KYC Norms and Customer Due Diligence in Banks (JAIIB 2026)

JAIIB By Ashish Jain · IIBF STORE Editorial · 04 July 2026 · Updated 04 Jul 2026 · 7 min read · 1 views

KYC norms form the backbone of a safe and compliant banking system in India. Every JAIIB aspirant preparing for the Principles and Practices of Banking paper must understand how banks verify identity, assess risk and monitor accounts to prevent money laundering and terrorist financing. In this guide we break down the RBI KYC Master Direction, Customer Due Diligence (CDD), Enhanced Due Diligence (EDD), account risk categories, Politically Exposed Persons (PEPs), Video-KYC and periodic updation, so you can answer exam questions with confidence and apply the rules on the job.

The framework flows from the Prevention of Money Laundering Act, 2002 (PMLA) and the rules made under it, operationalised by the Reserve Bank of India through a single consolidated Master Direction on KYC. For a serious exam candidate, mastering these KYC norms is not optional — questions on customer identification, risk categorisation and reporting appear in almost every attempt.

Understanding the RBI KYC Master Direction

The Reserve Bank of India issues a consolidated Master Direction on Know Your Customer (KYC) that every regulated entity — banks, NBFCs, payment banks and small finance banks — must follow. The Direction is built on four pillars: a Customer Acceptance Policy, Customer Identification Procedures, Risk Management, and ongoing Monitoring of Transactions. Together these ensure that a bank knows who its customer is, understands the nature of the customer's activity, and can spot transactions that do not fit the expected pattern.

The Customer Acceptance Policy lays down the ground rules: no account is opened in an anonymous or fictitious name, no account is opened where the bank is unable to verify identity, and mandatory checks are run against sanctions lists such as the UNSC lists. Customer Identification Procedures require the bank to obtain an Officially Valid Document (OVD) — passport, driving licence, Voter ID, Aadhaar (voluntary) or NREGA job card — plus a recent photograph. The Direction is updated periodically, so candidates should always study the latest version rather than rely on older circulars. Understanding this architecture is the first step to mastering KYC norms for the JAIIB exam.

Customer Due Diligence and Enhanced Due Diligence

Customer Due Diligence (CDD) is the process of identifying and verifying a customer's identity using reliable, independent source documents, data or information. At account opening, the bank collects the OVD, verifies the address, and records the purpose and intended nature of the banking relationship. For individuals this is straightforward; for legal entities such as companies, partnerships and trusts, the bank must also identify the beneficial owner — the natural person who ultimately owns or controls the entity, typically holding more than a threshold percentage of ownership.

Enhanced Due Diligence (EDD) applies where the risk of money laundering is higher — for example, non-face-to-face customers, accounts of Politically Exposed Persons, or clients from higher-risk jurisdictions. EDD means obtaining additional information, senior management approval before opening the account, and closer ongoing monitoring. The opposite, Simplified Due Diligence, may apply to low-risk customers. Banks must also file a Suspicious Transaction Report (STR) with the Financial Intelligence Unit-India when a transaction appears linked to proceeds of crime. Strong JAIIB preparation pays close attention to when CDD, EDD and simplified measures each apply, because scenario-based questions test exactly this judgement.

Risk Categorisation, Account Types and PEPs

Every customer must be classified into a risk category — usually low, medium or high — based on identity, social and financial status, nature of business activity, and the type and pattern of transactions. This categorisation drives how frequently the bank reviews and updates the customer's records. High-risk customers are reviewed more often and monitored more closely.

Politically Exposed Persons (PEPs) are individuals entrusted with prominent public functions in a foreign country — heads of state, senior politicians, senior government or judicial officials, and their close associates. Because of their position, PEPs carry a higher risk of corruption and money laundering, so banks must apply EDD, obtain senior management sign-off, and establish the source of funds. On the product side, the RBI also permits Small Accounts and Basic Savings Bank Deposit Accounts (BSBDA) for financial inclusion, where relaxed documentation applies but transaction limits are imposed. Understanding how different account types map to KYC obligations — and revising alongside topics like bank accounts and deposit products and negotiable instruments — gives you a complete picture for the paper.

