RBI Issues Revised Draft Guidelines on KYC Updation

RBI Issues Revised Draft Guidelines on KYC Updation. On May 23, 2025, the Reserve Bank of India (RBI) released its Revised Draft Guidelines on KYC Updation, focusing on making the Know Your Customer (KYC) process more flexible and convenient for customers. These updates fall under Paragraph 38 of the KYC Master Direction, 2016, and aim to simplify the periodic updating of customer KYC information across banks, NBFCs, and other regulated entities (REs). Let us break down these revised guidelines in simple, detailed language so everyone can understand what has been proposed.
Permitting Operations for Low-Risk KYC Customers
The Revised Draft Guidelines on KYC Updation propose that regulated entities (REs) must allow continued operations in the accounts of customers categorized as low-risk, even if their Re-KYC has become overdue. This permission extends up to one year after the Re-KYC becomes due or until June 30, 2026, whichever comes later. This means that even if a low-risk customer misses their Re-KYC deadline, they will still be able to carry out transactions until this extended date.
The RBI has emphasized that continuous monitoring of these accounts must continue. Simply put, just because the transactions are allowed does not mean the REs can ignore them; they must watch these accounts closely to catch any suspicious activity. This addition aims to ensure that customers do not face unnecessary service disruptions, especially those who are less likely to be involved in money laundering or terrorist financing.
Implications for Regulated Entities (REs)
For regulated entities such as banks, NBFCs, and payment aggregators, these Revised Draft Guidelines on KYC Updation will require system and policy updates. REs must change their systems to allow low-risk customers to continue transacting without interruption even after the Re-KYC deadline. However, the decision to offer new products or services to such customers remains at the discretion of the RE. This means they can still decide whether they want to extend new loans or accounts, for example, to customers whose KYC is overdue.
The RBI has also highlighted the need for REs to review how they categorize their customers. If an RE uses poor risk classification logic, it could increase the chances of money laundering or terrorist financing slipping through the cracks. Therefore, it is important that these entities not only follow the letter of the guidelines but also ensure their systems are strong and accurate in how they classify risks.
Additionally, REs can implement extra rules or set thresholds to strengthen their monitoring efforts. For instance, they might introduce daily transaction limits or heightened surveillance for accounts pending Re-KYC. These measures help balance convenience for customers with the necessary safeguards against misuse.
Pre-Intimation for Re-KYC
The Revised Draft Guidelines on KYC Updation also introduce stricter requirements for communication with customers. Before the due date for Re-KYC, REs must send at least three advance intimations to customers, including at least one letter through postal mail. These notifications should be spread out at appropriate intervals and sent through various available communication channels such as SMS, email, and physical letters.
This ensures customers are well-informed and reminded multiple times before they reach the Re-KYC deadline. The RBI wants to make sure that customers are not caught unaware or left guessing about when and how to update their KYC information. This advance notification is an important step to maintain smooth customer relationships and avoid unnecessary account blocks or restrictions.
Post-Intimation for Re-KYC
If a customer does not complete their Re-KYC by the due date, the Revised Draft Guidelines on KYC Updation require REs to send at least three additional reminders. Just like the pre-intimations, at least one of these reminders must be sent by physical letter. The reminders should also be spaced out properly and use all available communication options.
The RBI mandates that REs keep a detailed log of all these notifications and reminders in an auditable format. This means that if regulators come to check, REs must be able to show proof of every message, email, or letter sent to remind the customer about Re-KYC. This accountability is essential to ensure that REs are fulfilling their obligations and providing every opportunity for customers to comply.
Required Content in Intimation/Reminder Letters
The Revised Draft Guidelines on KYC Updation also specify what these intimation and reminder letters must include.

First, the letters must give clear instructions on how to complete the Re-KYC process. Customers should know exactly what steps to follow and what documents they need.
The letters must provide an escalation mechanism. This means that if a customer faces any difficulties or needs help with the Re-KYC process, they should know whom to contact and how to escalate the issue if the initial point of contact does not resolve their problem.
Lastly, the letters must explain the consequences of not completing Re-KYC on time. Customers should be fully informed about what will happen to their accounts if they miss the deadline, so they can take necessary action to avoid service disruptions.

