Analysing India's KYC Framework through the Privacy Lens

46 Pages Posted: 29 Apr 2022

See all articles by Vrinda Bhandari

Vrinda Bhandari


Rishab Bailey

xKDR Forum

Trishee Goyal

National Institute of Public Finance and Policy

Date Written: April 26, 2022


In order to prevent use of the formal financial system for illegal ends, international frameworks and domestic law require financial institutions to collect personal information from individuals at the time of opening accounts, as well as on an ongoing basis. These obligations give rise to privacy concerns, not least due to the quantity and nature of personal information collected by financial institutions.

In this paper we seek to examine whether and to what extent the Indian KYC framework (as applicable to the banking sector) accounts for privacy rights in its design and implementation. We point to how the international framework established by the Financial Action Task Force (FATF), which forms the basis of the Indian Know-Your-Customer (KYC) framework, does not adequately consider privacy interests in its design, focusing almost solely on law enforcement interests. These shortcomings are exacerbated in the Indian domestic regime.

Not only does the KYC framework require mandatory and intrusive data collection, it fails to establish any limitations or checks and balances over its implementation by financial institutions. The KYC framework in India establishes a system that renders individuals susceptible to a variety of harms ranging from State surveillance to problems of data theft and economic losses, as well as related harms such as exclusions caused due to the increased use of digital identification systems. While the FATF does, to some extent, allow domestic legal frameworks to balance privacy interests with the broader interests of law enforcement, we posit that the absence of a strong privacy culture in India has translated into excessively intrusive KYC requirements. Accordingly, we recommend revision of both the international and domestic frameworks, particularly as literature indicates that the law enforcement benefits of the FATF framework (and indeed its application in India) are limited.

Keywords: FATF, privacy, KYC, Aadhaar, customer due diligence, enhanced due diligence, financial privacy, banks, profiling

JEL Classification: K1, K10, K11, K40, G10, G21, Z10

Suggested Citation

Bhandari, Vrinda and Bailey, Rishab and Goyal, Trishee, Analysing India's KYC Framework through the Privacy Lens (April 26, 2022). Available at SSRN: or

Rishab Bailey

xKDR Forum ( email )

Trishee Goyal

National Institute of Public Finance and Policy ( email )

18/2, Satsang Vihar Marg
New Delhi, 110067

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics