around customer due diligence, data protection, anti-money laundering, and fraud prevention. At the same time, the sheer scale of digital adoption — over 1.2 billion Aadhaar enrolments and UPI processing more than 14 billion transactions a month in 2025 — has created compliance challenges that manual systems can no longer manage.

This confluence of regulatory pressure and digital scale has given rise to Regulatory Technology (RegTech) as a distinct sector in India. RegTech firms have now become key entities, helping banks, NBFCs, fintechs, insurers, and even e-commerce platforms maintain the trust of the various stakeholders while scaling fast.

What Is RegTech?

RegTech, short for Regulatory Technology, refers to the use of technology to simplify, standardise, and automate regulatory compliance. While definitions often reduce it to KYC or AML solutions, in reality, RegTech has a wide scope, ranging from transaction monitoring and fraud analytics to e-signatures, digital identity, and regulatory reporting.

The value proposition of RegTech is threefold:

Operational efficiency: replacing manual compliance checks with automated, API-driven workflows that can process millions of cases in real time.
Regulatory accuracy: ensuring businesses interpret and implement complex rules consistently, reducing exposure to fines and reputational damage.
Scalability: allowing organisations to keep pace with growth without compliance becoming a bottleneck.

Common RegTech Services

RegTech Service providers have specialised across several compliance-critical domains, driven by regulatory frameworks and digital infrastructure. The most common service categories include:

Digital KYC And Video KYC

Video-based customer identification (Video-KYC), Aadhaar-based KYC, and eKYC via DigiLocker or CKYC repositories form the base of compliance in financial services.

Anti-Money Laundering (AML) And Sanctions Screening

Transaction monitoring, watchlist screening, and adverse media checks are essential to comply with FATF and domestic AML obligations.

Fraud Detection And Risk Management

Not just regulatory compliance, but RegTech platforms play a crucial role by preventing identity theft, document forgery, and synthetic fraud.

Digital Document Execution

The shift to paperless operations has created demand for Aadhaar eSign, digital stamping, and eMandates.

Corporate And Workforce Compliance

Large enterprises increasingly need tools to verify not just customers, but also employees, vendors, and suppliers.

How To Choose The Best RegTech Platform?

Selecting a RegTech platform requires balancing regulatory obligations with business strategy. Here is a list of a few factors that you can keep in mind when selecting a RegTech service provider for your business needs:

Specialisation In Relevant Compliance Areas

Evaluate whether the provider covers your regulatory needs — be it AML and financial crime detection, digital KYC and onboarding, or digital contracting.

Proven Scale And Reliability

Check for operational benchmarks such as turnaround times (TAT), uptime, and throughput. AuthBridge, for instance, processes 15M+ verifications per month for more than 3,000 clients, showcasing enterprise-grade reliability.

Seamless Integration

Look for API-first architecture and pre-built connectors. AuthBridge explicitly positions itself as integration-friendly, enabling plug-and-play with banking cores, HR systems, or onboarding platforms.

Regulatory Alignment And Certifications

Prioritise providers with proven track records in working with large BFSI clients and compliance with standards such as ISO 27001 or data protection readiness under India’s DPDP Act.

Responsiveness To Regulatory Change

Agile providers update their platforms and services swiftly to keep clients compliant with the fast-changing regulations and directives without disruptions.

Long-Term Value

Price per verification is only one metric. Consider the total cost of ownership, factoring in integration success, downtime risk, and regulatory penalties avoided. A strong RegTech partner delivers both compliance assurance and measurable business ROI.

List Of The Top 7 RegTech Platforms In India

1. AuthBridge

Founded in 2005 and headquartered in Gurugram, AuthBridge is India’s largest and most diversified RegTech service provider. With over 3,000 enterprise clients and 15 million+ verifications processed every month, AuthBridge has become synonymous with compliance at scale.

Core Offerings

Digital KYC & Video-KYC – RBI-compliant onboarding, powered by AI, OCR, and computer vision.
AML & Sanctions Screening – Watchlist screening, adverse media checks, and transaction risk filters.
Workforce & Gig Verification – Identity, employment, education, address, and criminal record verification for employees and delivery agents.
Corporate & Third-Party Due Diligence – MCA checks, GST verification, litigation records, and financial risk profiling.
Digital Address Verification (DAV) – AI-driven geolocation tools replacing field-intensive checks.
E-sign & Digital Contracting – Platforms such as SignDrive are integrated with Aadhaar and DSC.
Contact Point Verification (CPV) – GroundCheck.ai blends field and digital verification for fast turnaround.

AuthBridge’s strength lies in combining two decades of domain expertise with AI-first platforms. Its solutions are API-first, enabling seamless integration into banking systems, HR workflows, and enterprise onboarding portals.

2. IDfy

Founded in 2011 and headquartered in Mumbai, IDfy specialises in digital identity verification and fraud detection. Its platform covers eKYC, Video-KYC, background checks, and fraud analytics, serving banks, fintechs, insurers, and internet platforms. IDfy also offers Privy, a DPDP-compliant privacy and consent management layer.

3. HyperVerge

Established in 2014, with offices in Bengaluru and Palo Alto, HyperVerge is an AI-driven verification provider. Its offerings include Video-KYC, face authentication, KYB, and AML screening, leveraging proprietary computer vision technology. HyperVerge claims to have processed over 1 billion identity checks globally, making it one of the most widely adopted Indian-born RegTech players.

4. Digio

Founded in 2016 in Bengaluru, Digio focuses on digital documentation and consent-driven compliance. Its services include Aadhaar eSign, eStamp, eMandates (eNACH), CKYC integrations, Video-KYC, and AML screening. Digio’s platforms are heavily used by banks, NBFCs, and fintechs to digitise paperwork while staying compliant with IT Act and RBI rules.

5. Signzy

Founded in 2015 and headquartered in Bengaluru, Signzy is a global digital onboarding and compliance automation platform. It offers KYC, KYB, AML checks, transaction monitoring, and digital contracting via its no-code platform. Signzy has partnered with major banks and regulators, serving 500+ clients worldwide, and is recognised for its ability to adapt swiftly to regulatory change.

6. Jocata

Founded in 2010 and based in Hyderabad, Jocata is known for its flagship platform GRID, which integrates AML, KYC remediation, fraud detection, and onboarding into a unified case management system. Jocata serves leading Indian banks and NBFCs, helping them comply with AML/CFT frameworks while reducing operational risk.

7. Leegality

Founded in 2016 and headquartered in Gurugram, Leegality is a specialist in digital documentation and execution workflows. Its products include Aadhaar eSign, BharatStamp (digital eStamping), and document workflow automation, enabling legally valid, paperless compliance. Leegality has gained traction among BFSI, insurance, and enterprise clients, modernising their contracting processes.

Conclusion

As regulation tightens and digital adoption accelerates, RegTech has become the silent infrastructure of trust in India’s financial and corporate sectors. The seven providers outlined here demonstrate the breadth of innovation driving this shift, but AuthBridge’s scale, breadth of services, and proven track record set it apart as the partner of choice for enterprises where compliance and growth must go hand in hand.

By Abhinandan, 3 weeksSeptember 26, 2025 ago

Background Checks

RBI’s Directive On Unclaimed Deposits 2025 & The Role Of Digital Address Verification

Introduction

In September 2025, the Reserve Bank of India (RBI) issued a clear and time-bound directive to scheduled commercial banks across the country: return over ₹67,000 crore in unclaimed deposits within three months. These funds, which have been lying dormant in banks for over a decade, reflect savings and investments that depositors or their heirs have not claimed.

According to official data presented in Parliament, ₹67,270 crore in unclaimed deposits had accumulated by June 2025, with nearly 87 per cent of these funds held by public sector banks. The State Bank of India alone accounts for close to ₹19,330 crore, followed by Punjab National Bank and Canara Bank, each with over ₹6,000 crore. Among private banks, ICICI Bank leads with over ₹2,000 crore in unclaimed deposits.

The central bank has set a strict three-month window—from October to December 2025—for institutions to intensify their efforts to trace account holders or their heirs.

What Are Unclaimed Deposits?

Unclaimed deposits are amounts parked in bank accounts or term deposits that remain untouched for ten years or more. If there are no customer-initiated transactions, such as withdrawals, deposits, or instructions, over this period, the account is treated as inoperative.

By regulation, once these deposits cross the dormancy threshold, they are transferred by banks to the Depositor Education and Awareness (DEA) Fund maintained by the RBI. The intent behind this framework is to protect idle money from misuse and to ensure that rightful owners or their heirs can claim it at any point through a structured process.

Despite these measures, the scale of the problem is enormous. The funds in question represent both financial assets forgotten by individuals and systemic gaps in outreach. Many heirs are unaware of accounts held by deceased relatives, and in other cases, documentation gaps make it difficult for claimants to establish ownership.

The Scale Of Unclaimed Deposits

The RBI’s disclosure puts the size of unclaimed deposits at ₹67,270 crore as of June 2025. Public sector banks dominate this pool, reflecting their large customer base and legacy operations. Here are a few of the banks with their unclaimed deposits:

Bank	Unclaimed Deposits (₹ crore)
State Bank of India (SBI)	19,329.29
Punjab National Bank (PNB)	6,910.67
Canara Bank	6,278.14
Bank of Baroda	5,277.36
Union Bank of India	5,104.50
ICICI Bank	2,063.45
Other Private Banks (combined)	8,673.72
Total (All Banks)	67,270

RBI’s Instructions To Banks

The Reserve Bank of India has issued time-bound instructions to banks, directing them to intensify efforts between October and December 2025 to return unclaimed deposits.

Key Directives From The RBI

Special Outreach Drive (Oct–Dec 2025):
Banks have been asked to run a targeted campaign over three months to trace account holders or their heirs. The focus will be on proactive engagement rather than passive compliance.
Role Of State Level Bank Committees (SLBCs):
SLBCs are required to review progress at a granular level, breaking down data by region and age of deposit, and ensuring that lagging banks step up their efforts.
Public Awareness Measures:
Banks must reach out to customers through various media, including print, electronic, and digital channels, with a special focus on rural and semi-urban areas where awareness levels are often lower.
Grievance Redressal:
Institutions must strengthen grievance redressal mechanisms to ensure that claimants face fewer procedural hurdles when retrieving funds.
UDGAM Portal:
A central plank of this drive is the UDGAM (Unclaimed Deposits – Gateway to Access Information) portal maintained by the RBI. This digital platform allows individuals to search for unclaimed deposits across multiple banks using simple identifiers such as their name, PAN, or address.

As of July 2025, nearly 8.6 lakh users had registered, and the portal now covers banks that account for around 90% of unclaimed deposit value.

Challenges In Returning Dormant Deposits

While the RBI’s directive is clear and time-bound, executing it on the ground poses significant challenges. The sheer magnitude of ₹67,270 crore in dormant funds means banks must overcome structural, operational, and human barriers to reunite depositors with their money.

Tracing The Rightful Owners

One of the greatest hurdles lies in locating the original depositors or their heirs. Over time, customers may have moved houses, migrated abroad, or passed away, leaving no clear trail for banks to follow. Inheritance complexities add another layer of difficulty, especially in the absence of updated nominee information.

Documentation And Proof

Even when claimants are identified, retrieving deposits often hinges on producing valid documents such as identity proofs, succession certificates, or death certificates of deceased account holders. In many cases, these documents are either missing or difficult to obtain, delaying the process.

Awareness And Financial Literacy Gaps

A large proportion of dormant deposits belong to individuals in rural and semi-urban regions. Limited awareness of banking rules, lack of digital access, and low financial literacy mean that many potential claimants are unaware of their rights or the steps required to reclaim funds.

