Application
These guidelines are
issued under Section 35A of the Banking Regulation Act, 1949 and Rule
9(14) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
Introduction
The objective of KYC/AML/CFT guidelines is to prevent
banks/FIs from being used, by criminal elements for money
laundering or terrorist financing activities and to know/understand their customers
and their financial dealings better and manage their risks prudently.
Definitions
Customer
‘Customer’ is defined as a person who is engaged in a
financial transaction on his own or through an agent/ attorney.
Designated Director
“Designated
Director" means a person designated by the bank to ensure overall
compliance of the PML Act and includes:-
(i) the
Managing/ whole time Director authorized by the Board of Directors if the
reporting entity is a company,
(ii) the Managing Partner
if the reporting entity is a partnership firm,
(iii) the Proprietor if
the reporting entity is a proprietorship concern,
(iv) the Managing Trustee
if the reporting entity is a trust,
(v) a person, who
controls and manages the affairs of the reporting entity, if the reporting
entity is an unincorporated association or a body of individuals, and
(vi) any person notified
by the Government if the reporting entity does not fall in any of the
categories above.
“Officially valid document”
(OVD)
OVD
means the passport, the driving licence, PAN Card, the Voter's Identity Card, job card issued by
NREGA duly, letter issued by the, or any other document as notified by the
Central Government.
(i) Where ‘simplified measures’ are applied OVDs
will be:
a)
identity
card with applicant’s Photograph issued by Central/ State Government
Departments, Statutory/ Regulatory Authorities, Public Sector Undertakings,
Scheduled Commercial Banks, and Public Financial Institutions;
b) Letter issued by a gazetted officer, with a duly
attested photograph of the person.
(ii) Where ‘simplified measures’ are applied for
verifying only the proof of address OVDs will be :
a) Utility bill which is not more than two months old
of any service provider (electricity, telephone, post-paid mobile phone,
piped gas, water bill);
b) Property or Municipal Tax receipt;
c) Bank account or Post Office savings bank account
statement;
d) Pension or family pension payment orders (PPOs);
e) Letter of allotment/ leave and license agreements of
accommodation from employer issued by State or Central Government, statutory or
regulatory bodies, public sector undertakings, scheduled commercial banks,
financial institutions and listed companies; and
f) Documents issued by Government departments of
foreign jurisdictions and letter issued by Foreign Embassy or Mission in India.
Person
In
terms of PML Act a ‘person’ includes:
(i)
an individual,
(ii)
a Hindu undivided family,
(iii)
a company,
(iv)
a firm,
(v)
an association of persons or a body of individuals, whether incorporated or
not,
(vi)
every artificial juridical person, not falling within any one of the above
persons
(vii)
any agency, office or branch owned or controlled by any of the above persons
Transaction
“Transaction” means a purchase, sale, loan, pledge, gift,
transfer, delivery and includes-
(i) opening
of an account;
(ii) deposits,
withdrawal, exchange or transfer of funds by any means;
(iii) the
use of a safety deposit box/ locker;
(iv) entering
into any fiduciary relationship;
(v)
any payment made or
received for any contractual or other legal obligation; or
(vi)
establishing or creating
a legal person or legal arrangement.
KYC Policy
Banks/FIs should frame their KYC policies incorporating
the following four key elements:
(i)
Customer Acceptance
Policy (CAP);
(ii) Customer Identification Procedures (CIP);
(iii) Monitoring of Transactions; and
(iv) Risk Management.
Customer Acceptance Policy (CAP)
Banks/FIs should develop clear
customer acceptance policies and procedures, including:
(i) No
account is opened in anonymous or fictitious/benami name.
(ii)
Parameters of risk perception are
clearly defined.
(iii)
Documents and other information to be collected as per
requirements of PML Act, 2002 and Reserve Bank.
(iv) Not to open an account where the bank/FI is unable to apply
appropriate customer due diligence measures. The bank/FI may also consider
closing an existing account under similar circumstances.
(v) Circumstances, in which a customer is permitted to act on behalf
of another person/entity, should be clearly spelt out.
(vi) There
should be suitable systems in place to ensure that the name of the customer does
not appear in the sanction lists of Reserve Bank.
The
adoption of customer acceptance policy and its implementation should not be too
restrictive.
Customer
Identification Procedure (CIP)
General
(a)
Customer
identification means undertaking client due diligence measures while commencing
an account-based relationship including identifying and verifying the customer
and the beneficial owner on the basis of one of the OVDs. The bank/FI must be able to satisfy the
competent authorities that due diligence
was observed based on the risk profile of the customer in compliance with the extant guidelines in place.
(b)
The
Board approved policy should clearly spell out the Customer Identification
Procedure to be carried out at different stages:
(i)
while establishing a banking relationship;
(ii) while carrying out a financial
transaction;
(iii) when the bank/FI has a doubt
about the authenticity or adequacy of the customer identification data it has
obtained;
(iv) when banks sell third
party products as agents;
(v) while selling banks’
own products, payment of dues of credit cards/sale
and reloading of prepaid/travel cards and any other product for more than Rs.
50,000/-.
(vi) when carrying out
transactions of a walk-in customer, where the amount involved is equal to or
exceeds Rs. 50,000.
(vii) when a bank/FI has
reason to believe that a customer is intentionally structuring a transaction
into a series of transactions below the threshold of Rs. 50,000/-.
(c)
Additional
information, may be obtained separately after the account is opened only with
the consent of the customer.
Customer Due Diligence requirements
(CDD) while opening accounts
A.
