On August 16, 2002, the Reserve Bank of India issued a single circular to all commercial banks — DBOD.AML.BC.18/14.01.001/2002-03 — laying down for the first time a unified set of "Know Your Customer" norms. Over the next twenty-three years, that one circular would multiply into 1,156 notifications, master directions, and master circulars, building the regulatory architecture that today governs every bank, NBFC, co-operative, money changer, and payment system operator in the country. On November 28, 2025, the RBI withdrew 9,445 circulars in one stroke and replaced them with 244 entity-specific Master Directions — the largest structural overhaul of Indian banking regulation in history.
This is the complete record of how that happened.
Also in this series:
- Counter-Terrorism Financing & UNSC Sanctions
- FATF Compliance — Deficient Jurisdictions and the Relay Chain
- Digital KYC — Aadhaar, V-CIP, and the Central KYC Registry
Regulatory Architecture
India's KYC/AML regulatory framework operates through a layered hierarchy.
Layer 0 — Statutes:
- Prevention of Money Laundering Act, 2002 (PMLA) — provides the statutory basis for all KYC/AML requirements
- Unlawful Activities (Prevention) Act, 1967 (UAPA), as amended in 2008 — empowers asset freezing for terrorist entities under Section 51A
- Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 — adds proliferation financing to the framework
- Foreign Exchange Management Act, 1999 (FEMA) — governs authorised persons (money changers, MTSS agents)
- Banking Regulation Act, 1949, Section 35A — the RBI's power to issue binding directions to banks
- Reserve Bank of India Act, 1934, Sections 45K/45L — the RBI's power over NBFCs
- Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
Layer 1 — Master Directions (the consolidated regulatory truth):
Before November 2025, there was a single unified KYC Master Direction (KYC Master Direction (Master Direction - Know Your Customer (KYC) Direct), issued February 25, 2016, updated through August 14, 2025). After the November 2025 consolidation, this was replaced by 10 entity-specific KYC Directions — one each for Commercial Banks, Small Finance Banks, Payment Banks, Local Area Banks, Regional Rural Banks, Urban Co-operative Banks, Rural Co-operative Banks, NBFCs, All-India Financial Institutions, and Housing Finance Companies.
Layer 2 — Circulars (amendments, clarifications, transmissions):
The 1,156 KYC/AML notifications are predominantly Layer 2 circulars. They fall into three categories:
1. Substantive amendments — circulars that change KYC requirements (e.g., lowering beneficial ownership thresholds, introducing V-CIP)
2. Transmission circulars — RBI forwarding UNSC sanctions lists or FATF statements to regulated entities (these account for ~600 of the 1,156)
3. Compliance and enforcement — circulars warning about non-compliance or mandating specific reporting formats
The Entity Multiplication Pattern:
A single policy change generates 4–7 near-identical circulars because the RBI issues separate versions for each entity type (Scheduled Commercial Banks, Urban Co-operative Banks, State/District Co-operative Banks, Regional Rural Banks, NBFCs, Authorised Persons, and Payment System Operators). This is why 791 of the 1,156 notifications are tagged as "Counter-Terrorism Financing" — the same UNSC sanctions list update is transmitted to each entity type separately.
Part I: Foundation (2002–2004) — 11 Notifications
The Starting Point: August 16, 2002
India's KYC framework begins with a single circular — DBOD.AML.BC.18/14.01.001/2002-03 — issued on August 16, 2002, addressed to all commercial banks.
Before this circular, there was no unified KYC regime. Banks followed ad hoc identification practices. The 2002 circular changed that by laying down requirements that remain the backbone of Indian KYC to this day:
"The Board of Directors of the banks should have in place adequate policies that establish procedures to verify the bonafide identification of individual/corporates opening an account. The Board should also have in place policies that establish processes and procedures to monitor transactions of suspicious nature in accounts and have systems of conducting due diligence and reporting of such transactions." (RBI Circular DBOD.AML.BC.18, August 16, 2002, Para 2.1)
Two critical tensions embedded in this first circular would define the next 23 years of KYC regulation:
Tension 1 — Compliance vs. Financial Inclusion:
"It should be ensured that the procedure adopted does not lead to denial of access to the general public for banking services." (Para 2.2)
Tension 2 — Surveillance vs. Privacy:
The Rs 10 lakh cash monitoring threshold:
"The banks are required to keep a close watch of cash withdrawals and deposits for Rs.10 lakhs and above in deposit, cash credit or overdraft accounts and keep record of details of these large cash transactions in a separate register." (Para 4)
The Rs 50,000 non-cash remittance threshold:
"Banks are required to issue travellers cheques, demand drafts, mail transfers, and telegraphic transfers for Rs.50,000 and above only by debit to customers' accounts or against cheques and not against cash." (Para 4)
Both thresholds survive to this day in the 2025 Master Directions. A parallel version for Urban Co-operative Banks was issued as UCB KYC Foundation Circular (Guidelines on "Know Your Customer" Norms and "Cash) (since withdrawn). Between them, these two foundational circulars are referenced by 26 subsequent notifications.
