Contents

Contents..................................................................................................................... 1
Chapter 1: Introduction.............................................................................................. 2
Chapter 2: Rules and Regulations..............................................................................6
Chapter 3: Key Elements in KYC Policy.....................................................................11
Chapter 4: KYC Norms and Related Issues..............................................................21
Chapter 5 : Steps Taken for Reviewing KYC.............................................................27
Chapter 6: Important Aspects for KYC......................................................................32
Chapter 7: Indicative Guidelines For Other Account Holders....................................36
Chapter 1: Introduction

1.1Meaning:

Know your customer (KYC) is the due diligence and bank resolution that
financial institutions and other regulated companies must perform to identify
their client and ascertain relevant information pertinent to doing financial
business with them. In the USA, KYC is typically a policy implemented to
confirm to a customer identification program mandated under the under Bank
Security Act and USA Patriotic Act. Know your customer policies have
becoming increasingly important globally to prevent identify theft fraud, money
laundering and terrorist financing. In a simple form, rules may equate to
answering twelve questions about this is a tip of the ice berg and regulator now
expect much more. KYC should not be thought of as a form to be filled-it is a
process to be undergone from the start of a customer relationship to the end.

Know regular companies of all size, for the purpose of ensuring their
proposed agents ‘, consultants ‘or distributors’ anti-bribery compliance; also
employ Your Customer processes. Banks, insurers and export credit agencies
are increasingly demanding that customers provide detailed anti-corruption due
diligence information, to verify their probity and integer.

1.2Definition;

For the purpose of KYC policy, a ‘Customer’ may be defined

 • A person or entity that maintains an account and/or has a business
relationship with the bank;

• One on whose behalf the account is maintained (i.e. the beneficial

owner);

• Beneficiaries of transactions conducted by professional intermediaries,

such as Stock brokers, C.A., Solitaris, etc. as permitted under the law,
and

Any person or entity connected with a financial transaction, which can

pose significant reputation or other risks to the bank, say,a wire transfer
or issue of a high value demand draft as a single transaction.

1.3Origin:

The Basel Committee reports of 1997 and 1998 adopted a statement of

principle concerning anti-money laundering. The statement carried the first
international mention of KYC procedure and encouraged bank managements
and the central bank, internationally, to draw guidelines for identification of
customers, to map their transactions.

Among other national controllers, the Federal Reserve of the USA initiated,
almost immediately, proposal relating to the monitoring of customer
transactions and the reporting suspicious transaction. It requires the bank to
draw up the customer and transaction profiles, record sources of funds,
determine normal and expected transaction, identify those, which were
inconsistent and report suspicious ones to central monitoring authority. All the
banks in the USA are following these, religiously with quick punishments being
awarded by the regulators when serious aberrations are observed.
1.4Objectives:

Know Your Customer (KYC) process is meant to weed out the bad
customers, to protect good ones ( and the banks). It is, therefore, important that
banks continue to stay focused on business, on good customer relationship; get
to know more about client needs and preferences. The KYC process is the only
to ensure that banking operations are spotlessly clean; to help clients and balk
personnel proper conduct of the business.

Knowing a customer is a basic treat in banking. Detailed information to

build up a customer profile has been collected to serve purpose like:

• Satisfying legal requirements for the banker-customer relationship

• To know customer needs, to extend appropriate services, and

• To know various categories oddf customers (size, habits, types and

preferences) to enhance bank’s own business.

Using such data for tracking customer transactions and to monitor the
account for possible abuse or illegal use is also one of the objectives of the “KYC”.
Growing incidents of banking channels being misused by individuals and
organized syndicates for purposes like money laundering have introduced new
dimensions and focus to the KYC rigour.
Chapter 2: Rules and Regulations

2.1 RBI Guidelines:

RESERVE BANK OF INDIA

The RBI expects all banks to have comprehensive KYC policies.

These policies should be on key areas mentioned below. Banks Boards will have to
evolve relative policies and processes and ensure that these are implemented,
faithfully, at all levels. The objective of KYC guidelines is to prevent banks from
being used, intentionally or unintentionally, by criminal elements for money
laundering activities. KYC procedures also enable banks to know/understand their
customers and their financial dealings better, which in turn help them, manage
their risks prudently. Banks should frame their KYC policies incorporating the
following four key elements:

• Customer Acceptance Policy

• Customer Identification Procedure

• Risk Management

• Monitoring of Transaction
 The present RBI guidelines suggest monitoring of transactions above Rs 10
lakh; those below that level are exempt from scrutiny. These guidelines may be
revised at intervals and must be kept track of. The profile should be archived in
such a manner that it can be quickly accessed for verifying any transaction, when
such requirements arise. The RBI has been stipulating certain thresholds: these
needs to be followed meticulously as related to KYC in screening accounts,
monitoring, reporting suspicious transactions, etc.

The approach to the KYC regime in RBI’s guideline is basically:

• To prevent banks from being used, intentionally or unintentionally, by

criminal elements for their money laundering activities, and

• To help bank to know their customer and their financial transactions better,
this, in turn will help the banks to manage their risks prudently.

2.2 Important Prescription by the RBI:

The RBI, for various KYC processes like, has prescribes detailed guidelines:

• Customer profiles; for opening/reviewing of accounts of various categories

of customers.

• Identification of high value/ suspicious transaction/ terrorism finance.

• Monitoring of suspicious transactions and reporting the same and reporting

of cash transactions of Rs. 10 lakh and above to controlling offices.

• Accountability for non-compliance with the KYC guidelines.

 • Time frame for implementation

• The RBI also revises the guidelines based on national and international
experience

• Banks would need to keep themselves updated on an ongoing basis with

such changes.

2.3 KYC Guidelines-Anti-Money Laundering:

While preparing operational guidelines banks may keep in mind the

instructions issued in terms of the circular wherein banks are advised to treat the
information collected from the customer for the purpose of opening of account as
confidential and not divulge any details thereof for cross selling or any other
purposes. Banks may, therefore, ensure that information sought from the customer
is relevant too the perceived risk, is not intrusive, and is in conformity with the
guidelines issued in this regard. Any other information from the customer should
be sought separately with his/her consent and after opening the account.

Banks should continue to ensure that any remittance of funds by way of DD,
mail/ telegraphic transfer or any other mode and issue of traveler’s cheques for
value of Rupees Fifty thousansd and above is affect by debit to the customer’s
account or against cheques and not against cash payment.

These guidelines are issued under section 35A of the banking Regulation
Act, 1949 and any contravention of or non-compliance with the same may attract
penalties under the relevant provisions of the Act. Once the policy framework is
ready and implemented by a bank, the instructions issued vide this circular will
supersede all instructions issued on ‘Know Your Customer’ and Anti-Money
Laundering measures till date.

2.4 Initiative by RBI:

The RBI has taken strong, stage-wise steps. Guidelines issued by it in 2002
have been refined continuously. Guidelines related to identification of customers
and systems and procedures that all banks should have in place for early detection
and prevention of financial frauds, money laundering, scrutiny and monitoring of
large value cash transaction, etc., under section 35 of the banking Regulation Act,
1949.

Guidelines where made sharper in November 29, 2004 in the light of the
recommendation made by the financial action task force (FATF) on Anti-Money
Laundering (AML) standards and on Combating Financing of Terrorists (CFT).
These standards are the international benchmarks of AML and CFT policies by the
Regulatory authorities in all countries.

2.5 Financial Instructions KYC Guidelines:

Central Bank requires banks to follow the know Your Customer (KYC)
guidelines. In line with global traders, the Central Bank of Lesotho has issued the
financial Institutions Know Your Customer Guidelines, 2007. The guidelines
require financial instructions to ensure that they know their own customers.

When opening the account, the bank’s potential customers are required to
provide the following information:
a) Customer’s identity;

b) Nature of business activity

c) Location of customer

d) Mode of payments

e) Volume of turnover

f) Public or high financial status

g) Product type

h) Source of funds

i) Transaction type

j) Transaction value

k) Type of entity

1. Any other matter that a bank may fit to consider.

It should be borne in mind that majority of bank customers have a long

standing business relationship with their bank, having opened accounts long
before coming into operation of the Know Your Customers Guidelines.
Currently the information regarding the customers’ location requires
verification by a chief’s letter or utility bill. Customers are requested to bear
with banks when requested to provide additional information, as is a
requirement to prove their residency and source of income.
Chapter 3: Key Elements in KYC Policy
In 2004, the RBI had come up with more specific guidelines regarding KYC.
These were divided into four parts:

• Customer Acceptance Policy

• Customer Identification procedure

• Risk Management

• Monitoring of transaction

3.1 Customer Acceptance policy:

All banks shall develop criteria for accepting any person as their customer to
restrict any anonymous accounts and ensure documentation mentioned in KYC.

The guidelines pertaining to this policy are reasonable clear and exhaustive.
There are explicit criteria for acceptance or non-acceptance of a customer and
his/her relationship with the bank. Broad aspects of the policy could be:

• No accounts should be opened in anonymous/fictitious or benami

name(s);
 • No accounts should be opened (or existing account continued) where the
bank’s due diligence exercises relating to identity, and the ostentation of
evidential documents are not fulfilled or successful; when the applicant
does not co-operate; or the reliability of data/ information furnished in
the documents is in doubt.

• When a customer desires to act on behalf of other person, to analysis

should be made on the circumstances under which such operation is
should be made on the transaction do not infringe the law of the country

• It is important to bear in mind that the adoption of customer acceptance

policy and its implementation should not become too restrictive and must
not result indenail of banking services to general public, especially top
those, who are financially or socially disadvantaged.

3.2 Customers Identification Process:

The policy approved by the board of banks should clearly spell out the
customer identification procedure to be carried out at different stages i.e. while
establishing a banking relationship; carrying out a financial transaction or when the
bank has a doubt about the authencity/ veracity or the adequacy of the previously
obtained customer identification data.

Customer identification means identifying the customer and verifying

his/her identity by using reliable, independent source documents, data or
information. Banks need to obtain sufficient information necessary to establish, to
their satisfaction, the identity of each new customer, whether regular or
occasional, and the purpose of the intended nature of banking relationship.
 Being satisfied means that the bank must be able to satisfy the competent
authorities that due diligence was observed on the risk profile of the customer in
compliance with the extant guidelines inj place. Besides risk perception, the nature
of information/documents required would also depend on the type of customer
(individual, corporate etc.). For customers that are natural persons, the bank should
obtain sufficient identification data to verify the identity of the customer, his
address/location, and also his recent photograph. For customers that are legal
persons or entities, the bank should

(i) Verify the legal status of the legal person/entity through proper and
relevant documents,

(ii) Verify that any person supporting to act on behalf of the legal
person/entity is so authorized and identify and verify the identity of that
person,

(iii) Understand the ownership and control structure of the customer and
determine who are the natural persons who ultimately control the legal
person.

Banks may, however, can frame their own internal guidelines based
on their experience of dealing with such persons/entities, normal bankers’
prudence and the legal requirements as per established practices. If the bank
decides to accept such accounts in terms of the Customer Acceptance Policy, the
bank should take reasonable measures to identify the beneficial owner(s) and
verify his/her/their identity in a manner so that it is satisfied that it knows who are
the beneficial owner(s) is/are.
Customer Identification Procedure

Features to be verified and documents that may be obtained from

customers

Features Documents
Accounts of individual (i) Passport (ii) PAN card (iii) Voter’s
• Legal name and any other names Identity Card (iv) Driving license (v)
used Identity card (subject to the bank’s
satisfaction) (vi) Letter from a
• Correct permanent address recognized public authority or public
servant verifying the identity and
residence of the customer to the banks
satisfaction

(i) Telephone bill (ii) Bank account

statement (iii) Letter from any
recognized public authority (iv)
Electricity bill (v) Ration Card (vi)
Letter from employer (subject to
satisfaction of the bank)

NOTE: Any one document, which

 provides customers information to the
satisfaction of the bank, will suffice.

Accounts of companies (i) Certificate of incorporation and

Memorandum & Articles of Association
• Name of the company (ii) Resolution of the Board of Directors
• Principal place of business to open an account and identification of

• Mailing address of the company
• Telephone/Fax Number
Account of partnership firms
• Legal name
• Address
those who have authority to operate the
account (iii) Power of Attorney granted
to its manager, officers or employees to
transact business on its behalf (iv) Copy
of PAN allotment letter (v) Copy of the
telephone bill
(i) Registration certificate, if registered
(ii) Partnership deed (iii) Power of
Attorney granted to a partner or an
employee of the firm to transact

• Names of all partners and their business on its behalf (iv) Any officially
addresses valid document identifying the partners

• Telephone numbers of the firms and the persons holding the Power of
and partners Attorney and their addresses (v)
Telephone bill in the name of
firm/partners
Accounts of trusts & foundations (i) Certificate of registration, if
registered (ii) Power of Attorney granted
• Names of trustees, settlers, to transact business on its behalf (iii)
beneficiaries and signatories Any officially valid document to
 • Names and addresses of the identify the trustees, settlers,
founder , the managers/directors beneficiaries and those holding Power of
and the beneficiaries Attorney, founders/managers/directors
• Telephone/Fax numbers and their addresses (iv) Resolution of
the managing body of the
foundation/association (v) Telephone
bill

3.3 Risk Management:

Banks would need to categorize their customers as low, medium and high
risks:

a) Low risk customers:

These are individuals 9other than high net worth individuals) and
entities whose identities and sources of funds can be verified easily;
transactions in whose accounts are in conformity with known Customers and
Transaction profiles. For this category, it should be adequate if the basic
requirements of verifying the identity and location of the customers are met.
Salaried employees, Government owned companies, Government
departments, regulators, regulatory bodies, etc. fall in this category.

b) Medium/High risk customers:

This category includes customers who carry an inherently higher than

average risk to the bank. The categorization will depend upon the customer’s
background, nature of activity, location, country of origin, sources of funds,
volume and frequency of transaction, (large and not in tune with the
recorded/anticipated levels), etc. Diligence in identification/tracking would need to
be of a high order in such customers. NRIs, high net worth persons, potentates,
Trusts/Charities, NGOs receiving donations from abroad, Overseas Corporate
Bodies, Politically Exposed Persons (PEPs) of foreign origin, companies having
close share holding or beneficial ownership, firms with “Sleeping Partners”, non
face-to-face customers, those with dubious reputation etc., falls under this
category.