Operational Inefficiencies

Banks themselves face operational bottlenecks. Branch-level staff may not always have updated contact information, and in some cases, the processes for claim settlement remain manual, cumbersome, and time-consuming.

Risk Of Fraudulent Claims

Efforts to return unclaimed deposits must also be safeguarded against fraudulent attempts, where impostors may try to exploit gaps in verification mechanisms. This necessitates robust verification tools that can balance customer convenience with security.

The Scale of the Challenge

As per RBI’s directive, banks must return ₹67,000 crore lying in dormant accounts within 3 month

These deposits, untouched for over a decade, often belong to individuals who:

Have changed residences or migrated abroad.
Passed away without clear nominee details.
Remain unaware of their dormant accounts, especially in rural or semi-urban areas.

Traditional outreach methods — phone calls or emails — often fail. Contact numbers are outdated, email addresses bounce, and in many cases, families are unaware of the accounts at all. Simply shutting the account isn’t enough; banks must first trace and credit the rightful customer or heir.

AuthBridge’s Role: From Tracing To Compliance

When banks are pressed to act fast and at scale, mere promises don’t suffice. What matters is whether a solution can deliver across jurisdictions, risk tiers, connectivity constraints, and fraud vectors. AuthBridge’s address and contact point verification stack is built to meet exactly those demands. Below is a close look at the services.

At AuthBridge, we specialise in bridging the gap between compliance requirements and customer realities:

1. Skip Tracing For Account Closure
We leverage alternate data sources — credit bureau, utility, and telecom records — to trace rightful owners or heirs when contact details are missing.

2. Mobile-To-Address API (Powered by Shiprocket)
Our mobile-to-address API helps confirm and enrich contact data, scoring addresses against 12–13 trusted sources including national ID repositories. This accelerates discovery when customers cannot be reached directly.

3. Address Augmentation & Verification
Using mobile numbers, we link multiple data points to verify and augment addresses, reducing false positives and ensuring accurate outreach.

4. Re-KYC & Claimant Verification
Through video KYC, name screening, and account verification, we help banks securely re-onboard dormant customers or verify claimants before settlement.

5. Hybrid Approach: Digital + On-Ground
Where needed, our field verification teams complement digital workflows, ensuring even rural or hard-to-reach customers are traced effectivel

Conclusion

The RBI’s call to return ₹67,270 crore in unclaimed deposits within three months is both a challenge and an opportunity for banks. Success will depend on how effectively institutions can trace rightful claimants while safeguarding against fraud and delay. Digital tools such as AuthBridge’s Digital Address Verification (DAV) and GroundCheck.ai provide a practical answer—enabling banks to verify addresses in minutes, escalate seamlessly to on-ground checks when required, and build a transparent audit trail at every step. By adopting these solutions, banks not only stand to meet the RBI’s directive on time but also send a clear message of trust, accountability, and customer commitment.

By Abhinandan, 3 weeksSeptember 25, 2025 ago

Background Checks

What Is An OVD In Banking And Where Is It Needed?

Introduction

The verification of identity lies at the core of India’s BFSI sector. With a population of over 1.4 billion, the need for a reliable system to establish “who is who” is both practical and regulatory. Every banking transaction, insurance policy, mutual fund investment, or welfare disbursement depends upon the assurance that the individual or entity involved is genuine.

The Prevention of Money Laundering Act, 2002 (PMLA) and its associated Prevention of Money Laundering (Maintenance of Records) Rules, 2005 form the legal backbone to maintain this assurance. Rule 2(d) introduces the concept of Officially Valid Documents (OVDs) within these rules. These documents serve as the standard benchmarks of identity and address verification across sectors.

The Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), the Insurance Regulatory and Development Authority of India (IRDAI), and the Financial Intelligence Unit (FIU-IND) all draw upon this foundation when issuing sector-specific KYC and AML guidelines.

OVDs are essential in enhancing customer trust, enabling faster service delivery, and ensuring that the benefits of financial inclusion and welfare schemes reach the intended recipients. In practice, OVDs are the gateway to accessing services like opening a savings account, applying for an education loan, purchasing an insurance policy, or registering for government benefits.

What Is An OVD?

An OVD or “Officially Valid Document”, defined in Rule 2(d) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, means the Passport, the Driving Licence, proof of possession of Aadhaar number, the Voter’s Identity Card issued by the Election Commission of India, the job card issued by NREGA duly signed by an officer of the State Government, the letter issued by the Unique Identification Authority of India or the National Population Register containing details of name, address and Aadhaar number, or any other document as notified by the Central Government in consultation with the Regulator.

Deemed OVDs For Identity

Where simplified measures are applied to verify identity, the following are also deemed OVDs:

Identity card with applicant’s photograph issued by Central/State Government Departments, statutory/regulatory authorities, PSUs, scheduled commercial banks, and public financial institutions.
A letter issued by a gazetted officer, with a duly attested photograph of the person.

Deemed OVDs For Address (Limited Scope)

Where simplified measures are applied for the limited purpose of proof of address and a prospective customer is unable to produce any evidence of address, the following are deemed OVDs:

Utility bills (electricity, telephone, post-paid mobile, piped gas, water) are not over two months old.
Property or municipal tax receipt.
Bank account or Post Office savings bank account statement (or, if the reporting entity is in an IFSC, a foreign bank statement).
Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or PSUs, if they contain the address.
Letter of allotment of accommodation from employers in the public sector (and similar bodies) or leave-and-licence agreements with such employers.

These address relaxations are for a limited purpose and do not replace the obligation to maintain current KYC.

Foreign Nationals And IFSC Provisions

If the OVD presented by a foreign national does not contain an address, documents issued by the Government departments of those foreign jurisdictions and letters from a Foreign Embassy or Mission in India are acceptable as proof of address.
In an International Financial Services Centre (IFSC), the national identity card and voter identification card issued by foreign jurisdictions (or their authorised agencies), capturing the photograph, name, date of birth and address of a foreign national, are also considered OVDs.

Aadhaar — Permitted Forms

A client may submit proof of possession of an Aadhaar number as an OVD using the form issued by UIDAI (physical or approved electronic forms).

Name Change — Continued Validity Of OVD

An OVD remains valid even if the name has changed after issuance, provided the change is supported by a marriage certificate issued by the State Government or a Gazette notification indicating the change of name.

Other Related Definitions For OVD Use

Offline verification has the same meaning as in the Aadhaar Act; it enables identity verification without online authentication, consistent with the Act’s definition and modalities permitted thereunder.
Politically Exposed Persons (PEPs) are individuals entrusted with prominent public functions by a foreign country (e.g., heads of state/government, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, and key political party officials). The PEP classification affects customer risk categorisation and is used alongside OVD-based identification during onboarding and ongoing due diligence.

It is important to note that OVDs serve identity and address; separate documents are not required if the OVD’s address is current. For non-individual clients (companies, partnerships, trusts), entity documents are required in addition to OVDs of natural persons who are beneficial owners, authorised signatories or controllers.

Importance Of OVDs In KYC And AML Compliance

In India, every reporting entity must carry out Know Your Customer (KYC) checks under the Prevention of Money Laundering Act (PMLA) and its Rules. By insisting on a standard set of recognised documents, like OVDs, regulators prevent institutions from adopting inconsistent or weak identification practices.

Strengthening Anti-Money Laundering Controls

OVDs are key to the Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) frameworks. By verifying each account, investment, or policy against a government-recognised document, OVDs:

Deter the creation of anonymous or fictitious accounts.
Enable audit trails, linking financial flows back to verified individuals.
Support filing suspicious transaction reports (STRs) to the Financial Intelligence Unit (FIU-IND) with reliable identity details.

Regulatory Mandates Across Financial Sectors

The reliance on OVDs is reinforced across multiple regulators:

Reserve Bank of India (RBI): OVDs form the core of customer onboarding in banks, NBFCs, payment service providers, and digital lending platforms.
Securities and Exchange Board of India (SEBI): Investor onboarding through KYC Registration Agencies (KRAs) must be based on OVDs to ensure consistency across capital markets.
Insurance Regulatory and Development Authority of India (IRDAI): Life and general insurers must obtain OVDs when issuing policies or processing high-value claims.
Financial Intelligence Unit (FIU-IND): Relies on OVD-linked records to assess compliance and detect suspicious financial behaviour.

Use Cases Of OVDs In The Banking and Financial Services (BFSI) Sector

OVD Requirement For Opening Bank Accounts

Banks are legally required to obtain OVDs from individuals for both Current and Savings accounts (CASA). A valid OVD establishes identity and address and ensures compliance with RBI’s KYC Master Direction. This means furnishing documents such as a passport, Aadhaar, or voter card for retail customers. Without an OVD, banks cannot activate an account, even if deposits have been made. In addition, when addresses in OVDs are outdated, customers must provide deemed OVDs (such as utility bills) until an updated OVD is produced.

OVDs For Loans, Credit Cards, And Deposits

Banks and NBFCs depend on OVDs to process loans, issue credit cards, or open fixed deposits. The documents allow lenders to establish the borrower’s identity, residence, and credit eligibility. In secured lending, OVDs of co-applicants and guarantors are also mandatory. For high-value credit exposure, updated OVDs reduce the risk of fraud, misrepresentation, and defaults.

OVD Documents For Corporate And Institutional Customers

Companies and partnerships must provide their incorporation or registration documents when opening current accounts or availing trade finance. However, the authorised signatories, directors, partners, and beneficial owners must submit their personal OVDs. This ensures that the individuals who control or transact on behalf of the entity are also traceable. For foreign companies, passports and identity cards issued by foreign governments (recognised under the Rules) may serve this purpose.

OVD Role In NBFCs And Fintech Onboarding

Digital lenders, microfinance institutions, and fintech companies increasingly rely on paperless KYC. Even in electronic KYC (e-KYC) journeys, OVDs are essential — typically Aadhaar (with consent-based authentication), driving licence, or voter ID. For prepaid payment instruments (PPIs), wallets, or UPI onboarding, OVDs establish the customer’s true identity, enabling RBI-mandated full-KYC accounts. This ensures small-ticket digital transactions remain secure and AML-compliant.

OVDs In Insurance Policies And Claims

Under IRDAI rules, insurers must collect OVDs before issuing life or general insurance policies. These documents confirm the proposer’s identity and address, reducing the risk of mis-selling or fraudulent claims. The insured and the beneficiary’s OVDs are critical for nominee verification or claims settlement. This ensures benefits are disbursed to the rightful claimant, protecting policyholders and strengthening insurer compliance.

OVD Requirement For Mutual Fund And Capital Market Investors

The Securities and Exchange Board of India (SEBI) has mandated that all investor KYC records maintained by KRAs (KYC Registration Agencies) must be validated against OVDs. Investors cannot open a demat account, trade in securities, or start a mutual fund folio without furnishing OVDs. Foreign identity cards and embassy-issued letters may be accepted for non-resident investors per PML Rules. This standardisation ensures consistency and investor protection across the capital markets.

Use Cases Of OVDs Beyond BFSI

OVD Requirement For SIM Card Issuance And Telecom Services

Telecom operators are required by the Department of Telecommunications (DoT) to conduct KYC before issuing new SIM cards or processing mobile number portability requests. Customers must present an OVD, most commonly Aadhaar, Voter ID, or Driving Licence, to verify their identity and address. This measure curbs misuse of mobile connections for fraudulent or unlawful activities and ensures every SIM is traceable to a verifiable individual.

OVDs For Accessing Government Schemes And Subsidies

Direct Benefit Transfer (DBT) schemes rely heavily on OVDs to ensure subsidies and welfare benefits reach genuine beneficiaries. Aadhaar and other OVDs link bank accounts to disburse LPG subsidies, pension schemes, food grain entitlements under the Public Distribution System, and MGNREGA wage payments. By mandating OVD-based verification, the government reduces duplication of beneficiaries and prevents leakages in welfare spending.

OVD Documents In MSME And Public Procurement Registrations

For enterprises registering with the National Small Industries Corporation (NSIC) or onboarding onto the Government e-Marketplace (GeM) portal, OVDs are required for both the entity’s authorised signatories and its proprietors or directors. This ensures that small businesses participating in government tenders and procurement processes are genuine and that responsibility can be traced back to identified individuals.

OVD Requirement In Employment And Corporate Hiring

In sensitive industries such as defence, information technology, and financial services, employers require employees to furnish OVDs during the hiring process. Background verification agencies rely on OVDs to validate personal information, ensuring authenticity before offering employment in regulated or high-trust roles. OVDs are a key input in employee due diligence for contractual staff and gig workers.

OVDs For Scholarships, Education Loans, And Student Verification

Educational institutions and lenders rely on OVDs to process scholarships, student loans, and grants. Students must produce valid OVDs to establish identity and residence before funds are sanctioned. This protects against fraudulent applications and ensures that financial aid reaches genuine students.

OVD Documents For Travel, Immigration, And Visa Applications

While the passport is an OVD, other OVDs, such as Aadhaar, voter ID, and driving license, are often required in supporting roles for visa processing, immigration checks, or domestic travel documentation. To comply with address verification requirements, foreign nationals in India must produce OVD-equivalent documents recognised under the PML Rules, such as national identity cards or embassy letters.

Challenges In The Use Of OVDs

Duplication And Multiple Records

One recurring challenge in India’s KYC framework is the duplication of records. Customers often submit different OVDs across multiple institutions, creating siloed databases. Banks, insurers, and intermediaries must independently validate and update records without central synchronisation. This duplication raises compliance costs and leaves room for error and misuse.

Outdated Addresses And Compliance Gaps

While OVDs serve as identity and address proof, many citizens do not promptly update their addresses in these documents. For example, individuals frequently move cities for employment or education but continue to hold voter IDs or driving licences registered in their native towns. Regulators address this by permitting deemed OVDs (such as recent utility bills) for address verification. Still, such temporary measures create periodic compliance gaps until the customer produces an updated OVD.

Risks Of Forgery And Document Fraud

Despite being government-issued, OVDs are not immune to misuse. Cases of forged driving licences, voter cards, or falsified utility bills have been reported. For financial institutions, manual checks are inadequate. As a result, regulators encourage digital verification — Aadhaar authentication, DigiLocker document pulls, and database-based validation — to reduce reliance on physical copies vulnerable to tampering.

Transition To Digital OVDs

India has been steadily moving towards digital-first OVD usage. Key enablers include:

Aadhaar XML/Offline KYC: Allows secure sharing of Aadhaar details without exposing the number publicly.
DigiLocker: Enables individuals to share digitally signed driving licences, PAN, and other government documents directly from issuing authorities. These digital copies are recognised as equivalent to physical OVDs.
Video-based Customer Identification Process (V-CIP): Banks and NBFCs are permitted to conduct video KYC, where OVDs are verified digitally during a live interaction.

However, the push towards digital OVDs has raised questions of data privacy and protection. Institutions must ensure that while collecting Aadhaar or DigiLocker documents, customer consent is recorded and data storage complies with both PML Rules and the Digital Personal Data Protection Act, 2023.

By Abhinandan, 3 weeksSeptember 24, 2025 ago

Bank-Statement-Analysis-for-Digital-Lenders-blog-image

BFSI

Bank Statement Analysis for Digital Lenders: Signals That Matter

Introduction: The Growing Role of Bank Statement Analysis in Digital Lending

India’s digital lending ecosystem has grown at an unprecedented pace. A joint report by the Reserve Bank of India (RBI) and BCG estimated that the digital lending market in India could reach USD 350 billion by 2026, driven by fintech adoption, smartphone penetration, and a shift towards cashless transactions. Yet, as volumes grow, the pressure on lenders to maintain portfolio quality and meet regulatory expectations has never been greater.

One of the biggest hurdles is assessing borrowers who lack formal credit histories. According to TransUnion CIBIL, nearly 160 million Indians remain “new-to-credit”, making it difficult for lenders to rely on conventional bureau data alone. For this segment, bank statement analysis provides an alternative and highly reliable lens. By examining inflows, outflows, and transactional behaviour, lenders can accurately measure repayment capacity, financial discipline, and early-warning signs of distress.

This shift is also being nudged by regulators. The RBI’s 2022 digital lending guidelines emphasised transparency, data accuracy, and responsible underwriting. In practice, this means that lenders can no longer rely on self-declared income or loosely verified documents. Automated bank statement analysis, supported by AI/ML tools, not only accelerates decision-making but also provides an auditable trail of data-backed lending decisions, aligning with compliance requirements.

Case studies from Indian fintechs underline its importance. For instance, a mid-sized NBFC reported that integrating AI-powered bank statement analysers reduced loan application drop-offs by 40% and cut fraud attempts by detecting doctored PDF statements. Another digital-first lender in the MSME segment used automated analysis to identify irregular seasonal cash flows among small traders, enabling them to design flexible repayment schedules—improving both customer satisfaction and repayment rates.

Key Signals That Matter In Bank Statement Analysis

Bank statements are more than just records of money in and money out — they are behavioural fingerprints that reveal how borrowers manage their finances. For digital lenders in India, where nearly 160 million borrowers remain “new-to-credit” (TransUnion CIBIL, 2023), analysing these signals is essential to bridge the information gap. Below are the most critical dimensions:

Income Stability

Regular salary credits or predictable business inflows indicate a borrower’s repayment capacity. For salaried borrowers, lenders often look for three to six months of consistent credits, while MSMEs and self-employed individuals are evaluated on seasonal cash flow cycles. Inconsistencies, such as sudden salary drops or irregular deposits, may point to employment instability or informal income sources.

Expense Patterns

Spending habits can reveal whether a borrower lives within their means. Fixed expenses such as rent, utilities, and insurance premiums demonstrate financial discipline, while high discretionary spending may raise concerns about repayment ability. A fintech study in 2024 showed that borrowers with discretionary spends exceeding 40% of monthly inflows were 2.3x more likely to default on digital loans.

Obligations And Liabilities

Recurring EMI outflows, credit card bills, and loan repayments provide visibility into a borrower’s existing commitments. By calculating the Debt-to-Income (DTI) ratio, lenders can assess whether new credit would overburden the borrower. In India, NBFCs often flag borrowers with a DTI ratio above 45–50% as high risk.

Liquidity And Buffer

The average monthly balance, frequency of low-balance alerts, and overdraft incidents indicate financial resilience. For instance, a lender may reject applicants whose average monthly balance falls below 10% of their monthly inflows, suggesting they have no cushion for emergencies. Liquidity metrics are particularly crucial for BNPL products and micro-loans, where repayment cycles are short.

Fraud Detection Signals

Fraudulent behaviour remains a key concern. Doctored PDF bank statements, multiple small transactions near month-end (to inflate balances artificially), or sudden large unexplained credits often indicate potential fraud. A mid-tier Indian NBFC reported that AI-powered PDF forgery detection helped prevent 8% of attempted fraudulent applications in 2023.

Benefits Of Automated Bank Statement Analysis for Digital Lenders

The traditional way of manually reviewing bank statements is not only slow but also inconsistent and prone to oversight. In a highly competitive lending environment like India, where loan disbursals are expected in minutes, automation has become a necessity rather than a choice. Automated bank statement analysis powered by AI/ML algorithms offers digital lenders significant advantages across four major dimensions:

Faster Turnaround And Better Customer Experience

Speed is a key differentiator in digital lending. Borrowers today expect near-instant loan decisions, and lenders who take longer risk losing them to competitors. Automated tools can process hundreds of transactions within seconds, reducing loan processing times dramatically. For example, a leading Indian fintech reported cutting its average loan approval time from 48 hours to under 10 minutes after deploying automated statement analysers.

Improved Risk Accuracy

AI systems can identify risk patterns that human reviewers often miss. By analysing inflow stability, recurring obligations, discretionary spends, and liquidity buffers, automated tools create more precise risk scores. A 2023 PwC India study found that AI-driven bank statement analysis improved prediction accuracy for defaults by up to 25% compared to manual methods.

Regulatory Alignment And Auditability

The RBI’s digital lending guidelines (2022) mandate data transparency, fair practices, and proper documentation of underwriting decisions. Automated bank statement analysis provides an auditable trail of decision-making by logging how each lending decision was derived. This not only ensures compliance but also protects lenders in the event of disputes or regulatory reviews.

Fraud Detection And Portfolio Quality

India’s digital lending sector faces increasing cases of doctored PDF bank statements and fraudulent income claims. Automated systems can flag forged documents, duplicated transactions, or inflated balances far more reliably than manual checks. An NBFC using an AI-powered analyser reported detecting fraud in 8% of loan applications that would have otherwise slipped through manual reviews. Over time, this leads to a healthier loan portfolio with lower NPAs (Non-Performing Assets).

Cost Efficiency And Scalability

Manual reviews require large teams of underwriters, which increases operational costs and introduces inconsistencies. Automation allows lenders to scale without proportionally expanding manpower. For high-volume lenders, this translates into significant cost savings—one mid-sized Indian NBFC reported saving ₹1.2 crore annually after automating statement reviews across its MSME loan segment.

Real-Life Applications In India

AI And Machine Learning Advancements

Over the next three to five years, bank statement analysers are expected to shift from rule-based engines to

predictive AI systems

. These will not just review historical inflows and outflows but forecast future repayment capacity based on behavioural patterns. For instance, AI can predict income volatility for gig workers by comparing weekly deposits and external data such as platform payouts.

Growing Role Of Regulatory Oversight

The

RBI’s Digital Lending Guidelines (2022)

were only the beginning. With rising digital loan penetration, regulators are likely to demand

greater transparency in underwriting algorithms

, ensuring that credit scoring models are explainable and non-discriminatory. Bank statement analysis platforms will therefore evolve to include

audit trails, explainability dashboards, and compliance reports

to align with regulatory mandates.

Integration With Broader Digital Public Infrastructure

India’s financial stack, including

Aadhaar, UPI, and Account Aggregators (AA)

, will converge with bank statement analysis to create a seamless lending journey. Through Account Aggregators, borrowers can securely share bank data in real time, allowing instant verification and reducing fraud risks. Analysts predict that by

2027, over 50% of digital loan applications in India will rely on AA-powered statement sharing

Expansion Beyond Credit Scoring

Bank statement analysis will also move beyond underwriting to become a

portfolio management and early-warning tool

. By continuously monitoring borrowers’ cash flow health, lenders can trigger pre-emptive interventions—such as restructuring loans or offering top-ups—before defaults occur. This proactive approach could reduce NPAs by an estimated

15–20% across NBFC portfolios

Conclusion

Bank statement analysis has become a cornerstone of digital lending in India, enabling lenders to serve a growing base of borrowers with speed, accuracy, and confidence. By moving beyond manual reviews to AI-powered, automated systems, lenders gain sharper insights into income stability, obligations, spending patterns, and fraud signals — all of which are critical for responsible lending.

In a market where over 160 million Indians are new-to-credit and digital loan volumes are set to exceed USD 350 billion by 2026, the ability to interpret bank data efficiently will determine which lenders thrive. Coupled with regulatory expectations from the RBI and the adoption of Account Aggregators, bank statement analysis is no longer optional; it is a strategic necessity.

For digital lenders, the future lies in embedding these tools not just at the point of underwriting, but across the lifecycle — from onboarding to monitoring and collections. Done right, bank statement analysis can deliver the dual promise of financial inclusion and portfolio resilience.

FAQ

What is bank statement analysis in digital lending?

