Central KYC (CKYC) was designed to make identity verification a one-time process, yet for most Indians, KYC remains a repetitive and unavoidable requirement across platforms. This story explores why a system meant to simplify verification still forces users to prove their identity over and over again.
India has developed one of the most advanced digital identity systems in the world. Today, you can open a bank account without stepping into a branch, and invest, trade, insure, or borrow – all from your phone.
In theory, your identity is verified once and should work everywhere. But in practice, the experience feels very different.
You complete KYC to open a bank account. Then you invest in a mutual fund – KYC again. You sign up for a fintech app – KYC again.
Months later, you’re asked to “update” the KYC for an account you’ve already verified. For millions of Indians, identity verification has quietly become a repetitive, never-ending cycle.
At the heart of this contradiction is a system designed to solve the problem – Central Know Your Customer, or CKYC.
What is CKYC and what did it promise?
CKYC was introduced to address a fundamental inefficiency in India’s financial system: duplication.
Instead of submitting identity documents separately to every bank, insurer, mutual fund, or broker, users would complete KYC just once. Their details would then be stored in a central registry managed by CERSAI, allowing institutions to access the information through a unique 14-digit CKYC number.
A report by PwC notes that the goal was to create a single, standardised KYC record that could be reused across the entire financial ecosystem – reducing paperwork, improving efficiency, and speeding up onboarding.
In simple terms, CKYC was intended to do for identity what UPI did for payments: build a common, interoperable layer.
But unlike UPI, CKYC has yet to deliver that kind of seamless experience.
Why KYC is so widespread in the first place
To understand why duplication continues, it helps to first understand why KYC exists in the first place.
“KYC has effectively become the gateway to the formal financial system,” said Mayank Arora, Partner at The Chambers of Bharat Chugh.
He explained that KYC requirements stem from global anti-money laundering standards set by the Financial Action Task Force, which India implements through laws like the Prevention of Money Laundering Act and various sector-specific regulations.
Over time, the scope of KYC has steadily widened. What began with banks now extends to mutual funds, insurance companies, stock brokers, fintech platforms, and digital wallets.
As the financial system digitised, regulators expanded KYC requirements to improve traceability, curb fraud, and maintain oversight.
But this expansion has also created a new challenge: repetition.
If CKYC exists, why does duplication still occur?
This is where theory and practice begin to diverge.
Even though CKYC exists, institutions cannot rely on it entirely.
“The law does not allow an entity to depend solely on another institution’s verification,” said Mayank Arora. “Each entity must carry out its own due diligence, maintain its own records, and remain accountable if anything goes wrong.”
This is a core design feature of the system.
Every bank, insurer, or platform is independently responsible for verifying customer identity, storing KYC records, and ensuring compliance.
So even if your KYC is already available in a central registry, the institution onboarding you still has to validate it – leading to the same documents being collected again.
CKYC: A strong idea limited by real-world challenges
In theory, CKYC should reduce duplication. In practice, however, several structural challenges limit how effective it can be.
“CKYC was designed to eliminate duplication,” said Mayank Arora. “But data quality and completeness are still inconsistent, and different regulators demand different levels of information.”
A report by PwC highlights this gap between design and execution.
It notes that while CKYC has created a central repository, its adoption across sectors remains uneven, and integration with other KYC systems is still incomplete.
Some of the key challenges include:
- inconsistent or outdated customer records
- lack of standardisation across regulators
- limited interoperability between systems
- delays in updating KYC data
In many cases, institutions find it easier – and safer from a compliance perspective – to redo KYC rather than rely on existing records.
India has the digital infrastructure – so what’s missing?
India’s digital public infrastructure is often viewed as a global benchmark.
Aadhaar enables identity verification.
DigiLocker allows document storage and sharing.
CKYC provides a centralised repository for KYC records.
So why don’t these systems work together seamlessly?
The answer lies in legal, technical, and regulatory boundaries.
Aadhaar-based KYC, for example, faces limitations following rulings by the Supreme Court of India, meaning it cannot be universally used across all sectors.
DigiLocker, while useful, functions primarily as a document repository – it does not independently verify identity.
CKYC, on the other hand, is a registry, not a fully integrated verification system.
A report by PwC notes that a truly unified KYC framework would require deep integration across these platforms, along with standardised protocols and regulatory alignment.
It adds that the lack of linkage between CERSAI’s CKYC system and SEBI-registered KRAs has been a key hurdle, slowing implementation. Additionally, data related to non-individual entities remains with SEBI, with no clear guidelines yet on how it should be incorporated into the CKYC system.
The hidden layer: KYC as a data infrastructure
There is also a commercial side to KYC that often goes unnoticed.
“KYC is not just about compliance,” said Mayank Arora. “It also enables the collection of data – demographics and behaviour patterns – that can be used for profiling and cross-selling.”
In a digital economy, customer data has become a valuable asset.
Repeated KYC processes allow institutions to:
- update customer profiles
- refine risk models
- generate marketing insights
This doesn’t necessarily mean duplication is deliberate – but it does highlight that KYC serves multiple purposes beyond compliance.