• Strategies For Risk Management:

Banks should have knowledge, sensitivity and responsiveness to risk

and their management. Their policies, procedure and formats use the
distribution of instruction to all and personal concerned, their archiving or
record retention, accessibility, periodic reviews, training of personal,
sensitivity to and alertness in reporting suspicious transactions,
organizational in the banks for such tasks etc., indicates the levels of the
bank’s risk management capability.

Banks should have strong system of complaints and audit functions.

The audit department should be independent of operation and be mend by
manageable and responsible executives. They should be capable of
evaluating the bank’s policies and their complaints at operating levels,
efficiency of the software use, particularly for monitoring and reporting
complaints to regulatory authority and detailed verification of KYC
processes at branches and supervisory efficiency. And audit is not a felt
finding process it is a basic organizational tool to reduce deficiencies and to
minimize risk. It should be so perceived and used by bank management and
operating personal.

Audit report should be presented to the Bank’s Audit Communities,

through channels as may be determined by each bank management. What is
important here is availability of audit skills, integrity in audit process,
transparency and quickness in report and their resolution?

Ongoing training programs (or seminars)for bank’s personnel,

designed appropriate to their responsibility (operating staff, complaint
monitors, audit staff, controllers, etc.) should be held so that they are fully
sensitize to the need for KYC rationale, policy, process and important
environmental events of money laundering, strategies of containment as
practiced globally, software programmers, etc. training programs should
include current events, case studies, situation analysis, talk by persons with
abroad etc.

The board of directors of the bank should ensure that an effective

KYC program is put in place by establishing appropriate procedure and
ensuring their effective implementation. It management oversight, systems
and controls, segregation of duties training and other related matters.
Responsibility should be explicitly allocated within the bank for ensuring
that the banks policies and procedures are implemented effectively. Banks
may, in consultation with their board, devise procedure for creating risk
profile of their existing and new customers and apply various Anti-Money
Laundering measures keeping in view the risk involved in a transaction,
account or banking/business relationship.

Banking internal audit and complaints function have an important rule

in evaluating and ensuring adherence to the KYC policies and procedure. As
a general rule, the complaint function should provide an independent
evaluation of the bank’s own policies and procedure, including legal and
regulatory requirements. Bank should ensure that their audit machinery is
staff adequately with include who are well versed in such policies and
procedures. Concurrent/Internal Auditors should specifically check and
verify the KYC procedure at the branches and comment on the lapses
observed in this regard may be put up for the Audit Committee of the Board
on quarterly intervals.

Bank must have an ongoing employee-training program so that the

member of the staff are adequately trained in KYC procedure. Training
requirement should have focuses for front line staff, complaint and staff
dealing with new customers. It is crucial that all those concurrent fully
understand rationally behind the KYC policies and implement them
consistently.

3.4 Monitoring of Transaction:

This is a critical aspect. The policy and the procedures should clearly
help the parameterizing of the type and size of normal transactions in a
customer’s account and the quick identification, for further enquiry, of and
abnormal transaction like the one that falls outside the normal level and
pattern if activity recorded.

Special attention should be placed on all complex, unusually large

transactions and suspicious patterns, which includes violation of the laws of
the country or threatening its financial well-being. It should be ensured that
there is no “structuring”, i.e., manipulation of the size of transactions so that,
if seen individually, they fell below the values or “threshold” that need to be
reported to the regulators/monitoring authority.

Transactions that involve large amounts of cash inconsistent with the

customer’s normal/expected activity should receive special attention. Very
high account turnover, e balance of all transactions, deposits or withdrawals,
involving Rs. 10 Lakh and above. Banks should have an internal monitoring
system to report such transactions as also suspicious transactions.
Chapter 4: KYC Norms and Related Issues

4.1 What are KYC Norms?

Let us first understand what KYC norms actually mean.

In order to prevent identity theft, identity fraud, money laundering,

terrorist financing, etc., the RBI had directed all banks and financial
institutions to put in place a policy framework to know their customers
before opening any account.

This involves verifying customer’s identity and address by asking

then to submit documents that are accepted as relevant proof.

Mandatory details required under KYC norms are proof of identity

and proof of address. Passport, voter’s ID card, Pan card or driving license
are accepted as proof of identity, and proof of residence can be a ration card,
an electricity or telephone bill or a letter from the employer or any
recognized public authority certifying the address. Some banks may ask for
verification by an existing account holder.
 Though the standard documents, which are accepted as proof of
identity and residence, remain the same across banks, some deviations are
permitted, which differ from bank to bank.

So, all documents shall be checked against banks requirements to

ascertain if those match or not before initiating an account opening process
with any bank. Thus opening a new bank account is no longer a cakewalk.
Those are the basic requirements of KYC to identify a customer at the
account opening satge.

4.2 Emergence of KYC Norms:

If we look at the emergence of KYC norms we can understand these

standard emerged.

The main purpose of KYC norms was to restrict money laundering

and terrorist financing when it was introduced in late the 1990’s in the
United States. The US government turned very strict after 9/11 and all
regulations were finalized before 2002 for KYC.
 The US has made changes in its major legislations – Bank Secretary
Act, USA Patriot Act, et cetera – to make KYC norms really effective for
the banking sector.

