CKYC circular on Modification of Customer Information (Mobile Number) without Prior Customer Consent in CKYCRR

[secmarkupdates]

Date of Issue: 22-04-2026
         
Issuer: CKYC

Highlights of  CKYC Circular dated Apr-22 -2026

The KYC Identifier (CKYC Number) and associated records - including mobile number, address, identity documents and other critical information form the cornerstone of a customer's financial identity. Any modification to such records, without the explicit prior consent of the customer, constitutes a grave violation of regulatory norms and causes customer inconvenience.

The mobile number registered in CKYCRR constitutes a critical data element. It serves as the primary channel for customer authentication, OTP-based verification, transaction alerts, KYC updation intimations and consent management across financial institutions. Unauthorized alteration of a customer's mobile number in CKYCRR records without the explicit prior consent of the customer constitutes a grave breach of data integrity, customer privacy and regulatory compliance.

Vide CKYCRR’s Communique CKYC/2025/08 dated July 22, 2025, it was advised to all the Reporting Entities (REs) that they should compare the data available with them and as available in the CKYCRR database, they should exercise extra caution while uploading/updating data in CKYCRR. Mobile number should not be changed without due verification and unless RE is fully satisfied that Mobile number belongs to the customer. Any changes to customer’s KYC information must be based on information received from or verified with the customer. REs must intimate customers of all KYC updates made.

It has come to the attention of CERSAI that certain Reporting Entities have been modifying KYC information particularly registered mobile numbers in the CKYCRR system without obtaining valid prior consent from the concerned customers. Unauthorized change of mobile number in CKYCRR without prior customer consent constitutes violation of KYC Master Directions, breach of customer data privacy, facilitation of identity fraud and deficiency of service.

REs are advised to sensitise all onboarding and KYC teams to ensure strict adherence to CKYCRR update protocols and regulatory guidelines.