Dr Anupam Saraph an expert in governance, informatics and strategic planning, speaks out against the interests involved in linking bank accounts to Aadhaar despite an apex court stay against it

The Department of Financial Services under the Ministry of Finance which supervises the banking sector is aware of the problems faced by citizens who cannot avail of services because they are being denied access to their accounts due to the Finacle software used by banks. This program makes it essential for customers to share Aadhaar numbers before their applications can be processed despite a Supreme Court order staying this as a requirement in banking operations. A recent article in the website Moneylife detailed the woes of customers being denied access. Infosys, which developed and installed Finacle, a core banking software, says it upgraded it last year and sorted out all problems. But obviously all is not well.

Dr Anupam Saraph an expert in governance, informatics, and strategic planning has served as advisor to several national and international organisations, including UNESCO and the World Economic Forum through its Global Agenda Council for Complex Systems. He was also Information Technology Advisor to the Government of Goa. He has designed and implemented identity schemes and has in depth knowledge of what is right and wrong about biometric ID systems. He has written extensively on Aadhaar and has been a vocal critic of it being linked to banking and payment systems. Dr Saraph answers questions posed by Ajith Pillai on Finacle and explains the interests involved in linking the 12-digit Aadhaar number to bank accounts. Excerpts:

Infosys seems to suggest that the need to link Aadhaar for availing banking services has been sorted out in its new version of the Finacle software for banks? Is this true?

To reassure banks and their customers that Aadhaar is not hardcoded into Finacle, Infosys should make public a comparison of the steps of how core banking functions can be undertaken with or without Aadhaar using Finacle. Particularly, the opening of bank accounts, transacting with existing bank accounts, and the closing of accounts. Since customers usually don’t know if their bank uses Finacle, Infosys must list out the banks using the corrected version of Finacle that can follow the procedures that will not discriminate persons for want of Aadhaar.

Should banks scrap Finacle and opt for a more compatible system?

Banks should replace every software that attempts to end good banking practices, colonise its data to enable third party access, control and corrupt its operations, create un-auditable transactions and destroy core banking.

Don’t you think banks insisting customers must link their Aadhaar numbers to avail of services is in violation of Supreme Court orders?

The five-member bench of the SC on October 15, 2015 ordering “Union of India that it shall strictly follow all the earlier orders passed by this Court commencing from 23.09.2013” and “We will also make it clear that the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other” have not been overruled by any larger bench.

Further, the three-member bench passing orders on August 11, 2015 had restricted of use of the Aadhaar to “PDS Scheme and in particular for the purpose of distribution of food grains, etc. and cooking fuel, such as kerosene. The Aadhaar card may also be used for the purpose of the LPG Distribution Scheme”. This was extended to “The Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions) Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO)” by the five-member bench on October 15 2015.

The five-member bench also directed that “The information about an individual obtained by the Unique Identification Authority of India (UIDAI) while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a Court for the purpose of criminal investigation.”

The use of Aadhaar for banking or any other purpose than that permitted by the Court on15 October 2015, therefore, continues to be a contempt of the orders of the Supreme Court of India.

Aadhaar is the brainchild of Nandan Nilekani

What exactly are the interests involved in Finacle pushing Aadhaar?

The spread of Aadhaar enables money laundering, corruption, illegal transactions, un-auditable transactions, creates unfair trade practices and enables monopolisation of money flows. The web of conflict of interests in pushing Aadhaar is deep and widespread. The spread of Aadhaar across India is littered with the violation of the rule of law, propriety, respect for freedom of people or enterprises, national interests, and ethical practices.

Aadhaar is the brainchild of Nandan Nilekani (co-founder of Infosys and currently non-executive chairman of the company). He was appointed Chairman of the UIDAI in January 2009. Aadhaar payments is the brainchild of the National Payments Corporation of India (NPCI), founded in December 2008, whose founding Chairperson was N R Narayana Murthy, Co-founder and Chairman Emeritus of Infosys.

(To elaborate on the complex issues involved and the moves made to pushing Aadhaar into the banking system, Dr Saraph highlighted the following):

RBI Objections Brushed Aside From The Outset

File records show that the RBI maintained that the use of the Aadhaar number was in conflict with the Prevention of Money Laundering Act (PMLA), the Basel Standards for maintaining customer information and its own extant guidelines. It underlined that the use of Aadhaar would dilute its practices of keeping customer records. However, even when the use of Aadhaar was not permitted in banking, in January 2011, the UIDAI and NPCI signed an MoU stating that several banks were opening new bank accounts or linking existing bank accounts with Aadhaar numbers.

It further stated that these accounts would be Aadhaar Enabled Bank Accounts (AEBA). It proposed that NPCI would offer switching, clearing and settlement services or Aadhaar based financial transactions from such accounts. Pressured by the UIDAI the RBI issued a January 27, 2011 notification allowing the use of Aadhaar to open small bank accounts and specified restrictions on these bank accounts under the PMLA. But UIDAI was not satisfied and increased the pressure on RBI till finally under advise from the Department of Revenue, Ministry of Finance, on September 28, 2011, the RBI lifted the PMLA restrictions on bank accounts opened solely with Aadhaar.

