In a key regulatory update, the Central KYC Registry (C-KYC) has implemented a mandatory OTP (One-Time Password) system for accessing customers’ KYC data. This change requires financial institutions, including banks and mutual funds, to secure real-time consent from individuals before downloading or verifying their C-KYC data.
Previously, when any financial entity accessed a person’s C-KYC data, the customer was only informed via SMS. With the new OTP mechanism, customers now have the power to directly approve or deny access to their personal data, adding an active layer of control. This update marks a major shift in enhancing personal data safety and aims to minimize fraud risks associated with unauthorized data access.
C-KYC Becomes the Primary Source for Customer Verification
According to a report by The Economic Times, the government is now urging banks and financial service providers to treat C-KYC as the primary source for customer verification. This decision follows a high-level meeting between finance ministry officials and top bank executives. Additionally, a senior bank official, who requested anonymity, said that the meeting participants agreed C-KYC data should serve as the main reference for KYC processes, helping to standardize the verification procedure across the financial sector.
Short Timeline for Integration Raises Concerns
While the move has received widespread praise for strengthening data privacy, the timeline for implementing this regulation has raised concerns. The new rule will take effect from May 9, leaving financial institutions with limited time to integrate the required changes into their existing systems. Industry insiders suggest that while this update strengthens privacy and data control, it could temporarily slow down the process of onboarding new customers as financial institutions adapt to the new system.
However, many believe the long-term benefits for consumer protection will outweigh the initial inconveniences. The added layer of security and control will make it harder for unauthorized parties to misuse personal data, creating a safer environment for financial transactions.
Key Updates on C-KYC and OTP Consent
- OTP is now mandatory to access C-KYC data.
- No prior approval from authorities is necessary—only customer consent is required.
- Customers will actively approve or deny requests to access their KYC data.
- Financial institutions must treat C-KYC as the primary source of verification for customer KYC processes.
- The update aims to increase data safety and reduce fraud risks.
- The new rule will be effective starting May 9.
- The government and banks agreed on this change during a joint meeting.
- The rule could initially slow down new customer onboarding but promises long-term consumer protection.