Bank statement analysis involves reviewing a borrower’s inflows, outflows, and balance patterns to assess creditworthiness. In digital lending, automated tools use AI/ML to extract signals like income stability, obligations, and fraud risks directly from bank statements.

Why is bank statement analysis important for Indian lenders?

India has a large population of borrowers with limited or no credit bureau history. Bank statements provide an alternative, reliable record of financial behaviour. They help lenders serve “new-to-credit” customers while maintaining compliance with RBI’s digital lending guidelines.

What signals do lenders look for in bank statements?

Key signals include regular income inflows, fixed vs discretionary expenses, debt-to-income ratios, liquidity buffers, and red flags such as suspicious large credits or doctored PDFs.

How does automation improve bank statement analysis?

Automation enables lenders to process statements in seconds, reduce manual errors, detect forgery, and generate risk scores. It also ensures auditability, which helps meet regulatory requirements.

Can bank statement analysis detect fraud?

Yes. Automated tools can detect anomalies such as identical transactions, out-of-order dates, forged fonts, or inflated balances. Several Indian NBFCs have reported preventing fraud worth crores through automated analysis.

How does this align with RBI guidelines?

RBI’s 2022 Digital Lending Guidelines emphasise transparency, data accuracy, and fair practices. Automated statement analysis provides auditable trails, documented risk assessments, and ensures data is processed responsibly.

What role will Account Aggregators play in the future?

Account Aggregators (AA) will allow borrowers to share bank data securely in real time, making statement analysis seamless. By 2027, it is expected that over half of India’s digital loan applications will rely on AA-based data sharing.

By Siddharth, 3 weeksSeptember 23, 2025 ago

BFSI

RBI’s Updated Guidelines For Payment Aggregators 2025: Key Details

Introduction

On 15 September 2025, the Reserve Bank of India (RBI) issued the Master Direction on Regulation of Payment Aggregators (PAs). This consolidated framework supersedes earlier circulars — the 2020 and 2021 guidelines on Payment Aggregators and Gateways, and the 2023 directions on Cross-Border Payment Aggregators.

The new Direction has been issued under the powers conferred by Section 18, read with Section 10(2) of the Payment and Settlement Systems Act, 2007, together with Section 10(4) and Section 11(1) of the Foreign Exchange Management Act, 1999. It harmonises regulations for online, physical and cross-border aggregation of payments, introducing a common compliance regime for banks, non-banks, authorised dealer (AD) banks and scheduled commercial banks.

Key Definitions Under The RBI’s New Payment Aggregator Guidelines 2025

To understand the scope of the 2025 Master Direction, it is essential to first look at the definitions provided by the Reserve Bank of India. These definitions set the base for regulating Payment Aggregators (PAs) and Payment Gateways (PGs).

A cash-on-delivery transaction is a merchant transaction in which banknotes or currency notes, being legal tender in India, are offered or tendered at the time of delivery of goods and services.
Contact Point Verification (CPV) refers to the physical verification of the merchant’s address or place of business.
E-commerce refers to the buying and selling of goods and services, including digital products, conducted over digital and electronic networks. For this definition, the term ‘digital and electronic network’ includes networks of computers, television channels, and other internet applications used in an automated manner, such as web pages, extranets and mobile platforms.
An inward transaction refers to any transaction involving the inflow of foreign exchange, while an Outward transaction consists of the outflow of foreign exchange.
A Marketplace is an e-commerce entity that provides an information technology platform on a digital or electronic network to facilitate transactions between buyers and sellers.
A Merchant means an entity or marketplace that sells goods, provides services, or offers investment products. This also includes exporters and overseas sellers.
Payment channel refers to the method or manner through which a payment instruction is initiated and processed in a payment system.
A Payment Aggregator (PA) is an entity that facilitates the aggregation of payments made by customers to merchants through one or more payment channels, using the merchant’s interface (physical or virtual), to purchase goods, services, or investment instruments. Subsequently, it settles the collected funds to the merchant. The Directions categorise PAs into three types:

PA–Physical (PA–P): Facilitates transactions where the acceptance device and payment instrument are physically present in proximity.
PA–Cross Border (PA–CB): Facilitates aggregation of cross-border payments for current account transactions permissible under FEMA, through the e-commerce route. Two sub-categories exist under PA–CB: inward transactions and outward transactions.
- It is clarified that non-bank entities authorised as AD Category-II, and facilitating current account transactions not prohibited under FEMA (other than purchase or sale of goods or services), do not fall within the purview of PA–CB business.
- Similarly, a card transaction where the foreign exchange settlement is facilitated by a card network and the aggregator receives payment in local currency is not treated as PA–CB activity.
PA–Online (PA–O): Facilitates transactions where the acceptance device and payment instrument are not present in proximity at the time of payment.

A Payment Gateway (PG) is defined as an entity that provides the technology infrastructure to route and facilitate the payment transaction processing without handling funds.

Finally, terms such as Central KYC Records Registry (CKYCR), Officially Valid Document (OVD), equivalent e-document, digital KYC, and Video-based Customer Identification Procedure (V-CIP) carry the same meanings as set out in the RBI’s Master Direction on Know Your Customer (2016), as amended from time to time.

Authorisation For Payment Aggregator Business

The Master Direction distinguishes between banks and non-bank entities operating as a Payment Aggregator. Here are the differences between banks and non-banks operating as PAs:

Banks do not require a separate authorisation from the RBI to provide PA services. Their existing powers and supervisory framework govern their activities.
Non-bank entities, however, must seek explicit authorisation from the RBI under the Payment and Settlement Systems Act, 2007. Only companies incorporated under the Companies Act, 2013, are eligible to apply.

To operationalise this requirement, the RBI has mandated that all non-bank Payment Aggregators submit their applications through the designated portal. Those who fail to apply by 31 December 2025 must wind down their PA business operations by 28 February 2026.

Capital Requirements For Payment Aggregators

To ensure that only entities with sufficient monetary capacity operate as PAs, the RBI has imposed a phased capital requirement:

At the time of application, a non-bank Payment Aggregator must demonstrate a minimum net worth of ₹15 crore.
By the end of the third financial year from the date of authorisation, this net worth must rise to ₹25 crore.

For this purpose, net worth is calculated in line with the Companies Act and relevant accounting standards. Compulsorily convertible preference shares may be included, but deferred tax assets are specifically excluded.

Governance And Management

The RBI has raised governance standards for Payment Aggregators in line with their growing role in handling public funds. Every PA is expected to be professionally managed, with its promoters and directors meeting the central bank’s fit and proper criteria. This entails solid financial integrity, a reputation for honesty, and freedom from disqualifications such as insolvency or conviction.

RBI has also closed the door on ownership changes slipping through unnoticed. Any takeover or acquisition of control, whether direct or indirect, requires prior approval from the RBI. This ensures that entities entrusted with merchant and customer funds remain under the regulator’s watch even when corporate structures shift.

To embed accountability, Boards of Payment Aggregators must frame policies on risk management, information security, and customer protection. These policies must not be a one-time exercise but must be subject to periodic review.

Dispute Resolution Framework

The RBI has mandated a time-bound framework for dispute resolution and refunds, aligned with its earlier Turn Around Time (TAT) prescriptions for failed transactions.

Payment Aggregators must enter into legally enforceable agreements with merchants and acquiring banks. These contracts must clearly allocate responsibility for settlement, refunds, and handling of disputes, reducing ambiguity in the payments chain.

Equally important is transparency for customers. Refund policies must be disclosed upfront, so payers know how their funds will be handled in the event of a reversal. Each PA must also appoint a grievance redressal officer and provide an escalation matrix to track and resolve complaints efficiently.

Security, Fraud Prevention And Risk Management

Every Payment Aggregator must implement a comprehensive risk management framework, including fraud prevention, suspicious activity monitoring, and controls safeguarding customer information.

Compliance with internationally recognised standards is compulsory. Aggregators must adhere to Payment Card Industry – Data Security Standards (PCI-DSS) and Payment Application – Data Security Standards (PA-DSS) where relevant.

To verify adherence, Payment Aggregators must undergo an annual audit by a CERT-In empanelled auditor. This ensures independent validation of cybersecurity and system integrity. In addition, the Directions mandate compliance with RBI’s Cyber Resilience and Digital Payment Security Directions, 2024.

Data handling is another area where obligations are explicit. All payment system data must be stored in India, per the RBI’s 2018 data localisation circular.

General Directions For Payment Aggregators

RBI has laid down a series of general directions that shape day-to-day business conduct for Payment Aggregators:

Contractual exclusivity: Aggregators may only facilitate payments for merchants with valid contracts. This ensures accountability and prevents misuse of aggregator platforms for unauthorised transactions.
Marketplace restriction: PAs are prohibited from running their own marketplaces. This prevents conflicts of interest between operating as a payments intermediary and competing as a merchant platform.
Merchant Discount Rate (MDR): PAs must comply fully with RBI’s prescriptions on MDR. Importantly, they are required to ensure that charges are transparently disclosed to merchants.
Refund rules: Refunds must, by default, be processed back to the original payment method. The only exception is when the customer opts for an alternative account under the same ownership.
Authentication norms: Using ATM PINs as an authentication factor is explicitly disallowed for card-not-present transactions.

Special Directions For Cross-Border Payment Aggregators

Entities facilitating payments for imports or exports via the e-commerce route must comply with additional safeguards to prevent misuse of outward remittances and to ensure alignment with FEMA.

Key provisions include:

Segregation of funds: Aggregators must maintain separate accounts for inward and outward flows. Inward and outward remittances cannot be commingled.
Transaction limits: Outward transactions are capped at ₹25 lakh per transaction. This ceiling prevents the misuse of aggregator channels for large-scale capital transfers.
Banking arrangements: Only Authorised Dealer (AD) Category-I–banks can be used to maintain collection accounts for inward (InCA) and outward (OCA) flows. This ensures settlement happens only through banks with full foreign exchange authorisation.
Settlement currency: Non-INR settlement is permitted only in cases where the merchant is an Indian exporter directly onboarded by the aggregator. For other cases, settlement must be in Indian Rupees.
Regulatory reporting: Cross-border PAs must provide sufficient data to their AD banks for reporting into RBI’s Export Data Processing and Monitoring System (EDPMS) and Import Data Processing and Monitoring System (IDPMS).

KYC And Due Diligence

Merchant onboarding lies at the heart of the Directions. RBI has imposed obligations that are closely aligned with its broader KYC Master Directions:

Complete due diligence: Aggregators must conduct comprehensive Customer Due Diligence (CDD) of all merchants, using officially valid documents, PAN, and other identifiers.
Simplified process for small merchants: A streamlined onboarding process may be applied when a merchant’s annual domestic turnover does not exceed ₹40 lakh, or where export turnover does not exceed ₹5 lakh. This involves verifying PAN, conducting Contact Point Verification (CPV), and collecting an officially valid document (OVD).
Background Verification and categorisation: Aggregators must validate the background of merchants, classify them under appropriate Merchant Category Codes (MCCs), and ensure that their names are accurately reflected in customer-facing transactions.
Monitoring: Onboarding is not a one-time exercise. PAs are responsible for continuous monitoring of merchants, including watchlist screening, tracking changes in legal status, and observing for adverse media.
Registration with FIU-IND: Non-bank aggregators must register with the Financial Intelligence Unit – India (FIU-IND) and adhere to reporting standards under the Prevention of Money Laundering Act.
Legacy merchants: All existing merchants must comply with these requirements by 31 December 2025. Merchants not verified by then must be re-onboarded from 1 January 2026.