Taking a leaf out of the US book, the RBI too directed all banks to
implement KYC guidelines for all new accounts, imposing KYC norms was
a little difficult, so RBI issued guidelines for the same at the end of 2004.

4.3 Issues of KYC norms:

With the enactment of Prevention of Money Laundering (PML) Act in

2002, the responsibility of the banks has increased manifold as it calls for
enhance awareness about opening and conduct of accounts, extra vigilance
in the operation of accounts and increased reporting requirements to the
controlling offices/regulators.

The KYC guidelines state that besides knowing the customers, banks
should know about the customer’s means of earning income, source of
funds, customer’s customer, etc. So, an additional responsibility has been
laid upon the bankers at the time of opening the accounts, operation of the
accounts and during the time of transactions.
 In short, banks are liable till closure of the accounts unlike in earlier
days. Even after closure of the accounts, the law requires preservation of
records with respect to the accounts for a minimum of 10 years. In short,
bank officers have to go beyond introduction.

4.4 Signification of KYC Norms:

KYC norms were intended to go beyond establishing the identity of

the account holder. These norms wanted the bankers to scrutinize the
purpose and reasons for opening the account, the sources of funds coming
into the account and the expected turnover in case of businessmen. Based on
these details, the risk perception of the account i.e., low, medium, or high
was to be determined.

Internet banking has also brought under the regulatory framework.

According to the RBI, banks should have a physical presence in India to be
eligible to offer this service. The identity of the customer should be
physically verified. Banks should keep a record of all the transactions of the
23 terrorist organizations listed in the schedule to the Prevention of
Terrorism Ordinance, 2001. Violations of the extant acts or normal banking
operations must be reported to the appropriate authorities under the
Ordinance under advice to the RBI.
 KYC norms are applicable to credit cards, debit cards, smart cards,
gift cards or electronic cards, even if such cards are issued through agents,
who are also subjected to the norms. Appropriate measures have to be taken
to prevent their misuse in money laundering schemes. It is relevant here to
point out that in its recently issued guidelines on mobile banking; the RBI
has clearly stated that fulfilling the KYC norms is a must.

If the bank is unable to apply KYC norms due to non-furnishing of

information or non-cooperation by the customer, the bank should terminate
relationship after issuing due notice to the customer.

4.5 Instruction Since 2002:

In April 2002, the RBI instructed the banks to immediately freeze

accounts of individuals and entities listed in the circular as required by UN
Security Council Resolution 1390.Any transaction involving entities listed
in the circular had to be reported to the RBI. Banks also had to ensure that
no new accounts were opened by banned organizations. They were also
directed to strictly adhere to the extant guidelines regarding to the opening
and monitoring of the accounts.
 The first circular on KYC norms issued in August 2002 contained
guidelines on KYC norms and each transaction. The norms mentioned that
the process of customer identification should entail verification through an
introductory reference from an existing account holder/a person known to
the bank or on basis of documents provided by the customer. The board of
directors of the bank should have in place adequate policies that establish
procedures to verify the bonafide identification of indivioduals/corporate
opening an account.
Chapter 5 : Steps Taken for Reviewing KYC

5.1 Following Steps To Be Reviewed:

• Review KYC program and procedures. Are they designed to flag high-risk
accounts?

• Review BSA training for staff. Does it train staff to watch high-risk
activities and to recognize situations or transactions that is suspicious and
should be reported?

• Review your procedures for preparing and reporting suspicious activity.

Discuss them with affected staff and consider how realistic the procedures
actually are.

• If you have a trust department or private banking staff, schedule regular

meetings – quarterly would be nice – to discuss any high-risk accounts and
account trends.

• Monitor cash aggregation reports and wire transfers. Consider whether these
identify transaction accounts that should be reviewed and monitored.

5.2 KYC Red Flags;

 Beware of new business customers who are reluctant to provide information
on their business activities, location and directors.

 Beware of new personal customers who apply incomplete conflicting or

incongruous information when establishing a relationship.

 Be suspicious of customers who do not provide phone or fax numbers or of

those for whom tge numbers provided relate to serviced/accommodation
addresses.

 Beware of camouflage passports.

 Beware of diplomatic passports from obscure countries – particularly one sin

Africa where such passports can easily be obtained by paying for them.
Whilst the passport may be genuine (i.e. genuinely issued after payment),
this does not mean that the holder is genuine or the name shown on the
passport is the real one. Obviously another aid in this type of scenario is to
try and evaluate whether the other details given, together with the
appearance/attitude of the person, match whatever diplomatic post he/she is
claiming to hold.

 Beware of residential address provided by applicants that, in reality, are

merely mail drop addresses (Beware of ‘Suite’ members, home address in
downtown business areas, and incomplete addresses).

