Master Circular on Know Your Client (KYC) norms for the securities markets

Definition
1. In this Circular, unless the context otherwise requires, the terms used herein shall bear the meanings as assigned to them below:

a. “Aadhaar number” shall have the same meaning as assigned to it under sub-section (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and includes any alternative virtual identity generated under sub-section (4) of section 3 of that Act.

b. “Act”, “Regulations”, “Circulars” and “Guidelines” mean the Securities and Exchange Board of India Act, 1992 and the Regulations, Circulars and Guidelines made thereunder and amendments thereto.

c. “Authentication”, in the context of Aadhaar authentication, shall have the same meaning as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

d. “Beneficial owner” shall have the same meaning as assigned to it under sub section 1 clause (fa) of section 2 of the Prevention of Money Laundering Act, 2002.

e. “Central KYC Records Registry” (CKYCR) shall have the same meaning as assigned to it under Rule 2 (1) (ac) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

f. “Client” shall have the same meaning as assigned to it under Section 2(ha) of the Prevention of Money Laundering Act, 2002.

g. “Client Due Diligence” shall have the same meaning as assigned to it under Rule 2 (1) (b) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

h. “Designated Director” shall have the same meaning as assigned to it under Rule 2 (1) (ba) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

i. “Digital KYC” shall have the same meaning as assigned to it under Rule 2 (1) (bba) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

j. “Digital Signature” shall have the same meaning as assigned to it under clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).

k. “e-KYC authentication facility” shall have the same meaning as assigned to it under clause (j) of sub section (1) of section (2) of Aadhaar (Authentication and Offline Verification) Regulations, 2021.

l. “Electronic Signature” shall have the same meaning assigned to it under clause (ta) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
m. “Equivalent e-document” shall have the same meaning as assigned to it under Rule 2 (1) (cb) of Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

n. “e-Sign” is an online electronic signature service which can be integrated with service delivery applications via an API to facilitate an e-Sign user to digitally sign a document.

o. “Intermediary” shall have the same meaning as assigned to it under sub section 1 clause (g) of section (2) of the Securities and Exchange Board of India (Intermediaries) Regulations, 2008.

p. “Know Your Client (KYC)” means the procedure specified by the Board for identifying and verifying the Proof of Address, Proof of Identity and compliance with rules, regulations, guidelines and circulars issued by the Board or any other authority for Prevention of Money Laundering from time to time.

q. “Person” shall have the same meaning as assigned to it under sub section 1 clause (s) of section 2 of the Prevention of Money laundering Act, 2002.

r. “PMLA” means The Prevention of Money Laundering Act, 2002 (Act No. 15 of 2003) and includes the amendments thereto.

s. “PML Rules” means The Prevention of Money Laundering (Maintenance of Records) Rules, 2005 and includes the amendments thereto.

Background
2. KYC and Client Due Diligence (CDD) policies as part of KYC are the foundation of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary to obtain and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the client at the time of commencement of an account-based relationship.

3. The registered intermediaries shall not open or keep any anonymous account or account in fictitious names or account on behalf of other persons whose identity has not been disclosed or cannot be verified. The intermediaries shall also continue to abide by circulars issued by SEBI from time to time for prevention of money laundering.
Uniform KYC Format3

4. SEBI registered intermediaries shall perform KYC in securities market through physical mode/ digital (online or app based) mode. To bring about uniformity in securities market, all SEBI registered intermediaries shall use the same KYC form and supporting documents. Foreign Portfolio Investors and Eligible Foreign Investors shall be guided as per provisions of SEBI Circular SEBI/HO/AFD-2/CIR/P/2022/175 December 19, 2022 and amendments thereto.

5. The account opening form (AOF) for client shall be divided into two parts. Part I of the AOF shall be the KYC form which shall capture the basic details about the client. For this purpose, all registered intermediaries shall use the KYC templates provided by Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI) for individuals and for legal entities for capturing the KYC information. The CKYCR templates – Individual and Legal Entity provided by CERSAI is available at https://www.ckycindia.in/ckyc/?r=download.

