Reg: Simplifying norms for periodical updation of KYC

Please refer to policy on KYC/AML issued vide Circular No.744 dated Feb 19,
2013, para 6.5 regarding periodical profile updation of accounts which states
that Customer identification data (including photograph/s) shall be
periodically updated by business units after the account is opened. The
periodicity of such updation shall not be less than once in five years in case
of low risk category customers and not less than once in two years in case of
high and medium risk categories.
The issue has been reviewed by RBI in the light of practical
difficulties/constraints
expressed
by
bankers/customers
in
obtaining/submitting fresh KYC documents at frequent intervals as the
relative documents submitted earlier especially by low-risk customers have
remained unchanged in most of the accounts.Accordingly,it has been
decided by RBI to amend the instructions.
In accordance with the revised instructions by RBI, business units are advised
as under:
a) Full KYC exercise should be done at least every ten years for low risk and
at least every eight years for medium risk individuals and entities.
b) Full KYC exercise should be done at least every two years for high risk
individuals and entities.
c) Ongoing due diligence should be carried out by business unit with respect
to the business relationship with every client and closely examine the
transactions in order to ensure that they are consistent with their knowledge
of the client, his business and risk profile and, wherever necessary, the
source of funds.
d) Positive confirmation (obtaining KYC related updates through email/letter/telephonic conversation/forms/interviews/visits,etc.) should be
completed at least every two years for medium risk and at least every three
years for low risk individuals and entities.
e) Fresh photographs should be obtained from minor customers on becoming
major.
In view of the above amendments, the CUSDATA option in Finacle menu
has been suitably modified. Consequently the number of accounts due for
updation has reduced considerably. Business units should take this as an
opportunity and update profile of accounts due for updation on war footing
basis.

Concurrent auditors /internal inspectors are advised to monitor progress and

report non-compliance, if any.
All concerned are advised to ensure strict compliance.
Reg: Customization in the CBS system for implementing simplified
norms for KYC updation
Reference is invited to circular No 377 dated 6th September, 2013 wherein
simplified norms for periodical updation of KYC suggested by Reserve Bank of
India were conveyed. In order to incorporate the revised norms in the CBS
system, the CUSDATA option has been suitably modified for filtering out
accounts falling due for KYC updation in all the three risk levels viz; Low,
Medium and High. Accordingly, all the business units are advised to generate
the list of accounts due for KYC updation as per revised norms in all the three
risk categories from the CUSDATA option and update the same in a time
bound manner. It would be pertinent to mention here that the risk level
assigned to an account extracted through the CUSDATA option is only
indicative in nature based on the existing profile available in the CBS system.
Business units while updating the KYC of such accounts may also review the
risk level of these accounts as per their latest profile. In order to facilitate
the risk assigning process, the indicative list of different risk levels circulated
already vide our KYC/AML policy is also reproduced here as Annexure-I.
Further, it is reiterated that risk categorization and specification of threshold
limit for all the new and existing accounts is a mandatory exercise as per the
KYC/AML policy of the bank. It has been observed that the business units are
specifying the risk level and threshold limit on the customer relationship form
(CRF) only while as the same is not translated into the CBS system. In order
to ensure strict compliance in this direction, the Risk level field and
Threshold limit field have been created and made mandatory in the CBS
system. For this purpose the customization made in the CUMM option of
CBS system is explained as below:
Risk Level and Threshold limit codes have been created as under:
a) Risk Level codes are as:
RL1 - LOW RISK
RL2 - MEDIUM RISK
RL3 - HIGH RISK
RL4 - VERY HIGH RISK

These codes have been populated in CUMM 8th page in free_code_2. The
user has to press F2 and assign the particular RISK level for the customer.
b) Threshold Limit codes are as:
TH1 - Rs 20000
TH2 - Rs 50000
TH3 - Rs 100000
TH4 - Rs 500000
TH5 - Rs 1000000
TH6 - Above Rs 1000000
These codes have been populated in CUMM 8th page in free_code_3. The
user has to press F2 and select the particular Threshold limit for the
customer.

