A KYC Registration Agency, or KRA, is a SEBI-regulated body that holds investor KYC records centrally so brokers, mutual fund houses, and Registered Investment Advisors can pull verified data without asking investors to submit documents again. The Securities and Exchange Board of India administers the system through the SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011, and five KRAs operate today: CVL KRA, NDML KRA, DOTEX KRA, CAMS KRA, and KARVY KRA. If you have ever opened a demat account or invested in a mutual fund, your KYC sits with one of them.
The framework matters more in 2026 than it did a decade ago. Investors are running into status messages (“KYC Validated”, “KYC Registered”, “KYC On Hold”, “KYC Rejected”) that decide whether SIPs run, redemptions clear, and new accounts open. Intermediaries are absorbing the operational fallout. This explainer of what KYC actually means covers the basics; what follows is the SEBI-specific layer: who the KRAs are, what the status matrix means, the OVDs that count, the PAN-Aadhaar rule that broke a lot of mutual fund accounts in 2024, and what the Feb 2025 amendment changed.
SEBI KYC Guidelines in 2026: what investors and intermediaries need to know
SEBI KYC is the identity and address verification process every investor must complete before participating in India’s securities market. According to SEBI’s investor portal, KYC is mandatory across mutual funds, stockbrokers, and other registered intermediaries because it underpins fraud prevention, customer safety, and compliance with Anti-Money Laundering and Combating the Financing of Terrorism rules under the Prevention of Money Laundering Act, 2002.
What SEBI KYC means in plain language
SEBI KYC is distinct from the bank KYC most people think of. Banks run their own KYC under the Reserve Bank of India’s Master Direction. SEBI KYC, by contrast, runs through KRAs, which act as a shared registry for the securities market. You complete it once with one intermediary, and the record is meant to travel with you across other SEBI-regulated entities. That portability is a defining feature of the system, when it works.
Who SEBI KYC applies to
The rules apply to three groups. Retail investors opening demat or mutual fund accounts must complete KYC before they can transact. SEBI-registered intermediaries (brokers, mutual fund houses, RIAs, depository participants) must capture, validate, and refresh KYC for every client. Foreign Portfolio Investors fall under a parallel KYC regime with additional disclosures, but the KRA centralisation principle still applies.
The 5 KRAs in India: KYC Registration Agencies explained
SEBI has authorised five KRAs to operate under the 2011 regulations. Most investors are routed to one of them by their broker or mutual fund house at first registration; the choice is operationally invisible because the records are interoperable.
What a KRA does
A KRA stores KYC data centrally (identity attributes, address, PAN, Aadhaar linkage status, contact details) and exposes that data to other SEBI-regulated intermediaries with the investor’s consent. It also assigns a unique KYC identifier on first registration so records can be reused across the market. KRAs operate under the SEBI {KYC (Know Your Client) Registration Agency} Regulations, 2011, and an evolving set of master circulars that govern validation rules and portability.
The 5 SEBI-registered KRAs
The five KRAs currently authorised by SEBI are:
- CVL KRA: operated by CDSL Ventures Limited
- NDML KRA: operated by NSDL Database Management Limited
- DOTEX KRA: operated by NSE Data and Analytics
- CAMS KRA: operated by CAMS Investor Services
- KARVY KRA: operated by Karvy Data Management Services
Investors typically discover which KRA holds their record only when they need to check status, update an attribute, or move an account.
How investors interact with KRAs
The first interaction is invisible. Submit KYC with a broker, and the broker routes it to a KRA, which assigns a unique KYC number. Subsequent interactions are usually triggered by a status problem: a flagged attribute, a stale address, or a PAN that has not been linked to Aadhaar. KRAs publish online status check pages where investors can look up their records using their PAN.
The KYC status matrix: what “Validated”, “Registered”, “On Hold”, “Rejected” mean
This is the part most investors meet without context. The status assigned by a KRA decides whether a transaction can proceed and whether the record is portable across intermediaries. The current four-status framework was rolled out under SEBI’s revised KYC validation rules. Per FundsIndia’s guidance on the SEBI directive, the validation update became effective from June 1, 2024, with KRAs cross-checking five attributes (PAN, name, address, email, and mobile) against official databases.
KYC Validated
A “KYC Validated” status means all five attributes have been independently verified by the KRA against authoritative sources: PAN against the Income Tax database, name and address against Aadhaar XML, DigiLocker, or M-Aadhaar, and email and mobile through their respective verification flows. A validated record is fully portable. The investor can transact with any SEBI-regulated intermediary without resubmitting documents.
