The Securities and Exchange Board of India on 20th July 2022, has notified 155 reporting entities as sub-KYC user agency (KUA) to use Aadhaar authentication services of UIDAI under section 11A of the Prevention of Money-laundering Act, 2002.
These entities shall enter into an agreement with a KUA and get themselves registered with UIDAI as sub-KUAs. The agreement in this regard shall be as prescribed by UIDAI. The KUAs shall facilitate the onboarding of these entities as sub-KUAs to provide the services of Aadhaar authentication with respect to KYC.
The KUA/ sub-KUA while performing the Aadhaar authentication shall also comply with the following:
- For sharing of e-KYC data with Sub-KUA under Regulation 16(2) of Aadhaar (Authentication) Regulations, 2016, KUA shall obtain special permission from UIDAI by submitting an application in this regard. Such permissible sharing of eKYC details by KUA can be allowed with their associated Sub-KUAs only
- KUA shall not share UIDAI digitally signed e-KYC data with other KUAs. However, KUAs may share data after digitally signing it using their own signature for internal working of the system.
- e-KYC data received as response upon successful Aadhaar authentication from UIDAI will be stored by KUA and Sub-KUA in the manner prescribed by Aadhaar Act/Regulations and circulars issued by UIDAI time to time.
- KUA/Sub-KUA shall not store Aadhaar number in their database under any circumstances. It shall be ensured that Aadhaar number is captured only using UIDAI`s Aadhaar Number Capture Services (ANCS)
- The KUA shall maintain auditable logs of all such transactions where e-KYC data has been shared with sub-KUA, for a period specified by the Authority.
- UIDAI may conduct audit of all KUAs and Sub KUAs as per the Aadhaar Act, Aadhaar Regulations, AUA/KUA Agreement, Guidelines, circulars etc. issued by UIDAI from time to time.