Accounts
of individuals:
(i)
One certified
copy of an 'officially valid document' containing details of identity and
address, one recent photograph and such other documents pertaining to the nature of business and financial status of
the customer as may be required by the bank/FI.
(ii)
E-KYC
service of UIDAI should also be accepted as a valid process for KYC
verification under the PML Rules. Under e-KYC,upon authorisation by the
individual, the UIDAI
transfers the data of the individual comprising name, age, gender, and
photograph of the individual, electronically to the bank/business
correspondents/business facilitators, which may be accepted as valid process
for KYC verification. If the
prospective customer knows only his/her Aadhaar number or carries a copy of
e-adhar, the bank has to print the prospective customer’s e-Aadhaar letter in
the bank directly from the UIDAI portal.
(iii)
Introduction is not necessary for opening of
accounts under PML Act and Rules or the Reserve Bank’s instructions.
(iv)
Simplified
Measures for Proof of Identity:
In
respect of low risk category customers, where simplified measures are applied,
it would be sufficient to obtain a certified copy OVD (i) document.for the
purpose of proof of identity.
(v)
Simplified
Measures for Proof of Address:
The additional documents mentioned at OVD(ii)
can be accepted for the limited purpose of proof of address under ‘simplified
measure’ for the ‘low risk’ customers.
(vi)
Small Accounts
A small
account is opened if a customer does not possess any OVDs or documents applicable in respect of simplified
procedure. A ‘Small Account' is a savings account in which:
·
the aggregate of all
credits in a financial year does not exceed rupees one lakh;
·
the aggregate of all
withdrawals and transfers in a month
does not exceed rupees ten thousand and
·
the balance at any
point of time does not exceed
rupees fifty thousand.
A ‘small account’ maybe opened on
the basis of a self-attested photograph and affixation of signature or thumb
print subject to the following conditions:
a)
the designated
officer of the bank certifies the signature or the thumb print of the customer while
opening the small account;
b)
a
small account shall be opened only at Core Banking Solution (CBS) linked
branches or in a branch where it is possible to manually monitor the account;
c)
a
small account shall remain operational for a period of twelve months, and
thereafter for another twelve months if the customer proves that he has applied for the OVD within twelve
months of opening the account. The relaxation is to be reviewed after twenty
four months;
d)
When
there is suspicion of money laundering or financing of terrorism activity or
other high risk scenarios, the identity of the customer shall be established
through the production of “OVDs” and
e)
foreign
remittance shall not be allowed to be credited
(vii)
A
customer is required to submit only one
OVD for both proof of identity and address as part of KYC procedure. Second OVD
is required only when the first one does’nt have both the attributes.
(viii)
Similarly,
a customer is required to submit only one
OVD as proof of address for KYC purpose.
In case his current address is different from the OVD, bank should take
a declaration from the customer regarding her/his local address on which all
correspondence will be made. This address will be verified by the bank. The
customers should intimate the new address for correspondence to the bank within
two weeks of any change.
(ix)
In case
the address mentioned as per ‘proof of address’ undergoes a change, fresh proof
of address is to be submitted to the bank/FI within a period of six months.
(x)
In case a person does’nt
have an officially valid document for address verification, then, bank should
obtain the OVD of the relative with whom the prospective customer is living
together with a declaration from the relative that the said person is staying
with her/him.
(xi)
The customers should be
allowed to transfer their accounts from one branch to another branch without
restrictions, without insisting on fresh proof of address and/or identity and on
the basis of a self-declaration from the account holder about his/her current
address. Further, if an existing KYC compliant customer of a bank desires to
open another account in the same bank, there should be no need for submission
of fresh proof of identity and/or address.
(xii)
Where a
customer categorised as low risk expresses inability to complete the
documentation requirements, the bank may complete the verification of identity
within a period of six months from the date of establishment of the
relationship.
(xiii) For the purpose of verifying the identity of customers, banks/FIs may
rely on a third party subject to the conditions that-
1) the bank/FI obtains necessary information of client
due diligence carried out by the third party;
2) the bank/FI
takes adequate steps to satisfy itself that copies of identification data will
be made available from the third party upon request without delay;
3) the bank/FI is satisfied that such third party
is regulated, supervised or monitored for, and has measures in place for
compliance with client due diligence and record-keeping requirements in line
with the requirements and obligations under the PML Act;
4) the
third party is not based in a country or jurisdiction assessed as high risk and
5) the bank/FI is ultimately responsible for
client due diligence and undertaking enhanced due diligence measures, as
applicable.
(xiv) Accounts of
non-face-to-face customers
Apart from applying the usual customer identification procedures, there must be specific and adequate procedures
to mitigate the higher risk involved. Banks may also require the first payment to
be effected through the customer's account with another bank which, in turn, adheres to similar KYC standards. In the
case of cross-border customers, the bank may have to rely on third party
certification/introduction. In such cases, it must be ensured that the third party is a regulated and
supervised entity and has adequate KYC systems in place.
(xv)
Procedure to be followed in respect of foreign
students
Banks
should follow the following procedure for foreign students studying in India:
1) Banks
may open a Non Resident Ordinary (NRO) bank account of a foreign student on the
basis of his/her passport bearing the proof of identity and address in the home
country together with a photograph and a letter offering admission from the
educational institution in India.
2) Banks
should obtain a declaration about the local address within a period of 30 days
of opening the account and verify the said local address.
3) During
the 30 days period, the account should be operated with a condition of allowing
foreign remittances not exceeding USD 1,000 or equivalent into the account and
a cap of monthly withdrawal to Rs. 50,000/-, pending verification of address.
4) The
account would be treated as a normal NRO account.