KYC Registered
“KYC Registered” means the basic KYC is complete, but one or more validation attributes did not clear cross-verification (usually email or mobile not linked, or an attribute mismatch with the cross-checked database). Transactions with the existing intermediary continue, but other intermediaries may ask the investor to complete additional verification before allowing new account opening.
KYC On Hold
“KYC On Hold” is the status investors notice. It means a critical attribute (typically PAN-Aadhaar linkage or a contact detail) has failed validation. New investments and SIPs through that KRA’s records cannot be processed until the investor remediates. The investor must update the flagged attribute through the KRA’s online portal or via their intermediary, after which the status moves back to Registered or Validated.
KYC Rejected
“KYC Rejected” is the most serious status. The KYC submission has failed at the document or identity level: PAN does not exist, document is illegible, or there is a mismatch the KRA could not resolve. The investor must restart the KYC process with their intermediary, typically with corrected documents and fresh identity verification.
Required documents: OVDs accepted by SEBI
SEBI follows the broad Officially Valid Document framework defined under the PMLA Rules. The OVD set is consistent with the list of officially valid documents used elsewhere in Indian financial services, with PAN as a non-negotiable additional layer for any securities-market participation.
Mandatory documents
PAN is mandatory for SEBI KYC. Aadhaar is required for any eKYC route, and PAN-Aadhaar linkage is enforced as a condition for KYC Validated status. Both attributes are checked at the KRA level. A delinked PAN-Aadhaar pair will move a previously Validated record to On Hold until the linkage is restored.
Other accepted OVDs
Beyond PAN and Aadhaar, the standard OVD set applies: Voter ID, Passport, Driving Licence, and the NREGA job card. These can serve as proof of identity, proof of address, or both, depending on the document. Investors using non-Aadhaar OVDs typically need to provide a separate address proof if the OVD does not reflect their current address.
Address-proof variations
Where the OVD address is outdated, SEBI permits deemed OVDs as supplementary address proof: recent utility bills (electricity, gas, telephone, post-paid mobile) and bank statements. The recency requirement matters; most KRAs and intermediaries expect the document to be no older than two months. The Aadhaar eKYC route sidesteps the document recency problem entirely because the address is pulled directly from UIDAI.
PAN-Aadhaar linkage: the rule that broke a lot of mutual fund accounts
The 2024 PAN-Aadhaar enforcement reshaped what investors understood as a stable KYC. A delinked PAN (one that the Income Tax Department had not received an Aadhaar mapping for) became the single most common reason for KYC On Hold status across the KRA system.
Why SEBI made PAN-Aadhaar mandatory
The linkage requirement is part of a broader integration between income-tax compliance and securities-market AML obligations. By forcing the linkage at the KRA level, SEBI ensured that any investor with an inactive PAN, including non-residents who had not completed the linkage, would be visible to intermediaries before transactions cleared.
The June 2024 re-validation impact
Investors with previously complete KYC found their mutual fund accounts marked “On Hold” overnight. SIPs paused. Redemptions paused. Customer-experience teams across asset management companies absorbed weeks of inbound queries before the validation surge tapered. The fix was usually procedural (re-link PAN with Aadhaar at the Income Tax portal, then trigger a status refresh with the KRA), but the disruption made the validation regime visible to a generation of investors who had not thought about KYC since onboarding.
How intermediaries should handle un-linked PANs
Intermediaries that built early notification flows fared better than those that waited for transaction failures. Pre-emptive customer outreach when KRAs flagged an attribute, an in-app remediation path with KRA validation links, and a soft restriction on new SIPs pending status repair: these reduced churn relative to firms that relied on the failure path. The RBI Master Direction amendments drove a similar pattern in banking, and the operational lesson translates directly.
IPV and VIPV: in-person verification rules
SEBI requires intermediaries to perform In-Person Verification on every KYC submission, even when the underlying documents are submitted online. The rule prevents pure-document fraud, where forged identity papers might otherwise clear automated checks.
IPV: In-Person Verification
Traditional IPV is a face-to-face meeting between an authorised intermediary employee and the investor, where the employee verifies that the person matches the documents and signs an IPV declaration. For brokers and AMCs with branch networks, this works. For digital-first intermediaries, it does not scale.
