We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
05 March 2019
The Aadhaar and Other Laws (Amendment) Bill 2018 (Aadhaar Bill) was recently passed in the Lok Sabha. It seeks to amend
The Aadhaar Bill follows in the footsteps of the Supreme Court's decision in Justice KS Puttaswamy v Union of India,(1) wherein the provision of the Aadhaar Act which permitted private entities to seek authentication of individuals using their Aadhaar data was held to be unconstitutional.
Prior to the Puttaswamy judgment, the PMLA and the Prevention of Money Laundering (PML) (Maintenance of Records) Rules, as amended by the Prevention of Money Laundering (Maintenance of Records) Second Amendment Rules 2017 (2017 amendment), provided a framework(2) under which entities carrying out insurance business(3) (among others) were required to verify(4) and authenticate(5) the identity of their customers using Aadhaar (a 12-digit random number issued by the Unique Identification Authority of India (UIDAI)).(6)
Pursuant to the foregoing provisions, insurers (among others) with an account-based relationship with customers had to collect their customers' Aadhaar numbers within the stipulated timeframes.(7) Consequently, a mandatory Aadhaar-based 'know-your-customer' (KYC) regime was introduced by the respective regulators to set out norms for the authentication of customers' identity using Aadhaar numbers.
Under the extant insurance regulatory and statutory framework, insurers were allowed to perform KYC verification of customers using, among other things, Aadhaar e-KYC services, subject to customers' express consent.(8) Insurers were also permitted to authenticate the identity of their customers using Aadhaar information(9) and were required to maintain records of the Aadhaar information collected from customers.(10)
However, pursuant to the 2017 amendment, the Insurance Regulatory and Development Authority (IRDAI) issued clarifications whereby Aadhaar-based KYC verification was made mandatory in the insurance sector. Following this, all insurance policies had to be linked with the Aadhaar number of the respective policyholder.(11) The IRDAI further prescribed timeframes within which the Aadhaar information had to be provided by customers to their insurer. However, pursuant to the Supreme Court's 13 March 2018 interim order in Puttaswamy, the timeframe for linking Aadhaar with existing insurance policies was extended until the matter could be finally heard and decided. Further, for new insurance policies, customers without an Aadhaar card were permitted to provide any other officially valid document to their insurer.(12)
Pursuant to Puttaswamy, the Supreme Court partially struck down the enabling provision of Section 57 of the Aadhaar Act which permitted private entities to seek authentication using Aadhaar. Following this case, Section 57 was amended to remove the wording "or any contract to this effect". It now reads as follows:
Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force.
Therefore, pursuant to the judgment, insurers (among others) were effectively prohibited from using Aadhaar-based authentication of a customer's identity, which was the primary mode of customer due-diligence and KYC verification conducted by such private entities. However, the Supreme Court has provided no clarity on use of Aadhaar information which has already been collected by private entities under the existing framework.
The central government introduced the Aadhaar Bill to harmonise the existing Aadhaar framework with Puttaswamy. The Aadhaar Bill removes the mandatory requirement of Aadhaar-based KYC verification and stipulates that individuals may provide other officially valid documents and passport for KYC purposes.(13) The Aadhaar Bill also introduces Aadhaar-based offline verification where an individual's identity can be verified without authentication.(14)
Further, the Aadhaar Bill provides that where an individual voluntarily provides their Aadhaar information to an insurer, the insurer:
The Aadhaar Bill further omits parts of Sections 12 and 73 of the PMLA, which imposed an obligation on insurers, among others, to verify the identity of clients in a prescribed manner.(18) However, the Aadhaar Bill does not amend the PML Rules, which impose an obligation on insurers to mandatorily collect Aadhaar numbers before commencing an account-based relationship with a client. Notably, however, according to the accepted principles under which statutes are interpreted, a subordinated legislation made under a statute ceases to have effect after the enabling statute is repealed.(19)
Pursuant to the Supreme Court's decision in Puttaswamy, the IRDAI issued a circular on 29 January 2019 entitled Allowing Aadhaar Card as one of the acceptable documents for KYC – under certain conditions. The circular provides that insurers may carry out Aadhaar-based KYC verification, provided that the customer has voluntarily opted for this.(20) Further, where the insurer is collecting a customer's Aadhaar number, it cannot store more than the last four digits of the Aadhaar number either in physical or digital form. The digits preceding the last four number must be properly masked. Further, insurers are expressly prohibited from carrying out authentication using e-KYC facilities or 'yes/no' authentication facilities offered by the Unique Identification Authority of India.
However, the IRDAI has issued no clarifications or directions regarding the use of Aadhaar information which has already been collected by insurers.
The Aadhaar Bill has been a welcome proposed change to the law, as it provides much-needed clarity regarding the use and storage of Aadhaar numbers. The IRDAI has taken the enactment of the Aadhaar Bill as a cue to start providing clarity on the norms that must be followed regarding the collection and storage of customers' Aadhaar data. It is hoped that the bill will be enacted quickly, as it is not enforceable in its present form.
For further information on this topic please contact Shubhangi Pathak, Priya Misra or Nimisha Srivastava at Tuli & Co by telephone (+91 11 2464 0906) or email (email@example.com, firstname.lastname@example.org or email@example.com). The Tuli & Co website can be accessed at www.tuli.co.in.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.