The November 2004 Overhaul: FATF Alignment
On November 29, 2004, the RBI issued a comprehensive rewrite — DBOD.NO.AML.BC.58/14.01.001/2004-05 — that explicitly aligned India's KYC framework with international standards:
"These 'Know Your Customer' guidelines have been revisited in the context of the Recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering (AML) standards and on Combating Financing of Terrorism (CFT). These standards have become the international benchmark for framing Anti Money Laundering and combating financing of terrorism policies by the regulatory authorities." (RBI Circular RBI-2004-05/284, November 29, 2004)
This circular introduced the four-pillar KYC framework that persists to this day:
"Banks should frame their KYC policies incorporating the following four key elements: Customer Acceptance Policy; Customer Identification Procedures; Monitoring of Transactions; and Risk management." (Para 2.2)
Risk categorisation appeared for the first time. The circular defined who required enhanced scrutiny:
"Examples of customers requiring higher due diligence may include (a) non-resident customers, (b) high net worth individuals, (c) trusts, charities, NGOs and organizations receiving donations, (d) companies having close family shareholding or beneficial ownership, (e) firms with 'sleeping partners', (f) politically exposed persons (PEPs) of foreign origin, (g) non-face to face customers, and (h) those with dubious reputation as per public information available." (Para 2.5)
And established the confidentiality principle:
"Banks were advised to treat the information collected from the customer for the purpose of opening of account as confidential and not divulge any details thereof for cross selling or any other purposes." (Para 2.7)
The circular also introduced the shell bank prohibition: "Banks should refuse to enter into a correspondent relationship with a 'shell bank'."
Banks were given until December 31, 2005 to be fully compliant.
Entity Rollout: December 2004 – February 2005
Within three months, the RBI issued substantively identical KYC frameworks to every type of regulated entity. This is the first instance of the "entity multiplication pattern" that would characterize KYC regulation going forward:
| Date | Circular | Entity Type | Legal Basis | CDN |
|---|---|---|---|---|
| Dec 15, 2004 | RBI/2004-05/302 | Urban Co-operative Banks | Section 35A, BR Act (AACS) | UCB KYC Norms RBI/2004-05/302 |
| Feb 18, 2005 | RBI/2004-05/369 | Regional Rural Banks | Section 35A, BR Act | RRB KYC Norms RBI/2004-05/369 |
| Feb 18, 2005 | RBI/2004-05/368 | State/District Central Co-operative Banks | Section 35A, BR Act (AACS) | StCB/DCCB KYC Norms RBI/2004-05/368 |
| Feb 21, 2005 | RBI-2004-05/371 | NBFCs, MNBCs, RNBCs | Sections 45K/45L, RBI Act 1934 | NBFC KYC Norms (NBFCs/MNBCs/RNBCs - KYC Guidelines/Anti-Money Laun) |
All five circulars (RBI_2039, RBI/2004-05/302, RBI/2004-05/369, RBI/2004-05/368, RBI_2136) shared the same four-pillar framework, the same compliance deadline (December 31, 2005), the same Rs 10 lakh cash threshold, and the same Rs 50,000 non-cash remittance threshold. Together, these five entity-type root circulars are referenced by 109 subsequent notifications — making them among the most foundational documents in the entire RBI regulatory graph.
The key legal distinction: banks operated under Section 35A of the Banking Regulation Act, 1949, while NBFCs operated under Sections 45K and 45L of the RBI Act, 1934. For co-operative banks, the Banking Regulation Act applied "As Applicable to Co-operative Societies" (AACS). For RRBs, the channel ran through NABARD:
"Please refer to NABARD's circulars NB.DOS.HO.POL.333/J.1-2002/03 (Circular No.106/DOS.15/2003) dated April 30, 2003 and No.NB.DoS.HO.POL.2069/J.1/2004-05 (Circular No.230/DoS.39/2004-05) dated August 28, 2004 on the guidelines on 'Know Your Customer' norms." RRBs - 'Know Your Customer' (KYC) Guidelines – Anti Money La...
A compliance follow-up circular for UCBs — UCB KYC Compliance Follow-Up (Know Your Customer Guidelines-Compliance) — is also among the most-referenced documents of this era (11 downstream references), underscoring how non-compliance with KYC norms at co-operative banks was an early concern.
Part II: The PMLA Era (2005–2012) — 491 Notifications
The Prevention of Money Laundering Act, 2002 came into force on July 1, 2005. This gave statutory backing to what had previously been purely regulatory guidance. The RBI responded with 491 KYC/AML/CFT circulars in this period — more than one per working week for seven years.
A. PMLA Compliance — Statutory Obligations Take Shape
The first PMLA obligation circulars extended statutory reporting requirements to entity types beyond commercial banks:
| Date | Circular | Entity | Key Mandate | CDN |
|---|---|---|---|---|
| Mar 21, 2006 | UBD.CO.BPD.(PCB)No.38/09.16.100/2005-06 | UCBs | CTR/STR filing under PMLA Rules | UCB PMLA Obligations (UCBs - PMLA, 2002 - Obligation of Banks) |
| 2006 | DNBS(PD).CC.No./03.10.42/2005-06 | NBFCs | PMLA obligations for NBFCs | NBFC PMLA Obligations (PMLA, 2002 - Obligations of NBFCs) (since withdrawn) |
| 2006 | RPCD.CO.RRB.No/03.05.33(E)/2005-06 | RRBs | PMLA obligations for RRBs | RRB PMLA Obligations RBI/2005-06/301 |
These established the reporting infrastructure — Cash Transaction Reports (CTRs), Suspicious Transaction Reports (STRs), and later Counterfeit Currency Reports (CCRs) — that all regulated entities must file with the Financial Intelligence Unit-India (FIU-IND).
