New Rule For C-KYC Data, OTP Needed To Share Personal Info

In a significant regulatory update, the Central KYC Registry (C-KYC) has introduced a mandatory OTP (One-Time Password) system for accessing customers' KYC data. This means financial institutions like banks and mutual funds must now obtain real-time consent from individuals before downloading or verifying their Central KYC data.

Earlier, when any financial entity accessed a person’s C-KYC data, the customer was only informed via SMS. With the new OTP mechanism, customers will directly approve or deny access, adding an active layer of control. This marks a notable shift toward enhancing personal data safety and aims to minimize fraud risks.

C-KYC Becomes Primary Verification Source

As per a report by The Economic Times, the government is urging banks and financial service providers to treat C-KYC as the primary source of customer verification. This decision followed a high-level meeting between finance ministry officials and top bank executives. A senior bank official, who chose to remain anonymous, stated that it was agreed during the meeting that C-KYC data should be the main point of reference for KYC processes.

The goal is to create a more unified, secure, and trustworthy verification platform across the financial sector.

Short Timeline Raises Concerns

Although the initiative has been widely acknowledged as a step in the right direction, the rollout timeline has raised eyebrows. The new regulation is set to come into effect from May 9, leaving financial institutions with limited time to integrate this change into their existing systems.

Industry insiders suggest that while this step strengthens privacy and data control, it may temporarily slow down new customer onboarding processes. However, the long-term benefits for consumer protection are expected to outweigh the initial inconveniences.

C-KYC introduces OTP-based consent for data access, boosting data privacy and reducing fraud.

Important Facts:

- OTP is now mandatory to access C-KYC data.

- No prior approval from authorities is needed—just customer consent.

- Customers will actively approve KYC data access requests.

- Financial institutions must treat C-KYC as the primary verification source.

- The update aims to increase data safety and reduce fraud.

- Rule effective from May 9.

- The government and banks agreed on this change during a joint meeting.

- The rule may initially slow down new customer onboarding.

news