6. Part II of the form shall obtain the additional information specific to the area of activity of the intermediary, as considered appropriate by them. The instant Master Circular deals with the provisions of Part I -KYC form.

Requirement of Permanent Account Number (PAN)

7. In order to strengthen the KYC norms and identify every participant in the securities market with their respective PAN thereby ensuring sound audit trail of all the transactions, PAN shall be the unique identification number  for all participants transacting in the securities market, irrespective of the amount of transaction.

8. The registered intermediaries shall verify the PAN of their clients online at the Income Tax website without insisting on the original or copy of PAN card.

9. As per the provisions of Income-tax Act, 1961 (Income Tax Act), the PAN allotted to a person shall become inoperative if it is not linked with Aadhaar. Since PAN is the key identification number and part of KYC requirements for all transactions in the securities market, all registered intermediaries shall ensure valid PAN in the KYC documentation for all clients.

10. Status of Aadhaar and PAN linkage shall be flagged at the system of KRA.

Exemptions/Clarifications to PAN requirements
11. The following are exempted from the mandatory requirement of PAN:
i. Transactions undertaken on behalf of Central Government and/or State Government and by officials appointed by Courts e.g. Official liquidator, Court receiver etc. (under the category of Government) for transacting in the securities market.

ii. Investors residing in the state of Sikkim.

iii. UN entities/multilateral agencies exempt from paying taxes/filing tax returns in India.

iv. SIP of Mutual Funds upto INR 50,000/- per year.

In case there is change in the name subsequent to issuance of PAN of the client, registered intermediaries can collect the PAN card proof as submitted by the client provided it is supported by a marriage certificate issued by the State Government or gazette notification, indicating such a change of name.

The e-PAN issued by Central Board of Direct Taxes (CBDT) can also be produced by client for KYC compliance. e-PAN is a digitally signed PAN card issued in electronic format by the Income-tax department.

List of documents admissible as Proof of Identity (PoI)
12. Registered intermediaries at the time of commencement of an account- based relationship shall identify their clients, verify their identity and obtain information on the purpose and intended nature of the business relationship.

13. The name as mentioned in the KYC form shall match the name as mentioned in the Proof of Identity (PoI) submitted.

14. The following documents shall be accepted as PoI:
a. Officially valid document (OVD) defined as per Rule 2 (d) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules):
i. the passport;
ii. the driving licence;
iii. proof of possession of Aadhaar number;
iv. the Voter’s Identity Card issued by Election Commission of India;
v. job card issued by NREGA duly signed by an officer of the State
Government;
vi. the letter issued by the National Population Register containing details of name address; or
vii. any other document as notified by the Central Government in consultation with the Regulator.

b. Further, in terms of proviso to the above Rule, where simplified measures are applied for verifying the identity of the clients, the following documents shall also be deemed to be officially valid document:
i. Identity card/ document with applicant’s photo, issued by the Central/State Government Departments, Statutory/Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks and Public Financial Institutions;
ii. Letter issued by a gazetted officer, with a duly attested photograph of the person.

15. The registered intermediaries shall not store/ save the Aadhaar number of client in their system. Further, in terms of PML Rule 9(16), every registered intermediary shall, where the client submits his Aadhaar number, ensure that such client redacts or blacks out his Aadhaar number by appropriate means where the authentication of Aadhaar number is not required under sub rule (15) of PML Rule 9.
Proof of Address (PoA)6

16. At the time of commencement of an account-based relationship, the registered intermediaries shall along with the PoI, obtain documents as proof of address.

