KNOW YOUR CUSTOMER (KYC)

Introduction:

Primary banking business is accepting deposits and lending, hence knowing a customer has been a
fundamental requirement for enabling banks to conduct their business. With the expansion of banking and
introduction of negotiable instruments, the practice of obtaining KYC before accepting a person as a
customer was formalized. This practice became the basis for establishing a banker-customer relationship.

KYC is a framework for banks, which enables them to know/understand the customers and their financial
dealings to be able to serve them better

Need for KYC Policy:

The obligations of Banks under PMLA are very onerous. For effectively implementing three KYC/AML
guidelines, it is important for Banks to develop comprehensive internal guidelines in this regard. RBI has
therefore advised Banks to frame a KYC policy. The KYC policy serves as the framework for the Bank
within which its products and processes will be fitted from the perspective of KYC/AML guidelines.
Given the international impact of KYC/AML measures adopted by individual Banks, the KYC Policy is
required to be approved by the Board of Directors of the Bank.

Concept of KYC: What should we know about our customer?

1. Know the identity of the customer and his location

2. Know his nature of activity
3. Know his source of income, ownership of fund and purpose of transaction
4. Verify/ check his background ( whether he is known criminal or money launder or on the list of
banned organization or on the list of terrorist individuals)
5. Monitor transaction against his record profile, history on his account and with peers for detection
and reporting of suspicious transactions pertaining to thefts, anti-money laundering activities and/
or financing of terrorism.

Objectives of KYC: Why should we know about our customer?

1. To prevent money laundering activities & financing of terrorism activity.
2. To know / understand the customers and their financial dealings better.
3. Controls for detection and reporting of suspicious activities & frauds.
4. To comply with applicable laws and regulatory guidelines.
5. Protection against NI Act

Definition of customer for the purpose of KYC policy:

1. A person or an entity that maintains an account and/or has a business relationship with the bank.
2. One on whose behalf the account is maintained (i.e. the beneficial owner).
3. Beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers,
Chartered Accountants, Solicitors etc. as permitted under the law.
4. Any person or entity connected with a financial transaction, which can pose significant
reputational risk to the bank say, issue of a high value demand draft as a single transaction.

KYC policy:

Bank should frame their KYC policies incorporating the following four key elements:
 A. Customer Acceptance Policy (CAP)
B. Customer Identification Procedures (CIP)
C. Monitoring of Transactions (MT)
D. Risk Management(RM)

A. Customer Acceptance Policy (CAP)

In line with the Bank’s policy to conduct clean, commercial business conforming and prevent the Bank’s
business channels/ products/ services from being used as a channel for money laundering/ terrorist
financing the Bank will exercise due care and caution in establishing customer relationships and in
conducting transactions for random walk-in customers

The following aspects will be taken care of while accepting any person as a customer of the Bank or
carrying out any transactions for them:

1. The mandatory information to be sought for KYC purpose while opening an account and during
the periodic updation is specified.
2. No transaction or account based relationship is undertaken without following the CDD procedure.
3. “Optional‟/ additional information, is obtained with the explicit consent of the customer after the
account is opened.
4. CDD Procedure is followed for all the joint account holders, while opening a joint account.
5. Circumstances in which, a customer is permitted to act on behalf of another person/entity, is clearly
spelt out.
6. Suitable system is put in place to ensure that the identity of the customer does not match with any
person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.

Prohibitions on Opening Accounts:

As per Reserve Bank of India guidelines on Know Your Customer Norms / Anti-Money Laundering
Standards / Combating Financing of Terrorism and Obligation of banks and financial institutions under
Prevention of Money Laundering Act, 2002 (as amended from time to time), no account should be opened
as mentioned below:

1. Account in Anonymous or Fictitious/ Benami name

2. Account on behalf of other persons whose identity has not been disclosed or cannot be verified.
3. Accounts of known criminals or banned entities
4. Shell Banks (i.e., a Bank which is incorporated in a country where it has no physical presence and
is not affiliated to any regulated financial group).
5. Pooled accounts on behalf of clients by Lawyers and Accountants who are bound by customer
confidentiality

Also account should not be opened in the following cases:

1. Account where it is not possible to apply appropriate customer due diligence measures, i.e. the
Bank is unable to verify the identity and/ or obtain documents required as per the risk
categorization due to non-co-operation of the customer or non-reliability of the data/ information
furnished to the Bank.
2. In case the prospective customer is not giving the information required by the Bank or trying to
hide information, do not open such account.

B. Customer Identification Procedures (CIP)

Customer Identification (CI) :

It means identifying the customer and verifying his/ her identity by using reliable, independent source
documents, data or information.

Customer Due Diligence (CDD) :

“Due Diligence‟ goes beyond merely establishing identity of the customer. The extent of „due diligence‟
carried out will depend on the risk perception of the customer.

