What changed
RBI inserted an Explanation in paragraph 59 of the ARC KYC Directions, 2025, effective immediately. It specifies that the regulated entity which last uploaded or updated customer KYC records to CKYCR bears the responsibility for verifying identity/address. ARCs that download and rely on such current records from CKYCR are exempt from re-verifying identity/address, but must still fulfill all other Customer Due Diligence obligations.
What it means for you
For ARCs, this reduces duplication of KYC verification when records are sourced from CKYCR, provided the records are current and compliant. However, ARCs cannot offload overall CDD responsibility—they remain accountable for all other aspects like risk profiling and ongoing monitoring. This aligns with the government's September 2025 office memorandum on CKYCR responsibility.
What you must do
- Update internal KYC policies to reflect that ARCs relying on CKYCR records need not re-verify identity/address if records are current and PML-compliant.
- Ensure your systems check the 'last uploaded/updated by' field in CKYCR to confirm the uploading entity's responsibility.
- Maintain documentation of downloaded CKYCR records and their currency to demonstrate compliance during audits.
- Train CDD teams that overall CDD responsibility (except identity/address verification) remains with the ARC.
Who it affects
Asset Reconstruction Companies (ARCs), Regulated entities uploading KYC records to CKYCR, Compliance and AML teams at ARCs
Does this amendment apply to all ARCs immediately?
Yes, the amendment came into force with immediate effect from the date of issuance, December 29, 2025, and applies to all ARCs covered under the ARC KYC Directions, 2025.