KYC : Compliance vs Convenience - আৰবিআই - Reserve Bank of India
KYC : Compliance vs Convenience
Shri R. Gandhi, Deputy Governor, Reserve Bank of India
delivered-on মে’ 26, 2014
Is KYC a recent phenomenon? KYC was always there in banking! The focus, earlier, was more on the asset side and not on the liability side as no banker could risk parting with his funds to an unknown person. The thorough appraisal process to screen the potential borrowers is a good example of KYC process. Then, issues such as illegal/black money and more recently, terrorism financing became matters of serious concern and then KYC on payments and remittances, and consequently on the liability side (deposit accounts, etc.) started assuming high importance. Why KYC/AML Norms Sound KYC policies and procedures are critical for protecting the safety and soundness of banks and the integrity of banking system in the country. Due to increasing globalisation of Indian banks, their interaction with other countries' financial systems are expanding, making the task of ensuring safety of our systems more critical. International obligations and inter-regulatory consensus built via United Nations Resolutions, Basle Committee on Banking Supervision and the Financial Action Task Force also require that we put in place an elaborate KYC Framework in India. Financial Action Task Force (FATF) The FATF is an intergovernmental body established in 1989 (G-7 initiative). Its tasks are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. It is a policy-making body which works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. It monitors the progress of its members in implementing necessary measures. There are 36 full-fledged members. India is one of them. Over 18 jurisdictions around the world have committed to the FATF Recommendations. India has also committed to implement the recommendations of FATF. Originally, in 1990, FATF had 40 recommendations focussing on drug money. It revised its recommendations in 1996 and broadened the scope. Then in 2001, it added eight (later nine) special recommendations to combat financing of terrorism which were further revised in 2003. The latest exercise in 2012 had further revised the recommendations and combined the 40+9 to 40. Basel Committee Findings of an internal survey of cross-border banking in 1999 by the Basel Committee identified deficiencies in KYC policies for banks in a large number of countries. It constituted a Working Group on Cross-border Banking to examine the then KYC procedures and to draw up standards applicable to banks in all countries. It issued a consultative document, called the Customer Due Diligence for banks (CDD) in January 2001. While the FATF’s focus is on money-laundering and terrorist financing, the Basel Committee's approach to KYC is from a wider prudential, and risk-management perspective, not just anti-money laundering perspective. PMLA – Salient Features UN General Assembly resolution (1990) calls upon the Member States to adopt national money-laundering legislation and programme. Accordingly, in India the Prevention of Money Laundering Act (PMLA), 2002 was enacted in January 2003. The Act along with the Rules framed there under have come into force with effect from 1st July 2005. The objectives of the PMLA are to:
The important feature of the Act is that the burden of proof is on the accused. Regulatory Stance The Reserve Bank's regulatory stance on KYC is with the aim to safeguard banks from being used by criminal elements for money laundering activities and to enable banks to understand the risk posed by customers, products and services, delivery channels and helping them assess and manage their risks prudently. At the same time, the Reserve Bank is fully conscious that the KYC framework will have to be relevant to the perceived risk and not intrusive in nature nor too strict resulting in denial of banking services to general public. As far as Indian banking sector is concerned, some of the initial steps taken (instructions issued) in respect of KYC are as under. Actually these instructions are there for the past 50 years or so, as far back as from 1965.
Paradigm shift – KYC prior to & post Nov’ 04 After the international focus on KYC, the Reserve Bank brought on a paradigm shift in the approach to KYC by banks in India. It moved away from introduction to document based identification - hence introduction not required. It also shifted the focus from financial loss (from frauds) to the banks to the loss of reputation to the banks (by non-compliance). The other principles are that the KYC information collected is to be consistent with risk perception and other information to be collected only with consent of the customer and the KYC related information is confidential - not to be divulged for cross-selling or any other purpose. Regulatory prescriptions Who is a Customer – a KYC context In the context of KYC framework, the concept of "customer" has now been redefined. A "customer" is no longer just the one who has an Account and/or business relationship with the bank; the ones on whose behalf the account is maintained (i.e. the beneficial owner), the beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors and any person/entity connected with any financial transaction which can pose risk to bank, say, through a wire transfer/issue of a high value DD, etc are all "customers". KYC policy of banks – the 4 key elements The Reserve Bank has prescribed that the KYC policy of banks should have the following key elements:
Customer Acceptance Policy The salient features are:
Customer Identification Procedures (CIP)
CIP – When Customer ID is required
CIP – PMLA requirements
Banks are required to verify the identity of the customer for all international money transfer operations CIP - Natural Persons (NP) - Identification Documents
CIP - NP – Address Documents
CIP - Close relatives
CIP - PEPs (Non-resident) Politically Exposed Persons (PEPs) are individuals who are entrusted with prominent public functions in a foreign country (as of now, we are focusing on foreign PEPs). e.g., Heads of states/Govts., senior politicians, senior Govt/judicial/defence officers, senior executives of state-owned corporations
CIP- Non face-to-face Customers Apart from applying the usual customer identification procedures, the following are to be taken care of:
CIP - Unique Customer Identification Code (UCIC)
CIP - Legal Persons (LP)
CIP - LP – Beneficial Owners Beneficial owner is the natural person who ultimately owns or controls a client and/or the person on whose behalf transaction is being conducted. Includes a person who exercises effective control over a juridical person.
CIP - Legal Persons – Companies Copies of the following documents would be required:
CIP - LP – Partnership Firms Copies of the following documents would be required:
CIP- LP – Trusts & Foundations Documents required are:
CIP - Proprietary Concerns
Customer profile & risk categorization Banks can effectively monitor, control and reduce their risk only if they have an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. Accordingly, banks are required to build the profile for each customer based on risk categorisation. The parameters of risk perception are: nature of business activity, location of customer and his clients, mode of transactions, volume of turnover and the social and financial status of the customer. What is risk perception of customers and how it is linked to KYC? An important feature of the current KYC regime is to obviate disproportionate cost to banks and burdensome regime for the customers. This is ensured by putting in place a risk graded CDD procedure, say: Low Risk, Medium risk and High Risk and appropriate CDD level accordingly. Is risk categorisation a one time affair? No. It will be an ongoing affair and banks should have a system of periodical review of risk categorization of accounts once in six months. They have to apply enhanced due diligence measures in case of risk upgradation, which depends on customer transactions/change in profile. Banks were required to complete the process of risk categorization and compiling/updating profiles of all of their existing customers by end-March 2013. Periodic updation of customer identification data - 2 & 10 years for high and low risk respectively has also been prescribed. Who are the Low Risk Customers? Typical examples are the salaried employees; accounts with small balance and low turnover; Govt. Deptts. & Govt. owned companies; regulatory and statutory bodies, etc. Who will be the High Risk Customers? They are such as the non-resident customers; HNIs; trusts, charities, NGOs and organizations receiving donations; companies having close family shareholding or beneficial ownership, firms with 'sleeping partners‘; politically exposed persons; non face-to-face customers, jewellers/dealers in gold bullion and those with dubious reputation as per public information available, etc. Can a bank refuse to open an account or decide to close an existing account? Yes. When the bank is unable to apply appropriate customer due diligence measures, i.e., Bank is unable to verify the identity and /or obtain documents required as per the risk categorisation due to non-cooperation of the customer or non-reliability of the data/information furnished to the bank. Decision to close an account at high level after due notice to the customer. Monitoring of Transactions Banks are required to closely examine the transactions in order to ensure that they are consistent with their knowledge of the client, his business and risk profile and where necessary, the source of funds. Banks are also required to prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Banks have to particularly guard against the Money Mules – the innocent recruits or persons with fake documents. Suspicious Transactions Transactions falling outside the regular, normal and reasonable pattern of activity of the customer will be regarded as suspicious transactions. Unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose in regard to customer's proclaimed business/income activity and transactions that involve large amounts of cash, inconsistent with the normal and expected activity of the customer will qualify to be suspicious transactions. Banks are required to be vigilant about these transactions. As per PMLA, Suspicious Transactions are that which:
Hence, the banks are required to prescribe threshold limits for a particular category of accounts, to pay special attention to the transactions which exceed these limits and to set key indicators for accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. Banks are required to report such transactions (STRs) as per definition in PMLA. Combating Financing of Terror Banks are to develop suitable mechanism for enhanced monitoring of accounts suspected of having terrorist links and swift identification of the transactions and making suitable reports to FIU-Ind on priority. STRs should include suspected cases of terrorist financing. Banks have to be particularly aware of the UNSCR enlisted individuals and entities and accounts and transactions are to be monitored vis-à-vis the list. Any matching found is to be advised to MHA (UAPA – Section 51A). Unlawful Activities (Prevention) Act, 1967 (UAPA) Govt is empowered to freeze, seize or attach funds/financial assets of persons engaged in or suspected to be engaged in terrorism. Under UAPA, RBI forwards the list of individuals/entities subject to UN sanctions to banks. Banks are required to ensure expeditious & effective implementation of the procedure of UAPA for freezing/unfreezing of financial assets. Financial Intelligence Unit (FIU) FIU-India has been set up pursuant to PMLA. This is a central agency to collect, collate and analyze financial information. It also disseminates information to concerned investigating authorities, if need be. It receives CTR/STR from banks/FIs and from entities regulated by SEBI/IRDA. The following types of transactions are to be reported to FIU-IND:
Customer Convenience We are aware of the possibility that some of these guidelines can be irritating, burdensome to comply with. Several representations and feedback were received to that effect as well. The Reserve Bank therefore periodically reviews these instructions and modifies them, with a view to reduce the burden and bring in ease of compliance, but at the same time ensuring the safety of the financial system and the sanctity of financial transactions are not compromised. Some of these modifications and adjustments are as follows:
Financial Inclusion We faced challenges in promoting financial inclusion with this KYC framework. Many of the financially excluded may not have proper official document, especially that of address as in the case of migrant people. As per Customer Acceptance Policy guidelines, the CAP and its implementation should not be too restrictive, and must not result in denial of banking service to public, especially to those who are financially or socially disadvantaged. Banks have been advised not to deny public access to banking services, taking the indicative list of documents as an exhaustive list. What could be done if required documents are not available? We have special provision for close family members as mentioned earlier. Small Accounts could be opened by those who do not have the prescribed documents. Small Accounts can be opened with a form filled up & signed before the bank officer with self-attested photograph – bank officer to certify. The small accounts will have the following features: they will have limitations on credit/debit/balance; will be available only at CBS-enabled branches; no foreign remittances will be permitted; will be available only for 12 months – further extension on application for Officially Valid Document; the aggregate of all credits in a financial year does not exceed ` One lakh; the aggregate of all withdrawals and transfers in a month does not exceed ` ten thousand, and the balance at any point of time does not exceed ` fifty thousand. Additional documents + AEPS
To Conclude Do we need such elaborate structure? Is it not taking the question of safety too far? Are we paranoid about terrorism and money laundering? Why we have to put ordinary customers of banks to such greater and deeper requirements? These are legitimate questions that can arise in your mind. But, we have to remember that we are responsible citizens; we have to not only abide by the law, but also help enforcing the law. We are also a responsible nation among the international community. We have obligations to the rest of the world as well. This KYC structure built by us is not of our own only; it is based on the consensual approach by all the committed nations. It is for the general good of the citizens of the world. We seek the understanding and the cooperation of all bank customers in complying with the KYC requirements on an ongoing basis. No security comes free of cost or inconvenience. That said, it will be our continued endeavour to minimize such cost and inconvenience. Reserve Bank is committed to ease of operations by bank customers, while requiring the banks to be vigilant about nefarious designs of anti-social elements and terrorists to use the banking and financial systems. @ Speech delivered by Shri R Gandhi, Deputy Governor, Reserve Bank of India, at Federation of Andhra Pradesh Chambers of Commerce and Industry, Hyderabad on 23rd May 2014. Assistance provided by Shri Thomas Mathew, General Manager is greatly acknowledged. |