13.3 KYB and KYC

Epic overview

Build the KYC orchestration layer that takes a freshly captured application through every verification needed to satisfy the RBI KYC Master Direction (2.7) and PMLA, while leaving the platform vendor-pluggable per primitive (PAN, V-CIP, CKYC, etc.).

The module orchestrates many vendor calls and many borrower-side interactions without making the journey feel fragmented. KYC failure rates and time-to-complete are the two metrics product cares about; audit completeness and re-verification cadence are what compliance cares about.

User stories

As a borrower, I want to complete KYC via a video session without visiting a branch, in < 15 minutes end-to-end.
As a borrower, I want to fetch my Aadhaar offline KYC zip from UIDAI and have the platform verify it without me typing my Aadhaar number anywhere outside UIDAI.
As a borrower with a recent CKYC record, I want my prior KYC reused so I don’t repeat the same verification.
As an entity borrower’s director, I want each promoter to KYC separately on their own phone but the platform to recognise we’re all part of the same application.
As a credit analyst, I want a single screen showing every promoter and BO’s KYC status with the V-CIP recordings, OVD images, and sanctions screening outcomes accessible.
As a compliance officer, I want sanctions screening to fire automatically at onboarding and again periodically, with hits routed to my queue for disposition.
As an entity-borrower’s CA, I want to upload the directors’ KYC documents on their behalf with appropriate consent capture.
As a system, I want to verify GSTIN, Udyam, and MCA status as a single async batch and surface any discrepancies (e.g., director resigned per MCA but still on application) as an exception.
As an analyst, I want to see the beneficial-owner graph for an entity borrower including multi-tier shareholding, with each BO’s KYC status.
As a borrower, I want to be reminded 30 days before my periodic KYC update is due so I can refresh proactively rather than under deadline pressure.
As a CTO, I want to switch the V-CIP vendor from IDfy to Signzy without code change, just by updating vendor routing in admin.
As an internal auditor, I want for any past loan to retrieve the complete KYC evidence package — every OVD, every screening, every CKYC ref, every V-CIP recording — within 5 minutes.

API requirements

Individual KYC

POST /v1/kyc/individual — initiate KYC for a promoter. Body: { promoter_id, method }. Returns { kyc_record_id, session_token? }.
POST /v1/kyc/vcip/schedule — schedule V-CIP. Body: { kyc_record_id, preferred_time }. Returns { session_id, vendor, session_url }.
GET /v1/kyc/vcip/{id} — retrieve V-CIP session result.
POST /v1/kyc/aadhaar/offline — verify Aadhaar offline XML + share code. Body: { promoter_id, zip_url, share_code }. Returns { verification_id, status, masked_aadhaar }.
POST /v1/kyc/digilocker/fetch — fetch OVDs from DigiLocker. Body: { promoter_id, document_types[] }. Returns redirect URL.
POST /v1/kyc/pan/verify — verify PAN. Body: { pan, name, dob }. Returns { status, name_match_score }.
POST /v1/kyc/face-match — match selfie with OVD photo. Body: multipart with both images. Returns { score, decision }.

Entity KYB

POST /v1/kyb/entity — initiate KYB. Body: { business_entity_id }. Returns { kyb_record_id }.
POST /v1/kyb/{id}/gstin-verify — verify GSTIN.
POST /v1/kyb/{id}/udyam-verify — verify Udyam registration.
POST /v1/kyb/{id}/mca-verify — pull MCA company details.
POST /v1/kyb/{id}/bo — add BO node.
GET /v1/kyb/{id}/bo-graph — retrieve full BO graph.
POST /v1/kyb/{id}/bo-graph/validate — validate completeness (every BO >= 25% mapped + KYC’d).

CKYC

POST /v1/ckyc/search — search by PAN / Aadhaar / mobile.
POST /v1/ckyc/download — download record by KIN.
POST /v1/ckyc/upload — upload new record. Body: standardised CKYC payload.
POST /v1/ckyc/update — periodic update.
GET /v1/ckyc/queue — admin view of in-flight uploads + their status.

Sanctions / PEP / adverse media

POST /v1/sanctions/screen — screen subject. Body: { subject_type, subject_id, name, dob?, address? }. Returns { screen_id, hits[] }.
POST /v1/sanctions/{id}/dispose — disposition by compliance. Body: { disposition, notes }.
GET /v1/sanctions/refresh-queue — periodic re-screening queue.

Field FI

POST /v1/fi/cases — create FI case. Body: { application_id, address, priority }.
GET /v1/fi/cases/{id} — case detail with assignment.
POST /v1/fi/cases/{id}/assign — assign to agent.
POST /v1/fi/cases/{id}/complete — agent completes from field app. Body: photos, geo-tag, form, signature.
POST /v1/fi/cases/{id}/review — internal reviewer disposition.

Periodic update

GET /v1/kyc/refresh-due?within_days=30 — list KYC records due for refresh.
POST /v1/kyc/refresh-due/{id}/trigger — trigger refresh workflow.

Data model

kyc_record, kyb_record, vcip_session, ovd_proof, ckyc_record, sanctions_screen, bo_node, fi_case, agent.
See 5.3 Core data model and 5.9 Schema reference for full definitions.

