KYC Methods: RBL Bank

We have partnered with the RBL Bank (formerly, Ratnakar Bank) to provide the services to the fintechs. The RBL Bank enables the fintechs to complete the KYC of the account holder using either of the following methods-

• Minimal KYC
• Aadhaar XML KYC
• Aadhaar biometric KYC

Minimal KYC

Step 1: Details’ verification

In minimal KYC, the fintech shall verify the contact number, generally done via one-time passwords(OTP), and the identification proof, i.e. officially valid documents that can be a passport, driving licence, voters’ ID card, PAN card, and job card issued by NREGA signed by a State Government official.

Step 2: Create Application

Fintech requests creation of application using /newindividual API Fusion checks for an already existing account holder on the contact number with the IFI, in this case, RBL Bank.

Note: An applicant may sign up with multiple Fintechs under the same issuer. Zeta system maintains a single identity of an Account Holder per issuer. This is in line with the compliance requirements of the bank and the regulator. This means that if an applicant signs up with multiple fintech’s working with Fusion on the same issuer, there would only be one Account Holder entity.

You can refer to Creating Application for Account Holder creation to understand how the application to create an account holder is sent.

Aadhaar XML KYC

Unique Identification Authority of India (UIDAI) offers Aadhaar offline e-KYC services. It is a secure shareable document that can be used by any Aadhaar number holder for offline verification of Identification. A resident who wants to use this facility shall generate his/her digitally signed Aadhaar details by accessing the UIDAI resident portal and providing the same to the IFI. XML based KYC is a fully digital Full KYC process supported by Fusion without any agent intervention.

Fintech shall integrate with the fusion’s Aadhaar XML KYC service to enable XML based full KYC service for their applicants (applicants).

The steps to complete the XML KYC process are outlined below:

• Session Creation: When an applicant clicks on the call-to-action provided by the fintech on their application to initiate the KYC process, the fintech creates a new KYC service session using the CreateSession endpoint. This API is called using fintech’s authToken from its backend. The session token has a validity of 30 minutes and needs to be passed while opening fusion’s webview.

Parameters

Request

cURL sample

Switch Theme

Expand More

Copy

  curl --location --request POST<base_url>/xmlkyc/ifi/<ifiID>/sessionToken/<phoneNumber>' \
--header 'X-Zeta-AuthToken:<vbo_sandbox_token>' \
--data-raw ''

Code Copied

Response

JSON Sample

Switch Theme

Expand More

Copy

{
    "sessionToken": "eyJhbGciOiJIUzI1NiJ9.eyJpZmlJRCI6IjE0MDc5MyIsInN1YiI6Iis5MTk5NTMxMjMxMjMiLCJ2Ym9JRCI6Ijk2MTAwODU2LThjMWUtNDczNS1iYjYyLTk3ZjU2YTgyOTU4MCIsImV4cCI6MTYxNTM4NTU4MSwiaWF0IjoxNjE1MzgzNzgxfQ.OpAIX3YU4jl84WoGM1fJxgydnQtbv_lThBEVIsTR0iI"
}

Code Copied

• Redirection to eKYC webview: The fintech passes the Session ID hence received along with the mobile number and the respective callback URLs to the request for the eKYC web view

Webview Link: <base_url>/?flow=xml&mobileNumber=<phone_vector>&sessionToken=<session_token>&failureUrl=<failure_url>&successUrl=<success_url>

Parameters

The entire flow from this step onwards will be orchestrated by fusion and the applicant is redirected to fintech’s callback URLs once the flow is completed.

• Capturing applicant details: On the eKYC webview, the applicant will enter the following details as per their Aadhaar records:
  • Name
  • Date of Birth
  • Phone number [pre-filled as passed by Fintech and is not editable by the applicant]
    

Fusion runs an internal dedupe check based on this phone number to check if the Account Holder already exists for the IFI.

Case 1: Doesn’t exist, i.e. new applicant

If the Account Holder profile does not exist, a new application for Account Holder provisioning is created by fusion, and the Aadhaar XML KYC is completed as per the below steps.

• Consent for aadhaar verification: Applicant’s consent for using Aadhaar XML for KYC is captured. If the applicant agrees to provide the consent, the applicant’s aadhaar number is captured on the webview (in a secured environment) along with a captcha code.
• If the phone number is verified and the application details are matched successfully with the Aadhaar details (as verified with UIDAI), the applicant is onboarded for the RBL PPI offering in the next step.
• Capturing applicant’s additional information: For applicant onboarding, applicants demographic information as available with aadhaar records are used. Additional information about the customer’s profile is captured on the webview UI. These details include:
  • Customer’s email address
  • Mother’s maiden name (Optional)
  • Occupation
  • Nationality
  • Local Address
  • Customer Income source, etc.
• PEP and FATCA declaration: In addition to this, the customer’s PEP status and FATCA declaration are captured in this step.
  • A Politically Exposed Person (PEP) is an individual with a prominent public post or a public function. One could also qualify as a PEP if they are a family member or a close relative of such an individual.
  • FATCA declaration is captured to check if the applicant is a tax resident of India or not.

