LendingIQ logo

Use case #0002

RBI V-CIP compliance checklist: what Video KYC AI verifies in every session

The RBI's V-CIP guidelines are specific. They list exactly what must be verified in a video KYC session, how it must be recorded, what documents must be shown, how geolocation must be confirmed, and what the session record must contain. Most institutions know the list. Few have a mechanism that applies it consistently to every session, with every check documented, and the evidence retrievable on demand. The Video KYC Moderator AI is that mechanism.

The RBI's V-CIP guidelines are specific. They list exactly what must be verified in a video KYC session, how it must be recorded, what documents must be shown, how geolocation must be confirmed, and what the session record must contain. Most institutions know the list. Few have a mechanism that applies it consistently to every session, with every check documented, and the evidence retrievable on demand. The Video KYC Moderator AI is that mechanism.

What the RBI V-CIP guidelines actually require

The RBI's Master Direction on KYC, updated progressively since 2020, specifies the Video-Based Customer Identification Process in detail. The requirements cover five broad categories: identity verification (the right documents, the right checks), liveness and presence confirmation, geolocation validation, session recording and retention, and the authorised official requirement. Each category has specific sub-requirements — and each sub-requirement has a documentation obligation attached to it.

In a manual V-CIP operation, the application of these requirements depends on the agent's recall, attention, and training on any given day. The Video KYC Moderator AI converts each requirement into an automated check that runs at the appropriate moment in the session, generates a pass/fail result with evidence, and logs that result in the session record — so that the checklist is not something the agent remembers to apply, but something the system applies and the agent certifies.

"The RBI inspector reviewing a V-CIP session does not ask whether your agent tried to comply — they ask whether your session record proves compliance. The Video KYC Moderator AI makes that proof automatic."

The complete V-CIP compliance checklist — automated and logged

Section 1 — Identity Document Verification

RBI KYC MD 16(c)(i) and 16(c)(ii)

Aadhaar shown live on camera — not a photograph of Aadhaar

The AI detects whether the Aadhaar presented is a physical card, a print, or a screen photograph rather than a live card held in front of the camera. Depth estimation and glare pattern analysis distinguish a physical card from a screenshotted or printed replica. Result logged with confidence score.

→ Automated · Passive optical analysis · No user action required

Aadhaar last 4 digits verbally confirmed by borrower on video

The RBI guidelines require the customer to verbally state their Aadhaar last 4 digits on video — this cannot be pre-typed or shown on a card alone. The AI's speech-to-text module transcribes the verbal confirmation and cross-checks it against the OCR-extracted digits from the card. Mismatch triggers an immediate flag.

→ Automated · Speech-to-text + OCR cross-check · Logged with transcript

PAN presented and OCR extracted — number cross-checked against application

PAN card captured on video, OCR performed in real time, extracted PAN number compared against the PAN entered at application. Any mismatch — even a single character — is flagged immediately for agent review. The PAN image frame is extracted and stored in the session record as documentary evidence.

→ Automated · OCR + application cross-check · Document frame stored

Document clarity threshold — all four corners visible, text legible, no glare occlusion

The AI assesses document image quality at the moment of presentation: are all four corners visible (confirming full card capture), is the text zone at the resolution required for reliable OCR, and is there specular glare occluding any information zone? If quality falls below threshold, the borrower is prompted in real time to reposition the card — before the session progresses.

→ Automated · Real-time quality gate · Borrower prompted if below threshold

Section 2 — Liveness and Presence Confirmation

RBI KYC MD 16(c)(iii) and 16(c)(iv)

Liveness detection — passive analysis confirms live person, not photograph or deepfake

Passive liveness analysis runs from session start — skin texture, micro-movement patterns, and depth estimation confirm a live human is present. This check runs continuously throughout the session, not just at a single verification moment, ensuring that a live feed is not replaced with a recorded video mid-session.

→ Automated · Continuous passive analysis · Alert if confidence drops below threshold at any point

Face match — live face matched against Aadhaar photograph (128-point geometry)

The face captured in the live video session is matched against the photograph extracted from the presented Aadhaar card using 128-point facial landmark mapping. An ageing adjustment is applied based on Aadhaar issue date. Match confidence score recorded in session log. Sessions below threshold threshold are referred for agent decision, not auto-rejected.

→ Automated · 128-point geometry · Score and threshold logged
H

Authorised official confirms customer's identity visually — required by RBI

The RBI guidelines require the authorised official to visually confirm that the person on screen matches the presented identity documents. This is a human judgment — the AI provides the quantified face match score and flags any anomaly, but the official's visual confirmation is a separate, non-delegable regulatory step that must be recorded.

→ Human agent · Logged as agent confirmation with timestamp · Cannot be automated

Section 3 — Geolocation and India Presence Confirmation

RBI KYC MD 16(c)(v)

Geolocation confirmed as within India at session initiation

The borrower's device geolocation is captured at session start and at session end. GPS coordinates are validated against the Indian territorial boundary (including Andaman and Nicobar Islands, Lakshadweep, and other territories). VPN or location spoofing is detected and flagged — a session where GPS shows India but IP geolocation shows a foreign country is a compliance failure, not a technical anomaly.

→ Automated · GPS + IP geolocation cross-check · Both coordinates stored in session record

Location spoofing detection — GPS and IP geolocation consistent

GPS can be spoofed on rooted devices. The AI cross-references GPS coordinates with IP geolocation (ISP-reported), device network type, and ambient background characteristics (time zone consistency, background audio language, visible background environment). Inconsistency across these signals is a location spoofing indicator.

