How Aadhaar linkage can destroy banks

Even if Aadhaar numbers were proof of identity, which it is not, its use to make money transfers make financial transfers un-auditable, propagate money laundering and financial fraud. There is no justification for introducing an unverified and un-audited number to allow payments and settlements



The Reserve Bank of India (RBI) is empowered by the Payment and Settlement Systems Act, 2007 to regulate various payment systems in the country. About 59 organisations are authorised by the RBI under this Act for setting up and operating payment systems in India. In its vision document 2012-15 the RBI states its mission is “to ensure payment and settlement systems in the country are safe, efficient, interoperable, authorised, accessible, inclusive and compliant with international standards”. In compliance with international standards, therefore, all key systems should be secure (that is, have access controls, be equipped with adequate safeguards to prevent external intrusions, and provide audit trails), reliable, scalable and able to handle volume under stress conditions.

A payment can be effected through electronic funds transfers and includes point of sale transfers, ATM transactions, direct deposits or withdrawal of funds, transfers initiated by telephone, internet and, card payment.

When you use your banks online banking to transfer money from your account to a recipient you use a system called National Electronic Funds Transfer or NEFT. NEFT is RBI’s own electronic money transfer system. Your money is transferred to the recipient's account in the hourly schedules to settle the payables and receivables from each bank that result from all the NEFT transactions in the hour. In case, your transfer fails, your money is back in your account. If you make larger transfers, say Rs2 lakh and above, then you will have to use RBI’s Real Time Gross Settlement or RTGS system to make the transfer. In this case the gross amount is moved from your account to the recipient account directly. In case the transaction fails your money is reversed back to you.



You need to be logged into your bank account to initiate an NEFT or RTGS transfer. Only a valid bank account can receive funds making electronic transfers the bank. The transfers leave a permanent audit trail that inhibits money laundering.

NPCI’s electronic money transfer system

The National Payments Corp of India or NPCI, a section 25 company, also runs its own payment system. The Aadhaar-Enabled Payment System or AEPS, as it is called, facilitates the deposit of money to and withdrawal of money from Aadhaar-Enabled Bank Accounts (AEBA). AEBA accounts are bank accounts where an Aadhaar number is mapped to the bank account. This is done by a process called as “seeding” an Aadhaar number to a bank account with designated banks.

After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into a “NPCI mapper” or a repository of Aadhaar numbers used for the purpose of routing transactions to the destination banks. The NPCI mapper contains Aadhaar number along with an Institution Identification Number or IIN, a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else change the bank account associated with your Aadhaar number only the current banks’ IIN will be associated with the Aadhaar number.

Now you are all set to make deposits, withdraw money and even make money transfers from the Aadhaar Enabled Bank Account by providing the source and destination IIN and Aadhaar number.

Financial Inclusion?

Banks can appoint a “Business Correspondent” to provide access to basic banking services using a micro-ATM. These include the ability to take deposits, dispense cash for withdrawals, process funds transfers, or answer balance inquiries. The Banking Correspondent is the “last-mile” to replace the village money lender. The Banking Correspondent only collects money or hands it out from his own account with a parent bank. The Banking Correspondent may issue a receipt for the transaction. There is no passbook for AEBA. There are only receipts of transactions. The parent bank has nothing to do with payments to or from individual accounts. It only settles payable and receivable to the Banking Correspondent.

The UIDAI explains that “The resident would be allowed the option to either open a new bank account or link an existing bank account to Aadhaar at the time of enrolment. Also, the person can always approach the bank concerned for linking the existing bank account to Aadhaar”. Such accounts are not subject to the requirements of the Anti-Money Laundering Rules. The banks have been pushed to open AEBA accounts repeatedly by the RBI. Through its circular no 17015/14/2012/FI dated 06 February 2014 the UIDAI enabled the process of opening new bank accounts through micro ATMs or linkage of existing bank accounts with Aadhaar.

Rupay Cards

The Rupay card, a pre-paid debit card, was launched as the Dhan Aadhaar card in December 2011. It has been co-branded with different financial institutions with differing operational requirements and fees . Some of these cards are branded as pre-paid cash cards and do not require a bank account. Since all Rupay cards would require the ABPS it is no surprise that all banks were pushed to enable biometrics and Aadhaar to enable the Rupay. When there was some resistance to burden all account holders with this new infrastructure pin-based Rupay have been introduced.

