Analysing India's KYC Framework through the Privacy Lens

46 Pages Posted: 29 Apr 2022

See all articles by Vrinda Bhandari

Vrinda Bhandari

Independent

Rishab Bailey

xKDR Forum

Trishee Goyal

National Institute of Public Finance and Policy

Date Written: April 26, 2022

Abstract

In order to prevent use of the formal financial system for illegal ends, international frameworks and domestic law require financial institutions to collect personal information from individuals at the time of opening accounts, as well as on an ongoing basis. These obligations give rise to privacy concerns, not least due to the quantity and nature of personal information collected by financial institutions.

In this paper we seek to examine whether and to what extent the Indian KYC framework (as applicable to the banking sector) accounts for privacy rights in its design and implementation. We point to how the international framework established by the Financial Action Task Force (FATF), which forms the basis of the Indian Know-Your-Customer (KYC) framework, does not adequately consider privacy interests in its design, focusing almost solely on law enforcement interests. These shortcomings are exacerbated in the Indian domestic regime.

Not only does the KYC framework require mandatory and intrusive data collection, it fails to establish any limitations or checks and balances over its implementation by financial institutions. The KYC framework in India establishes a system that renders individuals susceptible to a variety of harms ranging from State surveillance to problems of data theft and economic losses, as well as related harms such as exclusions caused due to the increased use of digital identification systems. While the FATF does, to some extent, allow domestic legal frameworks to balance privacy interests with the broader interests of law enforcement, we posit that the absence of a strong privacy culture in India has translated into excessively intrusive KYC requirements. Accordingly, we recommend revision of both the international and domestic frameworks, particularly as literature indicates that the law enforcement benefits of the FATF framework (and indeed its application in India) are limited.

Keywords: FATF, privacy, KYC, Aadhaar, customer due diligence, enhanced due diligence, financial privacy, banks, profiling

JEL Classification: K1, K10, K11, K40, G10, G21, Z10

Suggested Citation

Bhandari, Vrinda and Bailey, Rishab and Goyal, Trishee, Analysing India's KYC Framework through the Privacy Lens (April 26, 2022). Available at SSRN: https://ssrn.com/abstract=4093454 or http://dx.doi.org/10.2139/ssrn.4093454

Rishab Bailey

xKDR Forum ( email )

Trishee Goyal

National Institute of Public Finance and Policy ( email )

18/2, Satsang Vihar Marg
New Delhi, 110067
India

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
555
Abstract Views
1,663
Rank
91,383
PlumX Metrics