17. The following documents shall be accepted as PoA:
a. “officially valid document” defined as per Rule 2 (d) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules):
i. the passport;
ii. the driving licence;
iii. proof of possession of Aadhaar number;
iv. the Voter’s Identity Card issued by Election Commission of India;
v. job card issued by NREGA duly signed by an officer of the State
Government;
vi. the letter issued by the National Population Register containing details of name, address; or
vii. any other document as notified by the Central Government in consultation with the Regulator.

b. Further, in terms of Rule 9(18) of PML rules, 2005, in case the officially valid document furnished by the client does not contain updated address, the following documents (or their equivalent e- documents thereof) shall be as deemed to be officially valid document for the limited purpose of proof of address, provided that the client shall submit updated officially valid document (or their equivalent e-documents thereof) with current address within a period of three months of submitting the following documents:
i. utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);

ii. property or municipal tax receipt;
iii. pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
iv. letter of allotment of accommodation from employer issued by state or central government departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation.

18. In terms of the PML Rules, cases where the client submits his proof of possession of Aadhaar number as an officially valid document, he may submit it in such form as is issued by the UIDAI.

19. A document shall be deemed to an officially valid document even if there is a change in the name subsequent to its issuance provided it is supported by a Marriage Certificate issued by the State Government or a gazette notification, indicating such change of name.

20. For non-residents and foreign nationals, (allowed to trade subject to RBI and FEMA guidelines), copy of passport/Persons of Indian Origin (PIO) Card/Overseas Citizenship of India (OCI) Card and overseas address proof is mandatory.

21. In case the officially valid document presented by a foreign national does not contain the details of address, the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.

22. If any proof of address is in a foreign language, then translation into English shall be required.

23. If correspondence and permanent address is different, then proof for both shall be submitted.

Acceptance of third party address as correspondence address
24. A client can authorize to capture address of a third party as a correspondence address, provided that all prescribed ‘Know Your Client’ norms are also fulfilled for the third party. The intermediary shall obtain proof of identity and proof of address for the third party. The intermediary shall also ensure that client due diligence norms as specified in Rule 9 of PML Rules are complied with in respect of the third party.

25. Registered intermediaries at the time of commencement of an account- based relationship shall determine whether the client purports to act on behalf of juridical person or individual or trust and the registered intermediary shall verify that any person purporting to act on behalf of such client is so authorized and verify the identity of that person.
Identification of Beneficial Ownership

26. SEBI Master Circular SEBI/HO/MIRSD/MIRSD-SEC-5/P/CIR/2023/022 dated February 03, 2023 on Guidelines on Anti-Money Laundering (AML) Standards and Combating the Financing of Terrorism (CFT) /Obligations of Securities Market Intermediaries under the Prevention of Money Laundering Act, 2002 and Rules framed there under has prescribed the approach to be followed towards identification of beneficial ownership at Para 11 (iii) therein. Accordingly, the registered intermediaries may be guided by the provisions of the said Master Circular and amendments thereto for the purpose of identification of beneficial ownership of the client.

27. Whenever it is apparent that the securities acquired or maintained through an account are beneficially owned by a party other than the client, that party shall be identified using client identification and verification procedures.

28. The registered intermediaries shall conduct ongoing CDD where inconsistencies are noticed in the information provided. The underlying objective shall be to follow the requirements enshrined in the PMLA, PML Rules, SEBI Act and Regulations, directives and circulars issued thereunder so that the intermediary is aware of the clients on whose behalf it is dealing.

29. The registered intermediaries shall periodically update all documents, data or information of all clients and beneficial owners collected under the CDD process.

30. The stock exchanges and depositories shall monitor the compliance of the aforementioned provision on identification of beneficial ownership through half yearly internal audits. In case of mutual funds, compliance of the same shall be monitored by the Boards of the Asset Management Companies and the Trustees and in case of other registered intermediaries, by their Board of Directors.

