KYC Regulations

Often, bank officials assume that KYC is only related to customer onboarding. While it is true that KYC involves instructions on engaging new customers, its scope extends beyond that. Proper execution of KYC includes customer acceptance, risk management, customer identification procedures, and transaction monitoring. According to RBI guidelines, KYC is not limited to banks but also includes a list of “Regulated Entities”(REs) under its purview.

For Risk Management, Customers shall be categorized as low, medium and high-risk categories, based on the assessment and risk perception of the RE.  RBI has given broad guidelines for categorization and leaves the implementation to the banks or other REs. This includes: 

• Customer’s identity
• social/financial status
• Nature of business activity
• Information about customer’s business
• Location
• Geographical risk covering customers as well as transaction
• Type of products/ services offered
• Delivery channel used for delivery of products/ services
• Types of transaction undertaken – cash, cheque/monetary instruments
• Wire transfers
• Forex transactions
• Ability to verify identity documents through online or other services.

Risk categorization and the reasons for categorization must be kept confidential. The extent of monitoring is determined by the risk categorization of the customer, making the process of customer induction and categorization crucial. Automated risk categorization of customers is possible if parameters are clearly defined, enabling banks to avoid penalties from RBI. The penalty for not doing risk categorization is according to the provisions of Section 47-A (1) (c) read with Sections 46 (4) (i) and 56 of the Banking Regulation Act, 1949.

High-risk accounts are subject to more intense scrutiny, which plays a critical step in preventing money laundering. This monitoring should be continuous, tracking transactions daily to identify suspicious activity. By doing so, banks can prevent the ‘integration stage’ in money laundering , after which recovery of assets is almost impossible. This also shows why KYC and AML are often read together.

Utilizing compliance software is essential to handle these challenges effectively. Effectiveness of the compliance software becomes the first line of defense in preventing money laundering. High quality compliance tool sets enable banks to weed out suspicious accounts participating in money laundering at the initial stage of placement itself, when the funds are set up for further complex series of transactions.  Once suspicious cases are identified, they must be scrutinized. They must find out if the suspicion is true and an STR (Suspicious Transaction Report) has to be filed with the FIU-IND (Indian Financial Intelligence Unit) in that case.

Proper procedure requires banks to establish a customized customer due diligence framework to track customer details. The compliance department in the bank will be responsible for the creation. Regular updates are necessary, with high-risk customers requiring updates at least once every two years, medium-risk customers every eight years, and low-risk customers every ten years from the date of account opening or last KYC update. Timely reporting of suspicious transactions is crucial to prevent penalties from RBI and halt fraudulent activities effectively.