Financial services companies are expecting an Aadhaar-related notification from their respective regulators, following up on the one issued by the finance ministry regarding access for non-banking regulated entities to the social security infrastructure.
The Insurance Regulatory and Development Authority of India (Irda), which regulates the insurance sector, issued a notification on May 17 requesting life and general insurance companies to submit a detailed response to the revenue department circular. While the Irda has taken the first step, other regulators are expected to follow suit, industry sources said.
ET reported in its May 17 edition that the government had laid out a three-step process for non-banking regulated entities such as mobile wallets, NBFCs, insurance companies and broking agencies, to get access to Aadhaar data, following up on the Aadhaar ordinance which had initially only allowed banks and telecom companies.
Irda, which highlighted the five points on which an industry response was expected, wanted companies regulated by it to submit a “description of arrangements made for safety and security of data”, prepare for the maintenance of privacy and security of data as prescribed by the UIDAI and adhere to cybersecurity guidelines of the insurance regulator.
“The IRDA notice demonstrates the important role that various industry bodies could play, by framing a common representation and defining the safeguards for data privacy and security,” said Wriju Ray, cofounder of IDfy, a digital identification startup.
A clear set of guidelines that can be followed by companies to get access to the biometric database of citizens is the need of the hour, say industry insiders. The government has defined its own criteria and asked regulators to vet the companies in the first stage. It is up to the regulators concerned to lay out the guidelines, they said.
Each regulator could send notifications to its members on security and compliance to the Aadhaar authentication, said Saru Tumuluri, chief executive officer at Veri5 Digital, one of the largest authenticating agencies in the country. “They could also work with UIDAI in reinstating the suspended AUA/KUA licences after receipt of evidence of security compliance and come up with norms for applications of fresh licences,” she said. This could open the floodgates for future authenticating agencies, since the regulator has not issued fresh licences for more than a year.
The digital payments and lending industry, which had built its entire user on-boarding system on the back of Aadhaar, is hoping to soon get back access to the database.
“The industry bodies will be supporting the process (for access to Aadhaar), but at the same time, the paperless digital KYC process, with or without Aadhaar, is still a work in progress and needs the support of the regulators and the finance ministry,” said Naveen Surya, chairman, Fintech Convergence Council, an industry body for fintech startups.