Know Your Customer (KYC) Norms/Anti-Money Laundering (AML) Measures/Combating of Financing of Terrorism (CFT)/Obligations of banks under PMLA, 2002.

The objective of KYC/AML/CFT guidelines by RBI is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities. KYC procedures also enable banks to know / understand their customers and their financial dealings better which in turn help them manage their risks prudently. Banking operations are susceptible to the risks of money laundering and terrorist financing. In order to arrest money laundering, where banks are mostly used in the process, it is imperative that they know their customers well.

On combating financing of terrorism, RBI has specified certain standards based on which our Bank has formulated this policy on identification and acceptance of customers to have a business relationship with us. Our branches are required to prepare and maintain documentation on their customer relationships and transactions to meet the provisions of the Prevention of Money Laundering Act and other laws and regulations.

RBI has issued the KYC guidelines under Section 35 (A) of the Banking Regulation Act, 1949 and any contravention of the same will attract penalties under the relevant provisions of the Act. Thus, the Bank has to be fully compliant with the provisions of the KYC procedures.

The Guidelines required the banks in India to follow the following steps towards preventing money laundering:

• Customer Acceptance Policy
• Customer identification Procedures
• Monitoring of Transactions, and
• Risk Management

The due diligence expected under KYC involves going into the purpose and reasons for opening an account, anticipated turnover in the account, sources of wealth (net worth) of the person opening the account and sources of funds flowing into the account.

Customer Acceptance

Before commencing a business relationship with a prospective customer, we have to ensure that such a relationship does not, in any way, go against its Customer Acceptance principles viz.

i. No account is opened in anonymous or fictitious/ benami name(s) and

ii. Customers are categorized based on risk perceptions in terms of the nature of business activity, location of customer and his clients, mode of payments, volume of turnover, social and financial status, etc.
Information relating to the customer's social/ financial status, nature of business activity etc. shall be obtained from / prepared for the applicants for opening Savings/ Current / Overdraft / Term deposits accounts.

The customer profile shall be updated, on a periodical basis, as under:

For low risk customers once in three years
For medium risk customers - Every year
For high risk customers - Every year

Note: However, these periodicities are only indicative and wherever warranted, the updation exercise may be done even at lesser frequencies taking into account the activities, conduct of operations, etc.

Customer identification

• Customer identification means identifying the customer and verifying his/her/its identity by using reliable, independent source documents, data or information.
• Customer Identification is carried out at different stages i.e., while establishing a banking relationship, carrying out a financial transaction or when the branch has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data.
• For opening an account, normally, the customer should come to the Bank in person. An account shall not, normally, be opened without a meeting between the bank official and the customer.
• Branches need to obtain sufficient information to their satisfaction, to establish the identity of each new customer, whether regular or occasional and the purpose of the intended nature of banking relationship.
• The process of enquiry/verification of the documents shall be a thorough one by having a dialogue with the prospective depositor, introducer, borrower and guarantor and confirmation through other channels, if necessary. Wherever it is necessary, a discreet verification shall also be made about the credentials of the parties, their business potential etc.
• The process of verifying a customer's identity and his/her credentials is not a faultfinding exercise but to create a better customer relationship that may safeguard the mutual interests of the Bank as well as the customer.
• Identification Documents to be submitted by customers for opening of accounts
• Branches shall ask for documents to verify the identity of the customer, his/her address, location and his/her recent photograph.
• For accounts of Individuals under Low Risk Category, the following documents are accepted:

1. Passport alone where the address on the passport is the same as the address on the account opening form (OR)
2. Any one document (latest/recent) from each of the lists given below, for

Subject to the satisfaction of the officer authorizing the opening of the account

Note: Original should be produced for verification and copy, duly attested by the verifying official, shall be kept along with the account opening form.

• In case of joint accounts, all applicants are required to independently establish their identity and address.
• Care of/ temporary ' or incomplete address should not be accepted.
• In respect of Medium/High risk customers, besides the normal documents prescribed above for low risk customers, branches shall call for additional information and documentary evidence as under:

Type of Customers/accounts Additional Information/Documents

For current accounts in all risk categories
For accounts of other than individuals in all risk

• Introduction by an existing account holder or by a person known to the Bank
• For customers who are legal persons or entities (i.e., other than individuals), branches shall verify the legal status of the legal person/entity through proper and relevant documents
• Verify that any person(s) purporting to act on behalf of the legal person/entity is duly authorised and such person(s) is/are properly identified by calling for documents (as listed above for individual low risk customers) and verify the identity of that person(s)
• Understand the ownership and control structure of the customer and determine those natural persons who ultimately control the legal person.

Quoting of PAN

• As per clause (C) of rule 114B of the Income Tax Rules 1962, it is mandatory for the customers to quote the PAN (Permanent Account Number) or GIR (General Index Register) Number, in the account opening forms pertaining to Term deposits exceeding Rs.50,000 and for opening an account of all other types. Photo Copy of PAN/GIR card should be obtained, verified from original and kept on record.
• In case PAN or GIR Number has not been allotted or the person is not an Income Tax assessee, a declaration in Form No.60 or 61, as the case may be, should be given to the Bank.

Furnishing of Photographs

• While tendering applications for opening Savings / Current accounts in the names of Individuals/Sole Proprietary concerns, two copies of latest passport size photographs should be furnished.
• In case of joint accounts, Accounts of Partnerships, Limited Companies, Clubs, Associations, Societies, Trust, Institutions, etc. the photographs of person(s) / official(s) who are authorised to operate the account and in case of HUF, the photograph of the Karta should be provided.
• In case of Term Deposits, one copy of photograph shall be obtained provided the depositor does not have a Savings or Current account with the branch. Savings accounts where cheque facility is not provided and in case of aggregate fixed/term deposit where value does not exceed Rs. 10000/-, photographs need not be obtained.
• The above provisions cover all categories of depositors.

Introduction of accounts to the Bank

• It is essential that the introducer should know fully well the prospective account holder whom he/she is introducing for a sufficiently long time. The introducer should be in a position to identify or be able to give more particulars about the account holder from his personal knowledge, when there arises any occasion at a later date.
• A dialogue or enquiry with the introducer is must so that he/she could be informed of his responsibility and the implications of introducing an account.
• In respect of accounts introduced by employees of other branches or where the introducer was not present while introducing the customer at the time of opening the account, no cheque / draft shall be collected till a confirmation introducer of having introduced the account is received.

Rejection of applications for opening accounts

Where the Bank is unable to apply appropriate customer due diligence measures i.e. unable to verify the identity and/or obtain documents required as per the risk categorization due to non-cooperation of the customer or the data /information furnished to the bank is not reliable, it may take a decision not to open the account.

Relaxed KYC Procedure

• Relaxed KYC procedure refers to acceptance of an introduction in lieu of full KYC procedure subject to certain conditions prescribed.
• ** This relaxation is applicable for Low Income Group customers, individuals falling under the 'No frill' category, persons affected by natural calamities like floods, cyclone, tsunami, etc.
• Low Income group customers are those who keep balances not exceeding Rs.50000/- in all their accounts (FDR/Current/Savings) taken together and the total credit summation in all the accounts taken together is not expected to exceed
• Rupees One Lakh (Rs.100000/-) in a year.
• For these customers, branches are permitted to open accounts subject to the following conditions:

1. An introduction (in lieu of the KYC documents) from another account holder who has been subjected to full KYC procedure should be given.

2. The introducer's account with the Bank should be at least six month's old and should show satisfactory transactions.

3. The photograph of the customer who proposes to open the account and his address need to be certified by the introducer.

• When, at any point of time, the total balance in all his/her accounts (FDR/SB/CA) with the Bank taken together exceeds Rupees Fifty thousands (Rs.50000/-) or total credit summation in all the accounts exceeds Rupees one lakh (Rs.100000/-) in a year, excluding value of Government compensation/relief cheques, no further transactions will be permitted until the full KYC procedure is completed.

KYC norms for Remittances within India

• Issue and payment of Pay orders, demand drafts, electronic funds transfers and other remittances of Rs.50,000 and above could be made only by debit/credit to customers' accounts or against cheques and not against cash.
• Further, the applicants (whether customers or not) for the above transactions for amount of Rs.50,000 and above should furnish PAN (Permanent Account Number allotted by Income Tax Authorities) on the applications.

Closure of accounts on account of non-cooperation from the customer

If the Bank is not able to adhere to the KYC norms in a particular account due to non co-operation by the customer or non-reliability of the data/ information furnished to the Bank, it may close the account, after giving due notice to the customer explaining the reasons for such a decision.

General

• You should keep in mind that the information collected from the customer for the purpose of opening of account is to be treated as confidential and details thereof are not to be divulged for cross selling or any other like purposes. Banks should, therefore, ensure that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer should be sought separately with his / her consent and after opening the account
• We should not open an account or close an existing account where the bank is unable to apply appropriate customer due diligence measures i.e. we are unable to verify the identity and /or obtain documents required as per the risk categorization due to non cooperation of the customer or non reliability of the data/information furnished to the bank. It is, however, necessary to have suitable built in safeguards to avoid harassment of the customer. For example, decision by us to close an account should be taken at a reasonably high level after giving due notice to the customer explaining the reasons for such a decision;
• Circumstances, in which a customer is permitted to act on behalf of another person/entity, should be clearly spelt out in conformity with the established law and practice of banking as there could be occasions when an account is operated by mandate holder or where an account is opened by an intermediary in fiduciary capacity. Necessary checks to be observed before opening a new account so as to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations etc.
• Examples of some high risk categories which include Non Resident Indians (NRIs), High Net worth Individuals (HNIs), Trusts, Charities, Non Governmental Organisations (NGOs), companies having closed shareholding structure, firms with sleeping partners, Politically Exposed Persons (PEPs), non-face-to-face Customers, persons with dubious reputation, etc. We are to carry out a review of risk categorization of customers at a periodicity of not less than once in six months. It is therefore, now mandatory for banks in India to introduce a system of CRC for their customers.
• Selection of Parameters for risk categorization: The first step in process of risk categorization is selection of parameters, which would determine customer risk. Some indicative parameters, which can be used to determine the profile & risk category of a customer, are as follows:

1. Customer constitution: Individual, proprietorship, partner-ship, Limited Liability Partnership, Clubs, Associations, private limited, etc
2. Business segment: Retail, Corporate, etc
3. Country of residence/ Nationality: Whether India or any overseas location/ Indian or foreign national.
4. Product subscription: Salary account, NRI products, etc.
5.  Economic profile: HNI, public limited company, etc.
6. Account status: Active, inoperative, dormant.
7. Account vintage: less than six months old, etc.
8. Presence in regulatory negative/PEP/defaulter/fraudster lists.
9. Suspicious Transaction Report (STR) filed for the customer.
10. AML Alerts

• Other parameters like source of funds, occupation, purpose of account opening, nature of business, mode of operation, credit rating, etc can also be used in addition to the above parameters. We may use some of these parameters based on availability of data.

REPORTING OBLIGATION UNDER PMLA ACT

Reporting Requirements

Ensuring that the reporting obligations under PMLA are met, i.e. furnishing FIU-IND information relating to:

i. All cash transactions of the value of more than INR 1,000,000 or its equivalent in foreign currency;

ii. All series of cash transactions integrally connected to each other which have been valued below INR 1,000,000 or its equivalent in foreign currency where such series of transactions have taken place within a month, however, aggregating to more than INR 1,000,000;

iii. All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions; and

iv. All suspicious transactions whether or not made in cash. To this effect, the bank should make PO responsible to receive the internal suspicious activity reports within reasonable period of time so as to meet the reporting deadline to FIU-IND. In case of banks, where all the branches are not yet fully computerized, the PO of the bank should cull out the transaction details from branches which are not computerized and suitably arrange to feed the data into an electronic file with the help of the editable electronic utilities of CTR/STR as have been made available by FIU-IND on their website. The PO should also ensure that any significant issues are reported to the senior management of the bank on a periodic basis.

We are required to make the following reports to the FIUIND.

• Cash Transaction Reporting (CTR)
• Counterfeit Currency Reporting (CCR)
• Suspicious Transaction Reporting (STR)

Cash Transaction Reporting (CTR)

As per the PMLA rules, we are required to submit the details of:

• All cash transactions of the value of more than rupees ten lakh or its equivalent in foreign currency.
• All series of cash transactions integrally connected to each other, which have been valued below rupees ten lakh or its equivalent in foreign currency, where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakh. The format for reporting of the above-mentioned cash transactions, known as Cash Transaction Report (CTR) has been provided by the RBI vide its circular dated February 15, 2006. This report is required to be filed on a monthly basis by 15th of the succeeding month. RBI vide circular dated May 22, 2008 has clarified that Cash transaction reporting by branches to their controlling offices should be submitted on monthly basis and not on fortnightly basis. We have been advised to initiate urgent steps to ensure electronic filing of CTR. The FIU-IND has provided an excel based utility at its website www.fiuindia.gov.in for generation of CTR in electronic form.

Counterfeit Currency Reporting (CCR)

The PMLA Rule 3(1)(C) read with rule 8 requires the reporting of all cash transactions where forged or counterfeit Indian currency notes have been used as genuine. The RBI vide circular dated May 22, 2008 provided the format in which the CCR needs to be reported to the FIU-IND. The said report is required to be filed not later than seven working days from the date of occurrence of such transactions.

Suspicious Transaction Report (STR)

The PMLA Rule 3(1)(D) read with rule 8 requires the reporting of all suspicious transactions whether or not made in cash. Principal Officer should record his reasons for treating any transaction or a series of transactions as suspicious. It should be ensured that there is no undue delay in arriving at such a conclusion once a suspicious transaction report is received from a branch or any other office.

While furnishing the STR care needs to be exercised on drafting of the grounds of suspicion (GOS) in part 8 of the STR format. This part of the STR is the 'Soul' of the STR as it answers the essential question of why the STR is being filed. Therefore the GOS have to be accurate and complete.

The grounds of suspicion should express fully 'why' the transaction or activity is unusual, unjustified, does not have economic rationale, or bonafide purpose keeping in mind the banking business and services offered by the Bank. The GOS could also explain the relationship between persons (natural & legal), accounts and transactions that are being reported as part of the STR. Correct reason for suspicion needs to be identified as it signifies the character of suspicious activity. GOS need to be in form of a detailed paragraph justifying why the transactions are considered to be suspicious. Specific reference requires to be drawn to the customer’s profile, apparent financial standing, past activity in account, rationale/purpose behind the transactions, business profile and general transaction pattern etc. These grounds are indicative in nature and may vary from case to case. Findings of any other due diligence may also be mentioned in the GOS. Subsequent to furnishing an STR the FIU-IND/ other investigative agencies to whom the STR is forwarded by FIU-IND, may seek additional inputs in form of documents such as Account opening form and KYC documents. Pertaining to the customer from the bank. Banks may therefore arrange to keep these documents ready for submission (if required).

Every employee has an obligation to report transactions suspicious of a money laundering or terrorist financing activity. It is required to report suspicious transactions even if the employee does not know precisely what the underlying criminal activity is or whether illegal activities have occurred. The reporting system is suspicion based as opposed to transactions or value based. A suspicion is what it means to the person who decides to report. It is a wholly subjective and analytical concept. The golden rule is, even after undertaking the due diligence, if there is still a doubt, report.

The reporting of these transactions by an employee does not constitute a breach of the employee's duty of confidentiality owed to customers. In addition, as per the PMLA 2002, the banks and their officers shall not be liable to any civil proceedings against them for furnishing information on any suspicious transaction.

PRESERVATION OF RECORDS

Section 12 of the PMLA 2002 makes it mandatory for every bank to maintain a record of all transactions, the nature and value of which may be prescribed.

Why is it important to maintain records?

The keeping of proper records is essential to enable the banks to demonstrate that they have operated in conformity with local laws and regulations. This will in turn enable the Banks and individual staff members to defend themselves against any allegations of knowingly assisting a money launderer. Banks must retain records concerning customer identification and transactions as evidence of the work they have undertaken in complying with their legal and regulatory obligations, as well as for use as evidence in any investigation conducted by law enforcement. It is important for the bank at all stages in a transaction to be able to retrieve relevant information, to the extent it is available, without undue delay.

What records have to be kept?

The investigating authorities need to ensure a satisfactory audit trail for suspected money laundering transactions and to be able to establish a financial profile of the suspect account. For example, to satisfy these requirements the following information may be sought by the investigating authorities:

The beneficial owner of the account;

The volume of funds flowing through the account;

For selected transactions:
a) The origin of the funds (if known)
b) Nature of the transactions;
c) The amount of the transactions and the currency in which it was denominated.
d) The date on which the transaction was conducted;
e) The form in which the funds were offered or withdrawn i.e. cash, cheque etc;
f) The identity of the person undertaking the transaction;
g) The parties to the transaction;
h) The destination of the funds; and
i) The form of instruction and authority.

What are the timelines for retention of records?

Records pertaining to the identification of the customer and his address would continue to be preserved for at least 10 years after the business relationship is ended where as transactions record between the customer and the bank shall be maintained at least for 10 years from the date of transaction. Such records and related documents should be made available to help auditors in their work relating to scrutiny of transactions and also to RBI/other relevant authorities. The term 'cessation' would broadly mean the time of closure of account. However, there may be certain exceptions to this, for example:

a. If the matter related to a suspicious transaction is pending in a court, the relevant records should be retained for 10 years from the date of final verdict of the court.

b. In specific cases, where RBI/FIU-IND or any other regulatory body requests for the retention of records for a period more than 10 years, the banks should be guided by such specific requests.