 Do not accept photocopies. You must see the original and copy it yourself.
Although this is obvious, it is surprising how many businesses are happy to
da business on the strength of the photocopies or faxes. Just because
someone has a copy of passport it does not mean it is his or hers –
 photocopying technology is such that it is easy to put another ID photograph
on a document and for it not to be obvious on the resulting photocopy.

 It is doubtful whether one organization can rely on the due diligence/KYC

checking done by another organization. This is very relevant when clients
are referred from one party to another. Check what the exact situation is in
relation to your business operations. Our advice is simple: it is you who
carry the can if and when it all goes wrong and thus relying on what others
may or may not have done is foolish.

 The use of International Business Companies, shell companies and the like
poses problems for KYC procedures. You may be in the situation in which
you are presented with a business entity with nominee directors who produce
ID that is valid and acceptable.

 Be suspicious of businesses that present financial reporting that is at odds

with similar sized businesses in the same industry sector.

 Be suspicious if foreign nationals who visit your organization together on

the same day open a group of accounts or relationships. A situation that is
far more difficult to identify is where multiple accounts or relationships are
opened on the same day by a group of foreign nationals at different
banks/companies in the same city.

 Suspicions should be aroused if an individual using the same address open

multiple business relationships. Additionally definite suspicion should result
if numerous accounts or relationships are established using variations of the
same name.
 One of the important trends of the last two or three years is the
willingness of some organizations to carry out advanced due diligence enquiries on
their prospective customers. Such companies are not necessarily taking what they
are told by their customer at face value – because they know that if they do, and
what they have been told is patently true or incorrect, then severe problems could
result. Increasingly I is viewed by regulatory authorities in sophisticated financial
centers that it is not enough merely to know your customer through identification
documents. You must go behind the information provided to test its validity.

And at the risk of stating the obvious, the fundamental precondition of

any KYC regime is that if you cannot obtain sufficient detail to establish the
customer’s identity or you have any suspicions about the background and/or
probity of the customer, you should not establish a relationship with him or her.

5.3 Other Aspects of KYC:

To prevent the possible misuse of banking activities for anti-national or

illegal activities, the RBI has given various directives to banks:

• Strengthening the banks ‘Internal Control System’ by allocating duties and

responsibilities clearly, and periodically monitoring them.

• Before giving finance at any branch level, making sure that the person has
no links with notified terrorist entities and reporting any such ‘suspect;’
accounts to the government.
• Regular ‘Internal Audit’ by internal and concurrent auditors to check if the
KYC guidelines are being properly adhered to or not by the banks.

• Most important, banks must keep an eye out for all banking transactions and
identify suspicious ones. Such transactions will be immediately reported to
the bank’s head office and authorities and norms shall also be laid down for
freezing of such accounts.
Chapter 6: Important Aspects for KYC

6.1 Transaction Profile:

Compilation if a customer’s transaction profile is important as it is critical to

the identification of fraudulent/suspicious transactions.

A transaction profile is a matrix of different components like source of

funds, volume and frequency of transactions, origin and destination of funds, etc.
The profile should help in arriving at a threshold or benchmark transaction for
individual; customer transactions against which a comparison can be made. If
possible, it should also carry a pattern that can be taken as the customer’s “normal”
transaction pattern.

It would be ideal to arrive at individual threshold limits particularly for the

high-risks category customers. Banks may use software programs for such
analysis. It would help if an ‘alert’ pops up or a signal gets flashed on the computer
screen when the transaction crosses the threshold. While sophisticated systems
may be used to determine threshold limits, broadly, 25% of the annual income in
the case of individuals and one month’s turnover in the case of business enterprises
may be assumed as “threshold” limits.
 The present RBI guidelines suggest monitoring of transactions above Rs. 10
lakhs; those below that level are exempt from scrutiny. These guidelines may be
revised at intervals and must be kept track of. The profile should be archived in
such a manner that it can be quickly accessed for verifying any transaction, when
such requirements arise. The RBI has been stipulating certain thresholds; these
needs to be followed meticulously as related to KYC in screening accounts,
monitoring, reporting suspicious transactions, etc.

6.2 Organizational Structure:

Banks should possess an effective organizational structure to evolve,

implement, maintain and review KYC policy and processes. The banks should
have a Principal Officer for overall control, ensuring reporting an follow up
suspicious activity, liaison with regulatory authority, etc.

6.3 Customer Policy:

Banks KYC processes should, on no account, lead to any harassment of

customers KYC implementation should not lead to any unreasonable denial of
opening of accounts.

Where banks desire to collect information for purpose other than KYC, it
should not be through account opening forms (i.e. the relative question should not
be the part of the form). Answering to queries should also be at the option of the
customer.

It would be good if bank could issue a brochure to educate customers on

KYC and why “elaborate” questions are being asked. There is certainly a need to
brief customers in this area.

Information collected should not be divulged to others nor put to use for
commercial purposes. Strict privacy should be maintained. Banks could be
maintained. Banks could include these aspects in their KYC policy document.

