UIDAI is bringing in lot of changes in the Aadhaar Eco system.Some glitches in circular drafting is highlighted

1. Ambiguity in Aadhaar Circulars as on 27th May 2018
Nanda Mohan Shenoy D
CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in
EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
Director

2. Ambiguities
• Ambiguity 1
–Global AUA or Global KuA
• Ambiguity 2
–VID is Optional or mandatory for client
• Ambiguity 3
–NBFC classified as Local AUA
• Ambiguity 4
–Is Deloitte the Sole empanelled
Information Security Assessment Agency

3. Ambiguity 1-Global AuA or KuA
• The concept of fetching KYC is applicable to KUA and not
AUA. So they should be called as Global KUA or Local
KUA.(This folly has been addressed in Circular 5 of 2018
which has mentioned as follows –(includes KUA wherever
applicable ) in para 2 ,leading o further Confusion).
• The VID and UID is introduced in both Y/N Authentication as
well as e-KYC Authentication
• Our View
• Yes /No Authentication can be done by AUA.Two circulars
are silent on the Yes.No authentication process
• e-KYC Authentication can be done by KUA which is further
classified as Global AUA & Local AUA as far as eKYC
fetching is concerned .

4. Ambiguity 2-VID Optional?
• VID is Optional or mandatory for client
– Circular 1 of 2018 states “Aadhaar Number holders
will have an option not to share the Aadhaar
numbers……..”
– Circular 5 of 2018 Para 4 states that “Local AUA must
use VID for performing OTP based authentication.
They may however use Aadhaar Number for
Biometric Authentication”
• Our View
• Making VID mandatory for Local AUA for OTP
authentication shall not work. All that has to be done is
check if the VID is entered or Aadhaar Number is
entered based on the length and ensure that both of
them are not stored

5. Ambiguity 3-NBFC-Local AuA?
• “There are certain AUAs which are mandated by specific
laws or regulations to Authenticate their customers with
the Aadhaar Numbers .With few Such Exceptions ,in
general such entities fall under categories 1 and 2.1 of
the Schedule A of the Aadhaar (Authentication
Regulations ).There could however be some entities
which though might be required by a law or regulations
to verify their clients with Aadhaar numbers but may not
have requisite security Systems required for using and
storing the Aadhaar number .Such entities therefore
have been precluded for the List of Global AUAs.”
• Para-3 of Circular 5 of 2018

6. Ambiguity 3-Contd..
• The specific Laws or Regulation which
mandates the Authentication is PMLA
(Maintenance of Records) Second Amendment
Rules 2017..As per Rule 15 of the said Rules
• “ (15) Any reporting entity, at the time of receipt
of the Aadhaar number under provisions of this
rule, shall carry out authentication using either e-
KYC authentication facility or Yes/No
authentication facility provided by Unique
Identification Authority of India.”

7. Schedule-A Category 2.1
Categ
ory
Organisation category Glob
al
Loca
l
Repo
rting
Entity
as
PMLA
2.1 .1 Public sector banks 47
2.1.2 Private Banks, Foreign Banks Licensed by RBI to operate in India, ,
Payment Banks 4
Small Finance Banks 6
2.1.3 Regional Rural Banks 52
2.1.4 1 State Co operative Banks , 2. District Co operative Banks, 3.
Scheduled Urban Cop operatives Banks, 4. Non Scheduled Urban
Cooperative Banks
16
2.1.5 Payment& Settlement System Network
1. Financial market infrastructure
2. Retails payments Organisation 1
3. Cards payment network , 4. ATM networks - -
5. Prepaid payment instruments 6
6. White label ATM operators , 7. Instant Money Transfer
2.1.6 Non Banking Financial Company 26

8. Schedule A Category 2.2-2.7
Categ
ory
Organisation category Glob
al
Loca
l
Repo
rting
Entity
as
PMLA
2.2 Regulated by IRDA/PFRDA Financial Institutions 15 5
2.3 Regulated by TRAI Telecom 4
2.4 Regulated by CCA – Certifying Authority, Digital Locker providers, e-
Sign providers
- 2
2.5 Regulated by SEBI – KYC Registration Agency (KRA),Depository
Participant (DP), Asset Management Company (AMC), Trading
Exchanges, Registrar and Transfer Agents
- -
2.6 Regulated by National Housing Bank - 7
2.7 Regulated by DGCA/AAI(AAI Act)-
Duly licensed -
1. Airport operators having scheduled civil aviation operations, and
2. Scheduled Airline operators
- -
Total 141 50 191
Total KUA as on Date 260

9. Ambiguity 3-Contd..
• Our View
• Based on the above Facts NBFC has to be Global AUA s. Based on
the Circular 5 of 2018 it looks as if though all the NBFC “may not
have requisite security Systems required for using and storing the
Aadhaar number”. This is not true as we have worked with NBFC
which has the entire Security eco system in place including HSM.
• Also these NBFC has to upload the Credit Data as well as credit
Bureau check .Prior to Aadhaar PAN used to be the primary key for
the Credit Bureau Checks. NBFC core business is lending for which
requires the same. A AUA Specific UID Token will not work in these
case .
• There are 60 KUA who as live but are neither Global or Local .Such
KUA can approach UIDAI in writing /mail to UIDAI with full details as
per Annexure-II of the circular 5 of 2018.
• Even Local AUA can represent their case with the details mentioned
above and try to get upgraded to Global AUA.

10. Ambiguity 4-Sole Agency
• UIDAI vide their circular No F.No T-11014/02/2017 –
Tech dated 29th Nov 2017 Appointed Deloitte as “the
Sole empanelled security assessment agency”. This
circular was subsequently withdrawn on 11th Dec 2017
under the same reference number.
• On 4th April 2018 under same reference number the
same circular without the word “ Sole” has been issued.
Many AUA/KUA and ASA has overlooked this word
“Sole” and gone ahead with signing the contract
• Our View
• UIDAI cannot enforce such conditions. Any Cert-in
empanelled auditor can do the Audit .One can write to
UIDAI specifically in this regard.

11. Want to know more
• Please attend our Aadhaar Compliance
Training conducted periodically
• Please click here for the current schedule
• https://goo.gl/forms/9MiTGIm5bezL7HUE2
11
നന്ദിநன்றி
धन्यवाद
nmds@bestfitsolutions.in