How many times do banks need to update Know Your Customer (KYC) details? RBI rules explained

The Reserve Bank of India (RBI) says banks should follow a risk-based approach for the periodic updation of KYC. Accordingly, customers in the high-risk category have to update their KYC more frequently than low-risk customers.

The RBI also prescribes the number of years after which a bank must get customers' KYC updated based on their risk profile.

• High-risk customers: Banks have to carry out periodic updation of KYC of high-risk customers at least once every two years.

• Medium-risk customers: Banks have to carry out periodic updation of KYC of medium-risk customers at least once every eight years.

• Low-risk customers: Banks have to carry out periodic updation of KYC of low-risk customers at least once in every 10 years.

"...periodic updation shall be carried out at least once in every two years for high-risk customers, once in every eight years for medium risk customers and once in every ten years for low-risk customers from the date of opening of the account / last KYC updation," RBI says in its Master Direction on Know Your Customer (KYC) norms.

Latest changes to period updation rules

Banking correspondents for periodic updation of KYC

In case of customers with no change in KYC information or change only in the address, banks can use their authorised business correspondents for periodic updation of KYC,

"Self-declaration from the customer in case of no change in KYC information or change only in the address details may be obtained through an authorized BC of the bank. The bank shall enable its BC systems for recording these self-declarations and supporting documents thereof in electronic form in the bank’s systems," RBI says.

The RBI further says that the "bank shall obtain the self-declaration including the supporting documents, if required, in the electronic mode from the customer through the BC, after successful biometric based e-KYC authentication. Until an option is made available in the electronic mode, such declaration may be submitted in physical form by the customer."

Banks are required to update the customer’s KYC records and intimate the customer once the records get updated in the system.

Banks are also required to inform their customers, in advance, to update their KYC. "Prior to the due date of periodic updation of KYC, the RE shall give at least three advance intimations, including at least one intimation by letter, at appropriate intervals to its customers through available communication options/ channels for complying with the requirement of periodic updation of KYC."

After the due date of KYC updation, banks have to give at least three reminders, including at least one reminder by letter, at appropriate intervals, to such customers who have still not complied with the requirements, despite advance intimations.