Skip to main content
How It WorksPlatformCKYC 101IndustriesAPI ReferenceBlogAbout
WhatsApp UsTalk to Experts
BFSI Operations14 min read5 May 2026

The Complete CKYC Lifecycle for NBFCs: From Customer Onboarding to CKYC Number Storage

All posts
Loading image...
The Complete CKYC Lifecycle for NBFCs — From Onboarding to CKYC Number Storage. Deep teal banner showing 5 lifecycle stages.
CKYC Operations Process Guide NBFCs | By HSS Technology Team | | 14 min read

The Complete CKYC Lifecycle for NBFCs: From Customer Onboarding to CKYC Number Storage

Most NBFC operations teams know they need to do CKYC. Far fewer can map precisely what happens at each decision point — when to Search, when to Download, when to Generate, what to do with a partial match, and how the CKYC number finally gets stored. This guide covers all of it, stage by stage.

In this article
  1. Why the Full Lifecycle View Matters
  2. Stage 1: CKYC Search API
  3. Stage 2A: Download API — When a Record Exists
  4. Stage 2B: Generation API — When No Record Exists
  5. Stage 3: Data Matching — The Decision Nobody Talks About
  6. Stage 4: CKYC Number Stored
  7. Full Process Flow Diagram
  8. Who Owns Each Stage in Your Organisation?
  9. Frequently Asked Questions

Why the Full Lifecycle View Matters

CKYC compliance is often spoken about as a single event — "upload the customer's KYC to CERSAI." In practice, it is a multi-stage process with branching decision points, each of which has its own API call, its own failure modes, its own regulatory obligation, and its own operational owner.

The consequences of not understanding the full lifecycle are visible in rejection rates, onboarding delays, and audit findings. An NBFC that only understands the Generation API will miss the Search step — registering customers who already have a CKYC record, creating duplicates in CERSAI and triggering validation failures. An NBFC that handles Search and Download but has no process for partial match resolution will find CKYC numbers sitting unlinked in a queue while compliance deadlines pass.

This guide maps the complete lifecycle — from the moment a new customer applies, through every branch condition, to the moment the CKYC number is stored against their record. It draws directly from CERSAI's process requirements and HSS's operational experience processing CKYC for BFSI institutions across India.

📌
Scope of this guide This guide covers the Individual (retail) CKYC lifecycle for NBFCs — the most common use case. The process for Non-Individual entities (companies, trusts, partnerships) follows a different flow and will be covered in a separate post.
43%
Faster onboarding with real-time CKYC Search & Download vs manual verification
3 Days
RBI deadline: CKYC upload to CERSAI after account opening
5
Distinct stages in the complete CKYC lifecycle
14-digit
CKYC Identifier (KIN) assigned by CERSAI on successful registration

Stage 1: CKYC Search API

1
CKYC Search API
Triggered automatically at onboarding

The first step in every CKYC onboarding flow is a search — checking whether the customer already has a KYC record registered with CERSAI. This step is mandatory and must happen before any attempt to generate a new record. Skipping it and going straight to Generation is the most common CKYC processing error NBFCs make, resulting in duplicate record rejections from CERSAI.

The Search API accepts the customer's PAN number, Aadhaar number, or other identity details. CERSAI searches its registry and returns one of two outcomes: a record found (with the customer's KIN), or no record found.

Input
PAN number or Aadhaar or other identity details from onboarding form
Output
CKYC record found (with KIN) — or — no record found
◆ Decision point after Stage 1
Record found
→ Proceed to Stage 2A: Download API to retrieve the full CKYC record
No record found
→ Proceed to Stage 2B: Generation API to create a new CKYC record

Stage 2A: Download API — When a Record Exists

2A
CKYC Download API
Two sub-steps: Initiate → Validate OTP

When the Search API confirms a CKYC record exists, the Download process is triggered. This is a two-step flow introduced under CKYCRR 2.0's OTP consent framework — an important change from the earlier single-step download.

Step 1 — Download Initiate: The institution calls the Download Initiate API with the customer's KIN. CERSAI sends an OTP to the customer's registered mobile number and returns a session reference token to the institution.

Step 2 — Validate OTP: The customer receives the OTP and provides it to the institution (via the onboarding interface). The institution calls the OTP Validation API with the token and OTP. On success, CERSAI returns the full CKYC record — identity details, address, documents, and photograph.

Input
Customer KIN from Search result + OTP validated by customer
Output
Full structured CKYC record from CERSAI
⚠️
OTP consent is now a regulatory requirement, not a UX choice Under CKYCRR 2.0, the OTP-based consent step is mandatory for every CKYC data download event. Every consent event must be logged with a timestamp, customer identifier, institution code, and purpose. If the customer's mobile number on CERSAI is outdated, the OTP cannot be delivered — this must be resolved through a separate update flow before download can proceed.
◆ Decision point after Stage 2A
Download success
→ Proceed to Stage 3: Data Matching
Download failed
→ Escalate for retry. Log failure. Check if customer mobile is updated on CERSAI. Do not proceed to onboarding without resolution.

Stage 2B: Generation API — When No Record Exists

2B
CKYC Generation API
Alternate path — triggered when Search returns no record

When no CKYC record exists for the customer, the institution submits the full KYC data package to CERSAI via the Generation API. This is the most data-intensive step in the lifecycle — requiring structured identity fields, address details, KYC verifier information, and base64-encoded documents.

The Generation API is an asynchronous process. Unlike the Search or Download APIs which return results in real time, the Generation API accepts the submission and returns a transaction ID. The actual CKYC number (KIN) is allocated by CERSAI after their internal validation — which can take from a few hours to several working days.

The institution must poll the Status API using the transaction ID to check when the KIN has been assigned. Once assigned, it proceeds to Stage 4 — CKYC Number storage.

Input
Full KYC data: identity, address, documents (Base64), verifier details, photograph
Output
Transaction ID (immediate) → KIN allocated after CERSAI validation
📋
What the Generation API requires — key fields The submission must include: customer type, loan/account number, prefix, name, date of birth, gender, PAN or Form 60, marital status, current/permanent address with state code and pincode, KYC verifier name, employee code, designation and branch, residential status, and base64-encoded documents. Photo (Type 02) and Proof of Address (Aadhaar Type 04, Passport Type 05, Voter ID Type 07, etc.) are mandatory. Total document size must not exceed 1MB per record.
🚨
Top 3 Generation API rejection reasons and how to prevent them (1) Document validation failures — blurry photo, mismatched POA, Aadhaar front page missing. Fix: implement pre-submission image quality checks. (2) Data validation failures — father name missing, pincode invalid, special characters in name fields. Fix: validate all fields against CERSAI rules before API call. (3) Rejected by CERSAI — mother name prefix missing, junk values in structured fields. Fix: run a pre-submission data sanity check covering all mandatory field formats.

Struggling with high Generation API rejection rates?

HSS's pre-submission validation engine checks every field and document against CERSAI rules before the API call — achieving sub-2% rejection rates consistently across our NBFC clients.

Talk to Our Team

Stage 3: Data Matching — The Decision Nobody Talks About

3
Data Matching
Downloaded CKYC record vs. current onboarding data

Stage 3 only applies to the Download path (Stage 2A). Once the full CKYC record is returned from CERSAI, the institution must compare it against the data the customer provided during current onboarding. This comparison determines whether the CKYC number can be stored immediately or whether an update workflow must be triggered first.

This is the stage most NBFCs handle inconsistently — and it is the stage that causes the most compliance audit findings. The matching logic must be formalised, documented, and consistently applied across every onboarding case.

Input
CKYC record from CERSAI + current onboarding data from customer
Output
Match classification: Full Match / Partial Match

Full Match — What It Means and What to Do

A full match occurs when all key identity fields in the downloaded CKYC record align with the data the customer provided during onboarding — name, date of birth, address, PAN, and photograph. When a full match is confirmed, the institution can immediately store the CKYC number against the customer's record and complete the onboarding workflow. No manual intervention is required.

