Friday, July 17, 2015
KNOW YOUR CUSTOMER, ANTI MONEY LAUNDERING, COMBATING FINANCIAL TERRORISM
These guidelines are issued under Section 35A of the Banking Regulation Act, 1949 and Rule 9(14) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
The objective of KYC/AML/CFT guidelines is to prevent banks/FIs from being used, by criminal elements for money laundering or terrorist financing activities and to know/understand their customers and their financial dealings better and manage their risks prudently.
‘Customer’ is defined as a person who is engaged in a financial transaction on his own or through an agent/ attorney.
“Designated Director" means a person designated by the bank to ensure overall compliance of the PML Act and includes:-
(i) the Managing/ whole time Director authorized by the Board of Directors if the reporting entity is a company,
(ii) the Managing Partner if the reporting entity is a partnership firm,
(iii) the Proprietor if the reporting entity is a proprietorship concern,
(iv) the Managing Trustee if the reporting entity is a trust,
(v) a person, who controls and manages the affairs of the reporting entity, if the reporting entity is an unincorporated association or a body of individuals, and
(vi) any person notified by the Government if the reporting entity does not fall in any of the categories above.
“Officially valid document” (OVD)
OVD means the passport, the driving licence, PAN Card, the Voter's Identity Card, job card issued by NREGA duly, letter issued by the, or any other document as notified by the Central Government.
(i) Where ‘simplified measures’ are applied OVDs will be:
a) identity card with applicant’s Photograph issued by Central/ State Government Departments, Statutory/ Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, and Public Financial Institutions;
b) Letter issued by a gazetted officer, with a duly attested photograph of the person.
(ii) Where ‘simplified measures’ are applied for verifying only the proof of address OVDs will be :
a) Utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);
b) Property or Municipal Tax receipt;
c) Bank account or Post Office savings bank account statement;
d) Pension or family pension payment orders (PPOs);
e) Letter of allotment/ leave and license agreements of accommodation from employer issued by State or Central Government, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies; and
f) Documents issued by Government departments of foreign jurisdictions and letter issued by Foreign Embassy or Mission in India.
In terms of PML Act a ‘person’ includes:
(i) an individual,
(ii) a Hindu undivided family,
(iii) a company,
(iv) a firm,
(v) an association of persons or a body of individuals, whether incorporated or not,
(vi) every artificial juridical person, not falling within any one of the above persons
(vii) any agency, office or branch owned or controlled by any of the above persons
“Transaction” means a purchase, sale, loan, pledge, gift, transfer, delivery and includes-
(i) opening of an account;
(ii) deposits, withdrawal, exchange or transfer of funds by any means;
(iii) the use of a safety deposit box/ locker;
(iv) entering into any fiduciary relationship;
(v) any payment made or received for any contractual or other legal obligation; or
(vi) establishing or creating a legal person or legal arrangement.
Banks/FIs should frame their KYC policies incorporating the following four key elements:
(i) Customer Acceptance Policy (CAP);
(ii) Customer Identification Procedures (CIP);
(iii) Monitoring of Transactions; and
(iv) Risk Management.
Customer Acceptance Policy (CAP)
Banks/FIs should develop clear customer acceptance policies and procedures, including:
(i) No account is opened in anonymous or fictitious/benami name.
(ii) Parameters of risk perception are clearly defined.
(iii) Documents and other information to be collected as per requirements of PML Act, 2002 and Reserve Bank.
(iv) Not to open an account where the bank/FI is unable to apply appropriate customer due diligence measures. The bank/FI may also consider closing an existing account under similar circumstances.
(v) Circumstances, in which a customer is permitted to act on behalf of another person/entity, should be clearly spelt out.
(vi) There should be suitable systems in place to ensure that the name of the customer does not appear in the sanction lists of Reserve Bank.
The adoption of customer acceptance policy and its implementation should not be too restrictive.
Customer Identification Procedure (CIP)
(a) Customer identification means undertaking client due diligence measures while commencing an account-based relationship including identifying and verifying the customer and the beneficial owner on the basis of one of the OVDs. The bank/FI must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place.
(b) The Board approved policy should clearly spell out the Customer Identification Procedure to be carried out at different stages:
(i) while establishing a banking relationship;
(ii) while carrying out a financial transaction;
(iii) when the bank/FI has a doubt about the authenticity or adequacy of the customer identification data it has obtained;
(iv) when banks sell third party products as agents;
(v) while selling banks’ own products, payment of dues of credit cards/sale and reloading of prepaid/travel cards and any other product for more than Rs. 50,000/-.
(vi) when carrying out transactions of a walk-in customer, where the amount involved is equal to or exceeds Rs. 50,000.
(vii) when a bank/FI has reason to believe that a customer is intentionally structuring a transaction into a series of transactions below the threshold of Rs. 50,000/-.
(c) Additional information, may be obtained separately after the account is opened only with the consent of the customer.
Customer Due Diligence requirements (CDD) while opening accounts
A. Accounts of individuals:
(i) One certified copy of an 'officially valid document' containing details of identity and address, one recent photograph and such other documents pertaining to the nature of business and financial status of the customer as may be required by the bank/FI.
(ii) E-KYC service of UIDAI should also be accepted as a valid process for KYC verification under the PML Rules. Under e-KYC,upon authorisation by the individual, the UIDAI transfers the data of the individual comprising name, age, gender, and photograph of the individual, electronically to the bank/business correspondents/business facilitators, which may be accepted as valid process for KYC verification. If the prospective customer knows only his/her Aadhaar number or carries a copy of e-adhar, the bank has to print the prospective customer’s e-Aadhaar letter in the bank directly from the UIDAI portal.
(iii) Introduction is not necessary for opening of accounts under PML Act and Rules or the Reserve Bank’s instructions.
(iv) Simplified Measures for Proof of Identity:
In respect of low risk category customers, where simplified measures are applied, it would be sufficient to obtain a certified copy OVD (i) document.for the purpose of proof of identity.
(v) Simplified Measures for Proof of Address:
The additional documents mentioned at OVD(ii) can be accepted for the limited purpose of proof of address under ‘simplified measure’ for the ‘low risk’ customers.
(vi) Small Accounts
A small account is opened if a customer does not possess any OVDs or documents applicable in respect of simplified procedure. A ‘Small Account' is a savings account in which:
· the aggregate of all credits in a financial year does not exceed rupees one lakh;
· the aggregate of all withdrawals and transfers in a month does not exceed rupees ten thousand and
· the balance at any point of time does not exceed rupees fifty thousand.
A ‘small account’ maybe opened on the basis of a self-attested photograph and affixation of signature or thumb print subject to the following conditions:
a) the designated officer of the bank certifies the signature or the thumb print of the customer while opening the small account;
b) a small account shall be opened only at Core Banking Solution (CBS) linked branches or in a branch where it is possible to manually monitor the account;
c) a small account shall remain operational for a period of twelve months, and thereafter for another twelve months if the customer proves that he has applied for the OVD within twelve months of opening the account. The relaxation is to be reviewed after twenty four months;
d) When there is suspicion of money laundering or financing of terrorism activity or other high risk scenarios, the identity of the customer shall be established through the production of “OVDs” and
e) foreign remittance shall not be allowed to be credited
(vii) A customer is required to submit only one OVD for both proof of identity and address as part of KYC procedure. Second OVD is required only when the first one does’nt have both the attributes.
(viii) Similarly, a customer is required to submit only one OVD as proof of address for KYC purpose. In case his current address is different from the OVD, bank should take a declaration from the customer regarding her/his local address on which all correspondence will be made. This address will be verified by the bank. The customers should intimate the new address for correspondence to the bank within two weeks of any change.
(ix) In case the address mentioned as per ‘proof of address’ undergoes a change, fresh proof of address is to be submitted to the bank/FI within a period of six months.
(x) In case a person does’nt have an officially valid document for address verification, then, bank should obtain the OVD of the relative with whom the prospective customer is living together with a declaration from the relative that the said person is staying with her/him.
(xi) The customers should be allowed to transfer their accounts from one branch to another branch without restrictions, without insisting on fresh proof of address and/or identity and on the basis of a self-declaration from the account holder about his/her current address. Further, if an existing KYC compliant customer of a bank desires to open another account in the same bank, there should be no need for submission of fresh proof of identity and/or address.
(xii) Where a customer categorised as low risk expresses inability to complete the documentation requirements, the bank may complete the verification of identity within a period of six months from the date of establishment of the relationship.
(xiii) For the purpose of verifying the identity of customers, banks/FIs may rely on a third party subject to the conditions that-
1) the bank/FI obtains necessary information of client due diligence carried out by the third party;
2) the bank/FI takes adequate steps to satisfy itself that copies of identification data will be made available from the third party upon request without delay;
3) the bank/FI is satisfied that such third party is regulated, supervised or monitored for, and has measures in place for compliance with client due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act;
4) the third party is not based in a country or jurisdiction assessed as high risk and
5) the bank/FI is ultimately responsible for client due diligence and undertaking enhanced due diligence measures, as applicable.
(xiv) Accounts of non-face-to-face customers
Apart from applying the usual customer identification procedures, there must be specific and adequate procedures to mitigate the higher risk involved. Banks may also require the first payment to be effected through the customer's account with another bank which, in turn, adheres to similar KYC standards. In the case of cross-border customers, the bank may have to rely on third party certification/introduction. In such cases, it must be ensured that the third party is a regulated and supervised entity and has adequate KYC systems in place.
(xv) Procedure to be followed in respect of foreign students
Banks should follow the following procedure for foreign students studying in India:
1) Banks may open a Non Resident Ordinary (NRO) bank account of a foreign student on the basis of his/her passport bearing the proof of identity and address in the home country together with a photograph and a letter offering admission from the educational institution in India.
2) Banks should obtain a declaration about the local address within a period of 30 days of opening the account and verify the said local address.
