Over the last decade, the financial sector has significantly transformed because of features like video KYC and online KYC compliance.
When we think back, in 2020, video-based customer identification was simply a "stop-gap" solution. Businesses needed it to keep business moving during the Covid19 lockdowns.
Fast-forward to 2026, video KYC has become a highly effective and preferred service for NBFCs across India.
Video KYC is now an important pillar of digital trust and operational efficiency. NBFCs are making their move towards fully digital workflows to reduce costs and improve turnaround times. But these conveniences bring strict responsibilities.
The migration to video KYC infrastructure also requires more compliance to evolving safety protocols.
RBI Master Direction Updates and Data Localisation
In 2026, the regulatory space is far more stringent than it was during the early days of digital adoption. The Reserve Bank of India (RBI) has updated its Master Directions to address the risks associated with remote identification.
With these updates, video KYC now has to mandatorily simulate a face-to-face interaction in real-time. For NBFCs, this requires the system to capture live location data.
The Digital Personal Data Protection (DPDP) Act, with rules notified in 2025, has begun reshaping how businesses handle customer information.
Under this Act, every NBFC operates as a "Data Fiduciary," bearing legal liability for how data is collected, processed, and stored.
RBI KYC directions mandate storage of video KYC data, including recordings, in India, with cross-border transfers facing restrictions. Furthermore, the Scale-Based Regulation (SBR) framework for NBFCs means that Upper Layer and Middle Layer entities face higher scrutiny regarding their KYC compliance mechanisms.
2026 Video KYC Compliance Checklist
The operations team of NBFCs can use this detailed checklist to benchmark your current or planned video KYC infrastructure.
1. Advanced Liveness Detection (Anti-Deepfake)
Deepfakes and synthetic identities are major emerging threats. A compliant video KYC solution possesses active liveness detection capabilities. The system prompts the user to perform random actions, such as blinking, turning their head, or reading a random number. They do this to prove they are a live human and not a pre-recorded loop or a digital puppet. Thus, static image checks are no longer compliant.
2. Precise Geotagging and IP Whitelisting
The RBI has mandated customers to be physically present in India during the video KYC session. The application needs to capture the live GPS coordinates of the customer and verify the IP address to ensure it has originated from an Indian service provider. Any detected use of VPN or proxy should trigger a red flag and prevent completion.
3. End-to-End Encryption (E2EE)
The video feed, audio channel, and all transferred documents need to be end-to-end encrypted. Thus, no third party can intercept the sensitive personal data during transmission. The video KYC platform needs to comply with minimum encryption standards like AES-256.
4. Concurrent Audit Mechanisms
The KYC compliance system needs to allow auditors to verify a percentage of video KYC sessions. The infrastructure should support role-based access for auditors to review video logs, chat transcripts, and decision audit trails without compromising the integrity.
5. Seamless Integration with OVDs (Officially Valid Documents)
When a customer displays their PAN or Aadhaar card, the video KYC engine should use OCR (Optical Character Recognition). The OCR is used to extract the data and instantly verify it against the issuing database.
API Integration, Cloud Security, and Finding the Right Tech Partner
Modern NBFCs use video KYC API technology allowing mobile apps or websites to trigger the verification journey seamlessly. The user shouldn’t feel like they have left your platform. This API-led approach makes your core banking system receive the verification status, audit logs, and customer metadata instantly upon completion. Protean eGov Technologies, offers API stacks designed specifically for high-security environments. The platform supports financial services compliance requirements, including RBI norms.
The cloud infrastructure must be STQC certified and empaneled by the government wherever necessary.
Furthermore, a downtime during a video KYC call can lead to customer drop-offs and lost business. Thus, a video KYC mechanism also needs to guarantee high availability and disaster recovery.
Lastly, the integration should support low-bandwidth scenarios. India's internet connectivity varies across regions. Your video KYC solution needs to adjust the video quality dynamically to maintain the connection without breaking the audit trail.
Mitigating Risks in a Digital-First World
The shift to digital channels includes specific risks for NBFCs. These are as follows.
- Synthetic identity fraud involves criminals combining real and fake information to create a new persona.
- Deepfake technology has advanced to the point where fraudsters can mimic a victim's face on a video call.
- “Account mules" is another risk where genuine people open accounts under coercion.
- Data breaches pose the final major risk.
Conclusion
In 2026, it is strategically necessary for NBFCs to fully comply with video KYC regulations. Compliance has become an ongoing commitment to security and privacy.
NBFCs partnering with established technology providers like Protean eGov Technologies can gain a competitive edge, benefitting from a stack evolving with the regulations. It ensures that their KYC compliance remains watertight. So, as you finalise your roadmap for the year, you can prioritise the upgrade of your verification systems.
Frequently Asked Questions (FAQs)
Q1: What is the minimum internet speed required for a compliant Video KYC session?
In 2026, a compliant video KYC system should function effectively even at significantly lower speed, prioritising reliable audio clarity and frame integrity to ensure uninterrupted, legally valid interactions.
Q2: Can NBFCs use third-party agents for Video KYC?
NBFCs can use third-party technology platforms, but the maker (the person verifying the customer) needs to be on the NBFC's payroll ensuring strict accountability and compliance.
Q3: How does the DPDP Act affect the storage of video data?
The DPDP Act mandates storing personal data only for the purpose for which it was collected with encryption and security safeguards. You also need to delete this data once the purpose is fulfilled or after the mandatory retention period defined by applicable regulations like PML Rules.