Open Questions Raised by the Draft Guidelines
While the Revised Draft Guidelines on KYC Updation provide detailed instructions, some important questions still remain. For instance, does the requirement to send at least one letter fulfill the regulatory expectation of positive address confirmation, especially if the customer has changed their address? Simply sending a letter may not be enough if the address is outdated or incorrect.
Another important question is whether REs should continue to permit transactions for low-risk customers if the intimation or reminder letters are undelivered. If the letters come back undelivered, should the RE still assume it is safe to allow the customer to transact until June 30, 2026? These are areas where further clarification is expected in the final guidelines.
Re-KYC via Business Correspondents (BCs)
A significant addition in the Revised Draft Guidelines on KYC Updation is the formal allowance for banks to use authorized Business Correspondents (BCs) to complete Re-KYC processes. This applies in cases where there is no change in KYC information or only a change in the customer’s address. In these situations, banks can authorize their BCs to carry out biometric-based e-KYC authentication for the customer. The BC will then collect the required self-declaration and any supporting documents from the customer. This step is expected to make the Re-KYC process more accessible, especially for customers in rural or remote areas who may find it difficult to visit a bank branch.
Summary of Annex-II
Along with these proposals, the RBI has also attached Annex-II, which summarizes the existing RBI instructions on customer onboarding and Re-KYC. This annex acts as a quick reference guide for regulated entities, ensuring that they have all the necessary guidelines in one place to help implement and comply with the rules effectively.
Awaiting Final Guidelines
While the Revised Draft Guidelines on KYC Updation offer detailed proposals, they are still in the draft stage. Stakeholders are eagerly waiting for the final set of guidelines to see what adjustments or clarifications the RBI will incorporate based on the feedback received. Until then, regulated entities should start preparing their systems, customer communication strategies, and monitoring processes to align with the draft instructions.
Conclusion
The Revised Draft Guidelines on KYC Updation mark an important step in balancing customer convenience with regulatory safeguards. By allowing continued transactions for low-risk customers, formalizing notification processes, permitting the use of Business Correspondents, and summarizing existing instructions, the RBI aims to make the KYC updation process more streamlined and customer-friendly. Regulated entities will need to work carefully to implement these changes while maintaining robust controls against money laundering and terrorist financing risks.
If you have any queries or need any support, then you can book a consultation with Compliance Calendar Experts through email at info@ccoffice.in or Call/Whatsapp at +91 9988424211.
FAQs
Q1. What are the Revised Draft Guidelines on KYC Updation issued by RBI?
Ans. The Revised Draft Guidelines on KYC Updation, issued by the Reserve Bank of India on May 23, 2025, aim to simplify the Know Your Customer (KYC) updating process for customers. These guidelines allow more flexibility, especially for low-risk customers, by extending transaction permissions and formalizing the notification process for Re-KYC.
Q2. How do the guidelines benefit low-risk customers whose Re-KYC is overdue?
Ans. Under the Revised Draft Guidelines on KYC Updation, low-risk customers can continue to operate their accounts up to one year after their Re-KYC is due or until June 30, 2026, whichever is later. This ensures they do not face service interruptions, although their accounts will still be under continuous monitoring by the regulated entities.
Q3. What communication requirements must regulated entities follow before the Re-KYC due date?
Ans. The guidelines require regulated entities to send at least three advance intimations to customers before the Re-KYC due date. These must include at least one physical letter and can also be sent via SMS or email. This ensures that customers receive timely reminders to update their KYC information.
Q4. What happens if a customer misses the Re-KYC deadline despite reminders?
Ans. If a customer misses the Re-KYC deadline, the regulated entity must send at least three post-due-date reminders, including one by physical letter. All reminders must be documented in an auditable format. The account remains operational for low-risk customers until June 30, 2026, but continuous monitoring and additional controls may apply.
Q5. Can Business Correspondents help customers complete Re-KYC? 
Ans. Yes, the Revised Draft Guidelines on KYC Updation allow authorized Business Correspondents (BCs) to assist customers in completing Re-KYC, especially when there is no change in KYC details or only a change of address. BCs can conduct biometric e-KYC authentication and collect necessary declarations and documents.
Q6. What should be included in the intimation and reminder letters sent to customers?
Ans. According to the guidelines, these letters must include clear instructions on completing Re-KYC, provide escalation contact details for help, and explain the consequences of non-compliance. This ensures customers understand the importance of updating their KYC.
Q7. What open questions remain regarding the guidelines?
Ans. Some uncertainties still exist, such as whether sending a letter meets the regulatory need for address confirmation and what to do if letters are undelivered. Clarifications on these points are expected in the final version of the Revised Draft Guidelines on KYC Updation.