The July 2, 2008 circular for UCBs (Prevention of Money Laundering Act, 2002 – Obligat) is particularly important as it established that STRs must be filed for attempted transactions as well:
"Banks should report all such attempted transactions in STRs, even if not completed by customers, irrespective of the amount of the transaction." (RBI_4325, Para 3)
"Banks should submit STRs if they have reasonable ground to believe that the transaction involve proceeds of crime generally irrespective of the amount of transaction and/or the threshold limit envisaged for predicate offences in part B of Schedule of PMLA, 2002." Prevention of Money Laundering Act, 2002 – Obligation of ban...
By December 2010, the FIU-IND was reporting that compliance levels remained poor. The RBI issued an enforcement circular to State/District Co-operative Banks:
"FIU-IND has observed that the level of compliance with the KYC/AML/CFT measures under PMLA, 2002 is still very poor and some banks have not even taken a policy decision to appoint the Principal Officer of a sufficiently high level who could wield required authority in the bank to implement the KYC/AML/CFT measures sincerely." (RBI/2010-11/300, December 7, 2010)
The same circular mandated: "banks should take steps to ensure strict compliance with PMLA, 2002 and to appoint officer of the rank of at least Deputy General Manager as Principal Officer."
A parallel enforcement circular for UCBs (UCB PMLA Reporting Enforcement RBI/2010-11/336, December 28, 2010) reported:
"The Financial Intelligence Unit of the Ministry of Finance, Government of India have informed us that the UCBs have not been furnishing various reports such as Suspicious Transactions Reports (STRs), Cash Transactions Reports (CTRs) and Counterfeit Currency Reports (CCRs) to the FIU-INDIA within the time frame stipulated under the PML Act, 2002." UCBs - KYC Norms /AML Standards /Combating Financing of Ter...
B. Counter-Terrorism Financing — The UAPA Section 51A Implementation
The Unlawful Activities (Prevention) Amendment Act, 2008 added Section 51A, empowering the Central Government to freeze assets of designated terrorist entities. The RBI operationalized this through four parallel circulars in September–November 2009, one per entity type:
| Date | Circular | Entity | Downstream Refs | CDN |
|---|---|---|---|---|
| Sep 17, 2009 | RBI/2009-10/166 | SCBs, FIs, LABs | 136 | UAPA Section 51A for SCBs RBI/2009-10/166 |
| Oct 29, 2009 | RBI/2009-10/198 | StCBs/DCCBs | 114 | UAPA Section 51A for StCBs/DCCBs RBI/2009-10/198 |
| Nov 5, 2009 | RBI/2009-10/206 | RRBs | 87 | UAPA Section 51A for RRBs RBI/2009-10/206 |
| Nov 16, 2009 | RBI/2009-10/222 | UCBs | 59 | UAPA Section 51A for UCBs RBI/2009-10/222 |
These four circulars collectively have 396 downstream references — making them the most-connected cluster in the entire KYC regulatory graph. Each subsequent UNSC sanctions list update references back to these root circulars.
The key operational requirements established by these circulars:
24-hour reporting:
"The banks shall immediately, not later than 24 hours from the time of finding out such customer, inform full particulars of the funds, financial assets or economic resources or related services held in the form of bank accounts, held by such customer on their books to the Joint Secretary (IS.I), Ministry of Home Affairs." Combating financing of terrorism- Unlawful Activities (Preve...
5-day verification:
"IS-I Division of MHA would cause a verification to be conducted by the State Police and/or the Central Agencies so as to ensure that the individuals/entities identified by the banks are the ones listed as designated individuals/entities... This verification would be completed within a period not exceeding 5 working days." Combating financing of terrorism- Unlawful Activities (Preve...
Freezing without prior notice:
"The order shall take place without prior notice to the designated individuals/entities." Combating financing of terrorism- Unlawful Activities (Preve...
15-day unfreezing:
"He shall pass an order, within fifteen working days, unfreezing the funds, financial assets or economic resources or related services." Combating financing of terrorism- Unlawful Activities (Preve...
Every subsequent UNSC sanctions list update was transmitted as a separate circular referencing these root documents. This generated an ongoing chain of approximately 400 transmission circulars between 2009 and 2025 — the single largest category of circulars in the KYC/AML dataset. See Part 2: Counter-Terrorism Financing & UNSC Sanctions for the complete chain.
C. FATF Compliance — The Deficient Jurisdictions Chain
On November 27, 2009, the RBI issued the foundational FATF compliance circular for Authorised Persons under FEMA:
"In terms of Prevention of Money Laundering Act, (PMLA), 2002, as amended by Prevention of Money Laundering (Amendment) Act, 2009, all Authorized Persons, authorized under Section 10(1) of FEMA, 1999 have been brought under the purview of PMLA, 2002." (RBI/2009-10/235, A.P.(DIR Series) Circular No.17)
This circular is significant for defining the three stages of money laundering in the Indian regulatory context:
"Placement — the physical disposal of cash proceeds derived from illegal activity. Layering — separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the audit trail and provide anonymity. Integration — the provision of apparent legitimacy to criminally derived wealth." KYC Norms/AML Standards/Combating Financing of Terrorism/Ob...
A sibling circular for MTSS agents (MTSS Agent AML Obligations RBI/2009-10/236, November 27, 2009, 13 downstream refs) extended these obligations to cross-border inward remittances.
From this base, the RBI issued periodic FATF statement relay circulars whenever the FATF updated its list of deficient jurisdictions. The April 6, 2011 circular RBI/2010-11/468 is a characteristic example:
"Financial Action Task Force (FATF) has issued a further Statement on October 22, 2010... Jurisdictions subject to FATF call on its members and other jurisdictions to apply countermeasures: Iran. Jurisdictions with strategic AML/CFT deficiencies that have not committed to an action plan: Democratic People's Republic of Korea (DPRK)." KYC Norms/AML Standards/Combating Financing of Terrorism/Obl...