From the limited information available on the specifics the Pradhan Mantri Jan Dhan Yojana launched on 28 August 2014 promises an Aadhaar Enabled Bank Account (AEBA), a Rupay Debit Card and the Accident Insurance cover most banks were offering with the Rupay Debit card.

It is therefore surprising to learn that that 2.5 crore accounts have been opened without any website that details the eligibility, benefits and operational details; unless the procedure was no different from the Dhan Aadhaar card and AEBA of the United Progressive Alliance (UPA). The Prime Minister's Office (PMO) appears to have been misled completely.

The risks of Aadhar-enbaled Payment System (AEPS)

The AEPS is based on the following premises.



1. An existing account number and IFSC code that uniquely identifies a branch of any bank are not sufficient to do a legitimate transaction.

2. An account not linked with an Aadhaar number lacks the KYC or may be a fake account.

3. An account linked with an Aadhaar number is genuine and cannot be a fake one.

4. Auditability of Aadhaar number to Aadhaar number bank transfer is identical to an account number to account number transfer.

5. The costs of ABPS are less than the costs of NEFT or RTGS.

The RBI should close down RTGS and NEFT if assumption 1 is true. It is completely unclear why a third party number should be associated with a genuine account for identifying the account or the branch.

If assumption 2 holds and accounts not linked with Aadhaar are fake ones, or lack KYC, the RBI should be closed down for having enabled such accounts and money transfers within and between them in India. It is surprising that the Government of India does not trust these accounts when it comes to transferring any benefits when its Income Tax department has used them all along to assess income and even make refund payments.

Let us examine assumption 3. When the Aadhaar number is merely a 12-digit number assigned to demographic and biometric data submitted by private parties; it cannot be a proof of identity, address or even existence. There has been no verification or audit of the Aadhaar database and therefore it is very conceivable that, as was the case of Satyam, huge number of non-existent persons is assigned an Aadhaar number. There is no basis to regard any bank accounts linked to an Aadhaar number as belonging to genuine or even existing individuals.

Let us examine assumption 4. It is impossible to change the beneficiary in an account number to account number transfer. It is however possible to re-associate an account associated with an Aadhaar number. In fact it is possible to create different accounts and is link them to the same Aadhaar number at different times.

If you have the demographic and biometric details of various real persons, as you would, if you were an Aadhaar enrolment agency, it would not be impossible to create an account linked with their Aadhaar numbers without their knowledge. If you were a financial institution enrolling people it would not be impossible to open multiple accounts in different branches and link the same Aadhaar number with them at different times.

Why would one do that? Different accounts can “park” money at different times or even become conduits for laundering money. Considering that the RBI suspended the requirements of anti-money laundering rules to Aadhaar based bank accounts and enabled the opening of such accounts in the absence of a branch or an audit infrastructure makes this very plausible. Such accounts can also become conduits to claim undeserved benefits from Government that would never be traced once released. This is a recipe for embezzling government treasury with no complaints, no audit trail and no punishment.

Clearly Aadhaar number to Aadhaar number bank transfer is not identical to an account number to account number transfer. Since the NPCI maintains no log of the previous account numbers associated with an Aadhaar number it makes such transfers completely unauditable.

Let us examine the 5th assumption that transactions on ABPS cost less than other payment systems. In making such a claim the NPCI does not do an actual end-to-end cost comparison with any alternatives. The costs of ABPS that NPCI ignores are the cost of the Aadhaar infrastructure and maintenance. It ignores the costs of fraud and leakage. It ignores the cost of the infrastructure of micro ATMs and having banks switch to enabling their accounts for Aadhaar. These costs would ultimately be passed on to the customer.

Even if Aadhaar numbers were proof of identity, which it is not, its use to make financial transfers, is the best way to make financial transfers unauditable, propagate money laundering and financial fraud. There is no rational justification for introducing an unverified and unaudited number to allow payments and settlements.

The way ahead

There is no doubt that the future may hold several disruptive business models for payments and settlements many of which may be enabled by technology. While encouraging innovation, it is the role of the regulator to ensure that these do not bring ruin to the nation’s financial system.