It also enabled the presence-less and paperless opening of bank accounts using eKYC or remote Aadhaar authentication. This allowed opening of bank accounts solely on production of Aadhaar numbers as the banks no longer retained account opening forms, customer acquisition documents or were required to have customers’ presence while opening bank accounts. RBI data suggests a doubling of bank accounts since the UIDAI pushed for opening bank accounts solely with Aadhaar.

Interestingly in 2010 itself, before any MoU with UIDAI or the Aadhaar numbers going live, NPCI had already developed Aadhaar Enabled Payment System (AEPS) which went live in November 2011. The AEPS transfers money to Aadhaar numbers instead of bank accounts.

The Push for Aadhaar Enabled Payments

In March 2012, the Nandan Nilekani-led Task Force on an Aadhaar-Enabled Unified Payment Infrastructure pushed for Aadhaar enabled payments. Replacing RBI’s NEFT (National Electronic Funds Transfer from bank to bank) to transfer funds with Aadhaar is an implicit claim that the uncertified, unverified, and unaudited Aadhaar, where no one identifies anyone nor is anyone responsible for identification, identifies the beneficiary better than the KYC process used by RBI that make the branch managers liable for fraudulent bank accounts.

Once linked with Aadhaar, bank accounts opened with the traditional KYC practices of the RBI become indistinguishable from those opened solely with Aadhaar. They also become susceptible to Aadhaar Enabled Payment Systems. The auditability of payments made through AEPS and its eerie resemblance to hawala system of money laundering has been under controversy since 2014.

Enter The Payment Banks

In October 2013, Nachiket Mor, Member of the Board of RBI and now also the country head of the Bill and Melinda Gates Foundation, floated the idea of the Payment Bank. Such Payment Banks do not have branches and are operated in a cashless, presence-less and paperless mode. Payment Bank accounts are typically opened with only Aadhaar.

In October 2017 the Airtel Payments Bank was able to create 37 lakh bank accounts based on Aadhaar data without any customer request to open those bank accounts. These accounts received 167 crores of LPG subsidy from the Consolidated Fund of India. Clearly someone benefits by replacing an auditable NEFT money transfer with an un-auditable AEPS. Furthermore, the Ministry of Finance is not able to identify who are the 52 crore beneficiaries who have since inception received Rs 246,133 crore under various schemes through direct bank transfers (DBT) using Aadhaar payments.

According to Nilekani, who continues to advise the NCPI, over Rs 95,000 crore was transferred to beneficiaries in 2017-18 using AEPS. No one has established that the recipients of the Rs 95,000 crore are real persons and genuine beneficiaries. No one has certified the delivery of benefits and subsidies from the Consolidated Fund of India to those it was meant to target.

The Interests Involved

Shrikanth Nadhmuni, former technology head of UIDAI, is on the board of HDFC Bank Ltd since September 20, 2016. He is also the Chairman of Novopay Solutions Private Limited, a company involved in the area of mobile payments and is also the Chief Executive Officer of Khosla Labs Private Limited, a company promoting Aadhaar Bridge, a set of APIs (application programming interface or a set of defined methods of communication between various software components) to access the UIDAI’s database. He is also attributed as having developed Aadhaar banking and financial protocols including MicroATM, Aadhaar Enabled Payment system and Aadhaar Payment Bridge

Both ICICI and HDFC, major players in the National Payments Corporation of India, have also been instrumental in creating the Goods and Service Tax Network (GSTN) for collecting government taxes. Aadhaar has been made mandatory for registration to pay GST. HDFC and ICICI have been aggressively pushing Aadhaar linkage, and causing suffering to those customers who did not, in complete violation of Supreme Court orders.

Unless traditional bank accounts are linked with Aadhaar, they don’t become indistinguishable from those opened remotely or solely with Aadhaar. Nor do they become Aadhaar enabled or able to receive or transfer money using NPCI’s AEPS. Once indistinguishable from bank accounts that have been opened with RBI’s traditional KYC practices, it becomes difficult, if not impossible, to detect money laundering, corruption, illegal transactions, un-auditable transactions, creating unfair trade practices and monopolisation of money flows.

Why are these companies pushing Aadhaar aggressively in complete contempt of the existing laws, Constitutional rights of Indians as well as the orders of the Supreme Court of India?

Finacle also devised the system for GSTN which has not lived up to expectations. Isn’t it time the government weighs its options before awarding software contracts?

If the recent appointment of Ajay Pandey (Chairman of UIDAI) as the Chairman of GSTN says anything, the same network of interests that drive Aadhaar, drive the GSTN. Why would the development of GSTN’s information systems be any different? After all, like Aadhaar, it does not serve the people but different masters. Dr Subramaniam Swamy has raised serious concerns about the national security implications of Aadhaar and GSTN in Parliament and these need to be addressed.

This experience also underlines the need and importance of open source in government. The UIDAI has not placed the source code of the API (application programming interface) used to access the Aadhaar database in public domain. It even refuses to reveal under RTI who developed, maintains or owns this API. Yet strangely, Khosla Labs offers a version of this software as Aadhaar Bridge and another group of “volunteers” calling themselves iSprit offer it as “Indiastack”. Which code is being used by Infosys to build software for the GSTN? Under what licensing terms? It’s all kept out of the public domain.