VIPV: Video-based In-Person Verification
Video IPV is the digital equivalent: a live video session between the intermediary and the investor, recorded and stored as evidence. The investor displays original documents, completes a live check, and the session is signed off by the intermediary employee. For digital-only AMCs and online brokers, video KYC is the default IPV mechanism. The recording, the timestamps, and the document evidence form the audit trail SEBI inspectors look for.
KYC portability across SEBI intermediaries
Portability is the operational payoff of the KRA system. It is also where most investor confusion shows up.
How portability works
When KYC is Validated, the investor’s record is available to any SEBI-registered intermediary on a consent basis. Open a demat account with a new broker, and the broker pulls the existing KYC from the KRA. No fresh documents, no fresh IPV, no fresh wait time. Asset management companies, RIAs, and depository participants share the same plumbing.
When portability breaks
Portability stops at three points. First, when the status is not Validated: Registered records are accepted by some intermediaries and rejected by others, and On Hold and Rejected stop portability entirely. Second, when PAN-Aadhaar is not linked: the receiving intermediary will see the linkage failure and request remediation. Third, when the contact details are stale: outdated mobile or email blocks the consent flow because the KRA cannot send the verification OTP.
SEBI KYC vs RBI KYC vs CKYC: what’s the difference
The three regimes sit alongside each other. Most investors interact with all three without realising it.
SEBI KYC (securities market)
SEBI KYC is administered by KRAs under the 2011 regulations and applies to investors and intermediaries in the securities market. Centralisation is the design principle: one record, multiple intermediaries.
RBI KYC (banking)
RBI KYC is administered by individual banks under the RBI Master Direction on KYC. Each bank holds its own customer KYC, with a separate risk-tier-based refresh cadence (typically every 2 years for high-risk customers, 8 for medium, and 10 for low). Detail on the bank KYC process is here, and customer due diligence is the underlying compliance discipline that ties both regimes to AML obligations.
CKYC / CKYCR (cross-regulator)
The Central KYC Records Registry, or CKYCR, is operated by CERSAI and serves as a cross-regulator KYC repository covering banks, NBFCs, insurance companies, and securities-market intermediaries. CKYC is referenced informationally here. It complements SEBI KRA records by holding a parallel cross-sector record but does not replace KRA registration for securities-market participation. Investors get a CKYC ID once they complete KYC anywhere in the regulated financial system.
Comparison at a glance
| Regime | Regulator | Who it covers | Central registry | Portability scope |
|---|---|---|---|---|
| SEBI KYC | SEBI | Securities-market investors and intermediaries | KRAs (5) | Across SEBI intermediaries |
| RBI KYC | RBI | Bank account holders | Bank-internal | Within the same bank |
| CKYCR | CERSAI / DEA | All regulated financial entities | CKYCR | Cross-sector reference |
SEBI KYC rule timeline: 2011 to 2025
Each major milestone in the SEBI KYC framework reshaped how intermediaries capture and validate investor data. The arc runs from inception in 2011 to the most recent amendment in early 2025.
Major regulatory milestones
- 2011: SEBI {KYC (Know Your Client) Registration Agency} Regulations introduced, creating the KRA system.
- 2023: Portability rules harmonised across KRAs to reduce friction for investors moving between intermediaries.
- Feb 2024: Validation framework published, defining the four-status regime.
- Jun 2024: Validation rules became effective; KRAs began cross-checking PAN, name, address, email, and mobile against official databases, moving non-compliant records to On Hold.
- Feb 2025: Amendment to KRA Regulations updating intermediary obligations and clarifying validation attributes.
What the Feb 2025 amendment changed
The amendment tightened how intermediaries must respond when a KRA flags an attribute, formalised the remediation path for investors with On Hold records, and clarified the validation attribute set. Intermediaries were given updated obligations to surface status changes to investors proactively rather than waiting for a transaction to fail.
Intermediary obligations: what you must do
The B2B side of the SEBI KYC framework places concrete operational duties on every registered intermediary. These obligations sit in three layers: capturing KYC, updating it, and running the technology that supports both. Here’s what brokers, RIAs, and mutual fund houses need to do:
KYC capture obligations
Intermediaries must either capture KYC directly through their own onboarding flow or pull an existing record from a KRA. Direct capture means running document verification, PAN validation, address verification, IPV or VIPV, and pushing the record to a KRA on completion. KRA pull means consent-driven retrieval, where the intermediary still bears responsibility for the data quality.