Types of CDD

1. Simplified due diligence(SDD)-As per PMLA Rules, simplified due diligence can be applied to
"Small Accounts" which have restrictions on the quantum of financial transactions and balances
and which can be opened without Identity and Address proof that need to be provided with in
prescribed period
2. Basic due diligence(BDD) -This primarily includes collection and verification of identity proof,
address proof and photograph to establish the identity of the customer. This is for low risk customer
3. Enhanced due diligence (EDD)-Additional due diligence measures undertaken over and above
the basic due diligence can be termed as 'Enhanced Due Diligence'. These measures could be
obtaining documents in addition to the essential documents as mandated e.g. Income Tax Returns,
more than one ID Proof, VAT/ Sales Tax Returns, Financial Statements, etc. Inquiries with
customers/ vendors; verification from websites, gathering more detailed information for customer
profile etc. Such measures will be adopted for Medium/high risk customers as per RBI guidelines

Documents Acceptable as ID and Address Proofs for Individuals:

(a) Officially Valid Documents (OVD) – PMLA: There are 6 OVD

1. Valid Passport
2. Valid Driving license
3. Voter's Identity Card issued by the Election Commission of India
4. Job card issued by NREGA duly signed by an officer of the State Government
5. Letter issued by the National Population Register containing details of name and address.
6. Aadhaar Card

(b) Acceptable Documents (Deemed OVD) – RBI Guidelines

1. Utility bill : It should not be more than 2 month
2. Property or Municipal tax receipt
3. Pension or Family PPO
4. Letter of allotment of accommodation from employer

Note: Customer shall submit OVD or Aadhaar with the address within 3 month

(c) PAN (Permanent Account Number)

1. As per Income Tax Rules, every person shall quote his PAN in all documents pertaining to various
transactions listed in the Rules, including at the time of opening an account or doing any
transaction of Rs.50000 or above
2. Customers who have not obtained PAN are required to furnish a declaration in Form No.60.
3. PAN given by the customers will be verified on NSDL or Income Tax Dept. websites.
 4. These requirements are applicable to both account based and non-account based customers
5. No PAN is required for transactions undertaken on behalf of Central Government and/or State
Government

(e) CKYC- Central KYC

It is an initiative of the Government of India. The aim of this initiative is to have a structure in place,
which allows investors to complete their KYC only once before interacting with various entities across
the financial sector.

 a 14-digit KYC Identification Number (KIN) will be issued by CKYC, which can be used to invest
in all financial products

(f) eKYC -Electronic KYC

 It is known as electronic Know your customer
 It is carried out with the help of an investor’s Aadhaar number
 In this process authentication of the investor’s identity can be done either via a OTP or biometrics

(g) Verification of documents:

The documents obtained during opening of account, as a course Of Customer due Diligence
Measure, should be verified from the originals with due authentication on the copies by fixing
signature with words: “Verified with Originals”

(h) Field Verification:

Customer identification is the key of KYC process. For this purpose, obtaining officially valid
documents is the basic step. However, reliance on the documents alone is not advisable, so there are
certain risks associated with documents. True identity of an individual or an entity can be better
ascertained through checking their credentials independently. Depending on the customer category,
the nature and the value of transactions, the location, etc. The extent and nature of field verification
would be determined. Field verification comprises the following:

 Visit to residence, and place of work.

 Inquiries with the neighbors, colleagues, employers, etc.

C. Monitoring of transactions:

Ongoing monitoring of transactions is an essential element of effective KYC procedures. The Bank
will endeavor to develop systems, based on its understanding of the normal and reasonable activity of
the customer, to facilitate identification of transactions that fall outside the regular pattern of activity.
However, the extent of monitoring will depend on the risk sensitivity of the account.

1. KYC process does not start and end with a/c opening
2. Transaction should be monitored in new account
3. Special attention is to be paid to all complex, unusually large transaction
4. High risk account should be monitored properly
5. High value transaction by non a/c holder

Reporting Obligations under PMLA :

 1. Cash transaction Report (CTR)
2. Suspicious Transaction Report(STR)
3. Counterfeit Currency Report (CCR)
4. Cross Border Wire Transfer Report (CBWTR)

1. Cash transaction Report (CTR):

 Cash transaction of Rs.10 lakh and above should be recorded and reported as per bank’s extant
guidelines for Cash Transaction Report (CTR).

 All series of cash transactions integrally connected to each other, which in aggregate valued Rs 10
Lakh and such series of transactions have taken place within a month are to be reported under
CTR.
 While filing CTR, individual transactions below Rs.50000/- may not be included.

CTR for each month be submitted to FIU-IND (Financial Intelligence Unit –India) by 15th of succeeding
month. All cash transactions where forged or counterfeit Indian currency have been used as genuine should
be reported to Principal Officer to FIU-IND. CTR is generated in the format prescribed by RBI.

2. Suspicious Transaction Report(STR):

 "Suspicious transaction" means a transaction which is Suspicious in nature , including an attempted

transaction, whether or not made in cash
 In some cases transactions are abandoned by customers on being asked to give some details or to
provide documents. Bank should report such attempted transactions in STR.
 STR should be furnished within 7 days of arriving at a conclusion that any transaction whether
cash or non-cash, or a series of transactions integrally connected are of suspicious nature.
Suspicious Transactions are reported to the Principal Officer for onward submission to FIU-IND.