The full FATF compliance chain — 197 circulars — is covered in FATF Compliance — Deficient Jurisdictions and the Relay Chain.
D. Wire Transfers — Cross-Border Information Requirements
A distinct chain of circulars established information requirements for wire transfers — a key FATF recommendation. The 2007 circular for RRBs (RRBs – Wire Transfers) and parallel versions for StCBs/DCCBs (STCBs/DCCBs – Wire Transfers) and commercial banks (Wire Transfers) introduced requirements that all cross-border wire transfers carry originator name, address, and account number. A domestic threshold of Rs 50,000 was established for requiring full originator information.
Seventy-two KYC/AML circulars relate to wire transfers and cross-border payments.
E. Customer Identification — The Proprietorship KYC Chain
A smaller but instructive amendment chain traces how KYC rules evolved for proprietorship firms — a common business structure in India where there is no legal distinction between the owner and the business:
Step 1 — March 26, 2010 (Commercial Banks):
Proprietorship KYC for Commercial Banks RBI/2009-10/362 (12 downstream refs) established the initial documentation requirements for proprietary concern accounts at commercial banks.
Step 2 — April 9, 2010 (RRBs):
Proprietorship KYC for RRBs RBI/2009-10/389 prescribed specific documents for RRBs:
"RRBs should call for and verify the following documents before opening of accounts in the name of a proprietary concern: (i) registration certificate (in the case of a registered concern), certificate/licence issued by the Municipal authorities under Shop & Establishment Act, sales and income tax returns, CST/VAT certificate... (ii) Any two of the above documents would suffice." RRBs - Know your Customer (KYC) guidelines - accounts of pro...
Step 3 — April 17, 2012 (Commercial Banks, expansion):
Proprietorship KYC Expansion RBI/2011-12/506 added two new acceptable documents:
"The complete Income Tax return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax Authorities. Utility bills such as electricity, water, and landline telephone bills in the name of the proprietary concern." KYC Guidelines - Accounts of Proprietary Concerns
Each circular explicitly references its predecessor with "please refer to our earlier circular dated..." — the characteristic pattern of incremental amendment via circular chains.
F. Unique Customer Identification Code (UCIC)
The precursor to the Central KYC Registry was the UCIC — a mandate that each customer have a single, unique identifier within each financial institution:
"The increasing complexity and volume of financial transactions necessitate that customers do not have multiple identities within a bank, across the banking system and across the financial system. This can be achieved by introducing a unique identification code for each customer." (RBI/2011-12/598, June 11, 2012)
The UCIC was rolled out in phases:
- June 2012: Co-operative Banks and RRBs (UCIC for Co-ops and RRBs RBI/2011-12/598) — deadline May 2013
- October 2012: UCBs (UCIC for UCBs RBI/2012-13/235) — deadline June 2013
- May 2013: NBFCs (UCIC for NBFCs RBI/2012-13/489) — deadline June 2013
G. Opening of "Small Accounts" — Financial Inclusion
The tension between KYC compliance and financial inclusion led to the "Small Account" concept — RBI/2010-11/389 (January 21, 2011) allowed banks to open accounts with relaxed KYC for underbanked populations, subject to transaction limits. This concept would later be formalized in the Master Direction with specific thresholds:
- Maximum balance: Rs 50,000
- Maximum monthly withdrawals: Rs 10,000
- Maximum annual credits: Rs 1,00,000
This was expanded to co-operative banks (Small Accounts for Co-operative Banks RBI/2012-13/331, September 24, 2012, 10 refs) and various other entity types.
H. FIU-India Reporting Infrastructure
The reporting infrastructure evolved from manual formats to electronic XML:
"FIU-India has advised that the earlier prescribed multiple data files reporting format is being replaced by a new single XML file format..." (RBI_6809, November 9, 2011)
Year-by-Year Breakdown (2005–2012)
| Year | Circulars | Key Theme |
|---|---|---|
| 2005 | 13 | Entity-type rollout of FATF-aligned KYC |
| 2006 | 6 | PMLA obligation circulars for UCBs, NBFCs, RRBs |
| 2007 | 5 | Wire transfer information requirements |
| 2008 | 12 | PMLA reporting, UAPA preparations, KYC consolidation |
| 2009 | 38 | UAPA Section 51A implementation, FATF AP framework |
| 2010 | 135 | UNSC sanctions lists surge, proprietorship KYC, compliance enforcement |
| 2011 | 122 | Small accounts, FIU XML reporting, continued UNSC transmissions |
| 2012 | 160 | UCIC mandate, UNSCR committee splitting, massive sanctions list volume |
The spike from 38 circulars in 2009 to 135 in 2010 and 160 in 2012 is almost entirely driven by the parallel-stream UNSC sanctions list transmissions.