In an NYU paper titled ‘The Precautionary Principle: Fragility and Black Swans from Policy Actions’, Nassim Taleb argues that taking risks is necessary for the functioning and advancement of society. However, all risks are not equal. Taking into account the structure of randomness in a given system can have a dramatic effect on which kinds of actions are, or are not, justified.

With the help of probability theory, Taleb asserts that when impacts are not localized and non spreading, interdependence increases propagating impacts resulting in irreversible and widespread damage and the probability of devastation, ultimately to the point of certainty. The interdependence of the NPCI, IBA, RBI, UIDAI and the various government departments are engineered for what Taleb characterizes as “ruin”.

By enabling ABPS and Aadhaar linkages with bank accounts, the RBI has enabled fraud propagation across the entire banking industry that will result in widespread and irreversible damage. It is evident that the RBI has failed to protect the nation’s banking system from an increased probability of devastation.

In the interest of financial prudence the RBI governor, the IBA and the various banks must invoke the precautionary principle and immediately suspend all linkage of Aadhaar to any financial instrument. The RBI governor ought to declare a financial emergency and freeze all Aadhaar linked bank accounts and reverse these transactions.

The PMO must revisit the UPA projects that have been allowed to be carried forward. Given the multiple institutions involved, it would be fitting to set up an inquiry commission that will include voices that have raised caution in the interest of the nation and have a mandate to minimize the damage to the country and suggest the way ahead. In the meanwhile, it would only be prudent to suspend all linkages to the Aadhaar number.

The Supreme Court of India has several pending public interest litigations (PILs) on Aadhaar linkages and it would prudent to have a special court to issue a stay on all Aadhaar linkages till the cases are heard and at the same time hear the PILs expeditiously given the extent of financial ruin that Aadhaar can bring to India.

The banking system in India is becoming extremely complex. Complex systems increase risks disproportionately to the increase in complexity. If this investigation into a small part of the banking system - electronic money transfers - is not sufficient to make a prudent banker lose sleep, we may not have any prudent bankers left anymore. It is evident that our policy makers have neither the time nor inclination to apply themselves to the implications of their actions nor to seek counsel to protect the nation and its assets. Embroiling the unbanked into this mess is no financial inclusion - it is a debt warrant.



Some important Dates

Date Particulars Dec-08 Incorporation of National Payments Corporation of India (NPCI) 28-Jan-09 Planning Commission of India Notifies the UIDAI with mandate to create a UID. Apr-09 Certificate of Commencement of Business issued to National Payments Corporation of India (NPCI) 14-Dec-09 NPCI takes over ATM switching service to banks in India through National Financial Switch from Institute of Development and Research in Banking Technology (IDRBT) Apr-2010 UIDAI whitepaper: From Exclusion to Inclusion with Micropayments 13-Dec-11 The Standing Committee on Finance and urged the government to reconsider and review the UID scheme and also the proposals contained in the Bill in all its ramifications. 27-Jan-11 RBI Notification RBI/2010-11/389 DBOD.AML.No. 77 /14.01.001/2010-11 making anti-money laundering rules applicable for bank accounts opened with Aadhaar. 28-Sep-11 RBI Notification 12/207DBOD.AML RBI/2011. BC. No. 36/14.01.001/2011-12 relaxing anti-money laundering rules for bank accounts opened with Aadhaar. Dec-2011 Dhan Aadhaar Yojana launched 17-May-12 RBI Notification RBI/2011-12/566 DBOD. No. BL. BC. 105/22.01.009/2011-12 on financial inclusion and banking correspondents. 12-Mar-13 RBI Circular RBI / 2012-13 / 436 A.P. (DIR Series) Circular No. 89 on revised guidelines for money transfer schemes. 1-Jul-13 RBI Master Circular RBI/2013-14/1 Master Circular No.1 /2013-14 on money transfer service scheme. 1-Jul-13 RBI Notification RBI/ 2013-14/31 UBD.BPD. (PCB).MC.No.16 /12.05.001/2013-14 specifying obligations of the banks under the prevention of money laundering act of 2002. 6-Feb-14 UIDAI Notification 17015/14/2012/FI enabling opening new accounts through micro ATMs 28-Aug-14 Pradhan Mantri Jan Dhan Yojana launched



(Dr Anupam Saraph is a Professor, Future Designer, former governance and IT advisor to Goa Chief Minister Manohar Parrikar and the World Economic Forum)