5) Students
from Pakistan and Bangladesh will need prior approval of the Reserve Bank for
opening the account.
(xvi) Accounts
of Politically Exposed Persons (PEPs) resident outside India
1)
Politically Exposed Persons are
individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads
of States/Governments, senior politicians, senior
government/judicial/military officers, senior executives of state-owned
corporations, important political party officials, etc. Banks should gather
sufficient information on any such customer intending
to establish a relationship and check all the information available on such person
in the public domain. Banks should seek
information about the sources of funds before accepting the PEP as a customer. The decision to open an account for a PEP
should be taken at a senior level which should be clearly spelt out in the
bank’s Customer Acceptance Policy. Banks should also subject such accounts to enhanced monitoring on an on-going
basis. The above norms should also be applied to the accounts of the
family members or close relatives of PEPs.
2)
In the event of an existing
customer or the beneficial owner of an existing account subsequently becoming a
PEP, banks should obtain senior management’s approval to continue the business
relationship and subject the account to the CDD measures as applicable to PEPs including enhanced monitoring on an ongoing basis. These instructions are also applicable to
accounts where a PEP is the beneficial owner.
B.
Accounts of persons other than individuals:
(i) Where the customer is a company, one certified copy of the following documents:
(a) Certificate of incorporation;
(b) Memorandum and Articles of
Association;
(c) A resolution from the Board of
Directors and power of attorney granted to its managers, officers or employees
to transact on its behalf and
(d) An OVD of managers, officers or
employees holding Power of Attorney
(ii) Where the customer is a partnership firm, one certified copy of
the following documents
(a)
registration certificate;
(b)
partnership deed and
(c)
an OVD of the person holding an attorney to transact
on its behalf.
(iii) Where the customer is a trust, one certified copy of the
following documents:
(a)
registration certificate;
(b)
trust deed and
(c)
an officially valid document in respect of the person
holding a power of attorney to transact
on its behalf.
(iv) Where the customer is an unincorporated association or a body of
individuals, one certified copy of the following documents is required for
customer identification:
(a)
resolution of the managing body of such association or
body of individuals;
(b)
power of attorney granted to transact on its behalf;
(c)
an OVD in respect of the person holding an attorney to
transact on its behalf
(d)
such information to collectively establish the legal
existence of such an association or body of individuals.
(v) Proprietary concerns:
(1) For proprietary concerns, in addition to the OVD applicable to the proprietor,
any two of
the following documents in the name of the proprietary concern are required to
be submitted:
(a)
Registration certificate
(b)
Certificate/licence issued by the municipal
authorities under Shop and Establishment Act.
(c)
Sales and income tax returns.
(d)
CST/VAT certificate.
(e)
Certificate/registration document issued by Sales
Tax/Service Tax/Professional Tax authorities.
(f)
Licence/certificate of practice issued in the name of
the proprietary concern by any professional body incorporated under a statute.
(g)
Complete Income Tax Return in the name of the sole
proprietor where the firm's income is reflected.
(h)
Utility bills such as electricity, water, and landline
telephone bills.
(2) In
cases where the banks are satisfied that it is not possible to furnish two such
documents, they would have the discretion to accept only one of those documents
as activity proof. In such cases, the banks, however, would have to undertake
contact point verification.
(vi) Simplified KYC norms for Foreign Portfolio
Investors (FPIs)
FPIs are duly registered in accordance with SEBI
guidelines and have undergone the required KYC due diligence/verification
prescribed by SEBI through a Custodian/Intermediary regulated by SEBI. Such registered
FPIs may approach a bank for opening a bank account for the purpose of
investment under Portfolio Investment Scheme (PIS). In case of Category I FPIs,
banks/FIs may rely on the KYC verification done by the third
party subject to the conditions laid down in Rule 9 (2) [(a) to (e)] of the PML
Rules.
(vii)
When the client accounts are opened by professional
intermediaries: When the
bank has knowledge or reason to believe that the client account opened by a
professional intermediary is on behalf of a single client, that client must be
identified. Banks may hold 'pooled' accounts managed by professional
intermediaries on behalf of entities like mutual funds, pension funds or other
types of funds. Banks, however, should not open accounts of such professional
intermediaries who are bound by any client confidentiality that prohibits
disclosure of the client details to the banks. Where funds held by the
intermediaries are not co-mingled at the bank and there are 'sub-accounts',
each of them attributable to a beneficial owner, all the beneficial owners must
be identified. Where such funds are co-mingled at the bank, the bank should
still look into the beneficial owners. Where the banks rely on the 'customer
due diligence' (CDD) done by an intermediary, they should satisfy themselves
that the intermediary is a regulated and supervised entity and has adequate
systems in place to comply with the KYC requirements of the customers. It
should be understood that the ultimate responsibility for knowing the customer
lies with the bank.
C.
Beneficial ownership
When a bank/FI identifies a customer for opening an account, it
should identify the beneficial owner(s)
and take all reasonable steps to verify his identity:
(a) Where the client is a company, the beneficial
owner is the natural person who has an ownership
of more than 25 per cent of the shares or capital or profits or who has the right to appoint majority of the
directors or to control the management or policy decisions or management rights
or shareholders agreements or voting agreements.
(b) Where the client is a partnership firm, the
beneficial owner is the natural person who has ownership of more than 15 per cent
of capital or profits of the partnership.
(c) Where the client is an unincorporated association
or body of individuals, the beneficial owner is the natural person who has ownership of more than 15 per cent of
the property or capital or profits.