Part III: Digital Transformation (2013–2019) — 337 Notifications
A. The Master Circular Era (2013–2015)
Before the 2016 Master Direction, the RBI issued annual Master Circulars that consolidated all KYC/AML/CFT instructions into a single reference document. These were issued separately for each entity type:
| Date | Circular | Entity | Words | CDN |
|---|---|---|---|---|
| Jul 1, 2012 | Master Circular | Commercial Banks | ~20,000 | KYC/AML MC 2012 RBI/2012-13/55 (since withdrawn) |
| Jul 1, 2013 | Master Circular | UCBs | ~18,000 | UCB KYC/AML MC 2013 RBI/2013-14/31 (since withdrawn) |
| Jul 1, 2013 | Master Circular | Commercial Banks | ~20,000 | KYC/AML MC 2013 RBI/2013-14/69 |
| Jul 1, 2014 | Master Circular | Commercial Banks | ~20,000 | KYC/AML MC 2014 RBI/2014-15/27 (since withdrawn) |
| Jul 1, 2015 | Master Circular | Commercial Banks | 23,313 | KYC/AML MC 2015 RBI/2015-16/42 (since withdrawn) |
The 2013 Master Circular for UCBs (UCB KYC/AML MC 2013 RBI/2013-14/31 (since withdrawn)) is notable for codifying the beneficial ownership thresholds that would later be tightened in 2016:
"Controlling ownership interest means ownership of / entitlement to more than 25 percent of shares or capital or profits of the juridical person, where the juridical person is a company; ownership of / entitlement to more than 15% of the capital or profits of the juridical person where the juridical person is a partnership." Master Circular on Know Your Customer (KYC) Norms/Anti-Money...
The 2015 Master Circular (KYC/AML MC 2015 RBI/2015-16/42 (since withdrawn)) defined Officially Valid Documents (OVDs) for the first time in a consolidated form:
"OVD means the passport, the driving licence, the Permanent Account Number (PAN) Card, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government, letter issued by the Unique Identification Authority of India containing details of name, address and Aadhaar number." Master Circular – Know Your Customer (KYC) norms / Anti-Mone...
B. Simplified KYC for Self Help Groups (April 2013)
The SHG simplification circular (SHG Simplified KYC RBI/2012-13/461, April 1, 2013) addressed a real-world problem — many SHG members in rural India lacked formal identity documents:
"KYC verification of all the members of SHG need not be done while opening the savings bank account of the SHG and KYC verification of all the office bearers would suffice. As regards KYC verification at the time of credit linking of SHGs, it is clarified that since KYC would have already been verified while opening the savings bank account and the account continues to be in operation and is to be used for credit linkage, no separate KYC verification of the members or office bearers is necessary." KYC Norms /Anti-Money Laundering Standards/Combating Financ...
C. Correspondent Banking Due Diligence (October 2013)
Correspondent Banking Due Diligence RBI/2013-14/342 (October 29, 2013) addressed a specific risk — co-operative banks using "at par" cheque facilities through correspondent banking with commercial banks:
"Since the 'at par' facility offered by commercial banks to co-operative banks is in the nature of correspondent banking arrangements, banks should monitor and review such arrangements to assess the risks including credit risk and reputational risk arising therefrom. For this purpose, banks should retain the right to verify the records maintained by the client cooperative banks/societies for compliance with the extant instructions on KYC and AML under such arrangements." Due diligence in correspondent banking relationship
D. FATCA/CRS — International Tax Compliance (August 2015)
India's signing of the FATCA IGA with the US (July 9, 2015) and the CRS multilateral agreement (June 3, 2015) added a major new compliance obligation to the KYC framework:
"India has signed the Inter-Governmental Agreement (IGA) with the USA on July 9, 2015, for Improving International Tax Compliance and implementing the Foreign Account Tax Compliance Act (FATCA). India has also signed a multilateral agreement on June 3, 2015, to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters under the Common Reporting Standard (CRS)." (RBI/2015-16/165, August 28, 2015)
Key thresholds:
- Individual depository accounts: USD 50,000 for US reportable accounts
- Entity depository accounts: USD 250,000 for US and other reportable accounts
- No threshold for CRS reporting (all accounts reportable)
The circular mandated a High Level Monitoring Committee under the Designated Director to ensure compliance.
E. Central KYC Records Registry — CKYCR (November 2015)
The CKYCR (CKYCR Establishment RBI/2015-16/251, November 26, 2015) was the culmination of the UCIC concept — a centralized national registry where KYC records could be stored once and retrieved by any regulated entity:
"The Government has vide a notification dated July 7, 2015, amended the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, for setting up of the Central KYC Records Registry (CKYCR). In terms of the notification, the proposed CKYCR would receive, store, safeguard and retrieve the KYC records in digital form of a client." Central KYC Records Registry (CKYCR) - template for Know You...
The cross-sector retrieval principle: "The KYC records received and stored by the CKYCR could be retrieved online by any reporting entity across the financial sector."
The CKYCR template also integrated FATCA/CRS reporting: "As the KYC data captured by the template also fulfil the reporting requirement under FATCA and CRS."
F. The 2016 Master Direction — The Hub Node (194 References)
On February 25, 2016, the RBI replaced the annual Master Circular regime with a single, living Master Direction — Master Direction on KYC (Master Direction - Know Your Customer (KYC) Direct) — that would be amended in place rather than reissued annually. This document became the central hub of the KYC regulatory graph, with 194 downstream references — far more than any other KYC document.
At 225,607 characters (33,918 words), it was the longest RBI document in the dataset by the time of its final update (August 14, 2025).
Key innovations in the 2016 Master Direction:
1. Beneficial Ownership Threshold Lowered to 10%:
The 2013 Master Circular required identification of beneficial owners with >25% ownership in companies. The 2016 Master Direction dramatically lowered this:
"Controlling ownership interest means ownership of/entitlement to more than 10 percent of the shares or capital or profits of the company." (RBI_11566, Para 3(a)(iv))
For partnerships: >10%. For unincorporated associations: >15%. For trusts: 10% or more interest, plus identification of author, trustee, and all natural persons exercising ultimate effective control. For the operational detail of how banks must trace these ownership chains in practice, see Who Owns This Company?.
