Counter-productive move

RBI's new KYC norms may shrink the digital wallet industry

The imposition by the Reserve Bank of India (RBI) of stringent Know Your Customer (KYC) norms for the digital wallet industry could be a serious impediment to the financial technology industry’s growth. Prepaid payment instruments, or PPIs, as digital wallets are technically defined, operate two types of accounts, both tied to a smartphone mobile number. One is a “non-KYC” minimum-balance account, with strict restrictions on monthly transactions and a maximum balance. The other type of account requires e-KYC, using Aadhaar. New guidelines for PPIs are supposed to set the stage for full interoperability among these smartphone apps. The RBI wants all existing PPI customers to share full KYC details by December-end. Otherwise, the accounts will be converted to the minimum-slab PPI by January 2018. Within 12 months full-KYC compliance will be necessary for everyone using a PPI account. While this would be a useful feature, the compliance barrier could also lead to a sharp loss of transaction volumes and drive away customers unwilling to undergo the tedium of the KYC process.

Digital wallet players are asking for a relaxation of these guidelines. PPIs are generally used to make small and micro payments such as buying cigarettes or paying an auto-rickshaw fare. PPI users rarely keep much money in these accounts. This is one level of security; even if the account is hacked, there is little to be lost. Money can be transferred into a PPI account digitally from a bank account, via credit card/debit card, or by depositing physical cash at a designated physical bank. Money can only be transferred out of a PPI account digitally. Every PPI transaction must be confirmed by the use of a one-time password sent to the linked mobile number. Now, KYC is mandatory before any mobile number may be issued. The subscriber has to provide Aadhaar or some other identity proof and address proof. The Department of Telecommunication has set a deadline for re-verifying all mobile numbers by linking them to Aadhaar by February 2018, although this linkage order has been challenged in the Supreme Court. Bank accounts and credit cards have even more stringent address and identification verification norms. As things stand, all bank accounts are supposed to be linked to Aadhaar by December 31, although this order also faces legal challenge.

Hence, even a minimum PPI account-holder has already undergone at least one level of KYC upon the mobile number itself. Given this, the central bank’s new guidelines appear to be excessively bureaucratic and, indeed, the digital equivalent of demanding that all paperwork be submitted in duplicate and triplicate. The new KYC process would involve the PPI account holder going through the trouble of scanning and uploading sensitive documents again, just as with the opening of a full-fledged bank account. It would also raise new worries about the data security of PPI service providers; it is one thing to lose a little money if a PPI account is hacked and a far more serious matter if a database containing digital copies of Aadhaar, PAN, etc is hacked. It would lay a compliance burden on the PPI service provider as well. It is not unlikely that many existing PPI account holders will choose to let their accounts lapse and pay their auto-rickshaw fares in cash rather than bother. The new norms might actually be counter-productive in that they could lead to existing users exiting the cashless economy.