google-site-verification=V5-UWTlyQVSEJ4N1JJBwZZXIk4nmJqknNwobl2_ViO4
top of page

Know Your Customer' (KYC) Guidelines & Anti Money Laundering Policy

  

Reserve Bank of India via circular RBI-2004-05/371 DNBS(PD). CC 48 /10.42/2004-05 has issued comprehensive guidelines on Know Your Customer (“KYC”) norms and Anti‐money Laundering (“AML Policy”) standards and has advised all NBFCs to ensure that a proper policy framework on KYC and AML measures be formulated and put in place with the approval of the Board.

The given KYC-AML Policy is in consonance with the RBI guidelines and has been adopted by Board of Directors of the Company.

  1. Objective

    1. The objective of RBI guidelines is to prevent NBFCs from being used, intentionally or unintentionally by criminal elements for money laundering activities. The guidelines also mandate making reasonable efforts to determine the identity and beneficial ownership of accounts, source of funds, the nature of the Customer’s business, the reasonableness of operations in the account in relation to the Customer’s business, etc. which in turn helps the Company to manage its risks prudently. Accordingly, the main objective of this policy is to enable the Company to have positive identification of its Customers.

    2. Accordingly, in compliance with the guidelines issued by RBI from time to time, the following KYC & AML policy of the Company is approved by the Board of Directors of the Company.

    3. This policy is applicable to all categories of products and services offered by the Company.

  2.Customer Acceptance Policy(CAP)

  1. For the purpose of KYC policy, a ‘Customer’ may be defined as:

    1. a person or entity that maintains an account and/or has a business relationship with the Company;

    2. one on whose behalf the account is maintained (i.e. the beneficial owner);

    3. beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors, etc. as permitted under the law, and

    4. any person or entity connected with a financial transaction which can pose significant reputational or other risks to the Company, say, a wire transfer or issue of a high-value demand draft as a single transaction.

  2. The Company shall follow the following norms while accepting and dealing with its Customers: 

    1. No account is opened in anonymous or fictitious/ benami name(s);

    2. Risk perception parameters are clearly defined in terms of the nature of the business activity, location of the Customer and his Customers, mode of payment, volume of turnover, social and financial status, and other factors. The Company may categorize the Customers into low, medium, and high risk (or may use any suitable nomenclature viz. level I, level II, and level III);

    3. Documentation requirements and other data to be collected from various kinds of Customers is based on perceived risk and in accordance with the PML Act, 2002 and Reserve Bank guidelines released from time to time;

    4. Not to open or close an account if the Company is unable to apply appropriate Customer due diligence measures, i.e., the Company is unable to verify the Customer's identity and/or obtain the documents required as per the risk categorization due to the Customer's lack of cooperation or the unreliability of the data/information provided to the Company.;

    5. The decision to cancel an account may be made at a fairly high level after giving the consumer sufficient notice and an explanation of the reasons for the decision;

    6. Since there may be occasions when an account is operated by a mandate holder or where an account may be opened by an intermediary in the fiduciary capacity, circumstances in which a Customer is permitted to act on behalf of another person/entity should be clearly spelled out in accordance with established banking law and practice;

    7. Before opening a new account, necessary checks are performed to guarantee that the Customer's identification does not match someone with a criminal history or banned entities such as individual terrorists or terrorist groups, etc.

    8. The Customer profile will be kept private, and no information from it will be used for purposes other than for what the information was collected The Company will keep Customer information private unless the disclosure is required by law or the Customer herself/himself authorizes such disclosure.

    9. Before opening an account, the Company will conduct a full scale Customer due diligence (CDD). No transaction or account-based relationship will be established with such person / entity if the genuine identity of the applicant is unknown or the Company is unable to implement sufficient CDD procedures.

   3.Risk Categorization

  1. Based on risk categorization, Company may create a profile for each new Customer.

  2. Company may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk Customers, especially those for whom the sources of funds are not clear. For low-risk Customers, only the most minimum requirements of validating the Customer's identity and location be met.

 

 

 

 

 

 

 

 

 

 

 

3.It is necessary to keep in mind that the formulation and implementation of a CAP should not become overly restrictive and should not result in the denial of services to the general public, particularly those who are financially or socially disadvantaged.

3.Customer Identification Procedure

3.1   Customer Identification Procedure should be performed at various phases, such as when establishing a connection, conducting a financial transaction, or when the Company has doubts about the authenticity/veracity or appropriateness of previously collected Customer identification data.

3.2  Customer identification is the process of identifying and verifying a Customer's identity by the use of reputable, independent source paperwork, data, or information. Company must gather adequate information to satisfy themselves about the identification of each new Customer, whether regular or occasional, as well as the purpose of the desired financial connection.