2. Risk-Based Approach Formalized:
"REs shall carry out 'Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment' exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk." (Para 5A)
"REs shall apply a Risk Based Approach (RBA) for mitigation and management of the risks and should have Board approved policies, controls and procedures in this regard." (Para 5B)
3. Anti-Tipping-Off:
"Where RE forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR with FIU-IND." (Para 11A)
4. PEP Provisions Expanded:
"REs shall have the option of establishing a relationship with PEPs provided that: REs have in place appropriate risk management systems to determine whether the customer or the beneficial owner is a PEP; Reasonable measures are taken for establishing the source of funds/wealth; the approval to open an account for a PEP shall be obtained from the senior management; all such accounts are subjected to enhanced monitoring on an on-going basis." (Para 41)
5. Periodic KYC Updation Schedule:
"Periodic updation shall be carried out at least once in every two years for high-risk customers, once in every eight years for medium risk customers and once in every ten years for low-risk customers." (Para 38)
6. CKYCR Upload Mandate:
"REs shall capture customer's KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer." (Para 56)
7. UNSC Sanctions — Daily Verification:
"The UNSC Sanctions Lists and lists as available in the Schedules shall be verified on daily basis and any modifications to the lists in terms of additions, deletions or other changes shall be taken into account by the REs for meticulous compliance." (Para 51)
8. Comprehensive Wire Transfer Information:
"All cross-border wire transfers shall be accompanied by accurate, complete, and meaningful originator and beneficiary information: name of the originator; the originator account number; the originator's address, or national identity number, or customer identification number, or date and place of birth; name of the beneficiary; and the beneficiary account number." (Para 64)
9. OTP-Based eKYC Accounts — Transaction Limits:
"The aggregate balance of all the deposit accounts of the customer shall not exceed rupees one lakh. The aggregate of all credits in a financial year, in all the deposit accounts taken together, shall not exceed rupees two lakh. Accounts opened using OTP based e-KYC shall not be allowed for more than one year unless identification as per paragraph 16 or as per paragraph 18 (V-CIP) is carried out." (Para 17)
The Master Direction was amended 16 times between 2016 and 2025 before being replaced by entity-specific directions.
G. The Supreme Court Disruption (September 2018)
The Supreme Court's Aadhaar judgment of September 26, 2018 (Justice K.S. Puttaswamy v. Union of India) upheld Aadhaar's constitutional validity but struck down Section 57 of the Aadhaar Act, which had permitted private entities (including banks) to require Aadhaar for authentication.
This forced the RBI to issue amendment Aadhaar-KYC Amendment Post-Puttaswamy RBI/2018-19/190 (since withdrawn) (May 29, 2019, 14 downstream refs), which restructured the Aadhaar-KYC relationship:
"Banks have been allowed to carry out Aadhaar authentication/offline-verification of an individual who voluntarily uses his Aadhaar number for identification purpose." Amendment to Master Direction (MD) on KYC
DBT/non-DBT bifurcation:
- For DBT beneficiaries: Aadhaar required, eKYC authentication permitted
- For non-DBT customers: Aadhaar is voluntary; any OVD accepted
"REs shall ensure that the customers (non-DBT beneficiaries) while submitting Aadhaar for Customer Due Diligence, redact or blackout their Aadhaar number." Amendment to Master Direction (MD) on KYC
This is a rare instance where judicial intervention directly reshaped the KYC regulatory chain, forcing a retroactive adjustment of circulars that had assumed mandatory Aadhaar linkage. For the full story of how Aadhaar went from voluntary to mandatory and back, see The Aadhaar Moment.
Part IV: The Modern Framework (2020–2026) — 316 Notifications
A. Video KYC and Digital Onboarding (January 2020)
The January 9, 2020 amendment RBI/2019-20/138 (21 downstream refs) introduced three landmark changes:
Video-based Customer Identification Process (V-CIP):
"With a view to leveraging the digital channels for Customer Identification Process (CIP) by Regulated Entities (REs), the Reserve Bank has decided to permit Video based Customer Identification Process (V-CIP) as a consent based alternate method of establishing the customer's identity, for customer onboarding." Amendment to Master Direction (MD) on KYC
Digital KYC defined:
"'Digital KYC' has been defined as capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the Reporting Entity." Amendment to Master Direction (MD) on KYC
e-Document acceptance:
"'Equivalent e-document' has been defined as an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer." Amendment to Master Direction (MD) on KYC
Key operational requirements for V-CIP:
- Geotagging: "Live location of the customer shall be captured to ensure that customer is physically present in India."
- Anti-spoofing: "RE shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations."
- AI encouraged: "REs are encouraged to take assistance of the latest available technology, including Artificial Intelligence (AI) and face matching technologies."
- 3-day XML freshness: "XML file or QR code generation date is not older than 3 days from the date of carrying out V-CIP."
- Concurrent audit: "All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit."
What started as a facilitative measure became critical during COVID-19, as physical branch visits became impossible during lockdowns.