Escrow Accounts And Settlement Requirements

The Directions mandate that all non-bank Payment Aggregators maintain merchant funds in escrow accounts with Scheduled Commercial Banks. For cross-border activity, separate accounts are required: an Inward Collection Account (InCA) for receipts from overseas customers and an Outward Collection Account (OCA) for payments made by Indian customers to overseas merchants. Funds relating to inward and outward transactions must be kept segregated.

Settlement Framework

Existing non-bank PAs must migrate to the escrow arrangement within two months of receiving RBI authorisation.
Credits and debits to the escrow account are restricted to transactions permitted explicitly under the Directions, ensuring that merchant funds are not diverted for unrelated purposes.
Interest may be earned only on the core portion of the escrow balance, calculated as the average of the lowest daily balances in each fortnight over the preceding 26 fortnights. This provision allows recognition of a stable minimum balance without enabling misuse of settlement float.
Following separate arrangements, escrow accounts must not be used for cash-on-delivery (COD) transactions.

Certification And Reporting

Quarterly: Payment Aggregators must obtain auditor certification confirming compliance with escrow guidelines.
Annually, the auditor and the escrow bank must certify adherence to RBI requirements.

Compliance And Reporting Obligations

Payment Aggregators are subject to extensive compliance and reporting requirements under the Directions.

Monthly: Aggregators must report transaction statistics to the Reserve Bank, covering volumes and values across different payment channels.
Quarterly: They must obtain an auditor’s certificate confirming compliance with escrow account operations and a certificate from the bank maintaining the escrow account on credits and debits.
Annual: Every aggregator must submit a net worth certificate, an information systems and cyber security audit report, and confirmation of compliance with the governance and operational provisions of the Directions.
Event-based: Any change in promoters, directors, or key managerial personnel must be communicated to the Reserve Bank, supported by a declaration confirming compliance with the fit-and-proper criteria.

How Can AuthBridge Streamline Your Compliance Under RBI’s New Directions?

Meeting RBI’s new master directions requires both robust governance structures and scalable verification infrastructure. AuthBridge’s solutions are aligned to support entities in implementing these requirements:

Merchant Onboarding And KYC/CDD
RBI requires full customer due diligence, including PAN, CKYCR, OVD checks, and Contact Point Verification for merchants. AuthBridge enables this through automated identity verification APIs, digital address verification, and V-CIP for high-risk profiles.
Ongoing Monitoring And Due Diligence
The Directions emphasise continuous monitoring of merchants, including adverse news screening and changes in legal status. AuthBridge provides automated monitoring tools and dynamic risk scoring, allowing compliance teams to act on early warning signals.
Duplicate and Mule Account Detection
With Address Augmentation across 12–13 independent datasets (including NIDs and logistics service providers), AuthBridge helps identify inconsistencies, link identities across data points, and flag suspicious mule and duplicate accounts early.
AML And FIU-IND Reporting
Non-bank aggregators must register with FIU-IND and comply with SAR/STR reporting. AuthBridge offers workflows that automate case detection and reporting, reducing the operational burden on compliance teams.
Skip Tracing for Dormant Accounts
Dormant accounts present severe issues, particularly when registered email or phone contacts are unresponsive. AuthBridge’s Mobile-to-Address API with address scoring enables banks to trace customers through fresh, activity-based address signals, ensuring balances are credited to the rightful owner before closure.
Governance And Fit-And-Proper Checks
RBI mandates promoters and directors to meet fit-and-proper criteria and requires risk management and customer protection policies. AuthBridge supports this with director background checks, conflict-of-interest screening, and governance-focused due diligence services.

By Abhinandan, 3 weeksSeptember 22, 2025 ago

Background Checks

New Increased UPI Transaction Limits 2025: Everything You Need To Know

Introduction

The National Payments Corporation of India (NPCI) has recently announced an update to the Unified Payments Interface (UPI) limits, which has a significant impact on how high-value digital payments are processed in India. Effective now, users can make Person-to-Merchant (P2M) transactions of up to ₹5 lakh per transaction, and a maximum of ₹10 lakh in total within 24 hours for specified categories. This update changes how UPI will handle large payments and has been designed to make digital transactions more efficient, secure, and accessible for users across various sectors.

Key Changes To UPI Transaction Limits

1. Per-Transaction Limit for P2M Transactions Increased to ₹5 Lakh

The single transaction limit for Person-to-Merchant (P2M) transactions has now been raised to ₹5 lakh in specified categories. Previously, the limit for such transactions was much lower, but this change enables businesses in specific industries to accept higher-value payments without relying on multiple smaller transactions.

2. Daily Aggregate Limit Raised to ₹10 Lakh in Select Categories

In addition to the raised per-transaction limit, the daily aggregate limit for P2M transactions has been increased to ₹10 lakh within 24 hours for specific categories, including:

Insurance premiums
Capital markets
Travel
Collections
Government e-Marketplace (GeM)

This revision allows users to conduct more extensive daily transactions, supporting businesses that need to process large payments over a day. For instance, in the insurance sector, where large premium payments are common, companies can process these payments in a single day without requiring multiple smaller transactions.

3. P2P Transfer Limit Remains at ₹1 Lakh per Day

Despite the increase in transaction limits for P2M payments, the limit for Person-to-Person (P2P) transfers remains unchanged at ₹1 lakh per day. This helps maintain a clear distinction between personal transfers and commercial transactions, ensuring that high-value commercial transactions are subject to stricter conditions. On the contrary, personal transfers stay within a manageable limit.

4. Investment Payments in Capital Markets and Insurance Increased

For capital market investments and insurance premiums, the per-transaction limit has been raised from ₹2 lakh to ₹5 lakh, with a daily aggregate limit of ₹10 lakh. This will benefit investors, particularly those looking to make significant investments, by offering more room for digital transactions, eliminating the need to break down payments into multiple smaller ones.

5. GeM and Government Transactions Raise Transaction Limits

The Government e-Marketplace (GeM), which facilitates procurement by government departments, now has an increased transaction limit for payments such as tax payments, earnest money deposits, and other government-related transactions. Previously capped at ₹1 lakh, the per-transaction limit has now been increased to ₹5 lakh, simplifying and streamlining government transactions that often involve substantial sums.

6. Credit Card Bill Payments Now Higher

The transaction limit for credit card bill payments has also been raised to ₹5 lakh per transaction, with a daily cap of ₹6 lakh. This change offers more flexibility for consumers who need to make large credit card payments, whether for personal use or business expenses.

Increased UPI Limit Benefits On Businesses And Consumers

A. Impact on Businesses

Increased Flexibility for High-Value Transactions
This update brings significant flexibility for businesses, especially those in the capital markets, insurance, travel, and e-commerce sectors. Businesses can now process higher-value transactions more easily without splitting payments into smaller amounts. This is particularly helpful for industries like insurance, where premiums can often exceed the previous limits.
Faster and Smoother Payment Flow
With the ability to accept higher-value transactions, businesses can offer smoother payment experiences to their customers. This reduces friction in the payment process, allowing businesses to close deals faster and improve cash flow.
Simplified Compliance and Reporting
The new limits provide an opportunity for businesses to streamline their compliance processes. With the ability to conduct more substantial transactions within a single window, companies can focus on fewer transactions, reducing the need for complex reporting and reconciliation tasks.

B. Impact on Consumers

Increased Convenience for High-Value Transactions
Consumers will find it easier to complete large payments in sectors like insurance and capital markets, where high-value transactions are the norm. With the higher limits, they no longer have to split payments into multiple parts, making the process more efficient and less time-consuming.
Improved Payment Security
The revised transaction limits are designed to accommodate large payments without compromising security. With verified merchants required for specified categories, the risk of fraud or error in high-value transactions is reduced.

How Authbridge Can Support Businesses With The New UPI Updates

As businesses adapt to these changes to UPI transaction limits, AuthBridge can help ensure that compliance, fraud prevention, and merchant verification processes are streamlined.

1. Merchant Verification and KYC Services

For businesses handling larger payments, merchant verification becomes even more critical. AuthBridge’s merchant verification services, including Know Your Business (KYB) and KYC checks, help businesses deal with verified and trustworthy merchants. This is especially important as the scale of transactions increases in the insurance, capital markets, and e-commerce sectors.

2. Compliance with Regulatory Requirements

AuthBridge’s AML (Anti-Money Laundering) and KYC services ensure businesses comply with regulations while conducting large transactions. As transaction limits rise, the need for comprehensive background checks to verify the identity of merchants and customers becomes even more critical.

3. Fraud Prevention Tools

With higher-value transactions, the potential for fraud also increases. AuthBridge’s fraud prevention tools, such as UPI verification, address verification, and contact point verification (CPV) powered by DIGIPIN, ensure that merchants and consumers are thoroughly verified before engaging in large-value transactions. This helps businesses protect themselves from fraudulent transactions and reduce the risk of financial loss.

Conclusion

With verified merchants now eligible for larger transaction amounts, businesses in sectors such as insurance, capital markets, travel, and GeM will find it easier to process large payments without compromising security or efficiency. For businesses looking to take advantage of these changes, AuthBridge’s services can play a major role in ensuring that all necessary verification, compliance, and fraud prevention measures are in place.

By Abhinandan, 4 weeksSeptember 17, 2025 ago

Vendor Onboarding

Role of AI in Vendor Risk Management

Introduction: Why AI Matters Now For Vendor Risk Management

The procurement officer glances at the clock. Another vendor application sits in the queue—hundreds of pages of incorporation documents, compliance records, and financial reports to be checked before approval. What should take days drags into weeks, and yet a single oversight could expose the organisation to regulatory penalties or reputational damage.

This is the everyday reality of vendor onboarding. In fact, a 2024 EY survey found that 62% of executives rank third-party risk among their top five operational concerns, while another study reported that organisations using AI reduced onboarding timelines by up to 40%. The stakes are high: vendors are no longer just service providers—they are extensions of the enterprise, with their risks becoming your risks.

AI is rapidly shifting the equation. Instead of being bogged down by manual due diligence, companies are deploying machine learning and natural language processing to automate verification, score vendor risks in real time, and flag potential red alerts before they escalate. This is not just about efficiency. It is about compliance, resilience, and protecting brand trust in a volatile risk environment shaped by new regulations such as the EU AI Act and India’s DPDPA.

The stakes are clear: in sectors such as financial services and healthcare, a weak vendor due diligence process can result in heavy penalties. For instance, in 2023, several global banks paid fines totalling over USD 2 billion for failures in third-party compliance monitoring. AI, when integrated into onboarding, helps mitigate these risks by providing continuous monitoring, early red-flag detection, and contextual scoring of vendors.

How AI Transforms Vendor Onboarding Processes

Artificial Intelligence is not just streamlining vendor onboarding—it is reshaping the very architecture of how organisations evaluate, approve, and monitor third parties. Instead of relying on fragmented processes, AI enables onboarding to become continuous, intelligent, and risk-aligned.

Automating Data Collection And Validation

One of the most time-consuming stages in vendor onboarding is gathering and validating documents such as incorporation certificates, financial statements, compliance records, and licences. AI-driven platforms can automatically extract, classify, and cross-verify this data against external databases. For example, optical character recognition (OCR) coupled with natural language processing (NLP) allows automated checks of vendor tax registrations or sanction list screenings in seconds rather than days. This not only speeds up onboarding but also reduces error rates that often arise in manual reviews.

Risk-Based Scoring And Predictive Insights

AI enables risk-scoring models that go beyond surface-level checks. By combining financial health indicators, ownership structures, litigation history, ESG (Environmental, Social and Governance) credentials, and even adverse media signals, vendors can be assessed holistically. A 2024 survey by OneTrust found that 74% of organisations using AI-driven risk assessments were able to reduce onboarding timelines by up to 40%, while simultaneously improving the accuracy of red-flag detection. Predictive models also forecast the likelihood of future non-compliance, giving procurement teams the foresight to mitigate risks before contracts are signed.

Continuous Monitoring Rather Than Point-in-Time Checks

Traditional onboarding treats due diligence as a one-off exercise. AI shifts this towards continuous oversight by scanning structured and unstructured data sources on an ongoing basis. For example, if a vendor’s beneficial ownership changes or if negative news coverage emerges, the system can trigger alerts instantly. This allows organisations to maintain compliance with evolving frameworks like the EU AI Act or the Indian DPDPA without repeatedly restarting the onboarding cycle.

Enhancing Supplier Diversity And ESG Alignment

AI is also helping organisations diversify their vendor base and align with ESG commitments. Machine learning models can identify small and medium-sized enterprises (SMEs), women-led businesses, or sustainable suppliers who might otherwise be overlooked. By embedding ESG scoring into onboarding, companies not only strengthen compliance but also demonstrate commitment to responsible sourcing—a factor increasingly valued by regulators and investors alike.

Challenges And Risks Of Using AI In Vendor Onboarding

AI is transforming vendor onboarding, but adoption is not without its pitfalls. Organisations must balance the promise of speed and efficiency with the risks of data misuse, algorithmic opacity, and compliance gaps. Without the right governance, AI can create new vulnerabilities even as it solves old ones.

Data Privacy And Regulatory Compliance

AI-driven onboarding relies on sensitive vendor information—financials, beneficial ownership, regulatory licences—which makes

data protection a critical concern

. Regulations such as the

GDPR

in Europe and

India’s DPDPA

demand explicit consent, purpose limitation, and strong security controls. Failure to comply can be costly: in 2023, the UK’s Information Commissioner’s Office (ICO) reported

£200m in fines linked to data protection lapses

, many tied to weak third-party oversight.

2. Algorithmic Bias And Transparency

AI models learn from historical datasets, which can embed unintended bias. In vendor onboarding, this could mean unfairly deprioritising small businesses, startups, or suppliers from emerging markets if training data skews towards large, established entities. Moreover, the “black box” nature of many AI models makes it difficult for compliance officers to explain decisions to regulators, creating governance challenges.

3. Over-Reliance On Automation

Automation accelerates onboarding, but excessive dependence on AI can weaken human oversight. For example, a false positive during sanction screening could result in a vendor being unfairly rejected, leading to operational delays and strained supplier relationships. Striking the right balance between AI-driven automation and human judgement remains critical.

4. Cybersecurity And Model Integrity

AI models themselves can be a target for cyberattacks. Adversarial inputs—such as manipulated vendor documents—can trick algorithms into producing false outputs. According to a 2024 EY study, 58% of executives considered AI model security one of their top three risks in third-party management. Protecting AI pipelines with encryption, access controls, and robust audit trails is therefore essential.

5. Cost And Change Management

Implementing AI-driven onboarding platforms requires significant investment, not just in technology but also in training, procurement and compliance teams. Resistance to change, particularly in organisations with entrenched manual workflows, can slow adoption. Moreover, smaller firms may lack the budget to deploy sophisticated AI tools, widening the technology gap across industries.

Best Practices For Implementing AI In Vendor Onboarding

Adopting AI in vendor onboarding is not just about technology—it is about embedding governance, risk, and compliance principles into digital-first workflows. Below are best practices that leading organisations follow, paired with suggested visuals for stronger presentation.

1. Start With Risk Segmentation

Organisations should categorise vendors into high, medium, and low-risk tiers before designing onboarding journeys. AI models can then be calibrated to apply more stringent checks—such as enhanced due diligence or beneficial ownership mapping—only where required. This ensures resources are optimised.

2. Ensure Data Quality And Governance

AI models are only as strong as the data they consume. Establishing a single source of truth through clean, standardised datasets prevents duplication and enhances reliability of AI-driven insights. Governance frameworks should clearly define ownership of vendor data across procurement, compliance, and IT teams.

3. Balance Automation With Human Oversight

AI accelerates onboarding, but human judgement remains vital in interpreting ambiguous results, especially in areas like ESG performance or adverse media coverage. A hybrid “human-in-the-loop” approach reduces the likelihood of false positives or missed risks.

4. Prioritise Explainability And Transparency

Regulators increasingly expect organisations to demonstrate how AI decisions are made. By investing in explainable AI (XAI) frameworks, companies can provide audit trails and clear rationales for vendor risk scores. This is particularly important under laws such as the EU AI Act, where “high-risk systems” must offer traceability.

5. Embed Continuous Monitoring And Feedback Loops

AI models should not be static; they must evolve with changing vendor behaviour, regulatory shifts, and market dynamics. Building feedback loops—where human reviewers tag model errors—ensures the system continuously improves.

6. Foster Cross-Functional Collaboration

AI in vendor onboarding touches multiple stakeholders—from procurement and compliance to IT and legal. Establishing cross-functional governance councils ensures alignment between efficiency goals and regulatory obligations.

AI in vendor onboarding is no longer a future vision—it is already transforming supply chains and third-party ecosystems across industries. By looking at practical applications, we can see how organisations are realising measurable impact in terms of compliance, cost savings, and operational efficiency.

Case Studies And Real-Life Applications Of AI In Vendor Onboarding

Banking And Financial Services

Large banks are under immense regulatory scrutiny when it comes to onboarding vendors, especially in high-risk regions. One European bank integrated AI into its onboarding workflow to screen vendors against 1,200+ global sanction and watchlists in real time. As a result, it reduced its average onboarding time from 14 weeks to 6 weeks, while cutting manual review costs by 35%. Importantly, the AI system flagged a high-risk vendor with ties to politically exposed persons (PEPs) that manual checks had missed—averting potential reputational and compliance risks.

Healthcare

Healthcare institutions face strict compliance requirements such as HIPAA in the US and GDPR in Europe. One global hospital network adopted AI-driven onboarding to validate credentials of medical equipment suppliers. The AI tool scanned millions of regulatory filings and licence databases to verify authenticity. Within the first year, it caught three vendors attempting to submit falsified certifications—preventing potential legal exposure and safeguarding patient safety.

Manufacturing And ESG

A multinational manufacturer leveraged AI to assess ESG compliance across its 2,000+ supplier base. By monitoring open-source intelligence (OSINT) feeds and regulatory disclosures, the AI engine produced ESG scores that influenced procurement decisions. Within 18 months, the company reported a 25% improvement in ESG compliance rates, enabling it to meet investor expectations and avoid supply chain disruptions linked to unethical practices.

Technology And E-Commerce

A leading e-commerce platform implemented AI-driven continuous monitoring to secure its fast-growing vendor ecosystem. Using machine learning models, it scanned for cybersecurity vulnerabilities across suppliers’ IT infrastructures. This approach detected a data breach in a logistics partner early, allowing the company to switch vendors before customer data was compromised—preserving both compliance and customer trust.

Industry	AI Use Case	Time Saved	Cost Reduction	Key Risk Mitigation
Banking	Automated sanctions & PEP screening	8 weeks	35%	Flagged undisclosed PEP ties
Healthcare	Credential & compliance verification	10 weeks	40%	Identified falsified certificates
Manufacturing	ESG scoring for global suppliers	6 weeks	20%	Screened suppliers for child labour
Tech/E-commerce	Continuous monitoring of vendor networks	12 weeks	30%	Detected cybersecurity breach risk

Future Outlook: AI, Regulation, And The Evolution Of Vendor Onboarding

The future of vendor onboarding will be defined by the intersection of AI innovation and regulatory evolution. While today AI is primarily deployed to accelerate due diligence and reduce costs, tomorrow it will serve as a compliance-first framework that balances transparency, accountability, and resilience in third-party ecosystems.

Stricter Regulatory Expectations

Global regulations are fast catching up with the use of AI in sensitive business functions. The EU AI Act is expected to categorise vendor risk assessment systems as “high-risk,” meaning organisations will need to ensure explainability, bias mitigation, and human oversight. Similarly, India’s DPDPA enforces explicit consent and purpose limitation on data used in AI onboarding models. These frameworks will demand that enterprises not only deploy AI but also build governance architectures around it.

AI-Powered Continuous Assurance

Vendor onboarding will evolve into continuous assurance—where vendors are not only screened once but monitored dynamically throughout the relationship lifecycle. With AI models analysing sanction updates, ownership changes, ESG performance, and cyber events in near real-time, organisations will shift from reactive due diligence to proactive risk prevention.

Integration With Blockchain And Smart Contracts

Looking ahead, AI-powered onboarding will likely converge with blockchain. Smart contracts could automatically verify vendor credentials against immutable registries, while AI risk models adjust contract terms dynamically (for example, tightening SLAs if a vendor’s risk score deteriorates). This convergence could redefine trust in global supply chains.

Rise Of Industry-Specific AI Models

AI will become more sector-specific, with models trained on banking compliance datasets, healthcare certifications, or manufacturing ESG disclosures. These domain-focused engines will reduce false positives and provide contextual insights that generic risk models cannot. For instance, an AI system specialised in healthcare might flag discrepancies in FDA certifications more effectively than a cross-industry tool.

Human-AI Collaboration As The Norm

Finally, the future is not about replacing compliance officers but augmenting them. Human experts will continue to guide policy interpretation, ethical judgement, and exception handling, while AI systems provide scale and speed. Organisations that embrace this hybrid model will be best placed to manage third-party risk while meeting regulatory scrutiny.

In short, the next wave of vendor onboarding will be faster, safer, and more transparent, but only for organisations willing to pair AI efficiency with robust governance.

By Siddharth, 4 weeksSeptember 16, 2025 ago

KYC

Perpetual KYC Guide 2025 | Continuous Compliance & Monitoring Explained

Introduction To Perpetual KYC

The regulatory landscape surrounding financial services has never been more dynamic. With mounting pressure from regulators, rising instances of financial crime, and increasing customer expectations for seamless experiences, the traditional approach to periodic Know Your Customer (KYC) reviews is no longer sufficient. This has given rise to Perpetual KYC (pKYC) — a model that focuses on continuous monitoring and updating of customer data rather than relying on infrequent reviews.

Perpetual KYC is not merely a compliance obligation; it is fast becoming a strategic enabler for financial institutions, fintechs, and businesses operating in highly regulated sectors. Unlike traditional KYC, which often results in outdated customer profiles between review cycles, pKYC leverages advanced technologies such as artificial intelligence (AI), machine learning (ML), and automation to ensure that customer information remains accurate in real time.

According to a recent report by PwC, nearly 70% of financial institutions in Asia and Europe are exploring or implementing perpetual KYC models to enhance compliance efficiency and customer trust. The approach not only reduces the risk of penalties but also provides an improved customer experience by eliminating redundant requests for documentation and verification.

By embedding continuous due diligence into their workflows, organisations can better identify suspicious behaviour, manage emerging risks, and ensure ongoing compliance with tightening global standards such as the Financial Action Task Force (FATF) recommendations, GDPR, and India’s Digital Personal Data Protection Act (DPDPA).

What Is Perpetual KYC And How Does It Differ from Traditional KYC?

At its core, Perpetual KYC (pKYC) is an evolved form of customer due diligence that moves away from the conventional, periodic review cycles of customer information. Traditional KYC frameworks typically require financial institutions to update customer records at fixed intervals — for instance, every one, three, or five years, depending on the risk classification of the customer. While this approach ensures some degree of compliance, it leaves long gaps during which customer information may become outdated or risk profiles may change unnoticed.

Perpetual KYC, in contrast, focuses on continuous and dynamic monitoring of customer data. Instead of waiting for the next review cycle, institutions receive real-time updates and alerts whenever a customer’s risk profile changes. For example, if a client is added to a sanctions list, flagged in adverse media, or experiences significant changes in financial behaviour, the system immediately triggers a review. This allows organisations to respond proactively, rather than retrospectively.