A. Indicative List of Medium Risk Customers

1. Non- Bank Financial Institution.
2. Stock brokerage.
3. Import/ Export.
4. Gas station.
5. Car / Boar / Plane Dealership.
6. Electronics ( wholesale)
7. Travel agency.
8. Used Car sales.
9. Telemarketers.

10.
Providers of telecommunications service, internet caf, IDD call
service, phone cards, phone center.
11.

Dot-com company or internet business.

12.

Pawnshops.

13.

Auctioneers.

14.
Cash-Intensive Businesses such as restaurants, retail shops,
parking garages, fast food stores, movie theaters, etc.
15.

Sole Practitioners of Law firms ( small, little known)

16.

Notaries ( small, little known)

17.

Secretarial Firms ( Small, little known)

18.

Accountants ( Small , little Known firms)

19.

Venture capital companies.

B. Indicative List of High Risk Customers

1. Individuals and entities in various United Nations Securities Council
Resolutions (UNSCRs) such as UN 1267 etc.
2. Individuals or entities listed in the schedule to the order under section
51A of the Unlawful Activities ( Prevention) Act, 1967 relating to the
purposes of prevention of, and for coping with terrorist activities.
3. Individuals and entities in watch lists issued by Interpol and other
similar international organizations.
4. Customers with dubious reputation as per
available or commercially available watch lists.

public

information

5. Individuals and entities specifically identified by regulators, FIU and

other competent authorities as high risk.

6. Customers conducting their business relationship or transactions in

unusual circumstances, as significant and unexplained geographic
distance between the institution and the location of the customer,
frequent and unexplained movement of accounts to different
institutions, frequent and unexplained movement of funds between
institutions in various geographic locations etc.
7. Customers based in high risk countries/jurisdictions or locations.
8. Politically exposed persons (PEPs) of foreign origin, customers who
are close relatives of PEPs and accounts of which a PEP is the
ultimate beneficial owner.
9. Non-resident customers and foreign nationals.
10.

Embassies/ consulates.

11.

Off-shore (foreign) corporation/business.

12.

Non face-to-face customers.

13.

High Net Worth individuals.

14.

Firms with sleeping partners.

15.
Companies
ownership.

having

close

family

shareholding

or

beneficial

16.
Complex business ownership structures, which can make it
easier to conceal underlying beneficiaries, where there is no
legitimate commercial rationale.
17.
Shell companies which have no physical presence in the country
in which it is incorporated. The existence simply of a local agent or
low level staff does not constitute physical presence.
18.
Investment Management / Money Management Company /
Personal Investment Company.
19.
Accounts of gatekeepers such as accountants, lawyers, or
other professionals for their clients where the identity of the
underlying client is not disclosed to the financial institution.

20.
Client Accounts managed by professional service providers such
as law firms, accountants, agents, brokers, fund managers, trustees,
custodians.
21.
Trusts, charities, NGOs/NPOs ( especially those operating on a
cross-border basis) unregulated clubs and organizations receiving
donations ( excluding NPOs/NGOs promoted by United Nations or its
agencies)
22.
Money
service
Business,
including
Orders/Travelers
Cheques/Money
Cashing/Currency Dealing or Exchange.

seller
of
Money
Transmission/Cheque

23.
Business accepting third party cheques (except supermarkets or
retail stores that accept payroll cheques / cash payroll cheques)
24.
Gambling /gaming
gambling tours.

including

Junket

Operations

arranging

25.
Dealers in high value or precious goods ( e.g. Jewel, gem and
precious metals dealers, art and antique dealers and auction houses,
estate agents and real estate brokers)
26.
Customers engaged in a business
which is associated with
higher levels of corruption ( e.g. arms manufactures, dealers and
intermediaries)
27.
Customers engaged in industries that might relate to nuclear
proliferation activities or explosives.
28.
Customers that may appear to be Multi level marketing
companies etc.