B. The 2023 Amendments — Four Streams Converge
April 28, 2023 — KYC MD Amendment — PMLA/WMD/FATF RBI/2023-24/24 (since withdrawn) (60 downstream refs):
This single amendment simultaneously implemented changes required by four different frameworks:
"It has been decided to amend the MD on KYC to (a) align the instructions with the recent amendments carried out in the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, (b) incorporate instructions in terms of the Government Order dated January 30, 2023, titled 'Procedure for Implementation of Section 12A of the Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005'; (c) update certain instructions in accordance with FATF Recommendations; and (d) refine certain extant instructions post review." Amendment to the Master Direction (MD) on KYC
October 17, 2023 — KYC MD Amendment — PML Rules/UAPA/FCRA RBI/2023-24/69 (since withdrawn) (33 downstream refs):
Six months later, another six-part amendment:
"(a) Update certain instructions considering amendments to the PML Rules vide Government notifications dated September 4, 2023 and October 17, 2023; (b) Update Annex II considering changes to Government of India Order related to UAPA, 1967; (c) Replace the WMD Act Government Order of January 30, 2023 with the Order of September 1, 2023; (d) Update certain instructions in accordance with FATF Recommendations; (e) Add a new Section 55A, on FCRA; and (f) Update certain other instructions post review." Amendment to the Master Direction (MD) on KYC
The addition of Section 55A on the Foreign Contribution Regulation Act (FCRA) illustrates how the KYC Master Direction progressively absorbed obligations from adjacent regulatory domains.
C. WMD Act Integration (2023)
The May 5, 2023 circular RBI/2023-24/47 (7 refs) transmitted the Government's procedures for implementing Section 12A of the WMD Act, adding proliferation financing to the obligations that banks must screen for alongside terrorist financing and money laundering.
D. The November 2025 "Big Bang" Consolidation
On November 28, 2025, the RBI executed the most significant structural reform of its regulatory architecture in decades. A single press release announced:
- 244 new Master Directions covering all regulations administered by the Department of Regulation
- 9,445 circulars withdrawn in one stroke
The withdrawal circular (November 2025 Withdrawal Circular RBI/2025-26/100) stated:
"9445 circulars listed in the Annex, which are either circulars whose instructions have been consolidated or circulars which have become obsolete/redundant, are withdrawn by the Reserve Bank with immediate effect and are hereby repealed." Consolidation of Regulations – Withdrawal of circulars
With a savings clause: "Notwithstanding such repeal, any action taken or purported to have been taken, or initiated under the repealed Directions, instructions, or guidelines shall continue to be governed by the provisions thereof."
For KYC specifically, the unified Master Direction (Master Direction - Know Your Customer (KYC) Direct) was disaggregated into 10 entity-specific KYC Directions, all issued on November 28, 2025 (with updates through December 29, 2025):
| Entity Type | Direction ID | Words | Downstream Refs | CDN |
|---|---|---|---|---|
| Commercial Banks | RBI_13141 | 20,700 | 49 | Link |
| Small Finance Banks | RBI_13109 | 20,000 | 39 | Link |
| NBFCs | RBI_12943 | 19,500 | 37 | Link |
| Local Area Banks | RBI_13064 | 19,800 | 35 | Link |
| Regional Rural Banks | RBI_13040 | 20,100 | 33 | Link |
| Rural Co-operative Banks | RBI_12988 | 19,200 | 33 | Link |
| Urban Co-operative Banks | RBI_13014 | 19,000 | 31 | Link |
| Payment Banks | RBI_13090 | 18,500 | 29 | Link |
| All-India Financial Institutions | RBI_MD_12969 | 18,500 | — | Link |
| Housing Finance Companies | RBI_12939 | — | — | Link |
A bridge circular (KYC Bridge Circular for Authorised Persons RBI/2025-26/99, November 28, 2025, 8 refs) connected the old and new regimes for Authorised Persons:
"'Master Direction — Know Your Customer (KYC) Direction, 2016' has since been substituted with regulatory instructions applicable separately to each type of entity regulated by the Department of Regulation. Authorised Persons, which are not regulated by the Department of Regulation, shall be governed by 'Reserve Bank of India (Non-Banking Financial Companies — Know Your Customer) Directions, 2025'." Compliance with Know Your Customer (KYC) norms
Substantively, the 10 entity-specific KYC Directions are largely harmonized — the same beneficial ownership thresholds (10%), the same risk-based approach, the same V-CIP provisions, the same wire transfer information requirements. The key differences are:
- Which statutory authority applies (Banking Regulation Act vs. RBI Act)
- Entity-specific provisions (e.g., Business Correspondent reliance for banks, agent oversight for APs)
- Supervisory department (DOR for most entities)
E. Companion "Responsible Business Conduct" Directions (November 2025)
Alongside the KYC-specific Directions, the consolidation produced companion "Responsible Business Conduct" Directions for each entity type that absorbed several KYC-adjacent requirements:
| Entity | Direction | Words | CDN |
|---|---|---|---|
| Commercial Banks | RBI_13140 | 39,805 | Link |
| Small Finance Banks | RBI_13108 | 39,877 | Link |
| RRBs | RBI_13039 | 38,133 | Link |
| UCBs | RBI_13013 | 29,530 | Link |
| Rural Co-operative Banks | RBI_12987 | 32,664 | Link |
F. NBFC Regulation Cluster (2025–2026)
The NBFC KYC landscape was particularly affected by the consolidation, with multiple new directions issued:
| Date | Direction | Subject | Refs | CDN |
|---|---|---|---|---|
| Nov 28, 2025 | RBI_12965 | NBFC Registration, Exemptions & Framework | 64 | Link |
| Nov 28, 2025 | RBI_12955 | NBFC Credit Information Reporting | 22 | Link |
| Feb 13, 2026 | RBI_12957 | NBFC Credit Facilities | 42 | Link |
| Feb 26, 2026 | RBI_12931 | NBFC Miscellaneous | 64 | Link |
Part V: How the Pieces Fit Together
The 1,156 KYC/AML notifications don't exist in isolation. They form a web where every circular references those before it and is referenced by those after. Two documents sit at the centre.
The 2016 Master Direction (Master Direction - Know Your Customer (KYC) Direct) — at 33,918 words, updated sixteen times over nine years — is the most-referenced KYC document with 194 downstream citations. Every subsequent KYC amendment, every entity-specific circular, every clarification points back to it. The four September–November 2009 CFT circulars (UAPA 51A for SCBs RBI/2009-10/166, for StCBs/DCCBs RBI/2009-10/198, for RRBs RBI/2009-10/206, for UCBs RBI/2009-10/222) collectively have 396 downstream references — one for every UNSC sanctions list update transmitted to banks over the following sixteen years.
Five patterns define how this web operates:
Hub-and-spoke: Consolidation documents (the 2016 MD, the 2025 entity-specific directions) sit at the centre. Everything points to them.
Parallel entity streams: The same policy generates 4–7 near-identical circulars, one per entity type. The UNSC sanctions list transmission chain — 400+ circulars — is four parallel railroad tracks, each referencing its own entity-specific root.
Linear amendment chains: Substantive policy changes follow chains. The proprietorship KYC chain (Proprietorship KYC for SCBs RBI/2009-10/362 → for RRBs RBI/2009-10/389 → Expansion RBI/2011-12/506) is the cleanest example — five steps over twelve years, each opening with "please refer to our earlier circular dated..."
Consolidation resets: When the RBI issues a Master Direction (2016) or entity-specific directions (2025), the graph resets. New circulars reference the consolidation, not the historical chain. The November 2025 withdrawal RBI/2025-26/100 of 9,445 circulars was the largest such reset in RBI history.
Multi-parent convergence: The April 2023 KYC amendment RBI/2023-24/24 (since withdrawn) simultaneously incorporated PMLA Rules, WMD Act, FATF Recommendations, and the RBI's own review — four parent streams converging into one child.
Part VI: What Happens When Banks Don't Comply
The KYC framework isn't just rules on paper. In 2025–2026 alone, the RBI penalised major banks for KYC failures:
HDFC Bank — Rs 91 lakh (November 2025): The penalty press release (RBI imposes monetary penalty on HDFC Bank Limited) cited non-compliance with KYC directions alongside interest rate and outsourcing violations — the country's largest private bank failing on the basics.
Jammu & Kashmir Bank — Rs 99.30 lakh (December 2025): The penalty (Reserve Bank of India imposes monetary penalty on) hit on KYC Directions plus internal ombudsman and customer service failures.
Central Bank of India — Rs 63.60 lakh (March 2026): Penalised (RBI imposes monetary penalty on Central Bank of In) for failing to upload KYC records to CKYCR on time — the very system the 2015 CKYCR circular RBI/2015-16/251 established to make KYC a one-time exercise.
Jilla Sahkari Bank, Kanpur — Rs 3 lakh (January 2026): A district co-operative bank penalised (RBI imposes monetary penalty on Jilla Sahkari Bank) for not periodically reviewing customer risk categorisation — the risk-based approach that the 2016 Master Direction mandated a decade ago.
And the FATF dimension continues to evolve. In February 2026, the RBI transmitted the latest FATF statement on high-risk jurisdictions (Financial Action Task Force (FATF) High risk and o) — DPRK, Iran, and Myanmar remain on the call-for-action list, generating the same enhanced due diligence obligations that the 2009 FATF framework RBI/2009-10/235 established seventeen years ago.
The Current Framework: What's Active Today
After the November 2025 consolidation, the unified KYC Master Direction was disaggregated into ten entity-specific directions — Commercial Banks (Reserve Bank of India (Commercial Banks – Know You), SFBs (Reserve Bank of India (Small Finance Banks – Know), Payment Banks (Reserve Bank of India (Payments Banks – Know Your), LABs (Reserve Bank of India (Local Area Banks – Know You), RRBs (Reserve Bank of India (Regional Rural Banks – Know), UCBs (Reserve Bank of India (Urban Co-operative Banks –), Rural Co-ops (Reserve Bank of India (Rural Co-operative Banks –), NBFCs (Reserve Bank of India (Non-Banking Financial Compa), AIFIs (RBI_MD_12969), and Housing Finance Companies. The bridge circular RBI/2025-26/99 connected FEMA Authorised Persons to this new structure.
The substantive requirements are harmonised across all ten directions: the same 10% beneficial ownership threshold, the same V-CIP provisions, the same CKYCR upload mandate, the same daily UNSC screening, the same risk-based approach. What differs is statutory authority (Banking Regulation Act for banks, RBI Act for NBFCs) and operational detail (Business Correspondents for banks, agent oversight for Authorised Persons).
The key thresholds — Rs 10 lakh for cash reporting, Rs 50,000 for walk-in CDD, 10% for beneficial ownership, 2/8/10 years for KYC updation by risk category — remain unchanged from the provisions that the 2002 and 2004 circulars first established. The architecture has been rebuilt three times. The core requirements endure.
For a practical guide to what documents you need to open a bank account today, see Can I Open a Bank Account With Just Aadhaar?
Last updated: April 2026