UI screens

Borrower-facing

KYC method selection (V-CIP / DigiLocker / Aadhaar offline).
V-CIP session intro (operator joins, lighting / network checks).
Document upload screens (selfie, PAN photo, etc., if needed).
Aadhaar offline upload (with explainer on how to fetch from UIDAI).
Status screen showing KYC progress and what’s pending.

Analyst-facing

KYC review dashboard per application with all promoters’ KYC status side-by-side.
V-CIP recording playback.
OVD viewer with side-by-side compare (PAN vs Aadhaar names).
BO graph visualisation (tree).
Sanctions hit disposition screen with hit detail.
Single-click acceptance / rejection / refer to compliance.

Compliance-facing

Sanctions queue.
Periodic update due-list.
CKYC upload exception queue.
Audit-evidence retrieval (per loan / per borrower).

Field-agent-facing (field app)

Case queue (assigned cases).
Navigation to address.
Geo-tag at arrival.
Photo capture (shop front, owner, signage).
Form-fill.
Borrower signature capture.
Disposition (verified / not-verified / re-visit / wrong-address).

Backend services

KYC orchestration service — vendor-agnostic dispatcher; selects vendor per primitive per routing config.
V-CIP service — manages session lifecycle, recording archival.
CKYC connector service — search / download / upload / update; queue-based with retry.
Sanctions screening service — vendor-pluggable; queue-based for periodic re-screening.
BO graph service — recursive graph operations.
FI service — case allocation, agent app backend, completion review.

External integrations

PAN: NSDL, Karza, Signzy, IDfy.
Aadhaar offline: Karza, Signzy, IDfy, Hyperverge.
V-CIP: IDfy, Signzy, Hyperverge, Karza, Bureau.
Face / liveness: Hyperverge, IDfy, AuthBridge.
CKYC: CKYCR via Karza / Signzy / IDfy / direct integration.
GSTIN / Udyam / MCA: Karza, Probe42, Tofler, Signzy, GSPs.
DigiLocker: direct OAuth integration.
Bank account verification: Razorpay, Cashfree, Setu, Decentro.
Sanctions / PEP / adverse media: World-Check, AML Watcher, Trulioo, AuthBridge, IDfy.
Field FI: in-house agent panel + agency vendors; field app on React Native.

Test cases

Happy path

Aadhaar offline XML signature validates → KYC passes.
V-CIP session record retained and accessible by loan reference.
CKYC duplicate handled by automatic download.
Sanctions hit triggers review queue; clear disposition closes.
BO graph multi-tier mapping complete; all BOs verified.
FI agent completes from field app; reviewer accepts.

Failure / edge

PAN-Aadhaar name fuzzy match score below threshold → REFER queue.
V-CIP fails due to network → reschedule path; session attempts capped at 3.
CKYC API down → queue + retry with exponential backoff; admin alert if backlog.
Borrower’s Aadhaar OTP fails → fallback to other OVD.
Sanctions partial hit → REFER for disposition; clear path possible.
BO > 25% shareholder not yet verified → block sanction (allow application progress).
BO out-of-country → additional FEMA checks; flag for special review.
Director resigned per MCA between application start and sanction → re-pull MCA, REFER.
Field-agent app offline → captures stored locally, syncs on connectivity return.
Same borrower applying again post-decline → reuse prior KYC if within validity.

Compliance

Sanctions screen runs at onboarding AND periodically — verify both fire.
Periodic KYC refresh reminder 30 days before due date.
Audit trail captures every vendor call with timestamp and idempotency key.

Edge cases

PAN-Aadhaar name material mismatch (common in India; needs fuzzy threshold + manual review).
V-CIP recording lost due to vendor issue.
CKYC search returns stale data; must compare against fresh and update.
Borrower’s photo on Aadhaar very old (taken at child age); face-match low score.
BO is a foreign national → FEMA implications and enhanced due diligence.
Sanctions false-positive on common name (e.g., Rakesh Kumar) → disposition workflow.
Borrower with shared mobile across multiple applications → device-intel review.
Periodic-update overdue with active loan → policy decision: continue lending or pause renewals.
Director changes mid-application — needs re-verification and re-consent.
CKYC upload format change by CERSAI → vendor adaptor update + reprocess queue.

Acceptance criteria

KYC first-attempt success rate > 90%.
V-CIP success rate > 85% (after retries).
CKYC upload success rate > 95%.
Sanctions screening firing on every onboarding + every periodic schedule.
BO completeness verified before sanction; block enforced.
Audit evidence retrievable within 5 minutes for any loan.
Periodic refresh reminders 30 days ahead of due.
KYC vendor switchable via admin config without code change.
All compliance controls evidenced in periodic internal audit.

Compliance touchpoints

RBI KYC Master Direction + PMLA.
CKYC operating norms by CERSAI.
Digital Lending Guidelines — KYC methods must comply.
DPDP Act 2023 — every KYC artefact is personal data; consent + purpose + retention.
RBI V-CIP standards — specific requirements on session, geo-tag, recording, operator training.