The use of automation, machine learning, and big data is what makes perpetual KYC practical. Automated workflows connect to external data sources such as credit bureaus, sanctions lists, regulatory databases, and news outlets, ensuring that customer profiles are always current. This reduces the reliance on manual interventions, minimises operational overheads, and lowers the likelihood of human error.

A practical illustration can be seen in the BFSI sector, where regulators are tightening their stance on anti-money laundering (AML) and counter-terrorism financing (CTF). In India, for instance, the Reserve Bank of India (RBI) has pushed banks towards stronger ongoing monitoring practices, aligning with the global shift towards perpetual KYC. Similarly, in Europe, regulatory bodies under the Fifth and Sixth Anti-Money Laundering Directives (AMLD) have encouraged institutions to adopt more proactive monitoring measures.

Why Is Perpetual KYC Important?

The growing emphasis on perpetual KYC (pKYC) is not simply a matter of regulatory compliance; it is an operational and strategic necessity in today’s complex financial environment. With global financial crime estimated to cost the economy over US $3 trillion annually (United Nations Office on Drugs and Crime), regulators across jurisdictions are urging institutions to adopt more robust and continuous monitoring measures.

Enhancing Regulatory Compliance

Perpetual KYC ensures organisations remain compliant with tightening global and domestic regulations. Traditional periodic reviews can create regulatory blind spots where risks may go undetected for years. Continuous monitoring eliminates these gaps by ensuring that any change in a customer’s profile — such as inclusion in a sanctions list, a politically exposed person (PEP) designation, or adverse media mention — is flagged immediately. This proactive approach reduces the likelihood of penalties and reputational damage.

Improving Risk Management

By keeping customer data updated in real time, financial institutions can manage risks more effectively. For instance, if a vendor or customer shows signs of financial distress or legal entanglement, the system raises alerts that allow timely intervention. This dynamic risk assessment model strengthens the institution’s ability to detect money laundering, fraud, and terrorist financing activities before they escalate.

Reducing Operational Inefficiencies

Traditional KYC reviews often require repeated outreach to customers for updated documents, which not only frustrates clients but also consumes significant internal resources. pKYC automates much of this process by leveraging application programming interfaces (APIs) and external data sources, thereby reducing manual workload. A study by Deloitte notes that automation in compliance processes can reduce operational costs by up to 30%.

Strengthening Customer Experience

Customers today expect seamless and frictionless interactions with financial institutions. Repeated requests for documentation during periodic reviews can negatively impact trust and satisfaction. Perpetual KYC solves this challenge by minimising unnecessary customer interactions, updating records silently in the background, and only engaging the customer when a genuine risk or compliance gap is detected.

Supporting Global Expansion

For multinational corporations and banks, perpetual KYC is critical in managing compliance across diverse jurisdictions. Global frameworks such as the FATF recommendations and regional regulations like the EU AML Directives demand proactive monitoring. Adopting pKYC ensures organisations remain globally audit-ready while accommodating local compliance variations.

Step-By-Step Process of Implementing Perpetual KYC

Transitioning from periodic reviews to a perpetual KYC framework requires more than technology adoption; it involves rethinking compliance workflows, aligning stakeholders, and embedding continuous monitoring into the organisation’s DNA. Below is a structured approach that institutions can follow.

Step 1: Define Risk Appetite And Framework

The first step is to clearly define the organisation’s risk appetite. This includes identifying what constitutes high, medium, and low-risk customers, and how frequently their data should be refreshed. For instance, a politically exposed person (PEP) may require near real-time monitoring, whereas a low-risk salaried customer might only require periodic updates supported by automated checks.

Step 2: Integrate Data Sources

Perpetual KYC depends heavily on real-time data ingestion. Institutions must integrate multiple external and internal data sources such as government registries, sanctions and watchlists, adverse media feeds, and credit bureaus. These integrations ensure that any significant change in a customer’s profile is captured immediately.

Step 3: Deploy Automation And Artificial Intelligence

Automation lies at the heart of pKYC. By using APIs, robotic process automation (RPA), and artificial intelligence (AI), organisations can automate repetitive tasks such as document verification, screening, and flagging anomalies. Machine learning models can also predict emerging risks based on behavioural patterns, providing a forward-looking lens to compliance.

Step 4: Establish Trigger-Based Reviews

Instead of periodic, calendar-based reviews, pKYC works on a trigger-based model. This means that events such as a change in ownership, sudden shifts in transaction behaviour, or inclusion in a sanctions list automatically initiate a KYC review. This ensures risks are addressed promptly rather than waiting for the next scheduled review cycle.

Step 5: Build Compliance Dashboards And Reporting Mechanisms

To make perpetual KYC effective, institutions need real-time dashboards that consolidate alerts, risk scores, and customer profiles into a single view. These dashboards should be accessible to compliance officers, auditors, and regulators to ensure transparency and audit readiness.

Step 6: Train Teams And Foster A Compliance Culture

Technology alone cannot deliver perpetual KYC. Staff need to be trained to interpret AI-driven alerts, escalate high-risk cases, and engage with customers where necessary. Building a compliance-first culture ensures that pKYC is embedded across departments, not siloed in compliance functions.

Step 7: Continuous Feedback And Improvement

Finally, organisations must regularly review and refine their pKYC processes. By analysing false positives, monitoring efficiency metrics, and collecting feedback from both compliance teams and customers, institutions can continuously improve the accuracy and effectiveness of their framework.

Challenges In Adopting Perpetual KYC

While the benefits of perpetual KYC (pKYC) are significant, many institutions face hurdles in transitioning from traditional periodic reviews to a continuous monitoring framework. These challenges are not only technological but also regulatory, cultural, and operational in nature.

Data Integration And Quality Issues

One of the most pressing challenges is the integration of disparate data sources. Banks and financial institutions often rely on fragmented legacy systems that do not communicate seamlessly with each other. Without accurate, up-to-date, and harmonised data, perpetual KYC loses its effectiveness. Furthermore, poor data quality can lead to false positives or overlooked risks, undermining the reliability of the entire system.

High Implementation Costs

Deploying a perpetual KYC system requires significant upfront investment in automation, artificial intelligence, and data analytics infrastructure. Smaller financial institutions may find these costs prohibitive, even though the long-term benefits outweigh the initial expenses. Gartner estimates that global spending on regulatory technology (RegTech) solutions is expected to exceed USD 200 billion by 2027, highlighting the financial weight of compliance digitisation.

Regulatory Ambiguity

Although regulators are increasingly supportive of continuous monitoring, explicit guidelines on perpetual KYC are still evolving. In markets such as India, Europe, and parts of Asia, ambiguity in regulatory requirements can create uncertainty for compliance teams, who are reluctant to move away from tried-and-tested periodic reviews without clear regulatory endorsement.

Cultural And Organisational Resistance

Transitioning to pKYC also requires a shift in mindset. Compliance teams accustomed to traditional methods may resist change due to the fear of job redundancy, lack of familiarity with technology, or scepticism about AI-driven decision-making. Overcoming this resistance requires careful change management and training.

Privacy And Data Protection Concerns

Continuous monitoring involves the collection and processing of large volumes of sensitive customer data. This raises concerns around data privacy and compliance with data protection laws such as the General Data Protection Regulation (GDPR) in Europe and the Digital Personal Data Protection Act (DPDPA) in India. Institutions must ensure that perpetual KYC systems incorporate robust encryption, consent mechanisms, and privacy safeguards.

Managing False Positives

Automated systems may sometimes generate excessive false positives, particularly during the early stages of deployment. This can overwhelm compliance officers and dilute focus on genuine risks. Fine-tuning machine learning models and refining rule-based engines are essential to reduce noise and ensure efficiency.

Benefits Of Perpetual KYC

Despite the hurdles to implementation, the advantages of adopting perpetual KYC far outweigh the challenges. For financial institutions and regulated entities, pKYC represents a forward-looking approach that delivers compliance efficiency, improved risk management, and better customer experiences.

Proactive Risk Management

Unlike periodic reviews that only capture risks at set intervals, perpetual KYC ensures real-time identification and mitigation of risks. If a client suddenly appears in adverse media or is added to a sanctions list, the system generates an alert instantly. This enables compliance teams to respond proactively, preventing financial crime before it escalates.

Regulatory Confidence

Perpetual KYC strengthens an institution’s position with regulators. Demonstrating the ability to maintain up-to-date customer profiles and ongoing monitoring reassures supervisory bodies that compliance frameworks are both robust and dynamic. This can significantly reduce the risk of penalties and reputational harm.

Operational Efficiency

Through automation, perpetual KYC reduces the need for repetitive manual reviews and paperwork. By connecting with multiple external databases via APIs, compliance teams can focus on high-value investigations rather than routine data checks. Studies have shown that institutions implementing automation within compliance can reduce operational costs by 20–30% over time.

Enhanced Customer Experience

Traditional KYC reviews often inconvenience customers, requiring repeated document submissions and unnecessary interactions. Perpetual KYC minimises these frictions by updating records silently in the background. Customers are only engaged when there is a significant change, creating a frictionless and customer-centric experience.

Scalability Across Geographies

For multinational firms, perpetual KYC provides a scalable model that adapts across regulatory landscapes. By integrating global watchlists, sanctions databases, and local compliance rules, organisations ensure they remain compliant across multiple jurisdictions simultaneously.

Better Fraud Prevention

Continuous monitoring, combined with AI-driven analytics, helps identify suspicious activity such as unusual transaction patterns or identity anomalies. This makes perpetual KYC an important component of fraud prevention frameworks, complementing anti-money laundering (AML) strategies.

Perpetual KYC In Practice: Use Cases and Industry Examples

Perpetual KYC (pKYC) is not just a theoretical concept; it is being increasingly adopted across industries where regulatory compliance, fraud prevention, and trust are critical. Below are examples of how different sectors are applying pKYC in practice.

Banking, Financial Services, And Insurance (BFSI)

The BFSI sector has been at the forefront of adopting perpetual KYC due to stringent anti-money laundering (AML) and counter-terrorism financing (CTF) requirements. For example, European banks implementing pKYC in line with the Fifth and Sixth Anti-Money Laundering Directives (AMLD) have reported a reduction in compliance costs by 15–20% while improving the timeliness of suspicious activity reporting. In India, the Reserve Bank of India (RBI) has also signalled its preference for ongoing monitoring frameworks to strengthen financial stability.

Fintech And Digital Payment Platforms

Fintech firms and payment service providers often handle large volumes of transactions daily, making them vulnerable to fraud and money laundering. A study by Deloitte highlighted that fintechs using continuous KYC models reduced fraudulent account openings by over 25% within the first year of adoption. By integrating real-time data feeds, fintechs can instantly validate customer identities and transaction behaviours without burdening users with constant re-verification requests.

Telecommunications

Telecom operators face risks of identity fraud, particularly in the issuance of SIM cards and digital services. Several operators in Asia and Africa have begun implementing perpetual KYC models to ensure that customer identities remain valid and compliant with regulatory frameworks. Continuous KYC has helped these companies reduce SIM-related fraud while aligning with government-mandated identity verification standards.

Corporate Vendor Onboarding And Third-Party Risk

Beyond individual customer checks, perpetual KYC is increasingly being applied in vendor and third-party onboarding. Corporates with complex supply chains use pKYC to monitor the compliance status of vendors continuously. For instance, procurement departments in manufacturing firms track whether their suppliers remain compliant with tax obligations, sanctions checks, and ESG (environmental, social, governance) standards. This proactive monitoring strengthens supply chain resilience.

Wealth Management And High-Net-Worth Clients

In wealth management, where clients often hold multiple accounts across jurisdictions, perpetual KYC ensures that any changes in their risk profile — such as political exposure, legal disputes, or offshore investments — are detected immediately. This helps private banks manage reputational risks and regulatory obligations more effectively.

