India’s Department of Revenue (DoR) has done it again.

On June 1, 2017 Notification 2/F No. P.12011/11/2016-ES Cell-DOR, mandates the linking of every bank account with an Aadhaar number before December 31, 2017. While lawyers point out several illegalities, including the scope of the notification of this subordinate legislation under the Prevention of Money Laundering Act (PMLA), the failure of the DoR to consistently protect national interest is unbelievable.

This latest notification ensures that the Trojan horse that they instilled into the banking system on January 27, 2011, will destroy the Indian economy along with the Indian banking system. As feared by the Reserve Bank of India before January 2011, Aadhaar is yet the best state-sponsored enabling mechanism for money launderers to enable benami bank accounts. A ‘benami’ transaction is any transaction in which property is transferred to one person for a consideration paid by another. Aadhaar can even help the money launderer to take over your bank accounts. Aadhaar is also the enabler to scale benami transactions.

A few days ago, a co-panelist on a TV channel defended the DoR, arguing that linking Aadhaar to bank accounts will weed out money laundering by verifying bank details. What my co-panelist did not say is money laundering is facilitated by creating benami accounts. It is also facilitated by benami transactions. Nor did my co-panelist explain how benami accounts happen or how benami transactions are scaled by money-launderers.

Here are just five ways in which linking the Aadhaar to PAN or a bank account will hurt you, destroy India and, for those who care, an explanation of how Aadhaar creates benami bank accounts and scales benami transactions.

1. The innocent will lose money, reputation and access to justice, dignity and livelihood as their Aadhaar numbers can act as mules for money laundering, their subsidy and other Aadhaar enabled payments can be easily compromised, their access to their own bank accounts be denied, or they can be framed for economic offences. Helpless citizens and businesses may also find themselves at the receiving end of covert human rights violations as even their access to money and existence is disabled by deactivation or blocking of Aadhaar leaving no recourse to survival.
2. Linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers as it becomes easy to remotely create benami accounts and operate benami transactions while claiming complete legitimacy. This will destroy India’s economy and governance.
3. Financing crime and terrorism will grow uncontrollably as it becomes increasingly difficult to discover, report or close down such operations. This will make it impossible to ensure national security as the rule of law is destroyed.
4. Corruption will increase as it becomes easier when proceeds will not be traceable to the corrupt. It will be increasingly difficult to restore swarajya and impossible to ensure surajya.
5. Banks will not be able to contain non-performing-assets, fraud and financial misappropriation as the real users of banking services will be untraceable. The economy will be completely out of control as the black and white economies become indistinguishable.

We are in a policy vacuum as the NITI Aayog and the bureaucracy have failed to recognise the Trojan horse and protect national interest. Unless the RBI de-licenses the payments systems based on Aadhaar (AEPS) immediately and the government stays linking Aadhaar to PAN and bank accounts, our leadership will have failed to protect India from this fast colonisation of India by the private interests driving Aadhaar.

Enabling Benami Bank Accounts

Benami accounts get created when banks fail to identify the real customers who own the accounts. The Panama Papers exposed data of thousands of benami accounts created through a Panamanian law firm, Mossack Fonseca. The Panama Papers exposed one modus operandi of hiding the real owners of the assets in tax havens.

The use of Aadhaar as KYC for bank accounts is similar to the note from Panama Law Firm Mossack Fonseca saying “they are an honest client”

Prudent bankers recognise the importance of knowing who whom they bank with. It is no wonder that the RBI had warned, right from before the Trojan horse was instilled in to the RBI in 2011, that the Aadhaar enrolment process does not have due diligence. It pointed out that for Aadhaar enrolment verification is not compulsory, as confirmed by the UIDAI in the Demographic Data Standards and Verification Procedure, and does not require document based verification.

After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in five years. No one knows who really controls these accounts.

The RBI also highlighted that such use of Aadhaar as third party identification is against Prevention of Money Laundering Act, the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision and circulated to scheduled commercial banks by the RBI on November 29, 2004.

The RBI also observed that a fixed time document like the Aadhaar cannot be a Proof of Address. It further cautioned using Business Correspondents (BC), to open bank accounts or undertake banking transactions, as the vulnerability of the system has not been tested and co-mingling funds of different banks in the hands of BC’s was a major operational risk to the banks. While resisting the use of Aadhaar, the RBI also highlighted the Government’s concern about the perceived misuse of such accounts for terrorist financing.

Under pressure from the UIDAI and the Department of Revenue, Ministry of Finance, the RBI, through its circular dated January 27, 2011, allowed bank accounts to be opened exclusively on the basis of Aadhaar number. However, the RBI required such accounts to be put to restrictions and be subjected to conditions and limitations prescribed for small accounts.

Not happy with the restrictions, the UIDAI pressed the RBI to lift the restrictions placed on accounts opened with Aadhaar numbers under the PMLA. On September 28, 2011, again through the Department of Revenue, the UIDAI succeeded in getting the RBI to backtrack and suspend the restrictions of the PMLA on bank accounts opened solely through Aadhaar. The UIDAI also succeeded in causing the RBI further to accept eKYC or remotely using information associated with an Aadhaar number as KYC. According to the UIDAI eKYC brings scale to the ease of onboarding customers.

Even your Aadhaar can be used, without your knowledge, by a perpetrator to open multiple accounts in order to use it to collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these accounts are discovered, you will be the criminal.

To put the problem in perspective, Aadhaar enrolment was completely outsourced to private parties by the UIDAI with the sole aim of building the world’s largest biometric database. Nandan Nilekani’s UIDAI repeatedly emphasised that they merely provided a framework to issue a number and store the (unverified and unaudited) data.

UIDAI admits that the Aadhaar (UID) database has never been verified or audited

No one from the UIDAI or even the government sign the Aadhaar card that is mailed back to the enrolee. The very same organisations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “Registrars” to the enrolment process. They were even given flexibility in the collection, retention and use of the data (including biometric) that they collected.

Without a verification and audit Aadhaar enables duplicates and ghosts

No one in the Aadhaar enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrolment. Needless to say, anyone in possession of your documents could enroll with minor changes in any demographic information or with different biometrics. Field stories of enrolments are full with descriptions of biometric jugaad including using combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximise registrations.

According to the IT Minister Ravi Shankar Prasad, 34,000 operators who tried to make fake Aadhaar Cards have been blacklisted. Even if each operator worked for a year before being blacklisted, at about 100 cards a day amounts to over a billion cards. That is more than 95 percent of the database. The Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.

Excerpt of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017

While there is widespread belief that biometric authentication at time of opening a bank account prevents benami, it ignores the field realities of mobile phone SIM cards being issued on Aadhaar photocopies and used to open bank accounts, of having remotely “downloadable” accounts, and also plain simple use of photocopies of Aadhaar or parallel Aadhaar databases to open bank accounts. With Aadhaar, banks do not have any trace of the real customer. The real customer is simply masked by a benami owner using an Aadhaar number.

Even your Aadhaar can be used, without your knowledge, by a perpetrator to open multiple accounts in order to use it to collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these accounts are discovered, you will be the criminal.

Is Aadhaar the new Panama?

To compound the problem, UIDAI has no liability for benami bank accounts opened with Aadhaar. After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in 5 years. No one knows who really controls these accounts.

Growth of bank accounts and deposits in India

Enabling Benami transactions

Even when it had no mandate to develop banking platforms, in 2009, the UIDAI signed an MoU with the National Payments Corporation of India (NPCI), a non-government company, to develop an Aadhaar Enabled Payment System (AEPS). In this MoU the UIDAI has no responsibility for your banking transactions and the NPCI has no obligation to the RBI. The payment system uses the Aadhaar linked to a bank account as a financial address to do electronic money transfers from one Aadhaar number to another.

Company data for NPCI from http://www.mca.gov.in

Unless an Aadhaar is linked to the account, the AEPS cannot access the bank account. Linking a PAN to the Aadhaar will have the same effect as linking the Aadhaar to a bank account as the PAN is already linked to the bank account. Such accounts become Aadhaar enabled. Aadhaar enabled bank accounts are ready to be used by the AEPS for Aadhaar to Aadhaar money transfers.

