KYC Norms 2026: RBI Master Circular — Complete Guide for Bankers

KYC norms RBI master circular — this guide gives you the latest 2026 information. Key dates, eligibility, fees and study tips for the KYC, AML and CFT exam.

You're preparing for your JAIIB or CAIIB exam, and KYC keeps cropping up in every chapter. That's no coincidence—Know Your Customer (KYC) norms and the RBI master circular are the backbone of compliance in modern banking. Whether you're a frontline officer, operations manager, or compliance professional, understanding KYC norms at depth separates exam toppers from the rest.

This guide walks you through the latest KYC norms. The RBI master circular framework, and practical examples that will stick with you in the exam hall. We'll cover the risk-based approach. Customer Due Diligence (CDD), Enhanced Due Diligence (EDD), virtual assets, and FIU-India reporting—everything you need to confidently answer KYC and AML questions.

What Are KYC Norms? Understanding the RBI Master Circular

KYC norms are the regulatory framework that banks must follow to verify the identity and assess the risk profile of their customers. The RBI Master Circular on KYC norms, Anti-Money Laundering (AML), and Combating the Financing of Terrorism (CFT) is your primary reference document. It consolidates all directions and guidelines issued by the Reserve Bank of India on these critical compliance areas.

The RBI Master Circular applies to all commercial banks, cooperative banks, and payment system operators in India. It mandates that banks collect and verify customer information before opening an account or entering into a business relationship. This isn't just paperwork—it's your bank's first line of defence against financial crime, money laundering, and terrorist financing.

The circular outlines four key objectives: (1) Prevent banks from being used for money laundering or financing of terrorism; (2) Know your customer and understand the nature and purpose of their transactions; (3) Manage risks based on customer profile and transaction patterns; (4) File Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU-India) when warranted.

For JAIIB and CAIIB aspirants, the KYC norms aren't just regulatory jargon—they're practical tools you'll use daily. Understanding the RBI Master Circular helps you answer scenario-based questions and real-world compliance challenges in your exam. The circular is updated periodically, so always check the RBI website for the latest version as you study.

Key takeaway: KYC norms protect your bank, protect the financial system, and protect you as a banker from legal liability. Master this, and you've mastered the foundation of compliance.

Risk-Based KYC Approach: Tailoring Due Diligence to Customer Risk

The RBI Master Circular emphasises a risk-based KYC approach, which means your due diligence intensity must match your customer's risk profile. Not all customers pose the same risk. A retired salaried employee is different from an import-export trader dealing with multiple countries. A risk-based approach is smart, efficient, and compliant.

Under the risk-based KYC model, banks categorise customers into three broad risk tiers: low-risk, medium-risk, and high-risk. Low-risk customers (pensioners, salaried employees of established companies, small retail depositors) require basic KYC and periodic updates every 12 months. Medium-risk customers (traders, small business owners, professionals) require standard CDD and updates every 6 months. High-risk customers (PEPs, cash-intensive businesses, customers in high-risk jurisdictions) require Enhanced Due Diligence (EDD) and updates every 3 months or more frequently.

The factors that increase a customer's risk profile include: (1) Nature of business (cash-intensive. Cross-border trade, real estate); (2) Geography (customer or transaction exposure to high-risk countries, as per FATF grey list); (3) Occupation (PEPs, managing directors, trustees); (4) Transaction patterns (round-trip transfers, unusual frequency or quantum, inconsistent with stated purpose); (5) Customer behaviour (reluctance to provide information, multiple accounts, frequent name changes).

For your exam, remember that a risk-based approach isn't about flexibility in compliance—it's about applying proportionate due diligence. A low-risk customer doesn't bypass KYC; they follow simpler KYC procedures. Watch the video on KYC Specific Requirements in AML CFT Compliance to see how this works in practice.

Understanding risk-based KYC will help you score marks on scenario questions where you must decide whether to open an account or escalate to compliance.

Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD): Practical Steps

Customer Due Diligence (CDD) is the standard verification process every customer must undergo before you open an account or establish a business relationship. EDD is the intensified process for high-risk customers. Both are non-negotiable under the KYC norms and RBI master circular.

For CDD. You must collect: (1) Full legal name and date of birth; (2) Permanent address and proof of address (utility bill, property tax receipt, driving licence); (3) Proof of identity (passport, Aadhaar, PAN, voter ID); (4) Occupation and source of funds; (5) Purpose of the account. You must verify this information through independent reliable sources and document everything. Don't accept information at face value—verify it.

EDD adds several layers. For high-risk customers. You must: (1) Obtain additional information on source of wealth and source of funds; (2) Conduct ongoing scrutiny of transactions to ensure they match the customer's profile; (3) Obtain approval from senior management before establishing the relationship; (4) Update customer information more frequently. If a customer is a PEP (Politically Exposed Person), you must identify beneficial owners and take reasonable steps to understand the source of their wealth. For corporate customers, you must identify all beneficial owners holding more than 25% stake.

A practical example: An NRI customer wants to open an account and transfer ₹50 lakh monthly from abroad. Under CDD, you verify his identity and address. Under EDD (because he's NRI and high-value), you also investigate the source of these funds, his occupation abroad, and whether the transaction pattern makes sense. If he's also a PEP, EDD intensifies further—you may escalate to compliance and file a report if the source of funds is unclear.

Refer to the blog on Customer Due Diligence Process: KYC & AML Exam Guide for detailed case examples and scenarios that mirror exam questions.