6.4 Customer Education and Training:

Implementation of KYC procedures requires banks to demand certain

information from customers which may be of personal nature or which have
hitherto never been called for. This can sometimes lead to a lot of questioning by
the customer as to the motive and purpose of collecting such information.

Banks have to prepare pamphlets and other kinds of educational material to

enlighten the customer about the objectives of KYC. Else the customers may not
be ready to provide any personal information to the banks.

The staffs in the front desks have to be trained to deal with the customers.
Employees have to be trained on an ongoing basis in KYC procedures as the
rationale behind the policies have to be understood by various levels of staff and
implemented consistently.

6.5 Documents to be Verified:

Various documents that need to be verified to establish the identity of

natural and legal persons have been prescribed. By and large the guidelines are
practical, in the sense, the offices in the banks cannot be subjective while taking
decisions on issues relating to KYC guidelines. For instance, in the case of
establishing the identity of the individual applicants, the documents that can be
taken as proof include passport/PAN card/voter’s identity card/driving
license/identity card issued by the government departments or reputed
companies/institutions (subject to banks satisfaction)/ letter from a recognized
public authority or public servant verifying the identity and residence of the
customer.

For confirmation of latest/changed address even a letter from the employer or a

recognized public authority may be taken, besides any of the identity proof
documents, i.e. the latest telephone bill/bank account statement/electricity
bill/ration card (only as proof of address). In short, for identification, name, photo,
and address are to be in the same document or a combination of two of documents
listed above. The list of documents given is only indicative and not exhaustive.
Hence banks can rely on some other documents that satisfy their requirements.

For non-natural (legal entities) persons, legal documents like Memorandum

of Association or Articles of Association, Partnership Deed, Trust Deed, etc., may
be used for verification.
Chapter 7: Indicative Guidelines For Other Account Holders

Banks should pay special attention to any money laundering threats that may
arise from new or developing technologies including internet banking that might
favour anonymity, and take measures, if needed, to prevent their use in money
laundering schemes. Also with the normal account holders, the banks should pay
their attention and implement the KYC procedure to the following account holders.

7.1 Trust/Nominee or Fiduciary Accounts:

There exists the possibilities that trust/nominee or fiduciary accounts can be

used to circumvent the customer identification procedures. Banks should
determine whether the customer is acting on behalf of another person as
trustee/nominee or any other intermediary. If so, banks may insist on receipt of
satisfactory evidence of the identity of the intermediaries and of the persons on
whose behalf they are acting, as also obtain details of the nature of the trust or
other arrangements in place. While opening an account for a trust, banks should
also take reasonable precautions to verify the identity of the trustees and the
settlers of the trust, grantors, protectors, beneficiaries and signatories. Beneficiaries
should be identified when they are defined. In case of a foundation, steps should be
taken to verify the founder managers/directors and the beneficiaries, if defined.

7.2 Accounts of Companies and Firms:

 Banks need to be vigilant against business entities being used by individuals
as a ‘front’ for maintaining accounts with banks. These requirements may be
moderated according to the risk perception e.g. in the case of a public company it
will not be necessary to identify all the shareholders.

7.3 Client Accounts Opened by Professional Intermediaries:

When the bank has knowledge or reason to believe that the client account
opened by a professional intermediary is on behalf of a single client, that client
must be identified. Banks may hold ‘pooled’ accounts managed by professional
intermediaries on behalf of entities like mutual funds, pension funds or other types
of funds. Where funds held by the intermediaries are not co-mingled at the bank
and there are ‘sub-accounts’, each of them attributable to a beneficial owner, all the
beneficial owner, all the beneficial owners must be identified. Where such funds
are co-mingled at the bank, the bank should still look through to the beneficial
owners. Where the banks rely on the ‘customer due diligence’ (CDD) done by an
intermediary, they should satisfy themselves that the intermediary is regulated and
supervised and has adequate systems in place to comply with the KYC
requirements. It should be understood that the ultimate responsibility for knowing
the customer lies with the bank.

7.4 Accounts of Politically Exposed Persons (PEPs) Resident Outside India:

Politically exposed persons are individuals who are or have been entrusted
with prominent public functions in a foreign country, e.g. Heads of States or of
Governments, senior executives of state-owned corporations, important political
party officials, etc. Banks should gather sufficient information on any
person/customer of this category intending to establish a relationship and check all
the information available on the person in the public domain. This decision to open
an account for PEP should be taken at senior level, which should be spelt out in
Customer Acceptance Policy. Banks should also subject such accounts to enhanced
monitoring on an ongoing basis. The above norms may also be applied to the
accounts of the family members or close and combatting financing of terrorism
relatives of PEPs.