Linking an Aadhaar to a bank account is done through a process called seeding an Aadhaar number to a bank account. After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into a “NPCI mapper” or a repository of Aadhaar numbers and Institution Identification Number (IIN) numbers used for the purpose of routing transactions to the destination banks. The IIN is a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else seed your Aadhaar with another bank account, the NPCI mapper is overwritten with the new banks’ IIN. Money transferred to an Aadhaar number, using the Aadhaar Enabled Payment System, gets transferred to the bank account linked to the Aadhaar number at the branch recognised by the IIN.

Perhaps the worst aspect of the mapper is that it slices the business process and outsources parts. This destroys the responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI orNeither the NPCI, the UIDAI nor the banks are responsible in such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.

A money launderer can transfer money to an account linked to an alternate IIN and then re-seed the NPCI’s mapper with the original IIN for the Aadhaar number, completely wiping out any trace of money to the alternate IIN. Like transactions of bearer shares in Panama, such money transfers becomes no different from a hawala transaction between real parties who remain anonymous or benami.

Your Aadhaar number can be used to facilitate such benami money transfers. If these money transfers linked to your Aadhaar number are detected by investigation officers or tax authorities, you, not the real operator will be held on suspicion of economic offences.

The NPCI’s idea of Aadhaar to Aadhaar banking itself is flawed. It is surprising if the RBI has licensed this payment system under the Payment and Settlements Act.

All money is ultimately stored in bank accounts and not in the name of a person. Nowhere in the world does one transfer money to a person, you transfer it to a person’s account. Money transfers to and from a bank account makes every money transfer traceable from source to destination making money laundering difficult, if not impossible.

Hawala schemes make money transfers untraceable by eliminating the bank accounts. Money transfers that, like the hawala, are based on the premise that you do not share an account number, with someone transferring money to you, are inherently flawed in auditability as they wipe out the money trail.

The idea of a mapper, as used by NPCI’s AEPS, does not allow for instructions from sender but relies on periodic update of IIN in the NPCI’s table mapping Aadhaar numbers from banks. As multiple banks have to upload the Aadhaar numbers seeded with accounts held by them, this cannot guarantee desired results.

The replacement of a time-tested standard of electronic money transfers under government regulation by a non-standard payment system run by a non-government company raises serious questions of national and public interest, propriety and possible conflicts of interest.

Perhaps the worst aspect of the mapper is that it slices the business process and outsources parts. This destroys the responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI orNeither the NPCI, the UIDAI nor the banks are responsible in such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.

Such money transfers would be difficult, if not impossible, to trace without a whistleblower. A few cases have been reported that suggest the large scale play of this scenario already. For example, more than 40,000 erroneous transfers were reported through AEPS in DBT transfers meant as part of drought relief for farmers in Karnataka. The government allegedly blamed the banks for failure to seed the correct Aadhaar numbers with the beneficiaries.

Governments across India had been using the RBI’s own payment system, the NEFT or RTGS, to undertake electronic money transfers. This is also evidenced by the fact that Aadhaar Leaks has exposed that bank details are already present in every record of the leaked data. There is absolutely no reason to switch public payments from NEFT to AEPS, run by a non-government company.

* * *

Preventing disaster

If the government and the Supreme Court implement the wisdom of the seven orders of the Supreme Court of India on the use of Aadhaar, they can yet save the country from disaster resulting from the colonisation of India by the new East India Companies or the private interests driving Aadhaar.

Order of 5 member bench of the SC on October 15, 2015

In its first order of September 23, 2011, the Supreme Court had indicated that “no person should suffer for not getting the Aadhaar card in spite of the fact that some authority had issued a circular making it mandatory and when any person applies to get the Aadhaar Card voluntarily”.

On August 11, 2015, the three-member bench restricted the use of Aadhaar and indicated that it may not be used for any other purpose.

On October 15, 2015, a five-member bench led by the Chief Justice had emphasised that “the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court”. It had restricted the voluntary use of Aadhaar to public distribution system (PDS) Scheme, the liquefied petroleum gas (LPG) distribution scheme, the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions), Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO).

In the meantime, following Mahatma Gandhi’s footsteps and refusing to link Aadhaar to anything may be the only option left for you.

On 10 January 1908 Mahatma Gandhi was arrested for the first time in South Africa for refusing to carry an obligatory identity document card commonly known as the ‘pass’.

The author can be contacted at on Twitter @AnupamSaraph

[opiniontag]