Financial traps through Aadhaar and NPCI
In the last week of September, government officials were rudely shaken by questions raised by Moody’s Investors Service regarding the reliability of Aadhaar, specifically concerning biometric technology’s effectiveness in India’s hot and humid climate. The agency also noted that Aadhaar has often led to service denials, further questioning the system’s security and privacy safeguards (https://www.livemint.com/news/india/moodys-critical-analysis-of-aadhaar-india-calls-it-baseless-here-s-how-uidai-it-ministry-have-reacted-11695703250134.html). The big question in the minds of many banking professionals is whether a hole is being dug so deep that it could trap elephants as well!
India’s officialdom was obviously upset. The UIDAI pointed out that it had not been contacted while such questions were being raised. The Ministry of Information and Electronics was emphatic that the report was prepared without substantiating its opinions with either primary or secondary data. It said that “While the vote of confidence of a billion-plus Indians is sufficient testimony to the value offered by Aadhaar, it is pertinent that a number of international agencies, including the IMF and World Bank, have lauded the role of Aadhaar. Several nations have also been engaged with the Authority to understand how they may deploy similar digital ID systems,”
In fact, as pointed out by Dr. Charu Bhurat, Assistant Professor, Economics, at NMIMS University, Mumbai, the runaway success of Aadhaar and the UPI, India has been able to scale up its financial inclusion programmes to millions of unbanked Indians. She said this while delivering a talk at the Global Fintech Festival (GFF) organised by NPCI (National Payments Corporation of India — https://www.npci.org.in/) which works in close coordination with UIDAI (https://uidai.gov.in/) using Aadhaar for authentication and facilitation of transactions.
The Aadhaar bailout
Had it not been for Aadhaar, India’s attempts to usher in financial inclusion would have been disastrous or significantly delayed. Just look at the rise in the numbers of micro-ATMs which are handheld devices, often held by Business Correspondents (BCs) who are usually owners shops and establishments and who double up as facilitators of financial inclusion. Their normal job is to run their own mom-and-pop shops in villages. Since many customers make their purchases from these shops often using the QR code to enable transactions, they trust the shop owner to also help deposit their money they wish to save, or withdraw money when they need it.
In other words, Aadhaar has allowed the government to achieve near universal banking, without spending much. While becoming a banking correspondent of a regular bank can be an onerous exercise, subject to several controls insisted on by the Reserve Bank of india (RBI) fo the entire banking sector, BCs using UPI based mini ATMs are legal, and can be activated without much paperwork.
The government is relying, of course, on the reputation and trust that the local shop keepers enjoy.
But BCs need to be looked after better. Says Bhurat, “A policy initiative of Interoperable Business Correspondents will enhance the services provided by BCs in rural areas. For eg: Currently the private BCs cannot open new bank accounts. Even the Bank Correspondents can only open bank account for their specific bank. The BCs should be able to provide services from multiple banks, insurance companies and NBFCs.”
- This is also because today India has just one bank per 100,000 people. Without such a facility, customers are expected to walk long distances to reach the brick and mortar bank that they have an account with.
- Second, most BCs use their own surplus cash to advance money to account holders. It is a type of customer service that is offered at the informal level. Neither does the UIDAI, mor NPCI, offer them the ebenfit of working capital on the basis of past cashflows to finance cash outflows. This is not a healthy way to run the UPI based financial inclusion industry. Once again, you get the picture of the government being only willing to play around with other people’s money.
- India still has an unbanked population of 190 million people (mostly in the rural areas.
- Only 88% of the rural population has access to internet enabled smartphones. While this is definitely better than the poor internet and smart classroom facilities available to primary and secondary schools (free subscription – https://bhaskarr.substack.com/p/the-state-of-education-in-india), it is still inadequate.
- India has only 14.58 bank branches per 100,000 people compared to a global average of 29.97.
Clearly, despite its proclamations about universal banking, India does not appear to be overly concerned about the plight of its rural folk.
The queries raised nby Moody’s suddenly begin to appear just the tip of the iceberg. These columns have been raising flags pointing out why Aadhaar is inherently untrustworthy, and why NPCIneeds an external regulator.
The first realisation about how flawed Aadhaar was took place in February 2018 (https://asiaconverge.com/2018/02/does-aadhaar-identify-or-merely-authenticate/). These columns then pointed out how Aadhaar merely authenticated, and did not identify the user. That was the first flaw.
Such flaws got compounded when Aadhaar was amade to work with NPCI. Together, they could open the doors to major frauds and impersonations. That too was written about in ine same month in 2018 (https://asiaconverge.com/2018/02/how-aadhaar-and-npci-together-open-the-door-to-major-frauds-and-impersonations/). The column pointed out basic, and major, flaws in the way NPCI operated.
First, it “overwrote” – not appended – the old account numbers of beneficiaries of government largesse with new ones.
