Linking Aadhaar to bank accounts is a recipe for creating benami bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatizing processes integral to core banking so that they become the responsibility of no one.Enabling Benami Bank Accounts
A few days back a co-panelist on a TV channel argued that linking Aadhaar to Bank Accounts will weed out money laundering by verifying bank accounts. Money laundering is facilitated by creating benami accounts. It is also facilitated by benami transactions.
Benami accounts get created when banks fail to identify the real customers who own the accounts. The Panama Papers exposed data of thousands of benami accounts created through a Panamanian law firm, Mossack Fonseca. The Panama Papers exposed one modus operandi of hiding the real owners of the assets in tax havens.
Prudent bankers recognize the importance of knowing who they bank with. It is no wonder that the Reserve Bank of India noted right from 2010 that the Aadhaar enrolment process does not have due diligence, verification is not compulsory as confirmed by the UIDAI in the Demographic Data Standards and Verification Procedure, and does not require document based verification. The bank also highlighted that such use of Aadhaar as third party identification is against Prevention of Money Laundering Act, the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision and circulated to scheduled commercial banks by the RBI on November 29, 2004. The bank also observed that a fixed time document like the Aadhaar cannot be a Proof of Address. It also cautioned using Business Correspondents (BC), to open bank accounts or undertake banking transactions, as the vulnerability of the system has not been tested and co-mingling funds of different banks in the hands of BC’s was a major operational risk to the banks. While resisting the use of Aadhaar, the RBI also highlighted the Government’s concern about the perceived misuse of such accounts for terrorist financing.
Under pressure from the UIDAI and the Department of Revenue, Ministry of Finance the RBI, through its circular dated January 27, 2011, allowed bank accounts to be opened exclusively on the basis of Aadhaar number. However, the RBI required such accounts to be put to restrictions and be subjected to conditions and limitations prescribed for small accounts.
Not happy with the restrictions, the UIDAI pressed the RBI to lift the restrictions placed on accounts opened with Aadhaar numbers under the PMLA. On September 28, 2011, again through the Department of Revenue, the UIDAI succeeded in getting the RBI to backtrack and suspend the restrictions of the PMLA on bank accounts opened solely through Aadhaar. The UIDAI also succeeded in causing the RBI further to accept eKYC or remotely using information associated with an Aadhaar number as KYC. According to the UIDAI eKYC brings scale to the ease of onboarding customers.
To put the problem in perspective, Aadhaar enrolment was completely outsourced to private parties by the UIDAI with the sole aim of building the world’s largest biometric database. Mr. Nilekani’s UIDAI repeatedly emphasized that they merely provided a framework to issue a number and store the (unverified and unaudited) data. In fact, no one from the UIDAI or even the government even signs the Aadhaar card that is mailed back to the enrollee. The very same organizations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “Registrars” to the enrolment process. They were even given flexibility in the collection, retention, and use of the data (including biometric) that they collected. No one in the enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrollment. Needless to say, anyone in possession of your documents could enroll with minor changes in any demographic information. Field stories of enrolments are full with descriptions of biometric jugaad including using a combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximize registrations. The Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.
While there is widespread belief that biometric authentication at time of opening a bank account prevents benami, it ignores the field realities of mobile sims being issued on Aadhaar photocopies and used to open bank accounts, of having remotely “downloadable” accounts, and also plain simple use of photocopies of Aadhaar or parallel Aadhaar databases to open bank accounts. With Aadhaar, banks do not have any trace of the real customer. The customer, in turn, can simply point to a benami owner using an Aadhaar number.
To compound the problem, UIDAI has no liability for benami bank accounts opened with Aadhaar. After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in 5 years. No one knows who really controls these accounts.
Enabling Benami transactions
The UIDAI signed a MoU with the National Payments Corporation of India (NPCI), a non-government company, to develop an Aadhaar Enabled Payment System (AEPS). In this MoU, the UIDAI has no responsibility for your banking transactions and the NPCI has no obligation to the RBI. The payment system uses the Aadhaar linked to a bank account as a financial address to do electronic money transfers from one Aadhaar number to another.
Unless an Aadhaar is linked to the account, the AEPS cannot access the bank account. Linking a PAN to the Aadhaar will have the same effect as linking the Aadhaar to a bank account as the PAN is already linked to the bank account. Such accounts become Aadhaar enabled. Aadhaar enabled bank accounts are ready to be used by the AEPS for Aadhaar to Aadhaar money transfers.