On May 23, 2025, the Reserve Bank of India (RBI) released its Revised Draft Guidelines on KYC Updation, focusing on making the Know Your Customer (KYC) process more flexible and convenient for customers. These updates fall under Paragraph 38 of the KYC Master Direction, 2016, and aim to simplify the periodic updating of customer KYC information across banks, NBFCs, and other regulated entities (REs). Let us break down these revised guidelines in simple, detailed language so everyone can understand what has been proposed.

Permitting Operations for Low-Risk KYC Customers

The Revised Draft Guidelines on KYC Updation propose that regulated entities (REs) must allow continued operations in the accounts of customers categorized as low-risk, even if their Re-KYC has become overdue. This permission extends up to one year after the Re-KYC becomes due or until June 30, 2026, whichever comes later. This means that even if a low-risk customer misses their Re-KYC deadline, they will still be able to carry out transactions until this extended date.

The RBI has emphasized that continuous monitoring of these accounts must continue. Simply put, just because the transactions are allowed does not mean the REs can ignore them; they must watch these accounts closely to catch any suspicious activity. This addition aims to ensure that customers do not face unnecessary service disruptions, especially those who are less likely to be involved in money laundering or terrorist financing.

Implications for Regulated Entities (REs)

For regulated entities such as banks, NBFCs, and payment aggregators, these Revised Draft Guidelines on KYC Updation will require system and policy updates. REs must change their systems to allow low-risk customers to continue transacting without interruption even after the Re-KYC deadline. However, the decision to offer new products or services to such customers remains at the discretion of the RE. This means they can still decide whether they want to extend new loans or accounts, for example, to customers whose KYC is overdue.

The RBI has also highlighted the need for REs to review how they categorize their customers. If an RE uses poor risk classification logic, it could increase the chances of money laundering or terrorist financing slipping through the cracks. Therefore, it is important that these entities not only follow the letter of the guidelines but also ensure their systems are strong and accurate in how they classify risks.

Additionally, REs can implement extra rules or set thresholds to strengthen their monitoring efforts. For instance, they might introduce daily transaction limits or heightened surveillance for accounts pending Re-KYC. These measures help balance convenience for customers with the necessary safeguards against misuse.

Pre-Intimation for Re-KYC

The Revised Draft Guidelines on KYC Updation also introduce stricter requirements for communication with customers. Before the due date for Re-KYC, REs must send at least three advance intimations to customers, including at least one letter through postal mail. These notifications should be spread out at appropriate intervals and sent through various available communication channels such as SMS, email, and physical letters.

This ensures customers are well-informed and reminded multiple times before they reach the Re-KYC deadline. The RBI wants to make sure that customers are not caught unaware or left guessing about when and how to update their KYC information. This advance notification is an important step to maintain smooth customer relationships and avoid unnecessary account blocks or restrictions.

Post-Intimation for Re-KYC

If a customer does not complete their Re-KYC by the due date, the Revised Draft Guidelines on KYC Updation require REs to send at least three additional reminders. Just like the pre-intimations, at least one of these reminders must be sent by physical letter. The reminders should also be spaced out properly and use all available communication options.

The RBI mandates that REs keep a detailed log of all these notifications and reminders in an auditable format. This means that if regulators come to check, REs must be able to show proof of every message, email, or letter sent to remind the customer about Re-KYC. This accountability is essential to ensure that REs are fulfilling their obligations and providing every opportunity for customers to comply.

Required Content in Intimation/Reminder Letters

The Revised Draft Guidelines on KYC Updation also specify what these intimation and reminder letters must include.

First, the letters must give clear instructions on how to complete the Re-KYC process. Customers should know exactly what steps to follow and what documents they need.
The letters must provide an escalation mechanism. This means that if a customer faces any difficulties or needs help with the Re-KYC process, they should know whom to contact and how to escalate the issue if the initial point of contact does not resolve their problem.
Lastly, the letters must explain the consequences of not completing Re-KYC on time. Customers should be fully informed about what will happen to their accounts if they miss the deadline, so they can take necessary action to avoid service disruptions.

Open Questions Raised by the Draft Guidelines

While the Revised Draft Guidelines on KYC Updation provide detailed instructions, some important questions still remain. For instance, does the requirement to send at least one letter fulfill the regulatory expectation of positive address confirmation, especially if the customer has changed their address? Simply sending a letter may not be enough if the address is outdated or incorrect.