→ Automated · Multi-signal cross-reference · Any inconsistency → agent review required

Section 4 — Session Recording and Retention

RBI KYC MD 16(c)(vi) and 16(c)(vii)

End-to-end session recording — initiated at session start, terminated at agent sign-off

Recording begins automatically when the session is initiated and cannot be paused or terminated before the agent's final sign-off. The recording includes both video streams (borrower and agent), all audio, and a timestamp-synchronised overlay showing the compliance check results as they occur in real time.

→ Automated · Cannot be interrupted · Timestamp-synchronised overlay

Session record encrypted and stored — minimum 5 years from session date

Completed session recordings are AES-256 encrypted, stored in a write-once archive, and tagged with a retention expiry date set to 5 years from session date per RBI requirements. The session record includes: the full video recording, the compliance check log with every result and timestamp, the agent sign-off with employee ID, and the SHA-256 hash of the complete record for tamper detection.

→ Automated · Write-once · Hash-sealed · 5-year retention enforced automatically

Session retrievable within 48 hours of any regulatory or audit request

Every session record is indexed by borrower PAN, application ID, session date, agent ID, and session outcome — enabling retrieval by any of these dimensions within minutes. RBI inspection requests specifying a date range or borrower set are fulfilled automatically with no manual file assembly required.

→ Automated · Indexed by 5 dimensions · 48-hour retrieval SLA maintained

Section 5 — Authorised Official Requirements

RBI KYC MD 16(c)(viii) and 16(c)(ix)
H

Authorised official identified at session start — name and employee ID logged

The agent's identity is logged at session initiation using their authenticated session credentials. The RBI requires that the authorised official be a KYC-certified employee of the reporting entity — the system verifies active certification status before allowing the agent to open any session.

→ Human + Automated · Employee authentication + KYC certification validation
H

Agent's final pass/refer/fail decision — signed and timestamped

The final outcome of every V-CIP session is a human decision by the authorised official. The AI provides the compliance summary, the flag summary, and a recommendation — but the determination is entered by the agent, signed with their employee credentials, and timestamped in the session record. This decision cannot be automated and is the regulatory basis for the KYC completion.

→ Human only · Sole decision authority · Cannot be delegated to AI · Signed in session record

The session audit trail: what the record shows

V-CIP Session Record — VK-2025-8841
Priya Sharma · Home Loan ₹45L · Nov 14, 2025 · 14:24–14:31
14:24:08
System · Pre-session check
Borrower geolocation confirmed: 12.9716°N 77.5946°E — Bengaluru, Karnataka. Within India. GPS and IP geolocation consistent. VPN: not detected. Session recording initiated.
Auto
14:24:22
Agent: Kavitha R. (EMP-4412) · Session open
Agent authenticated. KYC certification status: Active (expires Mar 2026). Session opened as authorised official. Identity logged in session record.
Human
14:25:10
AI · Liveness detection
Passive liveness: Score 96/100 — live person confirmed. Micro-movement pattern: consistent with live face. Depth estimation: PASS. Active challenge: not required (passive confidence sufficient). Face match vs Aadhaar photo: 91/100 — PASS (threshold: 85).
Auto
14:26:44
AI · Document verification — Aadhaar
Physical Aadhaar card detected (not photograph). OCR: Name "Priya Ramachandran Sharma", DOB 14/08/1988, last 4 digits "4841". Verbal confirmation recorded: "four eight four one" — matches OCR extract. Document clarity: all 4 corners visible, OCR confidence 98%, no glare occlusion. Cross-check vs application: Name match 94% (middle name variant), DOB exact match, address — PASS.
Auto
14:28:12
AI · Document verification — PAN
PAN card captured. OCR: AABCR1234F. Cross-check vs application: EXACT MATCH. PAN image frame extracted and stored in session record. NSDL status: Active — cross-verified.
Auto
14:29:58
Agent: Kavitha R. · Visual confirmation
Authorised official visual confirmation: Person on screen matches presented Aadhaar photograph. Identity confirmed. No anomalies observed by agent. AI compliance summary reviewed — all checks passed, no flags raised.
Human
14:31:04
Agent: Kavitha R. · Final determination
V-CIP OUTCOME: PASS. All RBI compliance checks satisfied. Session recording terminated and sealed. Record hash: a3f8e2b1c9d4f7a0. Retention expiry: Nov 14, 2030.
PASS
● Session duration: 6m 56s · All 14 compliance checks: PASS ● Record sealed · Hash-verified · 5-year retention active ● Retrievable on demand · Indexed by 5 dimensions
14Compliance checks per session — all logged with result, confidence score, and timestamp
11Checks fully automated — AI runs, logs, and stores evidence without human involvement
3Checks with human component — visual ID confirmation, final determination, agent sign-off
5 yearsSession record retention — automatically enforced from session date per RBI MD 16

Compliance is not what you intend to check — it is what you can prove you checked

A V-CIP session that was conducted correctly but whose session record does not prove each compliance step was executed is not a compliant session — it is an unverifiable one. The RBI inspector reviewing your V-CIP operation is not asking whether your agents try to follow the guidelines. They are asking whether your session records demonstrate that every step of the guidelines was followed, for every session, with evidence. The Video KYC Moderator AI makes that demonstration automatic — the session record is the compliance proof, generated in real time, for every session, without exception.

← Back to Video KYC Moderator AI