{"id":1127,"date":"2026-06-12T07:50:10","date_gmt":"2026-06-12T06:50:10","guid":{"rendered":"https:\/\/www.befisc.com\/fintechsherlock\/?p=1127"},"modified":"2026-06-12T07:50:11","modified_gmt":"2026-06-12T06:50:11","slug":"regtech-glossary-india","status":"publish","type":"post","link":"https:\/\/www.befisc.com\/fintechsherlock\/regtech-glossary-india\/","title":{"rendered":"India RegTech and Fintech Compliance Glossary 2026: 60 Essential Terms Explained"},"content":{"rendered":"\n

RegTech Glossary India<\/strong> is a comprehensive reference guide for fintechs, NBFCs, compliance professionals, developers, and product teams working within India’s regulated financial ecosystem. From KYC and AML to CKYC, DPDP, digital lending regulations, fraud prevention, and business verification, understanding compliance workflows <\/a>in fintech for building compliant financial products. This RegTech Glossary India<\/strong> guide explains 60 essential terms used across the Indian financial services and regulatory technology landscape in 2026.<\/p>\n\n\n\n

Table of Contents<\/strong><\/p>\n\n\n\n

    \n
  1. Identity and KYC Terms<\/li>\n\n\n\n
  2. AML and Financial Crime Terms<\/li>\n\n\n\n
  3. Business Verification and KYB Terms<\/li>\n\n\n\n
  4. Digital Lending and Regulatory Terms<\/li>\n\n\n\n
  5. Fraud Prevention Terms<\/li>\n\n\n\n
  6. Frequently Asked Questions<\/li>\n\n\n\n
  7. Conclusion<\/li>\n<\/ol>\n\n\n\n

    RegTech Glossary India: Identity and KYC Terms<\/h2>\n\n\n\n

    Aadhaar: The 12-digit biometric identity number issued by UIDAI to every Indian resident. Used as the basis for Aadhaar-based eKYC<\/a> \u2014 real-time identity verification through UIDAI’s database using OTP or biometric authentication.<\/p>\n\n\n\n

    AUA (Aadhaar User Agency): An entity licenced by UIDAI to use the Aadhaar authentication API. Required for direct Aadhaar-based eKYC. Many fintechs access Aadhaar authentication through sub-AUA relationships with licenced AUAs.<\/p>\n\n\n\n

    Biometric Verification: Identity verification using physical characteristics \u2014 fingerprints, iris patterns, or facial geometry. In the KYC context, usually refers to face match and liveness detection during digital onboarding.<\/p>\n\n\n\n

    CKYC (Central KYC): The centralised KYC registry maintained by CERSAI. Stores KYC records from all Regulated Entities and assigns a 14-digit KIN (KYC Identification Number) to each verified customer. REs can retrieve existing CKYC records rather than re-collecting KYC documents.<\/p>\n\n\n\n

    CDD (Customer Due Diligence): The process of identifying and verifying a customer’s identity and assessing the risk they pose. Under the RBI KYC Master Directions, CDD operates on a risk-based approach \u2014 Simplified CDD for low-risk, Standard CDD for medium-risk, and Enhanced Due Diligence for high-risk customers.<\/p>\n\n\n\n

    eKYC: Electronic Know Your Customer \u2014 the process of completing identity verification electronically, typically via Aadhaar authentication or video-based methods. Legally equivalent to in-person paper-based KYC when conducted through approved methods.<\/p>\n\n\n\n

    EDD (Enhanced Due Diligence): A more intensive level of KYC applied to high-risk customers \u2014 PEPs, customers from high-risk jurisdictions, complex corporate structures. Requires senior management approval, source of funds verification, and more frequent re-KYC.<\/p>\n\n\n\n

    Face Match: The biometric process of comparing a captured selfie with a reference photograph (usually from an identity document or the UIDAI database) to confirm they depict the same person. Must be combined with liveness detection to prevent spoofing.<\/p>\n\n\n\n

    KIN (KYC Identification Number): A 14-digit number assigned by the CKYC Registry to each verified customer. Used by subsequent Regulated Entities to retrieve an existing CKYC record.<\/p>\n\n\n\n

    KYC (Know Your Customer<\/a>): The process of verifying a customer’s identity and assessing the risk they present. Mandatory for financial institutions under RBI KYC Master Directions and PMLA. Covers both individual customers (using identity documents) and business customers (using KYB).<\/p>\n\n\n\n

    Liveness Detection: The component of biometric verification that confirms the person being photographed is genuinely present \u2014 not a photograph, video, or deepfake. Required by RBI V-CIP <\/a>guidelines. Available as active (challenge-response) or passive (single-image analysis) implementations.<\/p>\n\n\n\n

    Officially Valid Document (OVD): The set of documents accepted by Regulated Entities for identity and address verification under the RBI KYC Master Directions. Includes Aadhaar, PAN, Voter ID, Driving Licence, and Passport.<\/p>\n\n\n\n

    PAN (Permanent Account Number): The 10-character tax identifier issued by the Income Tax Department of India. Mandatory for financial transactions above prescribed thresholds and for all digital lending applications under RBI guidelines.<\/p>\n\n\n\n

    Re-KYC: Periodic re-verification of customer identity and risk profile. Required by the RBI KYC Master Directions at intervals depending on the customer’s risk classification: annually for high-risk, every two years for medium-risk, every eight to ten years for low-risk.<\/p>\n\n\n\n

    V-CIP (Video-based Customer Identification Process): The RBI-approved method for completing identity verification through a live audio-visual interaction. Requires liveness detection, geolocation, document verification, and storage of the recorded session for at least five years.<\/p>\n\n\n\n

    AML and Financial Crime Terms<\/strong><\/h2>\n\n\n\n

    AML (Anti-Money Laundering)<\/a>: The set of laws, regulations, and procedures designed to prevent criminal organisations from disguising illegally obtained funds as legitimate income. In India, the primary AML legislation is the Prevention of Money Laundering Act (PMLA).<\/p>\n\n\n\n

    CTR (Cash Transaction Report): A report filed with FIU-IND for all cash transactions aggregating above \u20b910 lakh in a calendar month. Filing must occur within fifteen days of month-end through the FINnet portal.<\/p>\n\n\n\n

    FATF (Financial Action Task Force): The intergovernmental body that sets global standards for AML\/CFT measures. India is a FATF member and implements FATF recommendations through PMLA and related regulations. The FATF greylists jurisdictions with strategic deficiencies in their AML frameworks.<\/p>\n\n\n\n

    FIU-IND (Financial Intelligence Unit India): The central national agency responsible for receiving, analysing, and disseminating financial intelligence related to proceeds of crime. All Reporting Entities under PMLA must file CTRs and STRs with FIU-IND.<\/p>\n\n\n\n

    FINnet: FIU-IND’s financial intelligence network portal, through which Reporting Entities submit CTRs, STRs, and other mandatory reports.<\/p>\n\n\n\n

    Layering: The second stage of money laundering, involving multiple financial transactions designed to disguise the origin of criminal proceeds \u2014 typically rapid transfers through multiple accounts, often across jurisdictions.<\/p>\n\n\n\n

    MLAT (Mutual Legal Assistance Treaty): A treaty between countries providing the framework for sharing financial intelligence and evidence in cross-border criminal investigations. Relevant for financial institutions handling cross-border transactions involving suspected financial crime.<\/p>\n\n\n\n

    PEP (Politically Exposed Person): An individual who holds or has held a prominent public function \u2014 senior politician, government official, military officer, senior judiciary, PSU executive, or party official \u2014 and their close family members and associates. PEPs require Enhanced Due Diligence under PMLA and the RBI KYC Master Directions.<\/p>\n\n\n\n

    PMLA (Prevention of Money Laundering Act): India’s primary AML legislation, enacted in 2002 and subsequently amended. Establishes the obligations of Reporting Entities \u2014 including identification and verification of customers, transaction monitoring, record-keeping, and reporting to FIU-IND.<\/p>\n\n\n\n

    Reporting Entity (RE): An entity subject to PMLA obligations \u2014 including banks, NBFCs above defined thresholds, SEBI-registered intermediaries, and VDASPs. Must implement KYC, transaction monitoring, and file CTRs and STRs.<\/p>\n\n\n\n