KYC update obligations
Intermediaries must refresh KYC on a periodic cadence consistent with the customer’s risk tier, and must update records when triggered events occur: change of address, change of contact details, PAN-Aadhaar status change, or a sanctions or PEP hit during ongoing screening. Enhanced due diligence applies to high-risk customers and to any customer profile where the trigger event raises the underlying risk category.
Technology stack for SEBI-compliant KYC
A working SEBI KYC stack covers four layers. KRA API integration to push and pull records. An IPV or VIPV platform with regulator-grade recording and storage. Aadhaar masking and PAN verification at capture, so document data is treated correctly under DPDP. And a sanctions, PEP, and adverse media screening overlay that runs continuously rather than only at onboarding (the AML compliance angle sits next to KYC, not after it). Firms running all four well also tend to perform better on KYC best practices audits and reduce the operational tail from validation events.
See how to run SEBI-compliant KYC on HyperVerge
If you are building or refreshing a KYC stack for a SEBI-regulated intermediary (broker, AMC, RIA, depository participant) and want to see how the validation, portability, and IPV layers come together in practice, book a walkthrough with our team. For investors checking status, head to your KRA’s portal directly. The end-to-end KYC process explainer covers what to expect.
FAQs
What are the SEBI KYC guidelines for investors?
SEBI KYC guidelines require every investor in the Indian securities market to complete identity and address verification through a SEBI-registered KYC Registration Agency before opening a demat account, investing in mutual funds, or transacting through a stockbroker. Verification covers PAN, Aadhaar linkage, OVDs, and contact details, and the resulting record is centralised at a KRA so it can be reused across intermediaries.
What is a KRA in KYC?
A KRA, or KYC Registration Agency, is a SEBI-regulated body that stores investor KYC records centrally and shares them with other SEBI-registered intermediaries on consent. India has five KRAs: CVL KRA, NDML KRA, DOTEX KRA, CAMS KRA, and KARVY KRA. The KRA assigns a unique KYC number, validates attributes against official databases, and maintains the four-status framework used across the market.
What is the difference between SEBI KYC and bank KYC?
SEBI KYC is run through centralised KRAs and covers securities-market participation. Bank KYC is run by each bank separately under RBI’s Master Direction and covers account opening and transaction monitoring. The two regimes share documents and underlying AML principles but maintain independent records, separate refresh cadences, and different portability scopes.
What does KYC-Validated status mean for mutual funds?
A KYC Validated status means all five validation attributes (PAN, name, address, email, mobile) have been independently cross-verified by the KRA. The investor can transact freely across mutual funds and other SEBI-regulated intermediaries without resubmitting documents.
What are the OVDs accepted by SEBI?
SEBI accepts the standard PMLA OVDs: Aadhaar, Passport, Voter ID, Driving Licence, and NREGA job card. PAN is mandatory in addition to the OVD set. Deemed OVDs (recent utility bills, bank statements) can supplement address proof when the primary OVD does not reflect current address.
Is PAN mandatory for SEBI KYC?
Yes. PAN is non-negotiable for any securities-market participation, and PAN-Aadhaar linkage has been enforced as a condition for KYC Validated status. A delinked PAN-Aadhaar pair will move an investor’s record to KYC On Hold.
What changed in SEBI KYC rules in April 2024?
SEBI introduced the four-status validation framework, which became operationally effective from June 1, 2024. KRAs began validating five attributes (PAN, name, address, email, mobile) against official databases. Records that failed validation moved to KYC Registered, On Hold, or Rejected, and many mutual fund accounts were paused until investors remediated the flagged attributes.
Do I need to redo KYC for every broker?
No. If your KYC status is Validated, the record is portable across SEBI-registered intermediaries on consent. You do not need to resubmit documents or repeat IPV. If your status is Registered, On Hold, or Rejected, the receiving intermediary may require additional verification before opening the new account.
What is KRA full form?
KRA stands for KYC Registration Agency. It is the SEBI-regulated body that stores and shares investor KYC records centrally across the securities market.
How do I check my SEBI KYC status?
Visit the online portal of any of the five KRAs (CVL, NDML, DOTEX, CAMS, or KARVY) and look up your status using your PAN. The portal will show your current status (Validated, Registered, On Hold, or Rejected) and, if applicable, the attribute flagged for remediation.
What is VIPV in SEBI KYC?
VIPV, or Video-based In-Person Verification, is the digital equivalent of traditional IPV. The investor and an authorised intermediary employee meet on a recorded video session, the investor displays original documents, the employee signs off, and the session is stored as audit evidence. Digital-first AMCs and brokers use VIPV as their default IPV mechanism.
