Bankpulse
BanksHomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsMethodologyGlossaryCircularsAskAnswersChangelogReviewsAbout
HomeCirculars › RBI/2013-14/213

RBI Cracks Down on Excessive KYC Data Collection

Live · in forceNo withdrawal recorded as of 19 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.
Issued by RBI: 03 Sep 2013  ·  Decoded by BankPulse: 19 Jun 2026, 18:12 IST
⏱ ~2 min read
📄 Official RBI source ↗
Quick answerRBI has warned banks against collecting intrusive personal details like family info, assets, and lifestyle data for KYC. Only mandatory information relevant to risk assessment should be sought; optional data requires customer consent post-account opening.

What changed

RBI observed banks overstepping by asking for non-mandatory personal details (e.g., number of dependents, spouse details, assets) during KYC. It reiterates that only risk-relevant mandatory info should be collected; optional info needs explicit consent after account opening. Confidentiality of all customer data is stressed, prohibiting use for cross-selling.

What it means for you

Banks must immediately review KYC forms to remove intrusive questions not tied to risk assessment. This reduces customer friction and privacy complaints but may limit data for profiling. Lenders must clearly distinguish mandatory vs. optional fields and obtain separate consent for optional data, impacting CRM and cross-sell strategies.

What you must do

Who it affects

All scheduled commercial banks (excluding RRBs), Local Area Banks, All India Financial Institutions, Compliance and KYC teams, Branch staff handling account opening

What specific information is now considered intrusive for KYC?

RBI flagged details like number of dependents, names of children, lifestyle, foreign visits in last 3 years, family members abroad, assets/liabilities, spouse name/date of birth, wedding date, and investments as non-mandatory and intrusive.

Can we still collect optional customer information for cross-selling?

Yes, but only after account opening and with explicit customer consent. The customer must know which data is mandatory for KYC and which is optional. Such data cannot be used for cross-selling without separate consent.

What should we do with existing customer data collected earlier?

Ensure all customer data is treated as confidential. For non-mandatory data collected without explicit consent, seek fresh consent or stop using it for cross-selling. Review periodic updation processes to align with this circular.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 19 Jun 2026, 18:12 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=8362&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.