KYC and PMLA standards
I. THE BACKGROUND:
RBI has issued Master Direction “Know Your Customer (KYC) Directions, 2016” having reference no. Master Direction DBR.AML.BC.No.81/14.01.001/2015 -16 dated February 25, 2016 as amended up to 12th July, 2018. The Master Direction issued is mainly in respect of ‘Know Your Customer’ (KYC) Guidelines and Anti Money Laundering Standards (AML) based on ‘Prevention of Money Laundering Act, 2002 and rules there under, the recommendations made by the Financial Action Task Force (FATF) on anti-money laundering standards and amendments made in the PMLA, 2002 from time to time. Compliance with these standards by all financial institutions has become imperative. These Directions lay down the minimum requirements / disclosures to be made in respect of clients.
This policy has been framed for attaining the following objectives:
- To prevent the company from being used, intentionally or unintentionally, by criminal elements for money-laundering activities.
- To form KYC procedures to enable the company to know/understand their customers and their financial dealings in better way which in turn shall help manage the risks prudently.
To put in place systems and procedures for customer identification and verifying his / her identity and residential address.
- To monitor transactions of a suspicious nature
- The policy will be disseminated to all employees at all levels in the organization who deal /handle account information, loan transactions, money and customer records etc. relating to the clients.
III. DESIGNATED DIRECTOR AND PRINCIPAL OFFICER /COMPLIANCE OFFICER:
Designated Director will ensure overall compliance with the obligations imposed under chapter IV of the
PML Act and the Rules. Company’s Director will be appointed as Designated Director by the Board of Directors.
Company shall appoint a principal officer/compliance officer. He /She will be located at the Head/Corporate office of the Company and shall be responsible for internal controls and procedures relating to implementation of this policy and identifying and reporting any suspicious transaction or activity to the concerned authority.
The principal officer/compliance officer will be a Head of Operations of the company and should be able to discharge the functions with independence and authority. The board of directors or its nominated committee can change the principal officer or compliance officer.
The Principal Officer shall maintain close liaison with the enforcement agencies and other institutions who are engaged in the fight against the money laundering and terrorist financing.
To ensure the effectiveness of the above posts, the Company shall ensure that at no point in time is the Principal Officer same as Designated Director.
All necessary details of the above referred officials, upon appointment and subsequent changes, shall be intimated to the Financial Intelligence Unit – India and RBI.
IV. KYC NORMS:
Client Registration Form for each client shall be obtained before opening an account.
The company will collect the relevant supporting / proofs and financial information / documents or other Officially Valid document (OVD) as stated in RBI Directions as may be required to establish the genuine identity of the client or the beneficial owners, as the case may be. Annexure attached for the list of OVD.
KYC is strictly reviewed as per aforesaid RBI Directions which provide for identification of ultimate or end beneficiary or controlling power and to take all reasonable steps to identify them. End beneficial ownership or controlling ownership interest means holding more than 25% of shares/capital/profits of juridical person; where juridical person is a Company. If it is Partnership firm or body of individuals or unincrporated association, then above percentage is replaced with 15% of shares/capital/profits in partnership firm or body of individuals or unincorporated association.
V. CLIENT DUE DILIGENCE PROCESS:
The company must monitor their clients to identify, mitigate and manage any money laundering / terrorist financing risks that may be posed while providing loan facility.
a. Verification and Due diligence:
- Ensure that all required documents including the KYC form are complete in all respects.
- Ensure that all the supporting documents and other additional documents are collected and are self attested by the client himself.
- In case of Corporate clients, ensure that Resolution of Board of Directors approving the transaction and naming the authorized persons for carrying out the necessary formalities on letter head of the company.
- Ensure that corporate client is authorized to enter into loan transaction and carry out the activity for which the loan is being taken as per Memorandum of Association and Articles of Association.
- While interacting with the Client, Business Partner/KYC Desk may conduct due diligence of the client for knowing the client’s background, history, financial status / capability, assessment of business patterns as per the documents to verify genuineness of the client.
b. Verification and Due diligence by KYC Desk:
- KYC desk to receive duly filled in Client Registration Docket along with the supporting documents of client and then KYC desk to verify duly filled Client Registration Docket with the supporting documents for their completeness in all respects and get it rectified from the client in case of any deficiencies.
- Ensure that all the supporting documents and other additional documents are collected and are self attested by the client himself.