Linking an Aadhaar to a bank account is done through a process called as “seeding” an Aadhaar number to a bank account. After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into an “NPCI mapper” or a repository of Aadhaar numbers and Institution Identification Number (IIN) numbers used for the purpose of routing transactions to the destination banks. The IIN is a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else seed your Aadhaar with another bank account, the NPCI mapper is overwritten with the new banks’ IIN. Money transferred to an Aadhaar number, using the Aadhaar Enabled Payment System, gets transferred to the bank account linked to the Aadhaar number at the branch recognized by the IIN.
A money launderer can transfer money to an account linked to an alternate IIN and then re-seed the NPCI’s mapper with the original IIN for the Aadhaar number, completely wiping out any trace of money to the alternate IIN. Like transactions of bearer shares in Panama, such money transfers becomes no different from a hawala transaction between real parties who remain anonymous or benami.
The NPCI’s idea of Aadhaar to Aadhaar banking itself is flawed. It is surprising if the RBI has licensed this payment system under the Payment and Settlements Act.
All money is ultimately stored in bank accounts and not in the name of a person. Nowhere in the world does one transfer money to a person, you transfer it to a person’s account. Money transfers to and from a bank account make every money transfer traceable from source to destination making money laundering difficult, if not impossible. Hawala schemes make money transfers untraceable by eliminating the bank accounts. Money transfers that, like the hawala, are based on the premise that you do not share an account number, with someone transferring money to you, are inherently flawed in auditability as they wipe out the money trail.
The idea of a mapper, as used by NPCI’s AEPS, does not allow for instructions from sender but relies on the periodic update of IIN in the NPCI’s table mapping Aadhaar numbers from banks. As multiple banks have to upload the Aadhaar numbers seeded with accounts held by them, this cannot guarantee desired results. Worse, this slices the business process and outsources parts such that it destroys responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI or the banks are responsible for such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.
Such money transfers would be difficult if not impossible to trace without a whistleblower. A few cases have been reported that suggest the large scale play of this scenario already. For example, more than 40,000 erroneous transfers were reported through AEPS in DBT transfers meant as part of drought relief for farmers in Karnataka. The government allegedly blamed the banks for failure to send the correct Aadhaar numbers with the beneficiaries.
That such transfer of funds is not affected with NEFT, when Aadhaar Leaks has exposed that bank details are already present in every record of the leaked data, creates grave suspicions. There is absolutely no reason to switch public payments from NEFT to AEPS, run by a non-government company. The replacement of a time-tested standard of electronic money transfers under government regulation by a non-standard payment system run by a non-government company raises several questions of national and public interest, propriety and possible conflicts of interest.
Destroying the banking system
The Department of Revenue has done it again. On June 1, 2017, vide Notification No.2/F .No. P.12011/11/2016-ES Cell-DOR it mandates the linking of every bank account with an Aadhaar number before December 31, 2017. While lawyers point out several illegalities, including the scope, of the notification of this subordinate legislation under the PMLA, the failure to consistently protect national interest is unbelievable.
This is not just a threat, it is a destruction of the Indian banking system. Here are just 5 ways in which linking the Aadhaar to PAN or a bank account will destroy India.
One, linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers as it becomes easy to remotely create benami accounts and operate benami transactions while claiming complete legitimacy. This will destroy India’s economy and governance.
Two, financing crime and terrorism will grow uncontrollably as it becomes increasingly difficult to discover, report or close down such operations. This will make it impossible to ensure national security as the rule of law is destroyed.
Three, corruption will increase as it becomes easier when proceeds will not be traceable to the corrupt.
Four, banks will not be able to contain non-performing-assets, fraud, and financial misappropriation as the real users will be untraceable. The economy will be completely out of control as the black and white economies become indistinguishable.
Five, the innocent will lose money, reputation and access to justice, dignity, and livelihood as they can be easily compromised, denied access or framed. Helpless citizens and businesses may also find their access to money disabled by deactivation or blocking of Aadhaar with no recourse to survival.
We are in a policy vacuum as the NITI Aayog and the bureaucracy has failed to recognize and protect the national interest. Unless the RBI de-licenses the AEPS immediately and the government stays linking Aadhaar to PAN and bank accounts, our leadership will have failed to protect India from this fast spreading cancer of Aadhaar. In the meantime, refusing to link Aadhaar to anything may be the only option left for you.