Analysing India's KYC Framework through the Privacy Lens
46 Pages Posted: 29 Apr 2022
Date Written: April 26, 2022
Abstract
In order to prevent use of the formal financial system for illegal ends, international frameworks and domestic law require financial institutions to collect personal information from individuals at the time of opening accounts, as well as on an ongoing basis. These obligations give rise to privacy concerns, not least due to the quantity and nature of personal information collected by financial institutions.
In this paper we seek to examine whether and to what extent the Indian KYC framework (as applicable to the banking sector) accounts for privacy rights in its design and implementation. We point to how the international framework established by the Financial Action Task Force (FATF), which forms the basis of the Indian Know-Your-Customer (KYC) framework, does not adequately consider privacy interests in its design, focusing almost solely on law enforcement interests. These shortcomings are exacerbated in the Indian domestic regime.
Not only does the KYC framework require mandatory and intrusive data collection, it fails to establish any limitations or checks and balances over its implementation by financial institutions. The KYC framework in India establishes a system that renders individuals susceptible to a variety of harms ranging from State surveillance to problems of data theft and economic losses, as well as related harms such as exclusions caused due to the increased use of digital identification systems. While the FATF does, to some extent, allow domestic legal frameworks to balance privacy interests with the broader interests of law enforcement, we posit that the absence of a strong privacy culture in India has translated into excessively intrusive KYC requirements. Accordingly, we recommend revision of both the international and domestic frameworks, particularly as literature indicates that the law enforcement benefits of the FATF framework (and indeed its application in India) are limited.
Keywords: FATF, privacy, KYC, Aadhaar, customer due diligence, enhanced due diligence, financial privacy, banks, profiling
JEL Classification: K1, K10, K11, K40, G10, G21, Z10
Suggested Citation: Suggested Citation