3) During the 30 days period, the account should be operated with a condition of allowing foreign remittances not exceeding USD 1,000 or equivalent into the account and a cap of monthly withdrawal to Rs. 50,000/-, pending verification of address.
4) The account would be treated as a normal NRO account.
5) Students from Pakistan and Bangladesh will need prior approval of the Reserve Bank for opening the account.
(xvi) Accounts of Politically Exposed Persons (PEPs) resident outside India
1) Politically Exposed Persons are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States/Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc. Banks should gather sufficient information on any such customer intending to establish a relationship and check all the information available on such person in the public domain. Banks should seek information about the sources of funds before accepting the PEP as a customer. The decision to open an account for a PEP should be taken at a senior level which should be clearly spelt out in the bank’s Customer Acceptance Policy. Banks should also subject such accounts to enhanced monitoring on an on-going basis. The above norms should also be applied to the accounts of the family members or close relatives of PEPs.
2) In the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, banks should obtain senior management’s approval to continue the business relationship and subject the account to the CDD measures as applicable to PEPs including enhanced monitoring on an ongoing basis. These instructions are also applicable to accounts where a PEP is the beneficial owner.
B. Accounts of persons other than individuals:
(i) Where the customer is a company, one certified copy of the following documents:
(a) Certificate of incorporation;
(b) Memorandum and Articles of Association;
(c) A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf and
(d) An OVD of managers, officers or employees holding Power of Attorney
(ii) Where the customer is a partnership firm, one certified copy of the following documents
(a) registration certificate;
(b) partnership deed and
(c) an OVD of the person holding an attorney to transact on its behalf.
(iii) Where the customer is a trust, one certified copy of the following documents:
(a) registration certificate;
(b) trust deed and
(c) an officially valid document in respect of the person holding a power of attorney to transact on its behalf.
(iv) Where the customer is an unincorporated association or a body of individuals, one certified copy of the following documents is required for customer identification:
(a) resolution of the managing body of such association or body of individuals;
(b) power of attorney granted to transact on its behalf;
(c) an OVD in respect of the person holding an attorney to transact on its behalf
(d) such information to collectively establish the legal existence of such an association or body of individuals.
(v) Proprietary concerns:
(1) For proprietary concerns, in addition to the OVD applicable to the proprietor, any two of the following documents in the name of the proprietary concern are required to be submitted:
(a) Registration certificate
(b) Certificate/licence issued by the municipal authorities under Shop and Establishment Act.
(c) Sales and income tax returns.
(d) CST/VAT certificate.
(e) Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
(f) Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
(g) Complete Income Tax Return in the name of the sole proprietor where the firm's income is reflected.
(h) Utility bills such as electricity, water, and landline telephone bills.
(2) In cases where the banks are satisfied that it is not possible to furnish two such documents, they would have the discretion to accept only one of those documents as activity proof. In such cases, the banks, however, would have to undertake contact point verification.
(vi) Simplified KYC norms for Foreign Portfolio Investors (FPIs)
FPIs are duly registered in accordance with SEBI guidelines and have undergone the required KYC due diligence/verification prescribed by SEBI through a Custodian/Intermediary regulated by SEBI. Such registered FPIs may approach a bank for opening a bank account for the purpose of investment under Portfolio Investment Scheme (PIS). In case of Category I FPIs, banks/FIs may rely on the KYC verification done by the third party subject to the conditions laid down in Rule 9 (2) [(a) to (e)] of the PML Rules.
(vii) When the client accounts are opened by professional intermediaries: When the bank has knowledge or reason to believe that the client account opened by a professional intermediary is on behalf of a single client, that client must be identified. Banks may hold 'pooled' accounts managed by professional intermediaries on behalf of entities like mutual funds, pension funds or other types of funds. Banks, however, should not open accounts of such professional intermediaries who are bound by any client confidentiality that prohibits disclosure of the client details to the banks. Where funds held by the intermediaries are not co-mingled at the bank and there are 'sub-accounts', each of them attributable to a beneficial owner, all the beneficial owners must be identified. Where such funds are co-mingled at the bank, the bank should still look into the beneficial owners. Where the banks rely on the 'customer due diligence' (CDD) done by an intermediary, they should satisfy themselves that the intermediary is a regulated and supervised entity and has adequate systems in place to comply with the KYC requirements of the customers. It should be understood that the ultimate responsibility for knowing the customer lies with the bank.
C. Beneficial ownership
When a bank/FI identifies a customer for opening an account, it should identify the beneficial owner(s) and take all reasonable steps to verify his identity:
(a) Where the client is a company, the beneficial owner is the natural person who has an ownership of more than 25 per cent of the shares or capital or profits or who has the right to appoint majority of the directors or to control the management or policy decisions or management rights or shareholders agreements or voting agreements.
(b) Where the client is a partnership firm, the beneficial owner is the natural person who has ownership of more than 15 per cent of capital or profits of the partnership.
(c) Where the client is an unincorporated association or body of individuals, the beneficial owner is the natural person who has ownership of more than 15 per cent of the property or capital or profits.
(d) Where no natural person can be identified as above, the beneficial owner is the natural person who holds the position of senior managing official.
(e) Where the client is a trust, the beneficial owner shall include the author of the trust, the trustee, the beneficiaries with 15% or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.
(f) Where the client is a company listed on a stock exchange, or is a subsidiary of such a company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.
II. Introduction of New Technologies – Credit Cards/Debit Cards/ Smart Cards/Gift Cards
Banks should ensure that appropriate KYC procedures are duly applied before issuing the cards not only to the customers but in respect of add-on/ supplementary cardholders also. Further, marketing of credit cards is generally done through the services of agents. Such agents should also be subjected to due diligence and KYC measures.
III. Periodic updation of KYC
A. CDD requirements for periodic updation: Banks/FIs should carry out periodical updation of KYC information of every customer, which should include the following:
(i) KYC exercise should be done at least every two years for high risk customers, every eight years for medium risk customers and every ten years for low risk customers. The time limits would apply from the date of opening of the account/ last verification of KYC.
(ii) Banks/FIs need not seek fresh proofs of identity and address at the time of periodic updation, from those customers who are categorised as ‘low risk’, in case there is no change in status with respect to their identities and addresses. A self-certification by the customer to that effect should suffice in such cases. In case of change of address of such ‘low risk’ customers, they could merely forward a certified copy of the document (proof of address) by mail/post, etc.
(iii) Fresh photographs to be obtained from minor customer on becoming major.
B. Freezing and closure of accounts
(i) In case of non-compliance of KYC requirements by the customers, banks/FIs may impose ‘partial freezing’ on such accounts in a phased manner.
(ii) During the course of such partial freezing, the account holders can revive their accounts by submitting the KYC documents as per instructions in force.
(iii) ‘Partial freezing’ is to be exercised after giving due notice of three months initially to the customers to comply with KYC requirements to be followed by a reminder giving a further period of three months.
(iv) Thereafter, banks/FIs may impose ‘partial freezing’ by allowing only credits with the freedom to close the accounts.
(v) If the accounts are still KYC non-compliant after six months of imposing initial ‘partial freezing’ banks/FIs should disallow all transactions thereby, rendering it inoperative.
(vi) Bank/FI may close the account of such customers after issuing due notice explaining the reasons. Such decisions, are to be taken at a senior level.
When a bank/FI believes that it would no longer be satisfied about the true identity of the account holder, a Suspicious Transaction Report (STR) should be filed with the Financial Intelligence Unit – India (FIU-IND).
A. At-par cheque facility availed by co-operative banks
Since the ‘at par’ cheque facility offered by commercial banks to co-operative banks is in the nature of correspondent banking arrangement, banks should monitor and review such arrangements to assess the risks including credit risk and reputational risk arising therefrom. For this purpose, banks should retain the right to verify the records maintained by the client cooperative banks/ societies for compliance with the extant instructions on KYC and AML under such arrangements.
In this regard, Urban Cooperative Banks (UCBs) are advised to utilize the ‘at par’ cheque facility only for the following purposes:
(i) For their own use.
(ii) For their account holders who are KYC complaint provided that all transactions of Rs.50,000/- or more should be strictly by debit to the customer’s account.
(iii) For walk-in customers against cash for less than Rs.50,000/- per individual.
In order to utilise the ‘at par’ cheque facility in the above manner, UCBs should maintain the following:
(i) Records pertaining to issuance of ‘at par’ cheques covering applicant’s name and account number, beneficiary’s details and date of issuance.
(ii) Sufficient balances/drawing arrangements with the commercial bank extending such facility for purpose of honouring such instruments.
UCBs should also ensure that all ‘at par’ cheques issued by them are crossed ‘account payee’ irrespective of the amount involved.
B. Operation of Bank Accounts & Money Mules
“Money Mules” can be used to launder the proceeds of fraud schemes by criminals who gain illegal access to deposit accounts by recruiting third parties to act as “money mules”. In order to minimise the operations of such Money mule accounts, banks should strictly adhere to the guidelines on opening of accounts and monitoring of transactions.
C. Simplified norms for Self Help Groups (SHGs)
KYC verification of all the members of SHG need not be done while opening the savings bank account of the SHG and KYC verification of all the office bearers would suffice.
In case of transactions carried out by a walk-in customer, where the amount of transaction is equal to or exceeds Rs. 50,000/-, whether conducted as a single transaction or several transactions that appear to be connected, the customer's identity and address should be verified. If a bank has reason to believe that a customer is intentionally structuring a transaction into a series of transactions below the threshold of Rs.50,000/- the bank should verify the identity and address of the customer and also consider filing a Suspicious Transactions Report (STR) to Financial Intelligence Unit – India (FIU-IND).
Banks and financial institutions are required to verify the identity of the customers for all international money transfer operations.
D. Issue of Demand Drafts, etc, for more than Rs.50,000/-
Banks should ensure that any remittance of funds for value of Rs.50,000/- and above is effected by debit to the customer’s account or against cheques only.
Banks should not make payment of cheques/drafts/pay orders/banker’s cheques if they are presented beyond the period of three months from the date of such instrument.
E. Unique Customer Identification Code
Banks have been advised to allot UCIC while entering into new relationships with individual customers as also the existing customers.
Monitoring of Transactions
Banks/FIs should exercise ongoing due diligence with respect to every customer and closely examine the transactions to ensure that they are consistent with the customer’s profile and source of funds as per extant instructions:
(a) The extent of monitoring will depend on the risk category of the account. High risk accounts have to be subjected to more intensified monitoring.
(b) Banks/FIs should pay particular attention to the following types of transactions:
(i) large and complex transactions, and those with unusual patterns, which have no apparent economic rationale or legitimate purpose.
(ii) transactions which exceed the thresholds prescribed for specific categories of accounts.
(iii) transactions involving large amounts of cash inconsistent with the normal and expected activity of the customer.
(iv) high account turnover inconsistent with the size of the balance maintained.
(c) Review of risk categorisation of customers for applying enhanced due diligence measures should be carried out at a periodicity of not less than once in six months.
(d) Where there are multiple small deposits (generally in cash) across the country in one bank account and where a large number of cheques are issued bearing similar amounts/dates particularly in cases of marketing companies, the matter should be immediately reported to Reserve Bank and other appropriate authorities such as FIU-IND.
Banks/FIs should exercise on going due diligence with respect to the business relationship with every client and closely examine the transactions in order to ensure that they are consistent with their business and risk profile and where necessary, the source of funds.
In addition, the following may also be ensured for effectively implementing the AML/CFT requirements.
(i) Using a risk-based approach to address management and mitigation of various AML/CFT risks.
(ii) Allocation of responsibility for effective implementation of policies and procedures.
(iii) Independent evaluation by the compliance functions of bank/FI’s policies and procedures, including legal and regulatory requirements.
(iv) Concurrent/internal audit to verify the compliance with KYC/AML policies and procedures.
(v) Putting up consolidated note on such audits and compliance to the Audit Committee at quarterly intervals.
(a) Banks/FIs should prepare a profile for each new customer based on risk categorisation. The nature and extent of due diligence will depend on the risk perceived by the bank/FI through such profiles.
(b) Banks/FIs should have clear Board approved policies for risk categorisation and ensure that the same are meticulously complied with. The nature and extent of due diligence, may be based on the following principles:
(i) Individuals (other than High Net Worth) and entities, whose identity and source of income, can be easily identified, and customers in whose accounts the transactions conform to the known profile, may be categorised as low risk. Illustrative examples include salaried employees and pensioners, people belonging to lower economic strata, government departments and government owned companies, regulators and statutory bodies, etc. Further, Non-Profit Organisations (NPOs)/ Non-Government Organisations (NGOs) promoted by the United Nations or its agencies, and such international/ multilateral organizations of repute, may also be classified as low risk customers.
(ii) Customers who are likely to pose a higher than average risk should be categorised as medium or high risk depending on the background, nature and location of activity, country of origin, sources of funds, customer profile, etc. Customers requiring very high level of monitoring, e.g., those involved in cash intensive business, Politically Exposed Persons (PEPs) of foreign origin, may, if considered necessary, be categorised as high risk.
The above guidelines for risk categorisation are indicative and banks/FIs may use their own judgement in arriving at the categorisation for each account based on their own assessment and risk perception of the customers.
1. Correspondent Banking and Shell Bank
Correspondent banking is the provision of banking services by one bank (the “correspondent bank”) to another bank (the “respondent bank”). These services may include cash/funds management, international wire transfers, drawing arrangements for demand drafts and mail transfers, payable-through-accounts, cheques clearing etc. Banks may take the following precautions while entering into a correspondent banking relationship:
(a) Gather sufficient information to fully understand the nature of business of the bank including information on management, major business activities, level of AML/CFT compliance, purpose of opening the account, identity of any third party entities that will use the correspondent banking services, and regulatory/supervisory framework in the bank’s home country.
(b) Such relationships may be established only with the approval of the Board, or by a Committee headed by the Chairman/CEO with clearly laid down parameters for approving such relationships, as approved by the Board. Proposals approved by the Committee should be put up to the Board at its next meeting for post facto approval.
(c) The responsibilities of each bank with whom correspondent banking relationship is established should be clearly documented.
(d) In case of payable-through-accounts, the correspondent bank should be satisfied that the respondent bank has verified the identity of the customers having direct access to the accounts and is undertaking ongoing 'due diligence' on them.
(e) The correspondent bank should ensure that the respondent bank is able to provide the relevant customer identification data immediately on request.
(f) Banks should be cautious while continuing relationships with correspondent banks located in jurisdictions which have strategic deficiencies or have not made sufficient progress in implementation of FATF Recommendations.
(g) Banks should ensure that their respondent banks have KYC/AML policies and procedures in place and apply enhanced 'due diligence' procedures for transactions carried out through the correspondent accounts.
(h) Banks should not enter into a correspondent relationship with a “shell bank” (i.e., a bank which is incorporated in a country where it has no physical presence and is not affiliated to any regulated financial group).