3.3  If the Company agrees to accept such accounts under the Customer Acceptance Policy, it must take reasonable steps to identify the beneficial owner(s) and verify his/her/their identification in such a way that the Company is confident that it knows who the beneficial owner(s) is/are. Annex-II contains a list of the types of documents and information that can be used to identify Customers.

3.4  The Company shall conduct suitable, specific, and when appropriate, Enhanced Due Diligence on its Customers in order to know and verify their genuine identities, as well as to detect and report instances of illegal activity, such as money laundering or terrorism funding. The level of risk associated with the relationship (products, services, business processes, geographic locations) between the Company and the Customer, as well as the risk profile of the Customer, will determine the procedures, documentation, types of information obtained, and levels of KYC due diligence to be performed.

3.5  The Company will conduct a periodic 'Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment' to identify, assess, and take proper ways to prevent money laundering and terrorist financing risk for Customers. The Company's internal risk assessment should be proportional to its size, geographic presence, complexity of activities/structure, and other factors, and it will use a Risk Based Approach to mitigate and manage the identified risks. Respective businesses must have standard operating processes in place for identifying, mitigating, controlling, and managing any recognized risks. The risk assessment techniques must be examined on a regular basis to ensure their reliability and efficacy.

 

4.Monitoring of Transactions

4.1  As required by section 12 of the PML Act, 2002, the Company has mandated that the record of transactions in the accounts is saved and maintained. It also assured those suspicious transactions, as well as any other sort of transaction, are reported to the proper law enforcement authority under section 12 of the PML Act, 2002.

4.2  Continuous monitoring is an important part of a successful KYC approach. The level of monitoring will be determined by the account's risk sensitivity.

4.3  Any complex, exceptionally large transactions and all strange patterns with no clear economic or visible legal reason should be given extra attention by the Company.

4.4  The Company may set threshold restrictions for a specific account type and pay special attention to transactions that exceed these limits. Transactions involving substantial sums of money that are not consistent with the Customer's typical and expected behavior should be investigated further.

4.5  Accounts with a high-risk level must be closely monitored.

4.6  The Company has established a framework for frequent evaluation of account risk categorization and the requirement for improved due diligence procedures.

4.7   All cash transactions (deposits and withdrawals) of Rs.10 lakh and higher are properly recorded by its branches. On a fortnightly basis, the internal monitoring system should have a protocol in place for reporting such transactions and those of a suspicious character to the controlling/head office. (Activities which would be construed as suspicious transactions are given in Annex-IV)

5.  Risk Management

5.1  The Company's Board of Directors has established the necessary procedures to maintain efficient operations. The Company has put in place procedures to ensure that the KYC rules are followed correctly. The procedure covers effective management oversight, systems and controls, job segregation, training, and other associated issues. 

5.2  The responsibility for ensuring that the Company's policies and procedures are implemented successfully has been expressly assigned within the Company. In conjunction with their boards, the Company developed methods for building Risk Profiles of existing and new Customers and implementing various anti-money laundering measures based on the risks associated with a transaction, account, or business relationship.

5.3  Internal audit and compliance operations at the Company evaluate and ensure that KYC policies and procedures are followed.

5.4  In most cases, the compliance function also conducts an independent review of the Company's policies and procedures, as well as legal and regulatory requirements.

5.5  Internal auditors examine and verify the implementation of KYC procedures at the branches, making notes on any flaws they find.

5.6  On a quarterly basis, the Audit Committee of the Board reviews the compliance in this sector. The Company makes certain that the duties of determining compliance with KYC regulations are not outsourced.

5.7  Through numerous training programs and e-mails, the Company continues to educate front-line workers, branch staff, and new hires on the aspects of AML / KYC.

 

6.  Customer and Staff Education

6.1  The Company may have an ongoing employee training programme, so that staff members are adequately trained in KYC procedures, who in turn may also educate Customer from time to time. The frontline investment and lending and operating managers shall be fully equipped with the compliance requirements of KYC guidelines in respect of new Customer acquisition and shall adhere to the Customer Identification & Acceptance procedure as above. The rationale of KYC guidelines shall be updated periodically to new staff members also on an ongoing basis. The Company shall also prepare an information data file compiling all relevant particulars of its Customers, which may be of a personal nature. The said data shall also comprise all related KYC information in respect of existing and past Customers.

 

7.  New Technologies-Credit Cards

7.1  Majority of these cards are sold through the services of agents. Before issuing cards to Customers, the Company has assured that proper KYC procedures are followed.

 

8.  Existing Customers

8.1  The circular DNBS(PD) CC No. 34/2003-04 dated January 6, 2004, encouraged NBFCs to apply the KYC rules to all existing Customers in a timely manner. While the amended criteria will apply to all new Customers, existing Customers will be subject to this policy based on materiality and risk.

