What changed
RBI consolidated and updated KYC norms specifically for ARCs under the Securitisation Act, RBI Act, PMLA, and FEMA. The directions cover customer identification, due diligence, risk categorization, record management, and reporting to FIU-IND. They replace earlier fragmented instructions and align ARC practices with broader AML/CFT framework.
What it means for you
ARCs must now implement robust KYC processes similar to banks, including Aadhaar-based authentication and enhanced due diligence for high-risk customers. This tightens oversight on asset reconstruction activities to prevent money laundering and terrorist financing. Banks dealing with ARCs should ensure their counterparties comply, as lapses could affect shared transactions.
What you must do
- Review and update your ARC's KYC policy to align with these directions, covering customer acceptance, risk management, and CDD procedures.
- Train staff on the new requirements, including Aadhaar authentication and reporting obligations to FIU-IND.
- Ensure record-keeping systems can retain customer identification data and transaction records as per the prescribed timelines.
- Coordinate with your legal and compliance teams to map existing processes against the detailed chapters in the direction.
Who it affects
All Asset Reconstruction Companies (ARCs), Banks and financial institutions that transact with ARCs, Compliance and AML teams within ARCs and partner banks
When do these KYC directions take effect?
The directions came into effect on November 28, 2025, the date they were placed on the RBI website.
What is the legal basis for these directions?
RBI issued them under the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002, the RBI Act, 1934, the Payment and Settlement Systems Act, 2007, FEMA, 1999, and the PML Rules, 2005.
Do these directions apply to all ARCs?
Yes, they are applicable to all Asset Reconstruction Companies registered with RBI.