(i) The correspondent bank should not permit its accounts to be used by shell banks.
2. Wire Transfer
Banks/FIs use wire transfers as an expeditious method for transferring funds between bank accounts without the actual movement of currency.
(a) The salient features of a wire transfer transaction are as under:
(i) Wire transfer is a transaction carried out by a bank on behalf of an originator through electronic means for transfer of funds to the beneficiary at a bank. The originator and the beneficiary could be the same person.
(ii) Domestic wire transfer means any wire transfer where the originator and receiver are located in the same country.
(iii) Cross-border transfer means any wire transfer where the originator and the beneficiary bank are located in different countries. It may include any chain of wire transfers that has at least one cross-border element.
(iv) The originator is the account holder, or the person that places the order to perform the wire transfer.
(b) Banks/FIs must ensure that all wire transfers are accompanied by the following information:
1. Cross-border wire transfers
(i) All cross-border wire transfers must be accompanied by accurate and meaningful originator information.
(ii) Information accompanying cross-border wire transfers must contain the name and address of the originator and his account number. In the absence of an account, a unique reference number, must be included.
(iii) Where several individual transfers from a single originator are bundled in a batch file for transmission, they may be exempted from including full originator information, provided they include the originator’s account number or unique reference number.
2. Domestic wire transfers
(i) Information accompanying all domestic wire transfers of Rs.50000/- and above must include complete originator information, unless it can be made available to the beneficiary bank by other means.
(ii) If a bank has reason to believe that a customer is intentionally structuring wire transfer to below Rs.50,000/- to several beneficiaries in order to avoid reporting or monitoring, the bank must insist on complete customer identification before effecting the transfer. In case of non-cooperation from the customer, efforts should be made to establish his identity and Suspicious Transaction Report (STR) should be made to FIU-IND.
(iii) When a credit or debit card is used to effect money transfer, necessary originator information should be included in the message.
Interbank transfers and settlements where both the originator and beneficiary are banks or financial institutions would be exempted from the above requirements.
(d) Role of Ordering, Intermediary and Beneficiary banks
(i) Ordering Bank
An ordering bank is the one that originates a wire transfer. It must ensure that the wire transfers contain complete originator information and verify the same. Such information is to be preserved at least for a period of five years.
(ii) Intermediary bank
For both cross-border and domestic wire transfers, a bank processing an intermediary element of a chain of wire transfers must ensure that all originator information accompanying a wire transfer is retained with the transfer. Where technical limitations prevent full originator information from remaining with a related domestic wire transfer, a record must be kept at least for five years by the receiving intermediary bank.
A beneficiary bank should have effective risk-based procedures in place to identify wire transfers lacking complete originator information. It should also take up the matter with the ordering bank if a transaction is not accompanied by detailed information of the fund remitter. If the ordering bank fails to furnish information on the remitter, the beneficiary bank should consider restricting or even terminating its business relationship with the ordering bank.
3. Maintenance of KYC documents and Preservation period
PML Act and Rules cast certain obligations on the banks/FIs in regard to maintenance, preservation and reporting of customer account information.
Maintenance of records of transactions
Banks/FIs should introduce a system of maintaining proper record of transactions as mentioned below:
(i) All cash transactions of the value of more than Rupees Ten Lakh or its equivalent in foreign currency;
(ii) Series of all cash transactions of the same customer ,though individually valued below Rupees Ten Lakh, but the aggregate per month exceeds Rs. Ten lakh or its equivalent in foreign currency.
(iii) All transactions involving receipts by non-profit organisations of value more than rupees ten lakh or its equivalent in foreign currency
(iv) All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security or a document has taken place facilitating the transaction and
(v)All suspicious transactions, whether or not in cash.
Banks/FIs are required to maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following information:
(i) the nature of the transactions;
(ii) the amount of the transaction and the currency in which it was denominated;
(iii) the date on which the transaction was conducted; and
(iv) the parties to the transaction.
6.1 Preservation of Records
Banks/FIs should take appropriate steps to evolve a system for proper maintenance and preservation of account information.
(i) Banks/FIs should maintain for at least five years from the date of transaction between the bank/FI and the client, all necessary records of transactions, both domestic or international, which will permit reconstruction of individual transactions so as to provide, evidence for prosecution of persons involved in criminal activity.
(ii) Banks/FIs should ensure that records pertaining to the identification of the customers and their address obtained while opening the account and during the course of business relationship, are properly preserved for at least five years after the business relationship is ended.
(iii) Banks/FIs may maintain records of the identity of their clients, and records in respect of transactions in hard or soft format.
(iv) Banks/FIs are required to pay special attention to all complex, unusual large transactions and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose. It is further clarified that the background including all documents/office records/memorandums pertaining to such transactions and purpose thereof should, as far as possible, be examined and the findings at branch as well as Principal Officer level should be properly recorded. Such records and related documents should be made available to help auditors to scrutinize the transactions and also to Reserve Bank/other relevant authorities. These records are required to be preserved for five years as is required under PMLA, 2002.
