Compliance Audit Report
For regulator submission · RBI Master Direction KYC · PMLA · DPDP Act 2023 · CERT-In 20(3)/2022
⏳ Verifying hash chain…
Total onboardings
—
cumulative all-time
Approval rate
—
approved / total
PEP hits
—
FATF / RBI defaulters
Sanctions hits
—
OFAC / UN 1267 / EU 269
By risk band
By decision
Regulatory references
RBI Master Direction KYC 2024Mandates re-KYC at 2/8/10 years · CKYC upload daily · video KYC geo-fence
PMLA Rule 9UBO declaration at ≥25% · STR within 7 days · 10-yr retention
DPDP Act 2023 §6/§8Granular consent · purpose limitation · right-to-erasure
IT Act §139AAPAN-Aadhaar linking mandatory
CERT-In Direction 20(3)/20226-hour incident reporting · log retention 180 days
UIDAI Auth 2.5e-KYC / biometric authentication · sub-AUA model
SEBI KRA Regulations 2011PAN-based KYC reuse · KRA upload mandatory
RBI Storage of Payment System Data 2018India-only PII storage
What this report includes (audit-grade)
- Tamper-evident hash chain across every event (SHA256 prev_hash → curr_hash)
- Per-session: PAN/Aadhaar hashes, face-match similarity, liveness score, PEP+sanctions screen
- DPDP consent record · purpose · granted_at · DPDP §reference
- Officer attribution · branch · timestamp
- Webhook delivery proof · HMAC signature
- Device fingerprint · source IP · UA · platform
- 10-year retention metadata · auto-computed re-KYC due date
- Document SHA256 fingerprints (PAN/Aadhaar/Passport/Selfie)
- Per-session CSV export for regulator (Cersai / CKYC compatible)