Another important question is whether REs should continue to permit transactions for low-risk customers if the intimation or reminder letters are undelivered. If the letters come back undelivered, should the RE still assume it is safe to allow the customer to transact until June 30, 2026? These are areas where further clarification is expected in the final guidelines.

Re-KYC via Business Correspondents (BCs)

A significant addition in the Revised Draft Guidelines on KYC Updation is the formal allowance for banks to use authorized Business Correspondents (BCs) to complete Re-KYC processes. This applies in cases where there is no change in KYC information or only a change in the customer’s address. In these situations, banks can authorize their BCs to carry out biometric-based e-KYC authentication for the customer. The BC will then collect the required self-declaration and any supporting documents from the customer. This step is expected to make the Re-KYC process more accessible, especially for customers in rural or remote areas who may find it difficult to visit a bank branch.

Summary of Annex-II

Along with these proposals, the RBI has also attached Annex-II, which summarizes the existing RBI instructions on customer onboarding and Re-KYC. This annex acts as a quick reference guide for regulated entities, ensuring that they have all the necessary guidelines in one place to help implement and comply with the rules effectively.

Awaiting Final Guidelines

While the Revised Draft Guidelines on KYC Updation offer detailed proposals, they are still in the draft stage. Stakeholders are eagerly waiting for the final set of guidelines to see what adjustments or clarifications the RBI will incorporate based on the feedback received. Until then, regulated entities should start preparing their systems, customer communication strategies, and monitoring processes to align with the draft instructions.

Conclusion

The Revised Draft Guidelines on KYC Updation mark an important step in balancing customer convenience with regulatory safeguards. By allowing continued transactions for low-risk customers, formalizing notification processes, permitting the use of Business Correspondents, and summarizing existing instructions, the RBI aims to make the KYC updation process more streamlined and customer-friendly. Regulated entities will need to work carefully to implement these changes while maintaining robust controls against money laundering and terrorist financing risks.

If you have any queries or need any support, then you can book a consultation with Compliance Calendar Experts through email at info@ccoffice.in or Call/Whatsapp at +91 9988424211.

FAQs

Q1. What are the Revised Draft Guidelines on KYC Updation issued by RBI?

Ans. The Revised Draft Guidelines on KYC Updation, issued by the Reserve Bank of India on May 23, 2025, aim to simplify the Know Your Customer (KYC) updating process for customers. These guidelines allow more flexibility, especially for low-risk customers, by extending transaction permissions and formalizing the notification process for Re-KYC.

Q2. How do the guidelines benefit low-risk customers whose Re-KYC is overdue?

Ans. Under the Revised Draft Guidelines on KYC Updation, low-risk customers can continue to operate their accounts up to one year after their Re-KYC is due or until June 30, 2026, whichever is later. This ensures they do not face service interruptions, although their accounts will still be under continuous monitoring by the regulated entities.

Q3. What communication requirements must regulated entities follow before the Re-KYC due date?

Ans. The guidelines require regulated entities to send at least three advance intimations to customers before the Re-KYC due date. These must include at least one physical letter and can also be sent via SMS or email. This ensures that customers receive timely reminders to update their KYC information.

Q4. What happens if a customer misses the Re-KYC deadline despite reminders?

Ans. If a customer misses the Re-KYC deadline, the regulated entity must send at least three post-due-date reminders, including one by physical letter. All reminders must be documented in an auditable format. The account remains operational for low-risk customers until June 30, 2026, but continuous monitoring and additional controls may apply.

Q5. Can Business Correspondents help customers complete Re-KYC?

Ans. Yes, the Revised Draft Guidelines on KYC Updation allow authorized Business Correspondents (BCs) to assist customers in completing Re-KYC, especially when there is no change in KYC details or only a change of address. BCs can conduct biometric e-KYC authentication and collect necessary declarations and documents.

Q6. What should be included in the intimation and reminder letters sent to customers?

Ans. According to the guidelines, these letters must include clear instructions on completing Re-KYC, provide escalation contact details for help, and explain the consequences of non-compliance. This ensures customers understand the importance of updating their KYC.

Q7. What open questions remain regarding the guidelines?

Ans. Some uncertainties still exist, such as whether sending a letter meets the regulatory need for address confirmation and what to do if letters are undelivered. Clarifications on these points are expected in the final version of the Revised Draft Guidelines on KYC Updation.