Future Of Perpetual KYC: Trends And Technologies

As regulatory expectations tighten and the scale of financial crime continues to expand, perpetual KYC (pKYC) is set to evolve further, shaped by emerging technologies and changing compliance priorities. Institutions that embrace these advancements will not only strengthen compliance but also gain a competitive edge through efficiency and customer trust.

Artificial Intelligence And Machine Learning

AI and machine learning (ML) will continue to drive perpetual KYC by making risk assessments more predictive and less reactive. Instead of flagging anomalies after they occur, ML algorithms can forecast potential risks based on patterns in customer transactions, behavioural signals, and network relationships. According to McKinsey, the use of AI in compliance can improve detection accuracy by up to 50% while reducing false positives.

Blockchain And Distributed Ledgers

Blockchain technology has the potential to revolutionise customer due diligence by providing immutable, transparent, and easily shareable records. A decentralised KYC utility powered by blockchain would allow institutions to verify customer data once and use it across multiple entities securely, reducing duplication and enhancing trust. Countries such as Singapore and the UAE have already piloted blockchain-based KYC systems.

RegTech And API Ecosystems

The rise of regulatory technology (RegTech) has introduced a new wave of automation tools that integrate seamlessly with existing banking and compliance systems. Through APIs, perpetual KYC can plug into sanctions lists, government registries, and adverse media sources in real time. Juniper Research projects that global RegTech spending will surpass USD 200 billion by 2027, underscoring its role in shaping compliance futures.

Focus On ESG And Sustainability Risks

Regulators and investors are increasingly prioritising environmental, social, and governance (ESG) considerations. Perpetual KYC will extend beyond financial and compliance risks to include ESG risk monitoring. For instance, a vendor’s involvement in environmentally harmful practices or human rights violations could now form part of their ongoing risk profile.

Customer-Centric Compliance Models

Future iterations of perpetual KYC will balance compliance requirements with user experience. Biometric authentication, digital IDs, and consent-driven data flows will ensure that customers face minimal friction while institutions maintain compliance. This approach aligns with privacy laws such as GDPR and India’s DPDPA, which demand transparency and accountability in data use.

FAQ

What is perpetual KYC?

Perpetual KYC (pKYC) is a continuous compliance model where customer information is updated and monitored in real time, rather than through periodic reviews. It leverages automation, AI, and data integrations to ensure risk profiles remain accurate at all times.

How does perpetual KYC differ from traditional KYC?

Traditional KYC reviews customer data at fixed intervals, which can leave long gaps where risks go undetected. Perpetual KYC, on the other hand, works on a trigger-based model that updates records whenever significant changes occur, such as sanctions listing, adverse media, or changes in ownership.

Why is perpetual KYC important for banks and financial institutions?

Perpetual KYC helps financial institutions reduce regulatory risks, detect suspicious activity earlier, and improve customer experience. It also demonstrates proactive compliance to regulators, which can reduce the likelihood of penalties or audits.

What technologies enable perpetual KYC?

Perpetual KYC is powered by artificial intelligence, machine learning, automation, APIs, and in some cases, blockchain. These technologies allow for real-time monitoring of customer data across multiple external and internal sources.

What are the key challenges of implementing perpetual KYC?

Challenges include high implementation costs, integration of fragmented data sources, regulatory ambiguity, resistance to change within compliance teams, and managing false positives. Institutions must also balance continuous monitoring with strict data privacy obligations under laws like GDPR and DPDPA.

Which industries benefit most from perpetual KYC?

Although BFSI remains the primary adopter, industries such as fintech, telecom, manufacturing (vendor due diligence), and wealth management increasingly benefit from pKYC due to high exposure to regulatory and reputational risks.

Does perpetual KYC improve customer experience?

Yes. By reducing the need for repeated document submissions and unnecessary outreach, pKYC creates a frictionless compliance process. Customers are only contacted when genuinely necessary, enhancing trust and satisfaction.

By Siddharth, 1 monthSeptember 12, 2025 ago

Background Checks

AuthBridge Product Updates 2025: TruthScreen

With Broad AI becoming more prevalent than ever, giving rise to Generative AI-powered Agentic AI and other AI models, it is easy to say that fraud today is no longer confined to crude forgeries or obvious impersonations. AI-generated images, falsified/forged documents, and unreliable data trails have made businesses’ risks more sophisticated and severe than before. At the same time, customers expect instant approvals, regulators demand strict compliance, and operational teams cannot afford bottlenecks or repeated failures.

At AuthBridge, we have always believed that trust is built not by chance but by design. Every new service we launch, every update we roll out, is driven by one question: how do we make your verification workflows more secure, intelligent, and reliable without slowing you down?

This latest set of enhancements on TruthScreen does answer those questions precisely. These updates are designed to protect your business while enhancing your customer experience.

We’re constantly pushing the boundaries of identity verification and risk management technology, and we’re thrilled to share the latest updates designed to empower your business.

Fraud & Forgery Detection

Deepfake And AI-Generated Image Detection

One of the most significant threats to digital verification today comes from deepfakes and AI-generated images. These synthetic/morphed visuals can mimic real people so convincingly that a manual review or even a standard system may fail to spot them.

TruthScreen adds advanced computer vision algorithms to not just compare faces, but also analyse pixel-level patterns, shadows, and other subtle cues that AI often gets wrong. Cross-checking against natural human facial markers can flag suspicious images instantly, thanks to Generative Adversarial Network (GAN) technology. This result is then shared with the user as a match score between 0-1, with the values closer to 1 signifying a high probability of the image being AI-generated.

Document Forgery Detection

From tampered payslips to altered educational certificates, forged documents remain a standard gateway for fraud. Traditional checks based on legacy processes often catch obvious mistakes, but sophisticated forgers manipulate PDFs in ways that slip past the human eye.

TruthScreen’s new update applies document forensics combined with AuthBridge’s existing OCR (optical character recognition) tech. It scans the text and examines the digital “fingerprints” of a file, including metadata, fonts, edits, and compression artefacts, to detect whether a document has been manipulated.

Advanced Address Intelligence & Geo-Mapping

Address Augmentation

Addresses can be very complex — misspellings, incomplete entries, inconsistent address formats, or even fake submissions can slip through during onboarding. Left unchecked, these create headaches for compliance teams, delivery partners, and field verification executives.

TruthScreen’s updated Address Augmentation service fixes this by running the provided address through multiple trusted data sources and geocoding engines. It cleans, enriches, and standardises the input, then assigns a match score to show how confident the system is in the accuracy of that address.

DIGIPIN ↔ Address & Latitude/Longitude Conversions

With increased demand for precision in deliveries, India Post, earlier this year, took a major step forward by introducing DIGIPIN—an advanced 10-digit digital addressing system. TruthScreen’s latest update leverages the use of DIGIPIN to bridge addresses and geographic coordinates seamlessly. This is powered by reverse-geocoding AI pipelines that cross-check multiple mapping datasets to ensure precision.

Digipin to Address & Geo-coordinates: Converts a Digipin into a verified postal address and its exact latitude/longitude.
Address to Digipin & Geo-coordinates: Turns a written address into a unique Digipin and accurate map location.
Latitude/Longitude to Address & Digipin: Translates raw coordinates into a postal address and Digipin.

Identity Verification

PAN V2

The Permanent Account Number (PAN) verification is central to almost every risk check, from opening bank accounts to approving loans and screening employees. But legacy systems often produced inconsistent results, missed matches, false negatives, or timeouts, which slowed down onboarding.

TruthScreen’s PAN V2 update addresses these concerns by using improved data matching algorithms to cross-check PAN details with greater precision, while handling errors (such as minor typos or mismatched formats) more effectively. It also leverages optimised query handling and fallback processes to reduce drop-offs during high traffic.

Reliability Enhancements With Increased Service Uptimes

Fallback Vendor In Detailed RC Service (Online & Offline)

Vehicle-linked checks, such as RC verification, are crucial for lending, insurance, logistics, and mobility businesses. But what happens if the primary verification provider experiences downtime? Traditionally, that translates to delays, failed applications, and unhappy customers.

If the primary provider fails, TruthScreen’s fallback vendor mechanism for Detailed RC services automatically reroutes the request to an alternate vendor. This “always-on” logic ensures the verification doesn’t stop when your business needs it most.

Fallback Mechanism In PAN And PAN–Aadhaar Seeding

The same resilience now extends to PAN verification and PAN–Aadhaar seeding. Both services come with a built-in fallback process, meaning if one provider path fails, the system retries through another — automatically and seamlessly.

This is powered by advanced deep learning algorithms, employing queueing systems and multi-path routing, ensuring every request finds its way to a working endpoint without manual intervention.

Conclusion

With these enhancements, TruthScreen strengthens its role as the backbone of secure and seamless verification. By combining fraud and forgery detection, smarter address intelligence, sharper identity verification, and rock-solid fallback mechanisms, the platform empowers businesses to stay ahead of evolving risks while keeping customer journeys smooth. For BFSI, fintech, e-commerce, staffing, logistics, and beyond, these updates mean one thing above all: greater confidence that every decision is built on trust.

By Abhinandan, 1 monthSeptember 10, 2025 ago

Employee Screening

Risk & Compliance

Financial Intelligence

Identity Verification

Utilities

Employment

Entity/Business Level

Professional

Banking & Payments

Fraud Detection

Background Verification

Due-Diligence

Resource Library

Featured Resource

What Is The GST Appellate Tribunal?

Where And How Will The GSTAT Operate

Principal And State Benches

Bench Composition

Structure, Scale, And Synergy

The GSTAT e-Courts Portal

Key Features Of The e-Courts Portal

Impact Of GSTAT On Businesses And Compliance

From Dispute Resolution To Dispute Prevention

Introduction

What Is RegTech?

Common RegTech Services

Digital KYC And Video KYC

Anti-Money Laundering (AML) And Sanctions Screening

Fraud Detection And Risk Management

Digital Document Execution

Corporate And Workforce Compliance

How To Choose The Best RegTech Platform?

Specialisation In Relevant Compliance Areas

Proven Scale And Reliability

Seamless Integration

Regulatory Alignment And Certifications

Responsiveness To Regulatory Change

Long-Term Value

List Of The Top 7 RegTech Platforms In India

1. AuthBridge

Core Offerings

2. IDfy

3. HyperVerge

4. Digio

5. Signzy

6. Jocata

7. Leegality

Conclusion

Introduction

What Are Unclaimed Deposits?

The Scale Of Unclaimed Deposits

RBI’s Instructions To Banks

Key Directives From The RBI

Challenges In Returning Dormant Deposits

Tracing The Rightful Owners

Documentation And Proof

Awareness And Financial Literacy Gaps

Operational Inefficiencies

Risk Of Fraudulent Claims

The Scale of the Challenge

AuthBridge’s Role: From Tracing To Compliance

At AuthBridge, we specialise in bridging the gap between compliance requirements and customer realities:

Conclusion

Introduction

What Is An OVD?

Deemed OVDs For Identity

Deemed OVDs For Address (Limited Scope)

Foreign Nationals And IFSC Provisions

Aadhaar — Permitted Forms

Name Change — Continued Validity Of OVD

Other Related Definitions For OVD Use

Importance Of OVDs In KYC And AML Compliance

Strengthening Anti-Money Laundering Controls

Regulatory Mandates Across Financial Sectors

Use Cases Of OVDs In The Banking and Financial Services (BFSI) Sector

OVD Requirement For Opening Bank Accounts

OVDs For Loans, Credit Cards, And Deposits

OVD Documents For Corporate And Institutional Customers

OVD Role In NBFCs And Fintech Onboarding