F No.P-12011/7/2019-ES Cell-DOR Government of India Ministry of Finance Department of Revenue

1 · Section 11A of the Prevention of Money Laundering Act, 2002 (hereinafter referred to as the Act) and the rules made thereunder provide that any reporting entity being a banking company can accept Aadhaar number from its client either at their option or when the client intends to receive any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 and carry out authentication of the client's Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India.

2 · The Act also provides that the Central Government may, if satisfied that a reporting entity other than banking company, complies with such standards of privacy and security under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act; 2016, and it is necessary and expedient to do SO , by notification, permit such entity to carry out authentication of the client's Aadhaar number using e-KYC authentication facility. However, no such notification shall be issued without consultation with the Unique Identification Authority of India (UIDAI) established under sub-section (1) of section 11 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and the appropriate regulator.

3 · Any reporting entity which desires to carry out authentication of the client's Aadhaar number using e-KYC authentication facility needs to be notified under these provisions and before any such notification is issued, the appropriate regulator and UIDAI should be satisfied of the credentials of such reporting entity. The following procedure is being laid down for entities which desire to carry out authentication of the client's Aadhaar number using e-KYC authentication facility: Step 1: Application All applications by concerned entities under Section 11A of the Act for use of Aadhaar authentication services shall be filed before the appropriate regulator. The

4 · The regulators are requested to monitor compliance with respect to the requirements laid down for performing authentication under clause (a) of section 11A, by all reporting entities with respect to which a notification to this effect has been issued, as part of their regulatory supervision. On observance of any default; the regulators may take necessary action under their laws, inter-alia including suspension and cancellation , and also bring it to the notice of Department of Revenue for further necessary action:

5 · Similarly, UIDAI is also requested to put in place systems to ensure continuing compliance by the reporting entities which have been notified under section 11A of the Act to carry out authentication of the client's Aadhaar number using e-KYC authentication facility to the standards of privacy and security prescribed by UIDAI: Where UIDAI notices any default by the reporting entities, it may take necessary action under the Aadhaar Act and regulations framed thereunder; inter-alia including suspension and cancellation and also bring it to the notice of Department of Revenue for further necessary action:

6 · At any point; after issue of such notification, based on a report of the appropriate regulator or UIDAI or otherwise, if it is found that the reporting entity no longer fulfils the requirements for performing authentication under clause (a) of section 11A, the Central Government may withdraw the notification after giving an opportunity to the reporting entity. Tae (Arvind Saran) Deputy Secretary (Admn:) Tel No.011-23092504