India July Compliance Roundup

Hi, it's Agrima from Signzy!

The past few months have been quite refreshing for us :)

While the world talks about compounding capital, we’ve been thinking about compounding identity. Not just our APIs and products, but who we are in this industry and what we stand for.

And we’ve always believed that compliance doesn’t have to be cold.

As we unveil our reimagined home on the internet this month - bolder, clearer, and more human - we’re doubling down on that belief.

We’ve spent months obsessing over our new voice and website, that you can now experience on www.signzy.com!

🔒 It’s a new lens on everything we’ve built so far.

Let’s zoom out now :) Here are the headlines of this month:

1. Precision is the New Enforcement

SEBI made a couple of quiet but meaningful moves this month - small on paper, but loud in what they signal.

First up: Jane Street, the US high-frequency trading firm, got the green light to re-enter Indian markets after parking ₹4,844 crore in escrow. But despite the nod, they haven’t actually resumed operations yet. And when they do, it's going to be under strict conditions: full-time monitoring, restricted access, and zero room for missteps.

Meanwhile, SEBI reminded everyone that inspection findings aren't just suggestions. As of July 1, firms have 45 days to fix flagged compliance issues, or they risk getting cut off - from trading terminals, and from onboarding new clients.

That’s not all. SEBI also rolled out Master Circulars, consolidating guidelines for CRAs, REITs, ESG ratings and more - basically making it easier for compliance teams to find what they need, faster. And there's now a six-month window to re-lodge old physical share certificates, with the final deadline set for January 6, 2026.

Altogether, this feels like a shift in tone. The playbook hasn’t changed. But the tempo has. SEBI isn’t waiting for firms to catch up anymore, it’s expecting them to be already there.

2. KYC, But Kinder

This month, RBI took a softer - and frankly, smarter approach to KYC. It’s less about checkboxes now, more about context.

For low-risk customers, the rules just got a little more flexible. Update cycles are longer. Business Correspondents can assist directly. And onboarding doesn’t have to feel like an obstacle course anymore.

On the UIDAI side, offline Aadhaar KYC is being simplified. No need to share full Aadhaar numbers anymore. Less data exposure, more privacy. A win all around.

But beneath these changes is something bigger: a mindset shift. KYC is no longer just a gate, it’s a gateway. And how we design that gateway matters.

For regtech teams, the message is clear:

- Build for low-connectivity zones, design for dignity, not just compliance, keep humans in the loop.

3. Identity & Tax Stack Tightens (Aadhaar ↔ PAN, GST)

July was all about tightening the bolts.

Let’s start with GST. From July 1, forms like GSTR‑3B are now non-editable once filed. And on top of that, there's now a three-year cutoff - any return older than that simply can't be filed. This puts the pressure squarely on internal checks, data accuracy, and review processes.

Meanwhile, PAN applications now require Aadhaar from the get-go. It’s another nudge toward making digital identity more consistent across systems.

None of this is flashy. But it matters. These tweaks tighten control, close backdoors, and force better hygiene across systems. Boring? Maybe. But essential? Definitely.

4. Digital Rails, Real-Time Guardrails (RBI + DoT)

One of the more interesting shifts this month came from the RBI’s push to embed real-time fraud intelligence into the banking layer.

Here’s what’s happening: Banks have been asked to plug into the DoT’s Financial Fraud Risk Indicator (FRI). That means mobile numbers flagged for fraud can now trigger risk-based checks during transactions. Think of it as bringing telco smarts into banking rails—flagging mule accounts faster, and stopping fraud before it moves.

At the same time, RBI dropped a draft direction for Digital Banking Channels. It’s about getting the UX right, but with safety built in. Things like giving users a clear distinction between “view-only” and “transact” access. And cracking down on third-party product pushes inside banking apps unless there’s explicit consent.

Put together, these aren’t just tech updates, they’re trust updates. They show that real-time systems don’t have to compromise on user safety.

Industry voices agree: the goal isn't just compliance anymore, it's the completion of full regulatory cycles, where risks are detected, acted upon, and resolved within tighter timeframes.

“The next era of compliance isn’t about regulation catching up to technology. It’s about technology being shaped by the spirit of regulation — inclusive, responsive, and real-time.”

Prasanna Lohar - Founder, India Blockchain Forum

Bonus news to end on 🎉

UPI just surpassed Visa in daily transaction volume!

It now accounts for ~85% of digital transactions in India, and nearly 50% of all real-time digital payments globally.

Proof that when you build for inclusion and simplicity, scale follows :)

Probes and Penalties

Probes & Penalties gives you a clear, two-minute read on the RBI’s latest enforcement actions — who was investigated, what fines were issued, and the practical lessons for your compliance playbook.

🔒 In other news

• We go featured in the Gartner Market Guide for KYC Platforms for Banking! (the only Indian company to make the list)
• Our engineers won the most impactful solution for building a GenAI-powered civic governance tool at the AWS AI Innovation Challenge!
• We partnered with India Insurtech Summit and had a great time!
• Our event Pitch Report was the perfect crossover of fintech and cricket.

✨ That’s all for today, don’t forget to check out our new website.

If you've made it till here, Share the newsletter with your circle!