For exams, remember: CDD is foundational, EDD is exceptional but mandatory for high-risk customers. Missing either is a compliance breach.

FIU-India Reporting: STR, CTR, and Compliance Deadlines You Must Know

The Financial Intelligence Unit (FIU-India) is India's financial intelligence agency housed under the Department of Revenue, Ministry of Finance. Every bank must file two key reports with FIU-India: Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs). Your exam will test your understanding of when to file, what triggers a report, and the timelines.

A Suspicious Transaction Report (STR) is mandatory when a transaction is suspicious or appears to involve proceeds of crime or financing of terrorism. You don't need absolute proof—reasonable suspicion is enough. Suspicion can arise from: (1) Transaction inconsistent with customer's profile; (2) Unusual patterns of deposits and withdrawals; (3) Round-tripping of funds; (4) Structuring (deliberately breaking large amounts into smaller transactions to avoid reporting); (5) Customer reluctance to provide information; (6) False identification. An STR must be filed within 10 days of noticing the suspicious activity, without alerting the customer (unless legally mandated).

A Currency Transaction Report (CTR) is a report for all cash transactions exceeding ₹10 lakh in a day, across all accounts of a customer. CTRs are reported to FIU-India for record and analysis—they're not inherently suspicious, just high-value. Unlike STRs, you may inform the customer that a CTR has been filed if your bank's policy permits.

Key timelines to memorise: STR within 10 days of suspicion, CTR within 15 days of the transaction. Your bank's Compliance Officer must maintain a confidential register of all STRs and ensure they're filed on time. Failure to file an STR is itself a serious compliance breach and can attract RBI penalties and criminal liability under the Prevention of Money Laundering Act (PMLA). 2002.

A practical example: A customer deposited ₹15 lakh in cash, withdrew ₹10 lakh the next day, and deposited another ₹12 lakh a week later. This pattern suggests structuring. Your bank must file an STR within 10 days. If the customer is also known to be a high-risk person, the urgency increases.

For more detail on this, read FIU-India reporting: STR, CTR & CDD Guide for Exams, which covers real scenarios and exam-style questions.

Virtual Assets, De-Risking, and Emerging KYC Challenges in 2026

The KYC norms landscape is evolving. Virtual assets (cryptocurrencies like Bitcoin, Ethereum, and stablecoins) present new challenges. The RBI Master Circular now addresses virtual assets because they're used in money laundering and terrorist financing.

Banks must extend KYC and AML rules to virtual asset service providers (VASPs)—businesses that custody, trade, or facilitate virtual assets. If a customer is engaged in virtual asset trading, you must conduct EDD and monitor transactions carefully. The source of virtual assets and their destination are harder to trace, raising compliance risk.

De-risking is another critical issue you'll encounter in 2026. De-risking occurs when banks sever relationships with entire customer categories or geographies to reduce compliance burden. An example: Many banks stopped serving small money transfer operators or remittance businesses because the compliance cost outweighed the revenue.

While de-risking is a business decision, it must not be arbitrary. The RBI and RBI Master Circular expect banks to apply risk-based KYC, not blanket rejection. Exams often test your ability to distinguish between justified de-risking (based on risk assessment) and discriminatory de-risking (based on bias).

Other emerging issues include: (1) PEPs and beneficial ownership in complex corporate structures; (2) Non-resident Indians (NRIs) and their overseas source of funds; (3) Shell companies and entities without real economic purpose; (4) Cybercrime proceeds and digital payments; (5) Cross-border remittances and informal transfer systems (hawala). The KYC norms don't explicitly forbid these, but your bank must conduct deeper investigation when they're involved.

Watch KYC Topical Issues Related to KYC AML to understand how real-world scenarios are tested and how to approach emerging compliance challenges.

Take the AML/CFT Organisation Structure in India — Chapter Test to assess how well you grasp these evolving areas. Exams reward candidates who understand not just the rules, but the reasoning behind them and how they adapt to new risks.

Related Video Classes

PDF Study Notes & Cheat Sheets

Practice Tests & Mock Exams

Frequently Asked Questions

Final Word

You now have a comprehensive understanding of KYC norms and the RBI Master Circular—the bedrock of your KYC/AML exam success. Remember: KYC isn't bureaucracy; it's your bank's defence against financial crime. Master the risk-based approach, the differences between CDD and EDD, the FIU-India reporting timelines, and the emerging challenges like virtual assets and de-risking. These are the topics that separate exam scorers from exam toppers.

Your next step? Take the AML CFT Legislation in INDIA — Chapter Test to test your grasp of the legislative framework that underpins the RBI Master Circular. Then, watch KYC Organisational Set up for KYC AML to understand how compliance functions in a real bank. Practice, revise, and stay confident—your JAIIB or CAIIB success depends on exactly this kind of deep, contextual learning. You've got this.

For more on “KYC norms RBI master circular”, explore our free mock tests and chapter notes on iibf.store.

Bookmark this page — we keep our “KYC norms RBI master circular” guidance current as IIBF revises its rules.

Still researching “KYC norms RBI master circular”? Always confirm the latest position on the official IIBF site first.

Practise exam-style questions on “KYC norms RBI master circular” free on iibf.store to lock in the concept.

Save this “KYC norms RBI master circular” guide and revisit it during your revision week.

Our free notes cover “KYC norms RBI master circular” alongside the wider syllabus in one place on iibf.store.

Source: Indian Institute of Banking & Finance — iibf.org.in