Second, it said it does not maintain logs of transactions. In a world of databases, where versioning is a built in feature, and maintaining logs is automatic, these two features which NPCI has put into its architecture made the entire Aadhaar+NPCI combination extremely suspect.
The following month, in March 2018, these columns protested against the government’s attempts to make Aadhaar – not the passport – as the principal proof of identify (https://asiaconverge.com/2018/03/passport-not-aadhar-primary-identification-introduce-workpermits/). Fortunately better sense prevailed, abetted by court strictures.
In December 2019, came the bombshell. The government was forced to admit before Parliament that at least seven states had issued more Aadhaar cards than the populations in these states (https://asiaconverge.com/2020/02/aadhaar-cards-populations-many-ways-rig-numbers-financial-transactions/).
Meanwhile, disdainful of all such exposures, the government tried to inflate the number of bank accounts and PAN cards in India. It first ordered banks to open accounts using Aadhaar as the only identification. It then asked banks to ensure that all Aadhaar owners got PAN cards and to include PAN numbers to the account numbers as well.
Expect more frauds
The cycle of potential fraud was now complete. Any Aadhaar card – even a bogus one, since there were more Aadhaar cards than the population in many states – would now be entitled to have a (bogus) bank account, and a (bogus) PAN card as well (https://asiaconverge.com/2020/11/aadhaar-pan-combined-through-article-139aa-threaten-banking-financial-integrity/).
Could that be the reason why, today, each bank wants to do its own KYC (know your customer) scrutiny? Is it because they know that the e-KYC backed by Aadhaar alone, is just not good enough?
And then came another bombshell. The number of states that had more Aadhaar cards than their respective populations had swollen to nine (Free subscription — https://bhaskarr.substack.com/p/indias-election-peril-aadhaar-and?sd=pf).
Suddenly, the surge in the number of bank accounts could also be on account of bogus accounts which in turn could also be an invitation to major frauds. That even prompted social activist EAS Sarma (a former secretary to the government of India) to write to the Home ministry, Election Commissioner, and the CAG (Comptroller & Auditor General of India) demanding that the entire issue of Aadhaar cards be scrutinised before elections are held (free subscription — https://bhaskarr.substack.com/p/eas-sarma-asks-home-ministry-not?sd=pf).
In August 2023, at least two clear instances of fraud came to light. The CAG pointed to how Around Rs 79 crore had been transferred to ineligible beneficiaries under the Ministry of Rural Development’s National Social Assistance Programme (NSAP) between 2017 and 2021 (https://www.downtoearth.org.in/news/governance/rs-79-crore-transferred-to-ineligible-beneficiaries-under-nsap-finds-cag-91122).
In the same month, the CAG pointed to another scam (https://indianexpress.com/article/india/under-pmjay-rs-6-9-crore-paid-for-treatment-of-dead-patients-cag-8894327/) . When auditing the government’s much touted Ayushman Bharat — Pradhan Mantri Jan Arogya Yojana (PMJAY) health insurance scheme, it discovered that Rs 6.97 crore had been paid for the treatment of 3,446 patients who had previously been declared dead in the database.
And as Lok Sabha disclosures showed, many of India’s dead have not yet been declared as having passed away in the records managed by either the UIDAI (which runs Aadhaar) or the administrators of Registration of Births and Deaths Act, 1969.
There are thus good reasons to believe that a more comprehensive audit will cause many other skeletons to come tumbling out of the cupboard. A good example is the manner in which slum households have a size of just 0.5 persons, compared to the national average of 5.3 persons, according to Data provided by Census 2011 (https://asiaconverge.com/2021/08/slums-2-benefitting-politicians-and-graft-seekers/). Since all doles (subsidised electricity, LPG cylinders, rations) are provided to households, not individuals, it does appear that slums were given ten times more government funds that was warranted.
And yet, as the UPI gets adopted by other countries, will it be just a matter of time before a huge scam erupts? That is when the huge scams afflicting conventional Indian banks will get soon get displaced by a financial inclusion architecture enabled scam. It will be one where entitlements and direct benefit transfers (DBT) will all get rolled into one gigantic exercise to divert funds.
This is where Moody’s queries begin to make sense.
- Notwithstanding all that the government may say, it has failed in addressing the flaws in the NPCI architecture.
- It has not yet resolved the issue of inflated Aadhaar numbers.
- And it has not yet created a regulator for ecommerce transactions. For the past eight years, the government repeatedly stated that it would appoint a regulator soon.
- Having NPCI as a regulator is not correct. It is a player as well, with its UPI, its Rupay cards and its own DBT.
The entire Aadhaar based financial inclusion programme has gone berserk. It is one where the chowkidar (watchman) is just not concerned about plugging the loopholes to have a strong financial architecture in place.