Indicative list of suspicious activities:

a. Large Cash Transactions

b. Multiple accounts under the same name
c. Frequently converting large amounts of currency from small to large denomination notes
d. Frequent withdrawal of large amount by means of cheque do not appear to be justified by
customer’s business activity.
e. Large cash withdrawal from a previously dormant/ inoperative account or from an account, which
has just received an unexpected large credit from abroad.
f. Transactions in company account both deposits and withdrawal by large amount of cash and not
cheque.
g. Deposit of cash by means of numerous credit slips by customer such that amount of each deposit
is not substantial but sum total of such deposits is substantial.
h. Multiple deposits of money orders, Banker's cheques, drafts of third parties followed by immediate
cash withdrawals
i. Maintaining a low balance with high transactions

Transactions that do not make economic sense:

1. Maintaining multiple accounts, transferring money among the accounts and using one account as
a master account for fund transfer.
 2. Transactions in which amount is immediately withdrawn after being deposited, unless the
customer’s business activities furnish a plausible reason for immediate withdrawal.
3. Corporate accounts where deposits and withdrawals by cheque, foreign inward remittances / any
other means are received from / made to sources apparently unconnected with corporate business
activities.

Unusual activities:

1. An account of a customer who does not resides / have office near the branch even though there are
bank branches near his residence / office.
2. A customer who often visits the safe deposit area immediately before making cash deposits,
especially deposits just under the threshold level.
3. Funds coming from the list of countries / centers, which are known money laundering.

Suspicious Transactions:

Transactions irrespective of amount going to the countries listed in high risk or off credit countries.
Transactions originated from or received in foreign Exchange in dormant accounts (more than 6 months).

1. All transactions above Rs.50 lakhs for all customers.

2. Multiple accounts with same names/ different combinations in many Branches.
3. Transactions/ connections with Drug Producing Countries, Drug Trans-shipment Countries, Drug
User Countries, eg. Eastern Europe etc.
4. Transactions from and to Non cooperative countries and territories, viz. Philippines, Russia,
5. Transactions originating from Iran, Pakistan and countries which are very high risk prone countries
KYC/ AML check to be done prior to application of remittances. At the time of sending the
remittance due diligence on the beneficiary and purpose of remittances should be meaningfully
checked as per the line of activities of the remitter.
6. Any other transaction of suspicious nature irrespective of the amount.

3. Counterfeit Currency Report (CCR) :

 All cash transactions (of any value) where forged or counterfeit currency notes or bank notes have
been used as genuine
 Report has to be submitted by 15th of the Succeeding month.

4. Cross Border Wire Transfer Report (CBWTR) :

 All cross border wire transfers of the value of more than five lakh rupees or its equivalent in foreign
currency where either the origin or destination of fund is in India.
 Report has to be submitted by 15th of the Succeeding month.

D. Risk Management:

Bank should apply enhanced due diligence measures based on the risk assessment, thereby requiring
intensive “due diligence” for Higher Risk Customers. Example: Accounts of Cash intensive business
enterprise- Jewellers, Politically Exposed Persons (PEP), close relatives PEPs, Firms with sleeping
partners.

Risk categorization of customers:

(a) Low Risk Customers:

 Individuals (other than High Net Worth) and entities whose identities and sources of wealth can
be easily identified may be categorized as low risk.
 Many customers, by their nature or through what is already known about them by the bank, carry
a lower money laundering or terrorist financing risk.
 Examples: (a) Salaried employees whose salary structures are well defined; (b) People belonging
to lower economic strata of the society whose accounts show small balances and low turnover; (c)
Government Departments, (d) Government owned companies; (e) Regulators; (h) Customers who
are employment- based or with a regular source of income from a known source

(b) Medium Risk Customers:

 Customers that are likely to pose a higher than average risk determined based on customer's
background, nature and location of activity, country of origin, sources of funds and his client
profile,
 Examples: NBFC, Importers/Exporters, Travel agency, Cash –intensive business, PEP

(c) High Risk Customers:

 High Risk‟ customers those with even higher degree of risk would be distinguished.
 NRI/PIO, Jewellers, HNW, Trust/Charities/NGO/NPOs

Periodic Updation of KYC :

The basic requirement of KYC updation is to reconfirm the identity, address and other particulars of the
customer. Other measures may be taken depending on risk profile of the customer, and when the client
due diligence measures were last undertaken.

The prescribed periodicity for various risk categories is as follows. These time limits will apply from the
date of account opening or last KYC updation.

a. Low Risk Customers: KYC updating once in 10 years.

b. Medium Risk Customers: KYC updating once in 8 years
c. High Risk Customers: KYC updating once in 2 years

Non-compliant Customers:

If even on repeated reminders, customers do not complete the KYC requirements phased action is to be
taken for restricting operations in the account. RBI has laid down the following procedure.

KYC Updation fails due:- Due notice of 3 months for completion of KYC requirements to be given
After 3 months of above:- Due notice of 3 months for completion of KYC requirements to be given
After 6 months of total Notice:- Total freezing of account (During this stage, no debits or credits are
permitted in the account)