Partial Match — The Workflow Most Teams Get Wrong

A partial match occurs when one or more fields differ between the CKYC record and the current onboarding data. Common partial match scenarios include: address change since the last KYC registration, name spelling variation, or contact details update. A partial match does not mean the CKYC process fails — it means a specific update workflow must be triggered before the CKYC number is stored.

⚠️
Critical compliance point on partial matches Under CERSAI guidelines, institutions cannot directly overwrite a CKYC record without using the authorised CKYC Update API flow. A partial match record must be routed through a formal update or review process. Storing the CKYC number without resolving the mismatch — or manually editing CERSAI records — is a compliance violation. This is one of the most common adverse findings in CKYC audits.
◆ Decision matrix — Stage 3 Data Matching outcomes
Full match
→ Proceed directly to Stage 4: Store CKYC Number
Partial match
→ Trigger CKYC Update API or route to authorised manual review workflow → on resolution, proceed to Stage 4

Stage 4: CKYC Number Stored

4
CKYC Number Stored Against Customer Record
Final stage — lifecycle complete

On successful completion — whether through a Full Match directly from the Download path, successful resolution of a Partial Match, or KIN allocation via the Generation path — the 14-digit CKYC Number (KIN) is stored against the customer's record in the institution's system.

This is not just a database update. It must trigger downstream notifications to CRM, LMS, and any other connected system that needs to reference the customer's CKYC status. An audit log entry must be created with the timestamp, match type, and source of the KIN.

Input
Verified 14-digit KIN from CERSAI
Output
KIN linked to customer profile + audit log + downstream system notification

Full Process Flow Diagram

The diagram below maps every stage and decision point in the complete CKYC onboarding lifecycle — from the initial customer application through to final CKYC number storage.

CKYC Onboarding Lifecycle Diagram for NBFCs showing 5 stages: Search API, Download API or Generation API branch, Data Matching, and CKYC Number Storage.
💡
Key to the diagram Blue path = Search finds existing record → Download flow. Orange path = No record found → Generation flow. Purple stage = Data matching (Download path only). Green endpoint = CKYC number successfully stored. All paths converge at Stage 4.

Who Owns Each Stage in Your Organisation?

One of the most common operational gaps in NBFC CKYC programmes is unclear ownership — multiple teams touch the lifecycle but nobody owns it end to end. Here is the ownership model that works.

StagePrimary OwnerSupporting OwnerWhat They Must Do
Stage 1 — SearchTechnology / CBS teamOperationsEnsure API call is triggered automatically at onboarding; log all search results
Stage 2A — DownloadTechnology / CBS teamOnboarding agent / branchHandle OTP flow; log consent event with timestamp; retrieve and store full record
Stage 2B — GenerationOperations / CKYC teamTechnologyValidate data and documents pre-submission; submit via API; track transaction ID; poll status API
Stage 3 — Data MatchingOperations / ComplianceTechnologyRun comparison logic; classify match type; trigger update workflow for partial matches; document decisions
Stage 4 — Store KINTechnology / CBS teamOperationsUpdate customer record; create audit log entry; notify downstream systems; confirm completion
💡
The case for a single CKYC operations owner The ownership split above works when all handoffs are automated. In practice, most NBFCs have manual handoffs between stages — which means delays, missed status checks, and unresolved partial matches sitting in queues. The institutions with the lowest rejection rates and fastest onboarding TAT have a single CKYC operations owner who monitors the entire lifecycle end to end, with automated alerts at every stage transition. This is precisely the function that a managed CKYC service provides — one accountable team, one integrated workflow, zero manual handoffs.

Want to see this lifecycle fully automated for your NBFC?

HSS manages the complete CKYC lifecycle — Search, Download, Generation, Matching, and Storage — as a fully managed service. Your operations team monitors outcomes, not processes.