7.5 Accounts of Non Face-To-Face Customers:

With the introduction of telephone and electronic banking, increasingly

banks are opening accounts for customers without the need for the customer to
visit the bank branch. In the case of non-face-to-face customers, apart from
applying the usual customer identification procedures, there must be specific and
adequate procedures to mitigate the higher risks involved. Certification of all the
documents presented may be insisted upon and, if necessary, additional documents
may be called for. In such cases, banks may also require the first payment to be
effected through the customer’s account with another bank, which, in turn,
adheres to similar KYC standards. In the case of cross-border customers, there is
the additional difficulty of matching the customer with the documentation and the
bank may have to rely on the third party certification/introduction. In such cases, it
must be ensured that the third party is a regulated and supervised entity and has
adequate KYC systems in place.

7.6 Applicability to Branches and Subsidiaries Outside India:

 The above guidelines shall also apply to the branches and majority owned
subsidiaries located abroad, especially, in countries, which do not or insufficiently
apply the FATF recommendations, to the extent local laws permit. When local
applicable laws and regulations prohibit implementation of these guidelines, the
same should be brought to the notice of RBI.

7.7 KYC for the Existing Accounts:

With the new account holders, banks should apply the same policy to the
existing customers on the basis of materiality and risk. However, transactions in
existing accounts should be continuously monitored and any unusual pattern in the
operation of the account should trigger a review of the CDD measures. Banks may
consider applying monitory limits to such accounts based on the nature and type of
the account. Banks may also ensure that term/recurring deposit accounts or
accounts of similar nature are treated as new accounts at the time of renewal and
subjected to revise KYC procedures.

Where the bank is unable to apply appropriate KYC measures due to non-
furnishing of information and / or non-cooperation by the customer, the bank may
consider closing the account or terminating the banking/business relationship after
issuing due notice to the customer explaining the reasons for taking such a
decision. Such decisions need to be taken at a reasonably senior level.

Practical Hassles:

Despite the comprehensive instructions provided, the bankers have faced

certain practical difficulties. For instance, in many cases, the wife, son, daughter or
parents of the head of family do not have photo identities or the bills mentioned
above are not in their names(s). In such cases, an identity document with a utility
bill of the relative with whom the person proposing to open the account is staying
along with a declaration of the relatives will serve the purpose.

In many cases, people of reputed organizations like insurance companies,

private companies are transferred. Even though they had identity cards, they found
it difficult to open accounts, as they could not produce satisfactory proof of
address. In such cases, the rent agreement or the lease agreement may come to
their rescue, if certified by the employees and/or notary public, in the absence of
utility bills.

After the introduction of new KYC norms, a question that the bankers face is
whether introduction is needed? The answer is emphatic no, since the identity of
the customer is verified by the documents issued by the government/public
authorities. This is all the more relevant because most banks having place a system
whereby the software allows opening of the account only when a minimum score is
reached.

But there have been instances of lapses in the implementation of KYC

guidelines by several banks. The result is the infamous IPO scam. Since from
January 2006, the RBI has slapped the penalties on several leading banks. Till the
date we have not come across any case of money laundering, terrorist financing or
transfer of funds for anti-national activities, but in case of any more lapses in the
‘KYC’ guidelines, the threat of the misuse of the banking channels for anti-
national activities always lurks around the corner.
Conclusion:

The KYC guidelines are exhaustive in nature and expect the bankers to go
beyond establishing the identity of the person opening an account. The guidelines
emphasize on obtaining introduction and other important information about the
customer regarding his credentials. The purpose of opening the account is to be
ascertained ; expected turnover and sources of funds are to be obtained, the
transactions in the account are to be monitored and in short, till the account is
closed, a watchful eye has to be kept on the account.

In these days of technological advancements, exhaustive software companies

usually take care of the details while opening the account. The software should
provide an alert in case of limits being exceeded or any threshold limit being
approached or any violations are taking place or any change in risks categorization
is being done.

From the angle of curbing black money, avoiding benami accounts, hindering
flow of funds to terrorism, etc., the KYC measures have yielded significant results
also the bankers and customers have got acquainted with the procedures enunciated
in the RBI circular and certain genuine exemptions have been given for some
categories of people. The KYC norms will definitely help all the banks and
financial institutions do legitimate business with legitimate entities.

Several steps should be taken by banks to protect themselves against third

p[arty or account holder claims based on the KYC policies.

First, make sure the KYC policy is specifically a part of the banks compliance
with the banks Secrecy Act and is clearly defined as such in the guidelines and
manuals. Second, review the language of the KYC policies to make sure it is
specific and the purpose is clearly stated to identify money laundering and other
criminal activity.

If a stated purpose for the KYC policy is to preserve the good name of the bank
or maintain good relationships with its customers and the community, a claim for
failure to live up to those very general standards is more likely. Until, or unless, the
government expands safe harbor provisions to include the application of KYC
policy, financial institutions will continue to be subjected to claims for filure to
properly follow those policies.
Bibliography:

 Books for reference:

1. Basis of Banking--- Indian Institution of Banking and Finance

2. Banking Principles and Operations --- M.N.Gopinath

3. Principles of Banking --- Indian Institution of Banking and Finance

 Journals:

1. Professional Banker’s Auditing and Accounting Standards Related to

Banks
BIbliography:

www.rbi.com

www.google.com