Requirement of additional documents for non-individuals (Legal Entities)
31. In case of non-individuals, additional documents (certified copies of equivalent e-documents) to be obtained are mentioned below:
i. Corporate body:
a. Certificate of incorporation.
b. Memorandum and Articles of Association.
c. Board Resolution for investment in securities market.
d. Power of Attorney granted to its managers, officers or employees, as the case may be, to transact on its behalf.
e. Authorised signatories list with specimen signatures.
f. Copy of the balance sheet for the last financial year (initially for the last two financial years and subsequently for every last financial year).
g. Latest share holding pattern including list of all those holding control, either directly or indirectly, in the company in terms of SEBI takeover Regulations, duly certified by the company secretary/whole time director/ MD (to be submitted every year).
h. Photograph, POI, POA, PAN and DIN numbers of whole time directors/two directors in charge of day to day operations.
i. Photograph, POI, POA, PAN of individual promoters holding control – either directly or indirectly.

ii. Partnership firm:
a. Certificate of registration (for registered partnership firms only).
b. Copy of partnership deed.
c. Copy of the balance sheet for the last financial year (initially for the last two financial years and subsequently for every last financial year).
d. Authorised signatories list with specimen signatures.
e. Photograph, POI, POA, PAN of Partners.

iii. Trust:
a. Certificate of registration (for registered trust only).
b. Copy of Trust deed.
c. Copy of the balance sheet for the last financial year (initially for the last two financial years and subsequently for every last financial year).
d. List of trustees certified by managing trustees/CA.
e. Photograph, POI, POA, PAN of Trustees.

iv. HUF:
a. Deed of declaration of HUF/ List of coparceners.
b. Bank pass-book/bank statement in the name of HUF.
c. Photograph, POI, POA, PAN of Karta.

v. Unincorporated association or a body of individuals:
a. Proof of Existence/Constitution document.
b. Resolution of the managing body & Power of Attorney granted to transact business on its behalf.
c. Authorized signatories list with specimen signatures.

vi. Banks/Institutional Investors:
a. Copy of the constitution/registration or annual report/balance sheet for last financial year (initially for the last two financial years and subsequently for every last financial year).
b. Authorized signatories list with specimen signatures.

vii. Army/ Government Bodies:
a. Self-certification on letterhead.
b. Authorized signatories list with specimen signatures.

viii. Registered Society:
a. Copy of Registration Certificate under Societies Registration Act.
b. List of Managing Committee members.
c. Committee resolution for persons authorised to act as authorised signatories with specimen signatures.
d. True copy of Society Rules and Bye Laws certified by the Chairman/Secretary.

Requirement of Mobile Number and Email ID
32. The registered intermediaries shall upload the details of mobile number and email address on the KRA system. It shall be ensured that the mobile number/email addresses of their employees/authorized persons, distributors etc. are not uploaded on behalf of clients.
Digital KYC

33. In order to enable the online KYC process for establishing account based relationship with the registered intermediary, client’s KYC shall be completed through digital (online / Application (App) based) KYC, in-person verification through video, online submission of officially valid document / other documents, using electronic/digital signature, including Aadhaar e-Sign.

34. The client shall visit the website/App/digital platform of the registered intermediary and fill up the online KYC form and submit requisite documents.

35. SEBI registered intermediaries shall obtain the express consent of the client before undertaking online KYC.

36. The PAN, name, photograph, address, mobile number and email ID of the client shall be captured digitally and officially valid document shall be provided as a photo / scan of the original under electronic/digital signature, including Aadhaar e-Sign and the same shall be verified.

37. Any officially valid document other than Aadhaar shall be submitted through Digiocker / using electronic/digital signature, including Aadhaar e- Sign.

38. The mobile number of client accepted as part of KYC should preferably be the one seeded with Aadhaar.

39. Mobile and email shall be verified through One Time Password (OTP) or other verifiable mechanism.

40. Aadhaar shall be verified through UIDAI’s authentication/ verification mechanism. Further, in terms of PML Rule 9(16), every intermediary shall, where the client submits his Aadhaar number, ensure that such client redacts or blacksout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under sub-rule (15) under PML Rule.