Frequently Asked Questions

What are the stages of the CKYC lifecycle for NBFCs? ▼
The CKYC lifecycle has four key stages: (1) CKYC Search — check if a record exists in CERSAI. (2A) If found, Download API — initiate download and validate OTP consent to retrieve the full record. (2B) If not found, Generation API — submit full KYC data to CERSAI to create a new record. (3) Data Matching — compare downloaded CKYC data against current onboarding data. (4) Store CKYC Number — save the 14-digit KIN against the customer record.
What happens when the CKYC Search API finds no record? ▼
When the CKYC Search API returns no result, the institution must submit the customer's full KYC data through the CKYC Generation API. This triggers a fresh registration with CERSAI, and a new 14-digit CKYC Identifier (KIN) is allocated after CERSAI validates the submission. Generation is asynchronous — the KIN is not returned instantly. The institution must poll the status API using the transaction ID to confirm when the KIN has been assigned.
What is data matching in the CKYC process? ▼
Data matching is the comparison of the CKYC record downloaded from CERSAI against the data the customer provided during current onboarding. A full match means all identity fields align and the CKYC number can be stored directly. A partial match means one or more fields differ, triggering the CKYC Update API workflow or a manual review process before the number is stored. Records must never be updated directly — only through the authorised CKYC Update API flow.
What is a CKYC number or KIN? ▼
A CKYC Number, also called a KYC Identifier (KIN), is a unique 14-digit number assigned by CERSAI to each customer when their KYC record is first registered. It acts as a universal KYC reference across all regulated entities — banks, NBFCs, insurers, mutual funds — eliminating the need for customers to submit documents repeatedly across institutions.
How long does CKYC Generation take? ▼
CKYC Generation is an asynchronous process. The institution submits data and documents via the Generation API and receives a transaction ID immediately. The actual CKYC number is allocated by CERSAI after their internal validation, which can take from a few hours to several working days depending on document quality, completeness of data, and CERSAI processing queues. The institution must poll the status API to check when the KIN has been assigned.
Can the entire CKYC lifecycle be outsourced? ▼
Yes. The complete CKYC processing lifecycle — Search, Download, Generation, Data Matching, rejection handling, status tracking, and CKYC number storage — can be managed by a specialist CKYC operations partner. The regulated entity retains accountability for KYC compliance but delegates the operational execution to the partner. This model is widely used by NBFCs, HFCs, and mid-size banks to reduce compliance overhead, achieve higher first-time-right rates, and free up internal operations bandwidth.

Ready to Run a Seamless CKYC Lifecycle?

HSS manages end-to-end CKYC operations for NBFCs, HFCs, and banks across India — from the first Search API call to final CKYC number storage. One team, one workflow, zero manual handoffs.

Talk to Our CKYC Team Explore Our Services
H
HSS Technology Team
Hridayam Soft Solutions Pvt. Ltd. · CKYC Operations Specialists
HSS provides end-to-end CKYC managed services for banks, NBFCs, HFCs, and insurance companies across India. Our ShareDocs DMS platform handles document management, API integration, and CERSAI compliance operations at scale.
Continue Reading
Compliance

CKYCRR 2.0: What Every BFSI Operations Head Must Know Before the 2026 Deadline
Compliance

Why CKYC Records Get Rejected by CERSAI — And How to Fix Them Before Submission
Glossary

The CKYC Terminology Glossary Every BFSI Professional Should Bookmark
Last Reviewed: May 9, 2026  |  Sources: CERSAI CKYC process documentation, RBI Master Direction on KYC (amended August 2025), HSS operational data from CKYC processing engagements.
This article is for informational purposes only. For institution-specific compliance guidance, consult your legal and regulatory team.

Tags:

BFSI OperationsCERSAICKYC APICKYC OperationsCKYC ProcessCustomer OnboardingKYC LifecycleNBFC Compliance
Category:BFSI Operations
Share:
More Reading

You might also like

CKYCRR 2.0: What Every BFSI Operations Head Must Know Before the 2026 Deadline
BFSI Compliance13 min read

CKYCRR 2.0: What Every BFSI Operations Head Must Know Before the 2026 Deadline

Read More
View all posts

Ready to automate your CKYC compliance?

Talk to our CKYC experts. We'll map your workflow and show you exactly how our platform fits your institution in one call.

Talk to Our CKYC ExpertsSee How It Works
ISO 27001 Certified
~0.2s API Response
🏦38 BFSI Entities
WhatsApp Us