RBI KYC Compliance 2026: Updated AML Rules and Real-Time Sanctions Screening

The Reserve Bank of India has updated its Know Your Customer and Anti-Money Laundering compliance framework for 2026. All regulated entities, including banks, NBFCs, and fintechs, must implement enhanced customer due diligence, real-time sanctions list screening with 24-hour update windows, and Politically Exposed Person checks at both onboarding and periodic intervals. The updated framework reflects India's commitment to the Financial Action Task Force recommendations and international AML standards.

Customer Due Diligence Tiers and Risk Assessment

The RBI framework establishes tiered KYC requirements based on customer risk profile. Low-risk customers, including salaried individuals and pensioners, face streamlined documentation. Medium-risk customers, such as small business owners and professionals, face standard KYC. High-risk customers, including large cash operators and import-export businesses, face enhanced due diligence requiring detailed source of funds verification and beneficial ownership investigation.

PEP Screening and Multiple Sanctions Lists

All customers must be screened against domestic and international Politically Exposed Person databases at account opening and periodically thereafter. The regulations require screening against multiple sanctions lists: UNSC sanctions lists maintained by the UN, OFAC lists maintained by the U.S., EU sanctions lists, and UK sanctions lists. The maximum gap between list updates is 24 hours, meaning your sanctions screening database must be refreshed at least daily.

Suspicious Transaction Reporting Within 7 Days

Banks and regulated entities must file Suspicious Transaction Reports with the Financial Intelligence Unit India within 7 days of suspicion arising. An STR is mandatory when a transaction is unusual, appears to have no apparent economic or lawful purpose, or has characteristics typical of money laundering. The 7-day reporting deadline is strict. Delayed STRs can trigger regulatory action against the reporting entity.

Video KYC and Digital Onboarding Standards

The framework permits Video KYC for remote customer onboarding, provided security standards are met. This allows rapid account opening for digital banking and fintech platforms. However, VKYC requires robust identity verification technology and recording of the video call for audit trails.

Key Takeaways

Conduct an audit of your customer database to ensure all customers have been screened against PEP databases. Implement daily updates to your UNSC, OFAC, EU, and UK sanctions list screening tools. Establish an STR procedure requiring completion and filing to FIU-IND within 7 days of suspicion. Review your VKYC technology to ensure secure recording and identity verification. Ensure your CKYC filings are accurate and timely. Brief your front-line staff on risk categorization.