41. e-KYC through Aadhaar Authentication service of UIDAI (e-KYC) or offline verification through Aadhaar QR Code/ XML file can be undertaken, provided the XML file or Aadhaar Secure QR Code generation date is not older than 3 days from the date of carrying out KYC.

42. The usage of Aadhaar shall be optional and purely on a voluntary basis by the client.

43. Any document, except for the documents mentioned in the First Schedule of the Information Technology Act, 2000, shall be authenticated by a client by way of electronic/digital signature including Aadhaar e-Sign. Accordingly, the process of performing KYC shall be completed by using electronic/digital signature including Aadhaar e-Sign.

44. A client can use the electronic/digital signature, including Aadhaar e-Sign service to submit the document to the registered intermediary.

45. In case of non-individual clients, intermediaries shall exercise caution and satisfy themselves regarding the genuineness of the authorization and identity of the authorized signatories.

46. The electronic/digital signature, including Aadhaar e-Sign shall be accepted in lieu of wet signature on the documents provided by the client. The cropped signature affixed on the online KYC form under electronic/digital signature, including Aadhaar e-Sign shall also be accepted as valid signature.

47. Bank details of the client shall be captured online and signed cancelled cheque shall be provided as a photo / scan of the original under electronic/digital signature including Aadhaar e-Sign. Bank account details shall be verified by Penny Drop mechanism or any other mechanism using API of the Bank. The name and bank details as obtained shall be verified with the information provided by client.

48. Once all the required information as per the online KYC form is filled up by the investor, KYC process shall be completed as under:
a. The client shall take a print out of the completed KYC form and after affixing their wet signature, send the scanned copy / photograph of the same to the registered intermediary under electronic/digital signature including Aadhaar e-Sign or
b. Affix online the cropped signature on the filled KYC form and submit the same to the registered intermediary under electronic/digital signature including Aadhaar e-Sign.
c. The “original seen and verified” requirement for officially valid document would be met where the investor provides the officially valid document in the following manner:
i. As a clear photograph or scanned copy of the original officially valid document, through the electronic/digital signature including Aadhaar e-Sign, or;
ii. As digitally signed document of the officially valid document, issued through the DigiLocker by the issuing authority.

Features for online KYC App of the Intermediary
49. SEBI registered intermediary can implement its own App for undertaking online KYC of clients.

50. The App shall facilitate taking photograph, scanning, acceptance of officially valid document through Digilocker, video capturing in live environment and usage of the App only by authorized person of the intermediary.

51. The App shall also have features of random action initiation for client response to establish that the interactions are not pre-recorded along with time stamping and geo-location tagging to ensure the requirement like physical location being in India etc are also implemented.

52. Registered intermediaries shall ensure that the process is a seamless, real-time, secured, end-to-end encrypted audio-visual interaction with the client and the quality of the communication is adequate to allow identification of the client beyond doubt. Registered intermediaries shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations.

53. The intermediaries shall, before rolling out and periodically, carry out software and security audit and validation of their App. The intermediaries can have additional safety and security features other than as prescribed above.
Requirement of In-Person Verification (IPV)

54. It shall be mandatory for all the registered intermediaries to carry out IPV of their clients.

55. The intermediaries shall ensure that the details like name of the person doing IPV, his designation, organization with his signatures and date are recorded on the KYC form at the time of IPV.

56. The IPV carried out by one SEBI registered intermediary can be relied upon by another intermediary.

57. In case of Stock brokers, their Authorised Persons (appointed by the stock brokers after getting approval from the concerned Stock Exchanges) can perform the IPV.

58. In case of Mutual Funds, their Asset Management Companies (AMCs) and the distributors who comply with the certification process of National Institute of Securities Market (NISM) or Association of Mutual Funds (AMFI) and have undergone the process of ‘Know Your Distributor (KYD)’, can perform the IPV. Additionally, entities registered as Category 1 Execution Only Platform (EOP) can perform the IPV.