(d) Where no natural person can be identified as above,
the beneficial owner is the natural person who holds the position of senior
managing official.
(e) Where the client is a trust, the beneficial
owner shall include the author of the trust, the trustee, the beneficiaries
with 15% or more interest in the trust and any other natural person exercising
ultimate effective control over the trust through a chain of control or
ownership.
(f)
Where
the client is a company listed on a stock exchange, or is a subsidiary of such
a company, it is not necessary to identify and verify the identity of any
shareholder or beneficial owner of such companies.
II.
Introduction
of New Technologies – Credit Cards/Debit Cards/ Smart Cards/Gift Cards
Banks should ensure that appropriate KYC procedures are
duly applied before issuing the cards not
only to the customers but in respect of add-on/ supplementary
cardholders also. Further, marketing of
credit cards is generally done through the services of agents.
Such agents should also be subjected to due diligence and KYC measures.
III.
Periodic updation of KYC
A. CDD requirements for periodic updation: Banks/FIs
should carry out periodical updation of KYC information of every customer,
which should include the following:
(i) KYC
exercise should be done at least every two years for high risk customers, every
eight years for medium risk customers and every ten years for low risk
customers. The time limits would apply from the date of opening of the account/
last verification of KYC.
(ii) Banks/FIs
need not seek fresh proofs of identity and address at the time of periodic
updation, from those customers who are categorised as ‘low risk’, in case there
is no change in status with respect to their identities and addresses. A
self-certification by the customer to that effect should suffice in such cases.
In case of change of address of such ‘low risk’ customers, they could merely
forward a certified copy of the document (proof of address) by mail/post, etc.
(iii) Fresh
photographs to be obtained from minor customer on becoming major.
B. Freezing and closure of
accounts
(i) In
case of non-compliance of KYC requirements by the customers, banks/FIs
may impose ‘partial freezing’ on such accounts in a phased manner.
(ii) During
the course of such partial freezing, the account holders can revive their accounts
by submitting the KYC documents as per instructions in force.
(iii) ‘Partial freezing’ is to be exercised
after giving due notice of three months initially to the customers to comply
with KYC requirements to be followed by a reminder giving a further period of
three months.
(iv) Thereafter,
banks/FIs may impose ‘partial
freezing’ by allowing only credits with the freedom to close the accounts.
(v) If
the accounts are still KYC non-compliant after six months of imposing initial
‘partial freezing’ banks/FIs should disallow all transactions
thereby, rendering it inoperative.
(vi) Bank/FI
may close the account of such customers after issuing due notice explaining the reasons. Such decisions, are to be
taken at a senior level.
When a bank/FI believes that it would no longer be
satisfied about the true identity of the account holder, a Suspicious
Transaction Report (STR) should be filed with the Financial Intelligence Unit –
India (FIU-IND).
IV.
Miscellaneous
A.
At-par
cheque facility availed by co-operative
banks
Since the ‘at par’ cheque
facility offered by commercial banks to co-operative banks is in the nature of
correspondent banking arrangement, banks should monitor and review such
arrangements to assess the risks including credit risk and reputational risk
arising therefrom. For this purpose, banks should retain the right to verify
the records maintained by the client cooperative banks/ societies for
compliance with the extant instructions on KYC and AML under such arrangements.
In this regard, Urban
Cooperative Banks (UCBs) are advised to utilize the ‘at par’ cheque facility
only for the following purposes:
(i) For
their own use.
(ii) For
their account holders who are KYC complaint provided that all transactions of
Rs.50,000/- or more should be strictly by debit to the customer’s account.
(iii) For
walk-in customers against cash for less than Rs.50,000/- per individual.
In order to utilise
the ‘at par’ cheque facility in the above manner, UCBs should maintain the
following:
(i) Records
pertaining to issuance of ‘at par’ cheques covering applicant’s name and
account number, beneficiary’s details and date of issuance.
(ii) Sufficient
balances/drawing arrangements with the commercial bank extending such facility
for purpose of honouring such instruments.
UCBs should also
ensure that all ‘at par’ cheques issued by them are crossed ‘account payee’
irrespective of the amount involved.
B.
Operation of Bank Accounts & Money Mules
“Money Mules” can be used to
launder the proceeds of fraud schemes by criminals who gain illegal access to
deposit accounts by recruiting third parties to act as “money mules”. In order
to minimise the operations of such Money mule accounts,
banks should strictly adhere to the guidelines on opening of accounts and
monitoring of transactions.
C. Simplified norms for Self Help Groups (SHGs)
KYC verification of all the
members of SHG need not be done while opening the savings bank account of the
SHG and KYC verification of all the office bearers would suffice.
Walk-in Customer
In case of transactions carried
out by a walk-in customer, where the amount of transaction is equal to or
exceeds Rs. 50,000/-, whether conducted as a single transaction or several
transactions that appear to be connected, the customer's identity and address
should be verified. If a bank has reason
to believe that a customer is intentionally structuring a transaction into a
series of transactions below the threshold of Rs.50,000/- the bank should
verify the identity and address of the customer and also consider filing a Suspicious Transactions Report (STR) to Financial Intelligence Unit – India (FIU-IND).
Banks and financial institutions
are required to verify the identity of the customers for all international
money transfer operations.
D. Issue of
Demand Drafts, etc, for more than Rs.50,000/-
Banks should ensure that any remittance of funds for value of Rs.50,000/- and
above is effected by debit to the customer’s account or against cheques only.
Banks should not make payment of cheques/drafts/pay
orders/banker’s cheques if they are presented beyond the period of three months
from the date of such instrument.
E.
