Design Principles
This page documents the regulatory and architectural constraints that govern every decision in the KYC (Know Your Customer) onboarding system. These constraints emerge from Indian securities regulation (SEBI circulars, PMLA rules, IT Act 2000), the capabilities of government identity infrastructure (DigiLocker, Aadhaar, CKYC), and the operational requirements of KRA/exchange/depository submissions. When you encounter a design choice elsewhere in the docs, the rationale traces back to one of these constraints.
Regulatory Design Constraints
Section titled “Regulatory Design Constraints”| # | Constraint | Regulatory Basis |
|---|---|---|
| 1 | Mobile verification required for OTP-based authentication | Mobile OTP establishes the identity anchor and communication channel required for KRA verification, eSign authentication, and post-onboarding notifications per SEBI KYC norms. |
| 2 | Government identity sources for IPV exemption | Aadhaar eKYC via DigiLocker consent provides IPV exemption per SEBI/HO/MIRSD/DOP/CIR/P/2020/73. Identity fields are sourced from government-issued digital documents. |
| 3 | Aadhaar eKYC without Aadhaar number collection | DigiLocker consent flow provides Aadhaar eKYC without requiring the intermediary to collect or store the Aadhaar number, in compliance with Aadhaar Act Section 29 restrictions. |
| 4 | Government data sources reduce manual entry errors in regulatory submissions | DigiLocker, KRA, and CKYC data sources pre-populate identity and financial fields, reducing discrepancies in KRA/CKYC/UCC submissions that lead to rejections. |
| 5 | Parallel verification against regulatory databases | PAN verification, KRA lookup, CKYC search, and AML screening execute in parallel against respective regulatory databases without blocking customer progression. |
| 6 | Data quality: fewer manual entries reduce KRA/exchange rejections | Customer-entered fields are limited to data unavailable from any government or regulatory source (mobile, email, bank account details, segment preferences). |
| 7 | Digital signature per IT Act 2000, Section 3A | Single Aadhaar OTP-based electronic signature on the complete application, legally valid under IT Act 2000 Section 3A and SEBI eSign guidelines. No physical signatures required. |
| 8 | Regulatory agency submissions after dual-control approval | KRA, CKYC, UCC, and BO account submissions are processed in batch after maker-checker approval, per SEBI dual-control requirements for account opening. |
| 9 | IPV exemption via Aadhaar eKYC | Aadhaar eKYC through DigiLocker exempts In-Person Verification (IPV) and Video In-Person Verification (VIPV) per SEBI/HO/MIRSD/DOP/CIR/P/2020/73. |
| 10 | Progressive disclosure of conditional fields | Fields are shown only when relevant to customer selections (e.g., income proof for F&O/Commodity segments, FATCA declarations for tax residency, PEP declarations). |
| 11 | Pre-submission validation gate | All blocking regulatory checks (PAN status, KRA status, AML screening, bank verification) must pass before the customer proceeds to eSign. Applications failing mandatory checks are stopped early with clear remediation guidance. |
The constraints are not independent — they reinforce each other in a specific pattern. Understanding how they connect will help you see the system as a whole rather than a collection of screens.
How Constraints Connect
Section titled “How Constraints Connect”The constraints work together as a system:
- Constraints 1-3 establish the identity foundation (mobile verification, government identity sources, Aadhaar eKYC)
- Constraints 4-6 ensure data quality and completeness from authoritative sources
- Constraints 7-8 handle completion (digital signature, batch submission to regulatory agencies)
- Constraints 9-11 enforce regulatory compliance (IPV exemption, conditional disclosures, pre-submission validation)