In case of Corporate clients, ensure that Resolution of Board of Directors approving the transactions and naming the authorized persons for carrying out the necessary formalities on letter head of the company.
- Ensure that corporate client is authorized to enter into loan transaction and carry out the activity for which the loan is being taken as per Memorandum of Association and Articles of Association and should be marked by KYC Desk.
While interacting with the Client, KYC desk may conduct due diligence of the client for knowing the client’s background, history, financial status / capability, assessment of business patterns and to verify genuineness of the client.
- Cross check PAN details of the client like Permanent Account Number, Name, Father’s Name (in case of Individual client), Date of Birth / Incorporation with the details on the website of the Income Tax Department and attach the proof of the same with KYC docket.
- In case PAN details are not matching substantially with PAN details printed on PAN Card and PAN details appearing on IT website, take appropriate action to get it clarified from the client. In case of minor discrepancy in the name, obtain the declaration from the client about the same.
- Self attested Aadhaar card to be mandatorily collected from each Individual, Authorised Persons, Partners, Directors, Ultimate Beneficial Owner, etc.
- Ensure that name filled up in client registration form, Agreement and other document is same as name appearing on PAN card/Aadhaar card. Collect CKYC form if client is not registered in CKYC for sharing information with CKYCR by uploading the KYC data on CERSAI portal. If client is already registered on CKYC, then existing details are verified with the details provided to us. If there is any change in the details, same is updated on the portal and if no change then the existing data is downloaded from CERSAI portal and saved with us in the form of PDF.
- Under FATCA and CRS, company shall adhere to the provisions of Income Tax Rules 114F, 114G and 114H and determine whether they are a Reporting Financial Institution as defined in Income Tax Rule 114F and if so, shall comply with the reporting requirements as stated in Master Direction
- – Know Your Customer (KYC) Directions, 2016. KYC desk should check ‘worldcheck’, ‘watchoutinvestors.com’ and SEBI/ Exchange website for client’s history and status.
- In case of corporate client, ensure that the name of the company is not appearing in the list of vanishing companies as provided on Ministry of Corporate Affairs (MCA) website. Keep the checking detail with the KYC docket.
- In case of default or any action taken by any regulatory authorities against such client is found on verification then seek clarification from the client and co-ordinate with client to find out further details in such default and status as on date.
- Dispatch welcome letter stating details like Client code allotted, his email ID, important terms and conditions of the contract and loan facility offered etc. to the client and maintain the dispatch record.
A copy of all the documents executed by client shall be given to him, within reasonable time from the date of acceptance of loan request.
c. Due Diligence from PMLA Point of view:
- Customer due diligence (“CDD”) measures shall be applied to an extent that is sensitive to the risk of money laundering and terrorist financing depending on the type of customer, business relationship or transactions involved.
- Company shall determine from available sources of information whether the client or potential client or the beneficial owner of such client is a politically exposed person (PEP).PEP declaration will be taken from such person, if required.
- Approval of senior management will have to be obtained for establishing business relationships with PEPs and their family members and close relatives. Where a client has been accepted and the client or beneficial owner is subsequently found to be, or subsequently becomes a PEP, obtaining senior management approval to continue the business relationship is necessary.
- Company shall obtain sufficient information in order to identify persons who beneficially own or control or influences a client’s loan account. It shall also incorporate those persons who exercise ultimate effective control over a legal person or arrangement.
- Whenever it is apparent that the loan account maintained is beneficially owned by a party other than the client, then that party will be identified using client identification and verification procedures.
- Company shall conduct ongoing due diligence and scrutiny, i.e. perform ongoing scrutiny of the transactions and account throughout the course of the business relationship to ensure that the transactions being conducted are consistent with the company’s knowledge about the customer, its business and risk profile.
- Company shall apply customer due diligence on a risk sensitive basis depending on the type of customer, business relationship or transaction.
- Documentation requirement and other information will be collected in respect of different classes of clients depending on perceived risk and having regard to the requirement of the PMLA, guidelines issued by RBI from time to time. Indicative list for additional documents that may be obtained from HighRisk Clients:
- Annual Statement of the accounts / financial information
- Sources of Funds / Securities (if any),
- Last 3 months bank statements,
- It shall be ensured that an account is not opened where
- The Company is unable to apply appropriate client due diligence measures / KYC policies.
- Where it is not possible to ascertain the identity of the client,
- Information provided to the intermediary is suspected to be nongenuine,
- Perceived non-cooperation of the client in providing full and complete information
- Necessary checks also to be conducted for existing clients on ongoing basis to ensure that they are not falling in banned list provided by stock exchanges / SEBI / RBI from time to time.
d. Periodic Updation:
Periodic updation will be carried out at least once in every two years for high risk customers, once in every eight years for medium risk customers and once in every ten years for low risk customers as per the procedure laid down in RBI guidelines.
VI. CLIENT ACCEPTANCE POLICY:
- The Company has to ensure that the existing guidelines regarding Customer / business acceptance is strictly followed. Existing / past relationship with the client should be verified and ensured that the client is not on the negative list / defaulters list / debarred list.
- A detailed search to be carried out to find that the Client is not in defaulters / negative list of regulators. (Search should invariably be carried out from reports generated from any of CIC (CIBIL, CRIF, EXPERIAN or EQUIFAX) and Ministry of Company Affairs sponsored website www.watchoutinvestors.com)
- In case of corporate, the antecedents of the company (change of name and registered office in particular) and the Ultimate Beneficial Owner, Authorised Signatory’s and directors is to be traced, if any.
- An assessment shall be made of the financial worthiness of the client by obtaining appropriate declarations at KYC stage in case no financial proof is provided by the client.
- A thorough assessment shall be carried out to ascertain whether the client is dealing with the company on his own behalf or some one else is the beneficial owner. If there are doubts, before acceptance of the clients, thorough due diligence shall be carried out to establish the genuineness of the claims of the clients. Secrecy laws shall not be allowed as a reason to disclose true identity of the beneficiary / transacting party.
- No account shall be opened in a fictitious name / benami name or on an anonymous basis.
- No client shall be accepted where it is not possible to ascertain the identity of the client, or the information provided is suspected to be non-genuine, or if there is perceived non-cooperation of the client in providing full and complete information. The company shall not continue to do business with such a person and file a suspicious activity report. The company shall consult the relevant authorities in determining what action it shall take when it suspects suspicious transactions being carried out.
- No transaction or account-based relationship is to be undertaken without following the Client Due Diligence Process.
- No Joint Account shall be opened unless Client Due Diligence Process is conducted on all the joint account holders.
- Know Your Client forms duly signed by the client shall be obtained before acceptance of the clients.
- In case of client belongs to CSC (Client of Special category), the additional due diligence process shall be initiated.
- Any transaction from the client shall be accepted only after customer acceptance procedure is completed.
VII. CLIENT RISK CATEGORIZATION:
- Based on the various factors and risk parameters, the clients shall be categorized into High, medium and low risk category.
- Certain clients may be of a higher or lower risk category depending on the circumstances such as the client’s background, type of business relationship or transaction, etc. The illustrative factors for risk profiling is given as under (list is indicative and can be expanded as per business requirements and experience):
- Geographical Location
- Nature of Business Activity
- Manner of making payment for transactions
- Income Range
- Category of client (individual, corporate, Trust, etc.)
- As such, company shall apply each of the customers due diligence measures on a risk categorisation basis. The type and amount of identification information and documents that registered intermediaries should obtain necessarily depend on the risk category of a particular customer.
- The client of high risk category and of special category clients shall be subjected to higher degree of due diligence and periodical updation of customer identification data (including photograph/s). The periodicity of updation shall not be less than once in five years in case of low risk category customers/clients and not less than once in two years in case of high and medium risk categories.
- There shall be a system of periodical review of risk categorisation of accounts. Review of risk categorisation of customers/clients shall be carried out at a periodicity of not less than once in six months.
- Conversely, simplified customer due diligence process may be adopted for lower risk categories of customers, based on the parameters set by the company.
- The following categories will be deemed to be special category clients
- Non resident clients
- High Net worth clients
- Trust, Charities, NGOs and organizations receiving donations
- Companies having close family shareholdings or beneficial Ownership
- Politically exposed persons (PEP) of foreign origin are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States or of Governments, senior politicians, senior government / judicial / military officers, senior executives of state-owned corporations, important political party officials, etc.
- Family members or close relatives of PEPs
- Current or Former Senior High-profile politicians and connected persons (immediate family, Close advisors and companies in which such individuals have interest or significant influence)
Companies offering foreign exchange offerings
- Clients in high risk countries (where existence / effectiveness of money laundering controls is suspect, where there is unusual banking secrecy, Countries active in narcotics production, Countries where corruption (as per Transparency International Corruption Perception Index) is highly prevalent, Countries against which government sanctions are applied, Countries reputed to be any of the following – Havens / sponsors of international terrorism, offshore financial centers, tax havens, countries where fraud is highly prevalent.
- Non-face to face clients
- Clients with dubious reputation as per public information available etc. (checking can be done on SEBI, RBI, Exchange, Watchoutinvestors.com, ‘Worldcheck’, ‘Google’ check, etc. website to categorized the client)
- Any other category of client as may be defined and included by the company under this list from time to time
VIII. CLIENT IDENTIFICATION PROCEDURES:
- Verify the customer’s identity using reliable, independent source documents, data or information; may use the SEBI or exchange permitted documents or can also review more documents as necessary based on case to case.
- Identify beneficial ownership and control of the prospective client, i.e. determine which individual(s) ultimately own(s) or control(s) the customer and/or the person on whose behalf a transaction is being conducted and also in case of POA holder.
- The authority to enter in to financial transactions on behalf of a corporate Customer (private/public limited company) shall be backed by a resolution of the Board of Directors. In case of a partner entering into a financial transaction on behalf of a partnership firm, the LOA or POA shall be signed by all the remaining partners of the firm. In case of a Trust or a Foundation, such an authority shall be backed by a resolution passed by the Board of Trustees or Managing Board as the case may be.
- In case of non-individual Customers, a copy of document governing their conduct shall also be obtained. Further, the decision as to whether KYC documents for the Beneficial Owners are to be obtained will depend on the Risk Category of the Customer.
- Client identification process shall be carried out at following different stages:
- While establishing the relationship with the client
- While carrying out transactions for the client
- When the company has doubts regarding the veracity or the adequacy of previously obtained client identification data.
- Obtain adequate information to satisfactorily establish the identity of each new client and the purpose of the intended nature of the relationship. Each original document shall be seen prior to acceptance of a copy. The authorised person’s signature to be obtained on the KYC kit stating that “All Originals seen and verified” and also to put stamp of in-person verification by the employee of the company.
- Failure/Refusal by prospective client to provide satisfactory evidence of identity shall be noted and reported to the higher authority within the organization
- Risk based approach shall be followed towards certification of documentation.
- Identification of client and introduction by an acceptable person are important pre -requisite for opening an account. Proper introduction or verification of the identity of the client may be obtained while opening an account.
- Before opening the accounts, an interaction should be done with the client except in the case of NRIs where the power of attorney holder is the Authorized dealer Bank.
- In case of companies, authorised person of the following viz. main promoter/ Managing Director/ whole time director / key management person and in the case of partnership any one of the active partners should be met in person, if required before opening the loan accounts.
- Caution is to be exercised when identifying companies which appear to be ‘shell companies’ or ‘front companies’. Shell/front companies are legal entities which have no business substance in their own right but through which financial transactions may be conducted.
If client comes from business partner, then Visit report will be taken from them.
- After opening the account, welcome letter should be sent at the registered address of the client. This will serve the dual purpose of thanking them for opening the account and for verification of genuineness of address provided by the account holder. If the envelope comes undelivered, then necessary action would be taken as management may deem fit.
IX. MONITORING OF TRANSACTIONS:
The account of the Customer after signing of the contract shall be closely monitored for the signs of any unusual dealings. If the unusual dealing is spotted explanation should be sought from the Customer in a non-intrusive manner to satisfy as to the genuineness of the same. If satisfactory explanations are not provided by the Customer, a STR shall be filed with the FIU.
X. RECORD KEEPING:
- To retain all transaction, identification & KYC documentation (identity and address of clients) of active as well as closed clients to be maintained for the minimum period of 5 years.
- To retain the records relating to reporting if any made by principal officer to FIUIND for suspicious transaction with their correspondence supporting.
The record shall be retrievable, whenever require.
- To keep on record, the dates when Anti Money Laundering training was given, the nature of the training and the names of the staff who has received such training.
- To maintain record of transactions prescribed under rule 3 and 7 of PML(Maintenance of Records) Rules, 2005.
- In the case of transactions where any investigations by any authority has been commenced and in the case of transactions which have been the subject of suspicious transaction reporting all the records shall be maintained till the authority informs of closure of the case.
XI. CUSTOMER EDUCATION:
he implementation of the KYC/AML procedures entails demanding and obtaining information from Customers which has not been hitherto asked for and thus raising a lo t of queries from Customers. This may be accomplished by way of mails and company web site and also giving in brief the legal requirements and other necessary factors which necessitate collecting such information. Employees must be trained in handling such information.
XII. REQUIREMENTS/OBLIGATIONS UNDER INTERNATIONAL AGREEMENTS:
Company will ensure that in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967, client do not have any account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC). Necessary check will be done on below links:
The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of individuals and entities associated with the Al-Qaida. The updated ISIL &Al-Qaida Sanctions List is available at
The“1988 Sanctions List”, consisting of individuals (Section A of the consolidated list) and entities (Section B) associated with the Taliban which is available at
XIII. HIRING OF EMPLOYEES AND EMPLOYEE TRAINING:
- Adequate screening mechanism as an integral part of company’s personnel
recruitment/hiring process has been put in place. The Human Resources department confirms the previous employment details given by the employee.
- An ongoing Employee training programme shall be conducted periodically so that the members of staff are adequately trained in KYC/AML procedures and fully understand the rationale behind the KYC/AML policies and implement them consistently.
The information collected from the customers for the purpose of opening of account will be kept as confidential and the company will not divulge any details thereof for cross selling or any other purposes. The company will ensure that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer will be sought separately with the client’s consent and after opening the account.
XV. EXCEPTION HANDLING:
Exceptions to this Policy must be approved by the Compliance Officer/Principal Officer, or a designated person. All exceptions must be documented, with reasons for the exceptions,
including expiration or review date and, wherever necessary, include an action plan and timelines for compliance with the Policy.
XVI. KYC REJECTION PROCEDURES:
In case where the documents or information obtained from client is not sufficient as outlined in the policy, the KYC will be rejected unless it is covered under the exception handling procedure as mentioned in clause above
XVII. EFFECTIVE DATE AND REVIEW:
The Policy would be reviewed in line with review requirements of the company or as and when considered necessary by Compliance Officer / Principal Officer / or Board of Directors but not later than once in a year.
Annexure for list of “Officially Valid Document” (OVD)
b. Driving licence
c. Voter`s Identity Card issued by the Election Commission of India
d. Job card issued by NREGA duly signed by an officer of the State Government.
e. Letter issued by the National Population Register containing details of name and address
f. Letter issued by the Unique Identification Authority of India containing details of name, address and Aadhaar number.
Explanation 1.-For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.
Provided, where an Aadhaar number has not been assigned to an individual, proof of application of enrolment for Aadhaar shall be obtained wherein the enrolment is not older than 6 months and in case PAN is not submitted, certified copy of an OVD containing details of identity and address and one recent photograph shall be obtained.
“Explanation- Obtaining a certified copy by reporting entity shall mean comparing the copy of officially valid document so produced by the client with the original and recording the same on the copy by the authorized officer of the reporting entity”
Provided further, that from an individual, who is a resident in the State of Jammu and Kashmir or Assam or Meghalaya, and who does not submit Aadhaar or proof of application of enrolment for Aadhaar, the
following shall be obtained:
i. certified copy of an OVD containing details of identity and address and
ii. one recent photograph
B. From an individual who is not eligible to be enrolled for an Aadhaar number, or who is not a resident, the following shall be obtained
i. PAN or Form No. 60 as defined in Income-tax Rules, 1962, as amended from time to time.
ii. one recent photograph and
iii. A certified copy of an OVD containing details of identity and address. Provided that in case the OVD submitted by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address. Provided further that, while opening accounts of legal entities, in case, PAN of the authorised signatory or the power of attorney holder is not submitted, the certified copy of OVD of the authorised signatory or the power of attorney holder shall be obtained, even if such OVD does not contain address.
“Provided that in case the OVD furnished by the customer does not contain updated address, the following documents shall be deemed to be OVDs for the limited purpose of proof of address:-
i. utility bill which is not more than two months old of any service provider (electricity, telephone, post- paid mobile phone, piped gas, water bill);
ii. property or Municipal tax receipt;
iii. pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
iv. letter of allotment of accommodation from employer issued by State or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation.
Provided further that the customer shall submit Aadhaar or OVD updated with current address within a period of three months of submitting the above documents.
All other documents as prescribed by RBI from time to time.