59. In case of applications received by the mutual funds directly from the clients (i.e. not through any distributor), they may also rely upon the IPV performed by the scheduled commercial banks.

60. To enable ease of completing IPV of an investor, intermediary may undertake the Video in Person Verification (VIPV) of an individual investor through their App. The following process shall be adopted in this regard:
a) Intermediary through their authorised official, specifically trained for this purpose, may undertake live VIPV of an individual client, after obtaining his/her informed consent. The activity log along with the credentials of the person performing the VIPV shall be stored for easy retrieval.
b) The VIPV shall be in a live environment.
c) The VIPV shall be clear and still, the client in the video shall be easily recognisable and shall not be covering their face in any manner.
d) The VIPV process shall include random question and response from the investor including displaying the officially valid document, KYC form and signature or could also be confirmed by an OTP.
e) The intermediary shall ensure that photograph of the client downloaded through the Aadhaar authentication / verification process matches with the investor in the VIPV.
f) The VIPV shall be digitally saved in a safe, secure and tamper-proof, easily retrievable manner and shall bear date and time stamping.
g) The intermediary may have additional safety and security features other than as prescribed above.

61. IPV shall not be required in the cases where:
a) the KYC of the client has been completed using the Aadhaar authentication/ verification of UIDAI.
b) the KYC form has been submitted online, documents have been provided through Digilocker or any other source which could be verified online.

Adaptation of Aadhaar based e-KYC process and e-KYC Authentication facility for Resident Investors under section 11A of the Prevention of Money Laundering Act, 2002:  KUA and Sub KUA mechanism
62. Registered intermediaries for reasons such as online on-boarding of clients, client convenience, increased efficiency and reduced time for client onboarding would prefer to use Aadhaar based e-KYC facility to complete KYC of the client.

63. The e-KYC service launched by UIDAI shall be accepted as a valid process for KYC verification.

64. As per the process outlined by Department of Revenue (DoR), Ministry of Finance (MoF) vide circular dated May 09, 2019 for use of Aadhaar authentication services by entities other than the banking companies, entities in the securities market as may be notified by the Central Government shall be allowed to undertake Aadhaar Authentication under section 11A of the PMLA .

65. These entities would be registered with UIDAI as KYC user agency (KUA)/sub KYC user Agency (sub-KUA).The KUAs shall allow the SEBI registered intermediaries as sub-KUA to undertake Aadhaar Authentication of their clients for the purpose of KYC.

66. The following entities shall get registered with UIDAI as KYC user agency (“KUA”) and shall allow SEBI registered intermediaries to undertake Aadhaar Authentication in respect of their clients for the purpose of KYC.
(i) Bombay Stock Exchange Limited
(ii) National Securities Depository Limited
(iii) Central Depository Services (India) Limited
(iv) CDSL Ventures Limited
(v) NSDL Database Management Limited
(vi) NSE Data and Analytics Limited
(vii) CAMS Investor Services Private Limited (viii)Computer Age Management Services Private Limited
(ix) National Stock Exchange of India Limited (NSE).

67. SEBI registered intermediaries who want to undertake Aadhaar authentication services through KUAs, shall enter into an agreement with any one KUA and get themselves registered with UIDAI as Sub-KUAs. The agreement in this regard shall be as prescribed by UIDAI.

Entities permitted to undertake e-KYC Aadhaar Authentication service of UIDAI in Securities Market as sub-KUA
68. Department of Revenue (DoR), Ministry of Finance (MoF), Government of India, vide Gazette Notification Nos. S.O. 3187(E) dated July 13, 2022 and S.O. 446 (E) dated January 30, 2023 has notified reporting entities to use Aadhaar authentication services of UIDAI under section 11A of the Prevention of Money-laundering Act, 2002. The notifications can be accessed at the links (Govt. Notification dated July 13, 2022 and Govt Notification dated Jan 30, 2023.pdf). These entities shall act as Sub-KUA.