Unique Customer Identification Code
Banks have been advised
to allot UCIC while entering into new relationships with individual customers
as also the existing customers.
Monitoring
of Transactions
Ongoing monitoring
Banks/FIs should exercise ongoing due diligence
with respect to every customer and closely examine the transactions to ensure
that they are consistent with the customer’s profile and source of funds as per
extant instructions:
(a)
The extent of monitoring will
depend on the risk category of the account. High risk
accounts have to be subjected to more intensified monitoring.
(b) Banks/FIs should pay
particular attention to the following types of transactions:
(i)
large and complex transactions,
and those with unusual patterns, which have no apparent economic rationale or
legitimate purpose.
(ii)
transactions which exceed the
thresholds prescribed for specific categories of accounts.
(iii)
transactions involving large
amounts of cash inconsistent with the normal and expected activity of the
customer.
(iv)
high account turnover inconsistent
with the size of the balance maintained.
(c) Review of
risk categorisation of customers for applying enhanced due diligence measures should
be carried out at a periodicity of not less than once in six months.
(d) Where there are
multiple small deposits (generally in cash) across the country in one bank
account and where a large number of cheques are issued bearing similar
amounts/dates particularly in cases of marketing companies, the matter should
be immediately reported to Reserve Bank and other appropriate authorities such
as FIU-IND.
Risk
Management
Banks/FIs should exercise on going
due diligence with respect to the business relationship with every client and
closely examine the transactions in order to ensure that they are consistent with
their business and risk profile and where necessary, the source of funds.
In
addition, the following may also be ensured for effectively implementing the
AML/CFT requirements.
(i) Using
a risk-based approach to address management and mitigation of various AML/CFT
risks.
(ii) Allocation
of responsibility for effective implementation of policies and procedures.
(iii) Independent
evaluation by the compliance functions of bank/FI’s
policies and procedures, including legal and regulatory requirements.
(iv) Concurrent/internal
audit to verify the compliance with KYC/AML policies and procedures.
(v) Putting
up consolidated note on such audits and compliance to the Audit Committee at
quarterly intervals.
(a)
Banks/FIs should prepare a profile
for each new customer based on risk categorisation. The nature and extent of due diligence will depend on the risk
perceived by the bank/FI through such profiles.
(b) Banks/FIs should have clear Board approved policies
for risk categorisation and ensure that the same are meticulously complied with.
The nature and extent of due diligence, may be based on the following
principles:
(i) Individuals
(other than High Net Worth) and entities, whose identity and source of income,
can be easily identified, and customers in whose accounts the transactions
conform to the known profile, may be categorised as low risk. Illustrative
examples include salaried employees and pensioners, people belonging to lower
economic strata, government departments and government owned companies,
regulators and statutory bodies, etc. Further, Non-Profit Organisations (NPOs)/
Non-Government Organisations (NGOs) promoted by the United Nations or its
agencies, and such international/ multilateral organizations of repute, may
also be classified as low risk customers.
(ii) Customers
who are likely to pose a higher than average risk should be categorised as
medium or high risk depending on the background, nature and location of
activity, country of origin, sources of funds, customer profile, etc. Customers
requiring very high level of monitoring, e.g., those involved in cash intensive
business, Politically Exposed Persons (PEPs) of foreign origin, may, if
considered necessary, be categorised as high risk.
The above guidelines for risk categorisation are indicative and
banks/FIs may use their own judgement in arriving at the
categorisation for each account based on their own assessment and risk
perception of the customers.
1.
Correspondent
Banking and Shell Bank
Correspondent banking is the provision of banking services
by one bank (the “correspondent bank”)
to another bank (the “respondent bank”). These services may include cash/funds management, international wire transfers,
drawing arrangements for demand drafts and mail transfers,
payable-through-accounts, cheques clearing etc. Banks may take the following
precautions while entering into a correspondent
banking relationship:
(a)
Gather
sufficient information to fully understand the nature of business of the bank including information on management, major business activities, level of AML/CFT compliance,
purpose of opening the account, identity of any third party entities that will use the correspondent banking services,
and regulatory/supervisory framework
in the bank’s home country.
(b)
Such relationships may be established only with the approval of the Board, or by
a Committee
headed by the Chairman/CEO with clearly laid down parameters for approving
such relationships, as approved by the Board. Proposals approved by the
Committee should be put up to the Board at its next meeting for post facto
approval.
(c)
The
responsibilities of each bank with whom
correspondent banking relationship is established should be clearly documented.
(d)
In case of payable-through-accounts, the correspondent
bank should be satisfied that the respondent bank has verified the identity of the
customers having direct access to the accounts and is undertaking ongoing 'due diligence' on
them.
(e)
The correspondent bank should ensure that the respondent bank is able to provide the
relevant customer identification data immediately on request.
(f)
Banks should be cautious while continuing relationships with correspondent banks
located in jurisdictions which have strategic
deficiencies or have not made sufficient progress in implementation of FATF
Recommendations.
(g)
Banks should ensure that their respondent banks have
KYC/AML
policies and procedures in place and apply enhanced 'due diligence' procedures for transactions carried out
through the correspondent accounts.
(h)
Banks should not enter into a correspondent
relationship with a “shell bank” (i.e., a bank which is incorporated in a
country where it has no physical presence and is not affiliated to any regulated financial group).
(i)
The
correspondent bank should not permit its accounts to be used by shell banks.
2.
Wire
Transfer
Banks/FIs use wire transfers as an expeditious method for
transferring funds between bank accounts without the actual movement of currency.