4. Combating Financing of Terrorism
The United Nations periodically circulates the following two lists of individuals and entities, suspected of having terrorist links, and as approved by its Security Council (UNSC).
(a) The “Al-Qaida Sanctions List”, includes names of individuals and entities associated with the Al-Qaida. The Updated Al-Qaida Sanctions List is available at http://www.un.org/sc/committees/1267/aq_sanctions_list.shtml.
(b) The “1988 Sanctions List”, consisting of individuals (Section A of the consolidated list) and entities (Section B) associated with the Taliban which is available at http://www.un.org/sc/committees/ 1988/list.shtml.
The United Nations Security Council Resolutions (UNSCRs), are circulated by the Reserve Bank to all banks and FIs for implementation of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967. Banks/FIs should ensure that they do not have any account in the name of individuals/entities appearing in the above lists. Details of accounts resembling any of the individuals/entities in the list should be reported to FIU-IND.
Freezing of Assets under Section 51A of Unlawful Activities (Prevention) Act, 1967
(a) Government has issued an Order dated August 27, 2009 detailing the procedure for implementation of Section 51A of the Unlawful Activities (Prevention) Act, 1967 for prevention of, and for coping with terrorist activities. In terms of Section 51A, the Central Government is empowered to freeze, seize or attach funds and other financial assets or economic resources held by the individuals or entities listed in the Schedule, or any other person engaged in or suspected to be engaged in terrorism and prohibit any individual or entity from making any funds, financial assets or economic resources or related services available for the benefit of the individuals or entities listed in the Schedule to the Order or any other person engaged in or suspected to be engaged in terrorism.
(b) Banks/FIs are required to strictly follow the procedure laid down in the UAPA Order and ensure meticulous compliance.
Jurisdictions that do not or insufficiently apply the FATF Recommendations
(a) Banks/FIs are required to take into account risks arising from the deficiencies in AML/CFT. In addition to FATF Statements circulated by Reserve Bank of India from time to time, banks/FIs should also consider publicly available information for identifying countries, which do not or insufficiently apply the FATF Recommendations. It is clarified that banks/FIs should also give special attention to business relationships and transactions with persons from or in countries that do not or insufficiently apply the FATF Recommendations and jurisdictions included in FATF Statements.
(b) Banks/FIs should examine the background and purpose of transactions with persons from jurisdictions included in FATF Statements and countries that do not or insufficiently apply the FATF Recommendations. Further, if the transactions have no apparent economic or visible lawful purpose, the background and purpose of such transactions should be examined, and written findings together with all documents should be retained and made available to Reserve Bank/other relevant authorities, on request.
a) Reporting to Financial Intelligence Unit - India
(i) Banks/FIs are required to furnish information relating to cash transactions, cash transactions integrally connected to each other, and all transactions involving receipts by non-profit organizations, cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine, cross border wire transfer, etc. to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:
Financial Intelligence Unit-India,
6th Floor, Hotel Samrat,
Website - http://fiuindia.gov.in/
(ii) FIU-IND has released a comprehensive reporting format guide to describe the specifications of prescribed reports to FIU-IND. FIU-IND has also developed a Report Generation Utility and Report Validation Utility to assist reporting entities in the preparation of prescribed reports.
(iii) FIU-IND have placed on their website editable electronic utilities to file electronic Cash Transactions Report (CTR)/ Suspicious Transactions Report (STR) to enable banks/FIs which are yet to install/adopt suitable technological tools for extracting CTR/STR from their live transaction data base. It is, therefore, advised that in cases of those banks/FIs, where all the branches are not fully computerized, the Principal Officer of the bank/FI should cull out the transaction details from branches which are not yet computerized and suitably arrange to feed the data into an electronic file with the help of the editable electronic utilities of CTR/STR as have been made available by FIU-IND on their website http://fiuindia.gov.in
(iv) While furnishing information to the Director, FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a mis-represented transaction beyond the specified time limit shall constitute a separate violation. Banks/FIs are advised to take note of the timeliness of the reporting requirements.
As a part of their transaction monitoring mechanism, banks/FIs are required to put in place an appropriate software application to throw alerts when the transactions are inconsistent with risk categorization and updated profile of the customers. It is needless to add that a robust software throwing alerts is essential for effective identification and reporting of suspicious transaction.
b) Reports to be furnished to FIU-IND
1. Cash Transaction Report (CTR)
(i) The CTR for each month should be submitted to FIU‑IND by 15th of the succeeding month.
(ii) All cash transactions, where forged or counterfeit Indian currency notes have been used as genuine should be reported by the Principal Officer of the bank to FIU-IND by 15thday of the next month. These cash transactions should also include transactions where forgery of valuable security or documents has taken place and may be reported to FIU-IND in plain text form.
(iii) While filing CTR, details of individual transactions below Rupees Fifty thousand need not be furnished.
(iv) Transactions between the internal accounts of the bank should not be reported in CTR.
(v) A summary of cash transaction reports for the bank as a whole should be compiled by the Principal Officer of the bank every month in physical form as per the format specified and submitted to FIU-IND.
