Aadhaar e‑KYC Access Granted to Select NBFCs Under PMLA Framework

The Central Government has formally permitted a specific group of reporting entities to carry out Aadhaar-based authentication for compliance with Section 11A of the Prevention of Money-laundering Act, 2002. This permission has been notified through Notification S.O. 2597(E) dated 21 May 2026, issued by the Ministry of Finance, Department of Revenue.

This move integrates Aadhaar e‑KYC into the customer due diligence process of identified financial institutions and reporting entities, thereby strengthening anti-money laundering controls while ensuring adherence to the privacy and data security framework under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

Statutory Power Under Section 11A

The notification is anchored in the proviso to sub‑section (1) of Section 11A of the Prevention of Money-laundering Act, 2002 (hereinafter referred to as the Money-laundering Act).

Under Section 11A, reporting entities are permitted to use Aadhaar authentication for identity verification of clients, subject to:

  • Compliance with prescribed privacy and security conditions, and
  • Prior approval of the Central Government after due consultation with:
    • Unique Identification Authority of India (UIDAI), and
    • The appropriate regulator, which in this case is the Reserve Bank of India (RBI).

Aadhaar Act Compliance Requirement

Before conferring Aadhaar authentication powers, the Central Government is required to evaluate whether the reporting entities can adhere to the standards laid down under the Aadhaar (Targeted Delivery of Financial and Other Subsides, Benefits and Services) Act, 2016 (hereinafter referred to as the Aadhaar Act).

The present Notification S.O. 2597(E) explicitly records that the Government is satisfied about:

  1. The capacity of the specified reporting entities to maintain:

    • Privacy safeguards; and
    • Security protections mandated under the Aadhaar Act; and

  2. The necessity and expediency of permitting Aadhaar-based authentication for the purposes of Section 11A of the Money-laundering Act.

Entities Authorised for Aadhaar Authentication

The notification contains a Table specifying the reporting entities that have been allowed Aadhaar authentication. These entities are now authorised to use Aadhaar-based e‑KYC processes strictly for compliance with the Money-laundering Act.

List of Reporting Entities

The following seven reporting entities have been notified:

  1. Toyota Financial Services India Limited
  2. Aditya Birla Capital Limited
  3. NABFINS Limited
  4. Indostar Capital Finance Limited
  5. Innofin Solutions Private Limited
  6. LIC Housing Finance Limited
  7. Transaction Analysts (India) Private Limited

These entities will now be able to authenticate Aadhaar details for customers and clients in relation to their anti‑money laundering obligations, subject to the governing legal framework.

Important: The authorisation is not a blanket permission for all business activities. It is restricted to Aadhaar authentication “for the purposes of section 11A of the Money-laundering Act”, i.e., for KYC and client due diligence linked to prevention of money-laundering.

Purpose and Practical Impact of the Notification

Strengthening KYC and Customer Due Diligence

Under the Money-laundering Act and the allied Prevention of Money-laundering (Maintenance of Records) Rules, reporting entities are required to: