he Reserve Bank of India (Local Area Banks – Know Your Customer) Directions, 2025, issued on November 28, 2025, lay down a comprehensive regulatory framework to prevent the misuse of the banking system for money laundering and terrorist financing, and to safeguard the integrity and stability of the financial system. These Directions are issued under various statutory powers, including the Banking Regulation Act, 1949, the Prevention of Money-Laundering Act, 2002 (PMLA), and related rules, and are applicable to Local Area Banks (LABs).
The Directions are aligned with international standards prescribed by the Financial Action Task Force (FATF) and India’s obligations as a FATF member. They operationalise the requirements of the PMLA and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, by prescribing detailed Know Your Customer (KYC), Customer Due Diligence (CDD), and Anti-Money Laundering / Countering the Financing of Terrorism (AML/CFT) obligations for banks.
Structure and Scope
The Directions are organised into eleven chapters covering preliminary provisions, general governance requirements, customer acceptance, risk management, customer identification, due diligence, record management, reporting to the Financial Intelligence Unit – India (FIU-IND), international obligations, other instructions, and repeal and savings. Detailed annexures supplement the main text.
Governance and Policy Framework
Banks are required to adopt a Board-approved KYC Policy incorporating four core elements: Customer Acceptance Policy, Risk Management, Customer Identification Procedures, and Monitoring of Transactions. The Board or a delegated committee must oversee compliance, periodic KYC updation, exceptional handling, and policies for non-face-to-face onboarding and correspondent banking relationships. Banks must also implement group-wide AML/CFT programmes, where applicable, with safeguards for confidentiality and prevention of tipping-off.
Each bank must designate a Designated Director at the Board level to ensure overall compliance with Chapter IV of the PMLA, and a Principal Officer at the management level responsible for monitoring transactions and reporting to FIU-IND and the RBI. Decision-making on KYC compliance cannot be outsourced.
Risk-Based Approach
The Directions mandate a Risk-Based Approach (RBA) to AML/CFT compliance. Banks must periodically conduct Money Laundering and Terrorist Financing Risk Assessments, document the outcomes, review them at least annually, and place them before the Board. Customers must be categorised into low, medium, or high risk based on identity, business profile, geography, products, delivery channels, and transaction patterns, with monitoring intensity aligned to the assessed risk. Risk categorisation and its rationale must remain confidential.
Customer Acceptance Policy
Banks are prohibited from opening accounts in anonymous, fictitious, or benami names, or from commencing relationships without completing CDD. Accounts must not be opened where appropriate CDD cannot be applied due to non-cooperation or unreliable information, and suspicious cases may warrant filing of Suspicious Transaction Reports (STRs). The policy must ensure that KYC requirements do not result in exclusion of financially or socially disadvantaged persons, including persons with disabilities, and any rejection of onboarding or KYC updation must be reasoned and recorded.
Customer Identification Procedure (CIP)
CIP is required at the commencement of account-based relationships, for specified transactions exceeding ₹50,000, for international money transfers, for walk-in customers above thresholds, and where there is doubt about the authenticity or adequacy of existing identification data. Banks may rely on CDD performed by regulated third parties, subject to conditions, but retain ultimate responsibility for compliance.
Customer Due Diligence (CDD) – Individuals
For individuals, CDD may be conducted using Aadhaar-based authentication, offline Aadhaar verification, Officially Valid Documents (OVDs), equivalent e-documents, or by retrieving records from the Central KYC Records Registry (CKYCR) with customer consent. PAN or Form 60 is required, along with any additional documents necessary to understand the customer’s business or financial status. Aadhaar is not mandatory for KYC unless required for receipt of notified subsidies or benefits. Detailed procedures are prescribed for digital KYC, including live photograph capture, geo-tagging, watermarking, OTP-based customer consent, and audit trails.
Non-Face-to-Face Onboarding and V-CIP
Accounts opened using Aadhaar OTP-based e-KYC in non-face-to-face mode are subject to strict transaction, balance, and time limitations, and must be converted to full KYC within one year. The Directions also provide an extensive framework for Video-based Customer Identification Process (V-CIP), prescribing technological, security, procedural, and audit requirements, including liveness detection, encryption, data storage within India, and concurrent audit before account activation.
Small Accounts
To promote financial inclusion, banks may open Small Accounts with simplified requirements, subject to limits on balances and transactions, operational timelines, and enhanced monitoring. These accounts are temporary and must eventually be upgraded to full KYC, especially where suspicion of money laundering or terrorist financing arises.
CDD for Proprietary Firms and Legal Entities
Specific CDD measures are prescribed for sole proprietorships, requiring CDD of the proprietor and documentary proof of business activity. For legal entities such as companies, partnerships, trusts, unincorporated associations, and other juridical persons, banks must obtain incorporation or registration documents, constitutional documents, PAN, authorisations, and identification of authorised signatories and beneficial owners. Beneficial ownership thresholds and control criteria are clearly defined, with exemptions for listed entities and their subsidiaries.
Ongoing Due Diligence and Monitoring
Banks must conduct ongoing due diligence to ensure transactions are consistent with the customer’s profile, source of funds, and risk category. Particular attention is required for large, complex, or unusual transactions, threshold breaches, high account turnover, and suspicious patterns such as third-party deposits followed by cash withdrawals. The use of technological tools, including artificial intelligence and machine learning, is permitted to strengthen monitoring.
Overall, the Directions consolidate and modernise the KYC and AML/CFT framework for Local Area Banks by combining risk-based governance, digital and video-based identification processes, clear customer acceptance norms, and stringent monitoring and reporting obligations, while balancing regulatory objectives with financial inclusion.
RESERVE BANK OF INDIA
RBI/DOR/2025-26/243
DOR.AML.REC.No.162/14.01.008/2025-26 | Dated: November 28, 2025
Reserve Bank of India (Local Area Banks – Know Your Customer) Directions, 2025
Introduction
In order to prevent banks and other financial institutions from being used as a channel for Money Laundering (ML)/ Terrorist Financing (TF) and to ensure the integrity and stability of the financial system, efforts are continuously being made both internationally and nationally, by way of prescribing various rules and regulations. Internationally, the Financial Action Task Force (FATF), which is an intergovernmental body established in 1989 by the Ministers of its member jurisdictions, sets standards and promotes effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. India, as a member of FATF, is committed to upholding measures to protect the integrity of the international financial system.
In India, the Prevention of Money-Laundering Act, 2002, and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, form the legal framework on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT). The provisions of the PML Act, 2002 and the PML Rules, 2005, as amended from time to time by the Government of India, require Regulated Entities (REs) to follow certain customer identification procedures while undertaking a transaction either by establishing an account-based relationship or otherwise, and to monitor their transactions.
Accordingly, in exercise of the powers conferred by sections 35A of the Banking Regulation Act, 1949, the Banking Regulation Act (AACS), 1949, read with section 56 of the Act ibid., section 10(2) read with section 18 of Payment and Settlement Systems Act 2007 (Act 51 of 2007), section 11(1) of the Foreign Exchange Management Act, 1999, Rule 9(14) of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, and all other laws enabling the Reserve Bank in this regard, the RBI being satisfied that it is necessary and expedient in the public interest so to do, hereby issues the Directions hereinafter specified.
Chapter I – Preliminary
A. Short Title and Commencement
1. These Directions shall be called the Reserve Bank of India (Local Area Banks – Know Your Customer) Directions, 2025.
2. These Directions shall come into effect from the date of issue.
B. Applicability
3. These Directions shall be applicable to Local Area Banks (hereinafter collectively referred to as ‘banks’ and individually as a ‘bank’).
Read Full text of the Notification: https://rbidocs.rbi.org.in/rdocs/notification/PDFs/243MD.PDF