    Sanctions Screening: The process of checking customers and transactions against official sanctions lists \u2014 UN Security Council, OFAC SDN, EU Consolidated List, India’s UAPA list \u2014 to identify prohibited relationships or transactions.<\/p>\n\n\n\n

    STR (Suspicious Transaction Report): A report filed with FIU-IND within seven working days of forming a reasonable suspicion that a transaction involves money laundering or terrorist financing proceeds. Must not be disclosed to the customer.<\/p>\n\n\n\n

    Structuring: The practice of breaking up financial transactions into smaller amounts to avoid reporting thresholds. Also known as smurfing. A red flag for money laundering and itself a PMLA offence when done with the intent to evade reporting requirements.<\/p>\n\n\n\n

    Typology: A documented pattern of financial transactions associated with a specific money laundering or financial crime method. Used to inform transaction monitoring rule design.<\/p>\n\n\n\n

    Business Verification and KYB Terms<\/strong><\/h2>\n\n\n\n

    Beneficial Owner: An individual who ultimately owns or controls a legal entity \u2014 defined in PMLA as any person owning more than 25 percent of the shares or voting rights, or exercising effective control. Beneficial owner identification is required under PMLA for all legal entity customers of Reporting Entities.<\/p>\n\n\n\n

    CIN (Corporate Identification Number): A 21-digit alphanumeric identifier assigned by the MCA to every company incorporated in India. Used for CIN verification through MCA21 to confirm incorporation status, director details, and registered address.<\/p>\n\n\n\n

    DIN (Director Identification Number): An eight-digit identifier issued by the MCA to every individual who is or intends to be a director of an Indian company. DIN status \u2014 active or disqualified \u2014 can be verified through MCA21.<\/p>\n\n\n\n

    GSTIN (Goods and Services Tax Identification Number): The 15-digit identifier assigned to every GST-registered business in India. GSTIN verification through the GSTN database confirms active registration, business type, and return filing status.<\/p>\n\n\n\n

    KYB (Know Your Business)<\/a>: The process of verifying the identity and legitimacy of a business entity \u2014 covering legal registration, beneficial ownership, director status, financial compliance, and adverse signals. Required for all business counterparties under RBI KYC Master Directions and PMLA.<\/p>\n\n\n\n

    MCA21: The Ministry of Corporate Affairs’ online portal and database for company and LLP registration, filings, and director information. The authoritative source for CIN <\/a>and DIN verification.<\/p>\n\n\n\n

    MSME: Micro, Small, and Medium Enterprise \u2014 as classified under the MSMED Act based on investment in plant\/machinery and annual turnover. UDYAM registration provides government-certified MSME classification.<\/p>\n\n\n\n

    UDYAM: The registration system for MSMEs in India administered by the Ministry of MSME. Replaces the earlier Udyog Aadhaar scheme. Registration provides access to government schemes and priority sector lending treatment.<\/p>\n\n\n\n

    UBO (Ultimate Beneficial Owner): See Beneficial Owner. The term UBO is used when the ownership chain passes through one or more legal entities before reaching the natural person who ultimately owns or controls the structure.<\/p>\n\n\n\n

    Digital Lending and Regulatory Terms<\/strong><\/h2>\n\n\n\n

    Account Aggregator (AA)<\/a>: A Reserve Bank of India-licensed NBFC<\/a> that facilitates secure, consent-based sharing of financial information between Financial Information Providers (FIPs, such as banks) and Financial Information Users (FIUs, such as lenders). Enables open banking in India without requiring customers to share credentials.<\/p>\n\n\n\n

    BNPL (Buy Now Pay Later)<\/a>: A short-term credit product that allows consumers to defer payment for purchases, typically repaid in instalments. Subject to RBI digital lending guidelines when provided through regulated entities.<\/p>\n\n\n\n

    DPDPA (Digital Personal Data Protection Act): India’s data protection legislation enacted in 2023, with rules notified in November 2025. Establishes the rights of data subjects and the obligations of Data Fiduciaries and Data Processors regarding the collection, use, retention, and sharing of personal data.<\/p>\n\n\n\n

    LSP (Lending Service Provider): An entity that provides one or more loan-related services (sourcing, credit assessment, recovery) on behalf of a Regulated Entity lender, without itself being a licensed lender. Subject to RBI Digital Lending Guidelines and must be disclosed on the RE’s website.<\/p>\n\n\n\n