69. The KUAs shall facilitate the onboarding of these entities as Sub-KUAs to provide the services of Aadhaar authentication with respect to KYC.

Onboarding process of Sub-KUA by UIDAI
70. As provided in the DoR circular dated May 09, 2019, SEBI after scrutiny of the application forms of KUAs shall forward the applications along with its recommendation to UIDAI.

71. For appointment of SEBI registered intermediary as Sub-KUAs, KUA shall send list of proposed Sub-KUAs to SEBI and SEBI would forward the list of recommended Sub-KUAs to UIDAI for onboarding.

72. An agreement shall be signed between KUA and Sub-KUA, as prescribed by UIDAI. Sub-KUA shall also comply with the Aadhaar Act, 2016, regulations, circulars, guidelines etc. issued by UIDAI from time to time.

73. Each sub-KUA shall be assigned a separate Sub-KUA code by UIDAI.

74. The KUA/sub-KUA shall be guided by the above for use of Aadhaar authentication services of UIDAI for e-KYC.

75. The KUAs and sub KUAs shall adopt the following process for Aadhaar e- KYC of investors (resident) in the securities market:

A. Online Portal based Investor (Resident) e-KYC Process (Aadhaar as an officially valid document)
i. Client visits portal of KUA or the SEBI registered intermediary which is also a Sub-KUA to open account/invest through intermediary.
ii. For Aadhaar e-KYC, client is redirected to KUA portal. Client enters the Aadhaar Number or Virtual Id and provides consent on KUA portal. Adequate controls shall be in place to ensure that Aadhaar Number is not stored anywhere by the Sub-KUA or KUA.
iii. Client shall receive OTP in mobile number registered with Aadhaar. Client enters the OTP sent by UIDAI on KUA portal for Aadhaar e- KYC.
iv. KUA shall receive the e-KYC details from UIDAI upon successful Aadhaar authentication which shall be further forwarded to Sub-KUA in encrypted format (using KUAs own encryption key) and shall be displayed to the client on portal.
v. Sharing of e-KYC data by the KUA with Sub-KUA shall be allowed under Regulation 16(2) of Aadhaar (Authentication) Regulations, 2016. Sub-KUA shall clearly specify the name of the KUA and Sub- KUA, and details of sharing of data among KUA and Sub-KUA while capturing client consent.
vi. Client shall fill the additional detail as required under KYC format.

B. Assisted Investor (Resident) e-KYC process (Aadhaar as an officially valid document):
i. Client approaches any of the SEBI Registered Entity/ Sub-KUAs for e-KYC through Aadhaar.
ii. SEBI registered entities (Sub-KUAs) shall perform e-KYC using registered / whitelisted devices with KUAs.
iii. KUA shall ensure that all devices and device operators of Sub-KUA are registered / whitelisted devices with KUA.
iv. Client shall enter Aadhaar No. or Virtual Id and provide consent on the registered device.
v. Client provides biometric on the registered device.
vi. SEBI registered intermediary (Sub-KUA) fetches the e-KYC details through the KUA from UIDAI which shall be displayed to the client on the registered device.
vii. Client shall also provide the additional detail as required.

76. The KUA/ sub-KUA while performing the Aadhaar authentication shall comply with the following:
i. For sharing of e-KYC data with Sub-KUA under Regulation 16(2) of Aadhaar (Authentication) Regulations, 2016, KUA shall obtain special permission from UIDAI by submitting an application in this regard. Such permissible sharing of e-KYC details by KUA can be allowed with their associated Sub-KUAs only.

ii. KUA shall not share UIDAI digitally signed e-KYC data with other KUAs. However, KUAs may share data after digitally signing it using their own signature for internal working of the system.
iii. e-KYC data received as response upon successful Aadhaar authentication from UIDAI shall be stored by KUA and Sub-KUA in the manner prescribed by Aadhaar Act/Regulations and circulars issued by UIDAI time to time.
iv. KUA/Sub-KUA shall not store Aadhaar number in their database under any circumstances. It shall be ensured that Aadhaar number is captured only using UIDAI’s Aadhaar Number Capture Services (ANCS).
v. The KUA shall maintain auditable logs of all such transactions where e- KYC data has been shared with sub-KUA, for a period specified by the Authority.
vi. It shall be ensured that full Aadhaar number is not stored and displayed anywhere in the system and wherever required only last 4 digits of Aadhaar number may be displayed.
vii. As per Regulation 14(i) of the Aadhaar (Authentication) Regulation, 2016, requesting entity shall implement exception-handling mechanisms and backup identity authentication mechanism to ensure seamless provision of authentication services to Aadhaar number holders.
viii. UIDAI may conduct audit of all KUAs and Sub KUAs as per the Aadhaar Act, Aadhaar Regulations, AUA/KUA Agreement, Guidelines, circulars etc. issued by UIDAI from time to time.
ix. Monitoring of irregular transactions – KUAs shall develop appropriate monitoring mechanism to record irregular transactions and their reporting to UIDAI.
x. Investor Grievance Handling Mechanism – Investor may approach KUA for their grievance redressal. KUA shall ensure that the grievance is redressed within the timeframe as prescribed by UIDAI. KUA shall also submit report on grievance redressal to UIDAI as per timelines prescribed by UIDAI.

77. For non-compliances if any observed on the part of the reporting entities (KUAs/ Sub KUAs), SEBI shall take necessary action under the applicable laws and also bring the same to the notice of DoR / FIU/UIDAI for further necessary action, if any.

78. The registered intermediary (KUAs/Sub-KUAs) shall also adhere to the continuing compliances and standards of privacy and security prescribed by UIDAI to carry out Aadhaar Authentication Services under section 11A of PMLA.

79. Based on a report from SEBI / UIDAI or otherwise, if it is found that the reporting entity no longer fulfils the requirements for performing authentication under clause (a) of section 11 A(1) of PMLA, the Central Government may withdraw the notification after giving an opportunity to the reporting entity.

KYC for SARAL Account Opening Form for resident individuals
80. For individual clients participating in the cash segment without obtaining various other facilities such as internet trading, margin trading, derivative trading and use of power of attorney, the requirement of submission of ‘proof of address’ shall be as follows:
a. Individual client may submit only one documentary proof of address (either residence/ correspondence or permanent) while opening a trading account and / or demat account or while undergoing updation.
b. In case the proof of address furnished by the said client is not the address where the client is currently residing, the intermediary may take a declaration of the residence/correspondence address on which all correspondence shall be made by the intermediary with the client. No proof is required to be submitted for such correspondence/residence address. In the event of change in this address due to relocation or any other reason, client may intimate the new address for correspondence to the intermediary within two weeks of such a change. The residence/ correspondence address and any such change thereof may be verified by the intermediary through ‘positive confirmation’ such as (i) acknowledgment of receipt Welcome Kit/ dispatch of contract notes / any periodical statement, etc. (ii) telephonic conversation; (iii) visits, etc.
c. The registered intermediaries shall forward the KYC completion intimation letter through registered post/ speed post or courier, to the address of the client in cases where the client has given address other than as given in the officially valid document. In such cases of return of the intimation letter for wrong / incorrect address, addressee not available etc, no transactions shall be allowed in such account and intimation shall also sent to the Stock Exchange and Depository.
d. The registered intermediaries and KRAs shall flag such accounts in their records/systems.

Confidentiality of client information
81. Registered intermediaries shall keep confidential every information maintained, furnished or verified, save as otherwise provided under any law for the time being in force.