(a) The salient features of a wire transfer transaction are
as under:
(i) Wire
transfer is a transaction carried out by a bank on behalf of an originator through
electronic means for transfer of funds to the beneficiary at a bank. The
originator and the beneficiary could be the same person.
(ii) Domestic
wire transfer means any wire transfer where the originator and receiver are
located in the same country.
(iii) Cross-border
transfer means any wire transfer where the originator and the beneficiary bank are
located in different countries. It may include any chain of wire transfers that
has at least one cross-border element.
(iv) The
originator is the account holder, or the person that places the order to
perform the wire transfer.
(b)
Banks/FIs must ensure that all wire transfers are accompanied by
the following information:
1. Cross-border wire transfers
(i) All cross-border wire transfers must be accompanied by accurate
and meaningful originator
information.
(ii) Information accompanying cross-border wire transfers must
contain the name and address of the originator and his account number. In the
absence of an account, a unique reference number, must be included.
(iii) Where several individual transfers from a single
originator are bundled in a batch file for transmission, they may be exempted
from including full originator information, provided they include the
originator’s account number or unique reference number.
2. Domestic wire transfers
(i) Information accompanying all domestic wire transfers of
Rs.50000/- and above must include complete originator information, unless it
can be made available to the beneficiary bank by other means.
(ii) If a bank has reason to believe that a customer is
intentionally structuring wire transfer to below Rs.50,000/- to several
beneficiaries in order to avoid reporting or monitoring, the bank must insist
on complete customer identification before effecting the transfer. In case of
non-cooperation from the customer, efforts should be made to establish his
identity and Suspicious Transaction Report (STR) should be made to FIU-IND.
(iii) When a credit or debit card is used to effect money
transfer, necessary originator information should be included in the message.
(c) Exemptions
Interbank transfers and settlements where both the originator and
beneficiary are banks or financial institutions would be
exempted from the above requirements.
(d) Role of Ordering, Intermediary and Beneficiary banks
(i) Ordering Bank
An ordering bank is the one that originates a wire
transfer. It must ensure that the wire transfers contain complete originator
information and verify the same. Such information is to be preserved at least
for a period of five years.
(ii) Intermediary bank
For both cross-border and domestic wire transfers, a bank
processing an intermediary element of a chain
of wire transfers must ensure that all originator information accompanying a wire transfer is retained with the transfer. Where
technical limitations prevent full originator information
from remaining with a related domestic wire
transfer, a record must be kept at least for five years by the receiving intermediary bank.
(iii)Beneficiary bank
A beneficiary bank should have effective risk-based
procedures in place to identify wire transfers lacking complete
originator information. It should also take up the matter with the ordering
bank if a transaction is not accompanied
by detailed information of the fund remitter. If the ordering bank fails to
furnish information on the remitter,
the beneficiary bank should consider restricting or even terminating its business relationship with the
ordering bank.
3.
Maintenance
of KYC documents and Preservation period
PML Act and Rules cast certain
obligations on the banks/FIs in regard to
maintenance, preservation and reporting of customer account information.
Maintenance
of records of transactions
Banks/FIs should
introduce a system of maintaining proper record of transactions as mentioned below:
(i)
All
cash transactions of the value of more than Rupees Ten Lakh or its equivalent in foreign currency;
(ii) Series of all cash transactions of
the same customer ,though individually valued below Rupees Ten Lakh, but the
aggregate per month exceeds Rs. Ten lakh or its equivalent in foreign currency.
(iii)
All
transactions involving receipts by non-profit organisations of value more than
rupees ten lakh or its equivalent in foreign currency
(iv)
All
cash transactions where forged or counterfeit currency notes or bank notes have
been used as genuine and where any forgery of a valuable security or a document
has taken place facilitating the transaction and
(v)All suspicious transactions, whether or not in cash.
Banks/FIs are required to maintain all
necessary information in respect of transactions prescribed under PML Rule 3 so
as to permit reconstruction of
individual transaction, including the following information:
(i)
the
nature of the transactions;
(ii) the amount of the transaction and the
currency in which it was denominated;
(iii) the date on which the transaction was
conducted; and
(iv) the parties to the transaction.
6.1
Preservation of Records
Banks/FIs should take
appropriate steps to evolve a system for proper
maintenance and preservation of account information.
(i) Banks/FIs should maintain for at least five years from
the date of transaction between the bank/FI and the client, all necessary records of transactions,
both domestic or international, which will permit reconstruction of individual transactions so as to provide, evidence
for prosecution of persons involved in criminal activity.
(ii)
Banks/FIs should ensure
that records pertaining to the identification of the customers and their address obtained while
opening the account and during the course of business relationship,
are properly preserved for at least five years after the business relationship is ended.
(iii) Banks/FIs may maintain
records of the identity of their clients, and records in respect of
transactions in hard or soft format.
(iv) Banks/FIs are required to pay special attention to all
complex, unusual large transactions and all unusual patterns of transactions, which have
no apparent economic or visible lawful purpose. It is further clarified that
the background including all documents/office
records/memorandums pertaining to such transactions
and purpose thereof should, as far as possible, be examined and the findings at
branch as well as Principal Officer level should be
properly recorded. Such records and related documents should be
made available to help auditors to scrutinize
the transactions and also to Reserve Bank/other relevant authorities. These records
are required to be preserved for five
years as is required under PMLA, 2002.
4.
Combating
Financing of Terrorism
The United Nations periodically circulates the following two lists of
individuals and entities, suspected of having terrorist links, and as approved
by its Security Council (UNSC).
(a) The “Al-Qaida Sanctions List”, includes names of individuals and entities associated
with the Al-Qaida. The Updated Al-Qaida Sanctions List is available at http://www.un.org/sc/committees/1267/aq_sanctions_list.shtml.
(b) The “1988
Sanctions List”, consisting of individuals (Section A of the
consolidated list) and entities (Section B) associated with the Taliban which is
available at http://www.un.org/sc/committees/
1988/list.shtml.
The United Nations Security Council Resolutions (UNSCRs), are circulated by the Reserve
Bank to all banks and FIs for implementation of Section 51A of the Unlawful Activities
(Prevention) (UAPA) Act, 1967. Banks/FIs should ensure that they do not have any account in the
name of individuals/entities appearing in the above lists. Details of accounts
resembling any of the individuals/entities in the list should be reported to FIU-IND.
Freezing of Assets under
Section 51A of Unlawful Activities (Prevention) Act, 1967
(a) Government has issued an Order dated August 27,
2009 detailing the procedure for implementation of Section 51A of the Unlawful
Activities (Prevention) Act, 1967 for prevention of, and for coping with
terrorist activities. In terms of
Section 51A, the Central Government is
empowered to freeze, seize or attach funds and other financial assets or
economic resources held by the individuals or entities listed in the Schedule,
or any other person engaged in or suspected to be engaged in terrorism and
prohibit any individual or entity from making any funds, financial assets or economic
resources or related services available for the benefit of the individuals or
entities listed in the Schedule to the Order or any other person engaged in or
suspected to be engaged in terrorism.
(b) Banks/FIs are
required to strictly follow the procedure laid down in the UAPA Order and
ensure meticulous compliance.
Jurisdictions that do not or
insufficiently apply the FATF Recommendations
(a) Banks/FIs are required to take into
account risks arising from the deficiencies
in AML/CFT. In addition to FATF Statements circulated by Reserve
Bank of India from time to time, banks/FIs should also consider publicly available
information for identifying countries, which do not or insufficiently apply the
FATF Recommendations. It is clarified that banks/FIs should also give special
attention to business relationships and transactions with persons from or in
countries that do not or insufficiently apply the FATF Recommendations and
jurisdictions included in FATF Statements.
(b) Banks/FIs should examine the
background and purpose of transactions with persons from jurisdictions included in FATF Statements
and countries that do not or insufficiently apply the FATF Recommendations.
Further, if the transactions have no apparent economic or visible lawful purpose,
the background and purpose of such transactions should be examined, and written
findings together with all documents should
be retained and made available to Reserve Bank/other relevant authorities, on
request.
Reporting Requirements
a) Reporting to Financial
Intelligence Unit - India
(i)
Banks/FIs are required to furnish
information relating to cash
transactions, cash transactions integrally connected to each other, and all transactions involving receipts
by non-profit organizations, cash transactions where forged or
counterfeit currency notes or bank notes have been used as genuine, cross
border wire transfer, etc. to the Director, Financial Intelligence Unit-India
(FIU-IND) at the following address:
Director, FIU-IND,
Financial
Intelligence Unit-India,
6th Floor, Hotel
Samrat,
Chanakyapuri,
New
Delhi-110021
(ii)
FIU-IND has released a
comprehensive reporting format guide to describe the specifications of prescribed reports to FIU-IND. FIU-IND has
also developed a Report Generation Utility and Report Validation Utility to
assist reporting entities in the preparation of prescribed reports.
(iii)
FIU-IND have placed on their website editable
electronic utilities to file electronic Cash Transactions Report (CTR)/
Suspicious Transactions Report (STR) to enable banks/FIs which are yet to install/adopt suitable technological
tools for extracting CTR/STR from their live transaction data base. It is,
therefore, advised that in cases of those banks/FIs,
where all the branches are not fully
computerized, the Principal Officer of the bank/FI should cull out
the transaction details from branches which are not yet computerized and
suitably arrange to feed the data into an
electronic file with the help of the editable electronic utilities of CTR/STR
as have been made available by FIU-IND on their website http://fiuindia.gov.in
(iv)
While furnishing information to the Director,
FIU-IND, delay of each day in not reporting a transaction or delay of each day
in rectifying a mis-represented transaction beyond the specified time limit shall
constitute a separate violation. Banks/FIs
are advised to take note of the timeliness of the reporting requirements.
As a part of their transaction monitoring mechanism, banks/FIs are required to put in place an appropriate software
application to throw alerts when the transactions are
inconsistent with risk categorization and updated profile of the customers. It
is needless to add that a robust software
throwing alerts is essential for effective identification and reporting of suspicious transaction.
b) Reports to be furnished to
FIU-IND
1.
Cash
Transaction Report (CTR)
(i) The CTR for each month should be submitted to FIU‑IND
by 15th of the succeeding month.
(ii) All
cash transactions, where forged or counterfeit Indian currency notes have been used as genuine should be reported by the
Principal Officer of the bank to FIU-IND by 15thday of the next
month. These cash transactions should also include transactions
where forgery of valuable security or documents
has taken place and may be reported to FIU-IND in plain text form.
(iii) While filing CTR, details of individual transactions
below Rupees Fifty thousand need not be furnished.
(iv) Transactions between the internal accounts of the bank
should not be reported in CTR.
(v) A summary of cash transaction reports for the bank as a
whole should be compiled by the Principal Officer of the bank every month in
physical form as per the format specified and submitted to FIU-IND.
(vi) A copy of the monthly CTR submitted to
FIU-India in respect of the branches should be available at the branches for
production to auditors/inspectors, when asked for; and
vii)
The instruction on ‘Maintenance of records of transactions’; and
‘Preservation of records’ should
be scrupulously followed by the branches.
viii)
However,
in respect of branches not under CBS, the monthly CTR should continue to be
compiled and forwarded by the branch to the Principal Officer for onward
transmission to FIU-IND.
2.
Suspicious
Transaction Reports (STR)
(i)
While
determining suspicious transactions, banks/FIs should be guided by the
definition of suspicious transaction as contained in PMLA Rules as amended from
time to time.
(ii)
It is
likely that in some cases transactions are abandoned by customers on being
asked to give some details or to provide documents. Banks/FIs should report all
such attempted transactions in STRs, even if not completed by the customers,
irrespective of the amount of the transaction.
(iii)
Banks/FIs
should make STRs if they have reasonable ground to believe that the transaction
involves proceeds of crime irrespective of the amount of the transaction and/or
the threshold limit envisaged for predicate offences.
(iv)
The STR
should be furnished within seven days of arriving at a conclusion that any
transaction, whether cash or non-cash, or a series of transactions integrally
connected are of suspicious nature.
(v)
In the
context of creating KYC/AML awareness among the staff and for generating alerts
for suspicious transactions, banks may consider the indicative list of
suspicious activities contained in 'IBA's Guidance Note for Banks, January
2012’.
(vi)
Banks/FIs should not put any restrictions on
operations in the accounts where an STR has been filed. It should be ensured that there is no tipping
off to the customer at any level.
3. Non-Profit Organisation
The report of all transactions involving
receipts by non- profit organizations of value more than rupees ten lakh or its
equivalent in foreign currency should be
submitted every month to the
Director, FIU‑IND by 15th of the succeeding month in the
prescribed format.
4. Cross-border
Wire Transfer
Cross-border
Wire Transfer Report (CWTR) is required to be filed with FIU-IND by 15th
of succeeding month for all cross border wire transfers of the value of more than
five lakh rupees or its equivalent
in foreign currency where either the origin or destination of fund is in India.
5.
General Guidelines
(i)
Confidentiality of customer information:
Information collected from customers for the purpose of
opening of account is to be treated as confidential and details thereof should
not be divulged for the purpose of cross selling, etc. Any other information
that is sought from the customer should be called for separately only after the
account has been opened, with his/her express consent and in a different form,
distinctly separate from the application form. It should be indicated clearly to
the customer that providing such information is optional.
(ii)
Avoiding hardship to customers:
While issuing operational instructions to branches, banks/FIs should keep in mind
the spirit of the instructions issued by the Reserve Bank so as to avoid undue
hardships to individuals who are otherwise classified as low risk customers.
(iii)
Sensitising customers:
Implementation of AML/CFT policy may require certain
information from customers of a personal nature or which had not been called
for earlier. Banks/FIs should, prepare specific literature/pamphlets, etc., to educate the customer regarding the objectives of the
AML/CFT requirements for which their cooperation is solicited.
(iv) Hiring
of Employees
It may be appreciated that KYC norms/AML standards/CFT
measures have been prescribed to ensure that criminals are not allowed to
misuse the banking channels. It would, therefore, be necessary
that adequate screening mechanism is put in place by banks/FIs as an integral part of
their personnel recruitment/hiring process.
(v) Employee
training:
Banks/FIs must have an
ongoing employee training programme so that the members of staff are adequately
trained in AML/CFT policy. The focus of the training should be different for
frontline staff, compliance staff and staff dealing with new customers. The
front desk staff needs to be specially trained to handle issues arising from
lack of customer education. Proper staffing of the audit function with persons adequately
trained and well-versed in AML/CFT policies of the bank, regulation and related
issues should be ensured.
(vi)
Provisions of FCRA
Banks should ensure that the provisions of the Foreign
Contribution (Regulation) Act, 2010, wherever applicable, are strictly adhered
to.
(vii) Applicability to overseas branches/subsidiaries
The
guidelines in this circular apply to the branches and majority owned
subsidiaries located abroad, to the extent local laws in the host country permit.
When local applicable laws and regulations prohibit implementation of these
guidelines, the same should be brought to the notice of the Reserve Bank. In
case there is a variance in KYC/AML standards prescribed by the Reserve Bank and
the host country regulators, branches/overseas subsidiaries of banks are
required to adopt the more stringent regulation of the two.
(viii) Technology requirements:
The
AML software in use at banks/FIs
needs to be comprehensive and robust enough to capture all cash and other
transactions, including those relating to walk-in customers, sale of
gold/silver/platinum, payment of dues of credit cards/reloading of
prepaid/travel cards, third party products, and transactions involving internal
accounts of the bank.
(ix) Designated
Director:
Banks/FIs may nominate a Director on their Boards
as “designated Director”, to ensure compliance with the obligations under the
Act and Rules. The name, designation and address of the Designated Director may
be communicated to the FIU-IND. UCBs/ State Cooperative Banks / Central Cooperative
Banks can also designate a person who holds the position of senior management
or equivalent as a 'Designated Director'. However, in no case, the Principal
Officer should be nominated as the 'Designated Director'.
(x)
Principal Officer:
Banks/FIs may
appoint a senior officer as Principal Officer (PO). The PO should be
independent and report directly to the senior management or to the Board of
Directors. The PO shall be responsible for ensuring compliance, monitoring
transactions, and sharing and reporting information as required under the
law/regulations. The name, designation and address of the Principal Officer may
be communicated to the FIU-IND.
Based on the RBI master circular dt 1/7/15
Please visit www.rbi.org.in in case
of any further clarification if required. Poppy
No comments:
Post a Comment