Video-KYC and Periodic Updation

To make onboarding faster and paperless, the RBI introduced Video-based Customer Identification Process (V-CIP), commonly called Video-KYC. In a live, secure video interaction, a trained official verifies the customer's face against the photograph on the OVD, captures the customer's location through geo-tagging, checks liveness to prevent spoofing, and records the session. Video-KYC has become a mainstream channel for opening savings accounts and completing digital lending journeys, reducing the need to visit a branch.

KYC is not a one-time event. Banks must carry out periodic updation of records — at intervals that depend on the customer's risk category, with high-risk customers updated more frequently than low-risk ones. If a customer's KYC becomes overdue, the bank may impose restrictions until the details are refreshed. Candidates should also connect KYC with allied topics such as the Deposit Insurance and Credit Guarantee Corporation (DICGC) cover on deposits and the Banking Ombudsman mechanism for grievance redressal, since a well-run KYC process underpins customer trust and the wider deposit-protection framework. Practising these interlinkages on mock tests makes recall automatic in the exam hall.

Conclusion and Next Steps

Mastering KYC norms means understanding the RBI Master Direction, the CDD and EDD processes, risk categorisation, PEPs, Video-KYC and periodic updation as one connected system rather than isolated definitions. For the JAIIB Principles and Practices of Banking paper, expect both direct-recall and scenario-based questions — so revise the rules, then test yourself under time pressure. Ready to lock in these concepts? Take a focused JAIIB mock test now, reinforce your fundamentals with the full JAIIB course, and sharpen recall with a quick round on the match game. Consistent practice on these KYC norms is what turns a pass into a distinction.

What is the difference between CDD and EDD in KYC?

Customer Due Diligence (CDD) is the standard process of identifying and verifying every customer using Officially Valid Documents. Enhanced Due Diligence (EDD) is a stricter process for higher-risk customers, such as PEPs or non-face-to-face clients, requiring extra information, senior management approval and closer monitoring.

Who is a Politically Exposed Person under KYC norms?

A Politically Exposed Person (PEP) is an individual entrusted with prominent public functions in a foreign country, such as a head of state, senior politician, or senior government or judicial official. Banks must apply Enhanced Due Diligence and establish the source of funds for PEP accounts.

What is Video-KYC and how does it work?

Video-KYC, formally the Video-based Customer Identification Process (V-CIP), is a live, secure video interaction where a bank official verifies the customer's identity against an Officially Valid Document, captures geo-location, checks liveness, and records the session — allowing paperless, branchless onboarding.

How often must banks update KYC records?

Banks carry out periodic updation based on the customer's risk category. High-risk customers are updated most frequently, medium-risk less so, and low-risk least frequently. If KYC becomes overdue, the bank may restrict the account until the customer refreshes the required details.

Quick quiz

Quick quiz on this topic

5 exam-style questions from our free test bank — check yourself before you move on.

Principles and Practices of Banking · 5 questions · instant result
Q1. Which statement about the importance of cash management services for banks is correct?
Q2. Which statement is the MOST accurate about cash management services in India?
Q3. By using a CMS cash-collection arrangement, a corporate reduces the average collection float on ₹50,00,000 of receivables by 10 days. If its short-term borrowing rate is 9% p.a., what is the approximate interest cost saved (365-day year)?
Q4. If a corporate adopts CMS electronic payments and faster electronic reconciliation, what is the most likely combined effect on (i) the number of physical cheques issued and (ii) detection of book-keeping errors?
Q5. A corporate wants to route a payment of exactly ₹1,90,000 through RTGS for instant settlement. As per RBI's RTGS rules, what is the technically correct position?
Next step

Practice this topic

Ready to put this into practice?

Take a free mock test, download chapter PDFs, or watch a video class — all included on iibf.store.

Keep reading