(vi) A copy of the monthly CTR submitted to FIU-India in respect of the branches should be available at the branches for production to auditors/inspectors, when asked for; and
vii) The instruction on ‘Maintenance of records of transactions’; and ‘Preservation of records’ should be scrupulously followed by the branches.
viii) However, in respect of branches not under CBS, the monthly CTR should continue to be compiled and forwarded by the branch to the Principal Officer for onward transmission to FIU-IND.
2. Suspicious Transaction Reports (STR)
(i) While determining suspicious transactions, banks/FIs should be guided by the definition of suspicious transaction as contained in PMLA Rules as amended from time to time.
(ii) It is likely that in some cases transactions are abandoned by customers on being asked to give some details or to provide documents. Banks/FIs should report all such attempted transactions in STRs, even if not completed by the customers, irrespective of the amount of the transaction.
(iii) Banks/FIs should make STRs if they have reasonable ground to believe that the transaction involves proceeds of crime irrespective of the amount of the transaction and/or the threshold limit envisaged for predicate offences.
(iv) The STR should be furnished within seven days of arriving at a conclusion that any transaction, whether cash or non-cash, or a series of transactions integrally connected are of suspicious nature.
(v) In the context of creating KYC/AML awareness among the staff and for generating alerts for suspicious transactions, banks may consider the indicative list of suspicious activities contained in 'IBA's Guidance Note for Banks, January 2012’.
(vi) Banks/FIs should not put any restrictions on operations in the accounts where an STR has been filed. It should be ensured that there is no tipping off to the customer at any level.
3. Non-Profit Organisation
The report of all transactions involving receipts by non- profit organizations of value more than rupees ten lakh or its equivalent in foreign currency should be submitted every month to the Director, FIU‑IND by 15th of the succeeding month in the prescribed format.
4. Cross-border Wire Transfer
Cross-border Wire Transfer Report (CWTR) is required to be filed with FIU-IND by 15th of succeeding month for all cross border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency where either the origin or destination of fund is in India.
5. General Guidelines
(i) Confidentiality of customer information:
Information collected from customers for the purpose of opening of account is to be treated as confidential and details thereof should not be divulged for the purpose of cross selling, etc. Any other information that is sought from the customer should be called for separately only after the account has been opened, with his/her express consent and in a different form, distinctly separate from the application form. It should be indicated clearly to the customer that providing such information is optional.
(ii) Avoiding hardship to customers:
While issuing operational instructions to branches, banks/FIs should keep in mind the spirit of the instructions issued by the Reserve Bank so as to avoid undue hardships to individuals who are otherwise classified as low risk customers.
(iii) Sensitising customers:
Implementation of AML/CFT policy may require certain information from customers of a personal nature or which had not been called for earlier. Banks/FIs should, prepare specific literature/pamphlets, etc., to educate the customer regarding the objectives of the AML/CFT requirements for which their cooperation is solicited.
(iv) Hiring of Employees
It may be appreciated that KYC norms/AML standards/CFT measures have been prescribed to ensure that criminals are not allowed to misuse the banking channels. It would, therefore, be necessary that adequate screening mechanism is put in place by banks/FIs as an integral part of their personnel recruitment/hiring process.
(v) Employee training:
Banks/FIs must have an ongoing employee training programme so that the members of staff are adequately trained in AML/CFT policy. The focus of the training should be different for frontline staff, compliance staff and staff dealing with new customers. The front desk staff needs to be specially trained to handle issues arising from lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in AML/CFT policies of the bank, regulation and related issues should be ensured.
(vi) Provisions of FCRA
Banks should ensure that the provisions of the Foreign Contribution (Regulation) Act, 2010, wherever applicable, are strictly adhered to.
(vii) Applicability to overseas branches/subsidiaries
The guidelines in this circular apply to the branches and majority owned subsidiaries located abroad, to the extent local laws in the host country permit. When local applicable laws and regulations prohibit implementation of these guidelines, the same should be brought to the notice of the Reserve Bank. In case there is a variance in KYC/AML standards prescribed by the Reserve Bank and the host country regulators, branches/overseas subsidiaries of banks are required to adopt the more stringent regulation of the two.
(viii) Technology requirements:
The AML software in use at banks/FIs needs to be comprehensive and robust enough to capture all cash and other transactions, including those relating to walk-in customers, sale of gold/silver/platinum, payment of dues of credit cards/reloading of prepaid/travel cards, third party products, and transactions involving internal accounts of the bank.
(ix) Designated Director:
Banks/FIs may nominate a Director on their Boards as “designated Director”, to ensure compliance with the obligations under the Act and Rules. The name, designation and address of the Designated Director may be communicated to the FIU-IND. UCBs/ State Cooperative Banks / Central Cooperative Banks can also designate a person who holds the position of senior management or equivalent as a 'Designated Director'. However, in no case, the Principal Officer should be nominated as the 'Designated Director'.
(x) Principal Officer:
Based on the RBI master circular dt 1/7/15
Please visit www.rbi.org.in in case of any further clarification if required. Poppy