RBI new guidelines for AEPS (Cash Withdrawal from Aadhaar Biometric), Download Circular PDF
| ➡️ Get instant news updates on Whatsapp. Click here to join our Whatsapp Group. |
In recent times, there have been reports of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, a need is felt to enhance the robustness of AePS. Accordingly, as announced in Statement on Developmental and Regulatory Policies dated February 08, 2024, it has been decided to issue directions for streamlining the process for onboarding of AePS touchpoint operators and strengthening fraud risk management.
AEPS New Guidelines
The acquiring bank shall carry out due diligence of all ATOs (AePS Touchpoint Operators) before onboarding them, adopting the same process as indicated in the Customer Due Diligence procedure for individuals, stipulated in paragraph 16 of Part-I, Chapter-VI of the Master Direction – Know Your Customer Direction, 2016 (as updated from time to time), issued by the Reserve Bank. However, if the due diligence of ATOs has already been done in their capacity as Business Correspondent / subagent, then the same may be adopted. The acquiring bank shall also carry out periodic updation of KYC of ATOs.
In cases where an ATO has remained inactive, i.e. has not performed any financial / non-financial transaction for a customer for a continuous period of three months, acquiring bank shall carry out KYC of ATO before enabling him / her to transact further.
The acquiring bank shall monitor the activities of ATOs through their transaction monitoring systems on an ongoing basis and set operational parameters, based on business risk profile of the ATOs. Aspects such as location and type of the ATO, volume and velocity of transactions, etc. shall form part of bank’s fraud risk management framework. The operational parameters regarding ATOs shall be reviewed on a periodic basis, reflecting emerging fraud trends. The acquiring bank shall put in place adequate system level controls to ensure than any technological integrations like APIs are used only for enabling AePS operations.