    NBFC (Non-Banking Financial Company): A company registered with the RBI to conduct financial activities including lending, investment, and deposit-taking (with restrictions). Subject to RBI supervision and KYC Master Directions.<\/p>\n\n\n\n

    RBI (Reserve Bank of India): India’s central bank and primary financial regulatory authority. Supervises NBFCs, banks, payment systems, and foreign exchange management. Issues the KYC Master Directions and digital lending guidelines.<\/p>\n\n\n\n

    Regulated Entity (RE): Under the RBI KYC Master Directions, a Regulated Entity includes banks, NBFCs, cooperative banks, payment system participants, and other entities supervised by the RBI. REs are required to comply with the KYC Master Directions in full.<\/p>\n\n\n\n

    V-CIP: See Video-based Customer Identification Process above.<\/p>\n\n\n\n

    VDASP (Virtual Digital Asset Service Provider): An entity that conducts VDA exchange, transfer, safekeeping, or related financial services. Subject to PMLA as a Reporting Entity following the March 2023 amendment. Must register with FIU-IND.<\/p>\n\n\n\n

    Fraud Prevention Terms<\/strong><\/h2>\n\n\n\n

    Account Takeover (ATO)<\/a>: A fraud type where a criminal gains control of a legitimate customer’s account without their consent, typically through SIM swap, phishing, credential stuffing, or vishing. Prevention requires device fingerprint monitoring, session behaviour analysis, and SIM swap detection.<\/p>\n\n\n\n

    Application Fraud: Misrepresentation of identity, income, or financial position in a credit or account application. Includes identity fraud (using another person’s credentials), synthetic identity fraud<\/a> (fabricated person), and first-party fraud (genuine applicant misrepresenting their position).<\/p>\n\n\n\n

    Deepfake: AI-generated synthetic media \u2014 manipulated video, cloned voice, or composite facial imagery \u2014 used to impersonate real individuals. Used in financial fraud to bypass video KYC liveness detection and to impersonate executives in authorisation fraud.<\/p>\n\n\n\n

    Device Intelligence<\/a>: The set of signals derived from the device used in a digital interaction \u2014 device type, OS version, browser, geolocation, IP address, and device fingerprint. Used to identify devices associated with prior fraud events and to detect anomalous verification environments.<\/p>\n\n\n\n

    First-Party Fraud: Fraud committed by the genuine account or loan holder using their own identity \u2014 including intentional default and misrepresentation of financial position. Invisible to identity verification; detected through financial document integrity, bureau velocity, and post-disbursement behavioural monitoring.<\/p>\n\n\n\n

    Mule Account: A bank or wallet account used to receive and forward fraudulent funds as part of a money laundering layering operation. May be operated by a knowing participant or through identity theft.<\/p>\n\n\n\n

    Synthetic Identity Fraud: A fraud type that combines real data elements (such as a genuine PAN number) with fabricated details to create a fictitious person who can open accounts or apply for credit. Requires cross-database verification for detection.<\/p>\n\n\n\n

    Tamper Detection: The verification process that identifies whether a document has been modified after original creation. Operates at the metadata level (PDF structure, creation software, edit history) and the pixel level (compression artefacts, font rendering inconsistencies) in addition to content cross-referencing.<\/p>\n\n\n\n

    TransactionMonitoring: The ongoing analysis of customer financial transactions to identify patterns consistent with money laundering, fraud, or other financial crime. Required under PMLA for Reporting Entities. Generates alerts for human review and STR consideration.<\/p>\n\n\n\n

    As India’s financial regulations continue to evolve, maintaining a clear understanding of compliance terminology is increasingly important. This RegTech Glossary India<\/strong> resource helps compliance teams, fintech startups, lenders, and regulated entities interpret key regulatory concepts accurately and apply them effectively in day-to-day operations. Whether you’re implementing KYC workflows, AML monitoring, digital lending controls, or DPDP compliance measures, a reliable RegTech Glossary India<\/strong> reference can reduce compliance risk and improve operational efficiency.<\/p>\n\n\n\n

    Key Takeaways<\/strong><\/h2>\n\n\n\n