Note: For the PPI account provisioning, the applicant must not be a PEP and must be a tax resident of India.

• Consent on terms and conditions of PPI: Once all these details are captured, RBL records the applicant’s consent to T&C of PPI account onboarding by verifying OTP sent to the applicant phone number.
  Upon successful OTP verification, the XML KYC for the applicant is completed and is redirected to Fintech’s callback URL.

Case 2: Already exists

Case 2.1: KYC state: Minimal KYC

• The applicant goes through the steps to complete the Aadhaar XML KYC as in Case 1
• Once the verification is successful, the Account Holder’s KYC status update

Case 2.2: KYC state: Full KYC

In this case, the applicant need not re-do the KYC as it has already been verified for the respective IFI.

• The applicant enters the OTP sent on his registered number to give the consent for the sign up with the already completed KYC, with this fintech.
• Upon successful authentication, the session is terminated and the applicant is redirected to the success callback URL on the fintech’s app.

You can refer the error codes for Aadhaar XML KYC as in KYC Error Codes: RBL Bank

Aadhaar Biometric KYC

Aadhaar biometric is an assisted process where either a third-party agent or an agent from Zeta will visit the applicant to collect biometric (fingerprint or IRIS scan) information. Fusion provides the APK to be used by agents to complete the Aadhaar biometric KYC. This APK is referred to as Biometric Service or the ATOM App as described in sections below. In this process, authentication is completed using biometric input and the application data is then validated against Aadhaar details. Aadhaar based biometric authentication can be used to update applicant status to Full KYC.

Banking Correspondant

Since the Aadhaar biometric is an agent-assisted process, firstly the fintech needs to do a channel partner registration with the bank to get empanelled as a Banking Correspondent (BC). BCs are individuals/entities engaged by a bank for providing some of the services on behalf of the bank and are provided channel partner/agent credentials to onboard applicants on their behalf. These credentials need to be shared with Zeta and will be required in the Biometric KYC flow.

Once RBL approves the channel partner registration, the fintech can start onboarding the agents who would assist the biometric KYC process by visiting the applicants and collecting biometric impressions. RBL bank approves every agent onboarding request by fintech.

• Details required for Channel Partner Registration: Company details, channel partner applicant details and POI/ POA of the channel partner applicant.
• Details required for Agent registration: Name, Gender, DOB, PAN, Aadhaar Number and POI/POA of the agent.

Biometric KYC Service

The agent needs to install Zeta’s Atom application for completing the biometric KYC of the applicants. Atom application APK is shared by the Zeta team with the fintechs. The steps to complete the biometric KYC process are outlined below.

Note: In case the fintech is onboarding a third party, i.e. a banking correspondent, to undertake the KYC, then they need to create the account holder with a minimal KYC prior to the physical visit to undertake the biometric verification.

• Agent downloads the Zeta Atom application on his/her mobile or tablet.
• Agent signs in to the Atom application using his/her phone number and OTP sent by Zeta.
• After a successful login, the agent can start the applicant KYC process. The process starts with collecting application details from the applicant. The agent needs to input the following information on behalf of the applicant:
  • Mobile number
  • Name
  • DoB
  • Email ID
• In the next step, the applicant needs to provide the following information for Aadhaar verification. These details are collected on the Atom application the agent has
  • Aadhaar number (these details are captured in a secure bank environment)
  • Date of birth
  • Gender
  • Consent to Aadhaar verification “Terms and conditions”
• If the details provided by the applicant match the details stored against his Aadhaar details in UIDAI, the applicant will get a success message.
• Once the Aadhaar validation is successful, the biometric device with the agent gets activated to capture the biometric of the customer.
• The agent collects the biometric impression of the customer.
• If the biometric authentication is successful, the applicant is onboarded for RBL PPI offering in the next step.
• For applicant onboarding, applicants demographic information as available with Aadhaar records are used. Additional information about the customer’s profile is captured. These details include:
  • Customer’s email address
  • Mother’s maiden name (Optional)
  • Occupation
  • Nationality
  • Local Address (Optional)
  • Customer Income source
• In addition to this, the customer’s PEP status and FATCA declaration are captured in this step.
  • A Politically Exposed Person (PEP) is an individual with a prominent public post or a public function. One could also qualify as a PEP if they are a family member or a close relative of such an individual.
  • FATCA declaration is captured to check if the applicant is a tax resident of India or not.
• For the PPI account provisioning, the applicant must not be a PEP and must be a tax resident of India.
• Once all these details are captured, Zeta records the applicant’s consent to “Terms and conditions” of PPI account onboarding by verifying OTP sent to the applicant phone number.
• After the OTP verification is done, Biometric KYC for the applicant is completed and the applicant is redirected back to the Fintech’s URL.