8.2  Existing accounts, on the other hand, will be closely monitored, and any unexpected patterns in account operation should prompt a reassessment of the Customer Due Diligence measures.

8.3  It is possible, however, to verify that all existing accounts of businesses, firms, trusts, charities, religious organizations, and other institutions are subjected to basic KYC criteria, which would confirm the natural/legal person's identification as well as that of the "beneficial owners."

8.4  If the Company is unable to apply appropriate KYC measures due to the Customer's failure to provide information and/or cooperation, the Company may consider closing the account or terminating the business relationship after providing the Customer with adequate notice and explanation of the reasons for the decision. Such decisions must be made by someone in a position of authority.

 

 

9.  Appointment of Designated Director / Principal Officer:

9.1  [●], Managing Director will be the designated director who is responsible for ensuring overall compliance as required under PMLA Act and the Rules.

9.2 [●] is designated as Principal Officer who shall be responsible for the furnishing of information. Suspicious transactions shall be reported immediately to the principal officer of the Company.

 

10.  Severability

10.1  Any provision of this KYC-AML Policy becomes invalid or unenforceable due to whatsoever reason, such invalidity or unenforceability shall not lead to the entire agreement becoming unenforceable. The unenforceable or invalid portion shall be deemed to be severed without affecting the validity of the entire KYC-AML Policy.

 

11.  Governing Law and Jurisdiction

11.1  All matters, claims and any other such issues which may directly or indirectly arise from or in connection this KYC-AML Policy shall be governed under the laws of India. The courts at [●] shall have the sole and exclusive jurisdiction to hear all matters, claims or any such issues which may directly or indirectly arise from or in connection with this KYC-AML Policy.

 

12.  Questions and Grievances

12.1   If You have any queries regarding this KYC-AML Policy, You may contact: [Insert name of grievance officer]

         [Insert contact details of grievance officer]

12.2  Your complaints shall be acknowledged within [●] hours and would be disposed of within [●] of their receipt.

Annexure – I

Indicative list for Risk Categorization

 

Low Risk Category

Individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, shall be categorized as low risk.

Illustrative examples are:

●       Salaried employees whose salary structure is well‐defined

●       People belonging to  lower economic strata of the society whose accounts show small balances and low turnover

●       Government departments and Government‐owned companies

●       Statutory bodies & Regulators

 

Medium & High-Risk Category

Customers that are likely to pose a higher-than-average risk may be categorized as medium or high risk depending on Customer's background, nature and location of activity, country of origin, sources of funds and his Customer profile etc.

Illustrative examples of medium risk category Customers are:

Non-Resident Customers

●       High Net worth Individuals

●       Trust, charities, NGO’s and Organization receiving donations

●       Companies having close family shareholding or beneficial ownership

●       Firms with ‘sleeping partners’

 

Illustrative examples of high-risk category Customers are:

●       Politically Exposed Persons (PEPs) of Indian/Foreign Origin

●       Non face‐to‐face Customers

●       Those with dubious reputation as per public information available

Accounts of bullion dealers and jewelers

Annexure ‐ II

Customer Identification Requirements

 

Trust/Nominee or Fiduciary Accounts

In the case of any application from trust/nominee or fiduciary accounts, the Company determines whether the Customer is acting on behalf of another person as trustee/nominee or any other intermediary.

If in doubt of the persons behind the Customer, the Company may insist on receipt of satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also obtain details of the nature of the trust or other arrangements in place. Company takes reasonable precautions to verify the identity of the trustees and the settlors of trust (including any person settling assets into the trust), grantors, protectors, beneficiaries and signatories.

Accounts of companies and firms

Company needs to be vigilant against business entities being used by individuals as a ‘front’ for transactions. Company should examine the control structure of the entity and identify the natural persons who have a controlling interest and who comprise the management.

These requirements may be moderated  according  to the risk perception  e.g. in the case of a public Company.

Customer accounts opened by professional intermediaries

Where the transaction is with a professional intermediary who in turn is on behalf of a single Customer, that Customer must be identified. The Company shall not open accounts with such professional intermediaries who are bound by any Customer confidentiality that prohibits disclosure of the Customer details to the Company.

Accounts of Politically Exposed Persons (PEPs) resident outside India

Politically exposed persons are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state‐owned corporations, important political party officials, etc.

 

The Company offers products primarily to Indian residents only. The Company if extending any  finance to non‐residents should check if he is PEP and check all the information available about the person in the public domain. The decision to transact with the PEP should be taken only by the Head of credit of the respective businesses supported by appropriate verification. The Company is also required to subject such accounts to enhanced monitoring on an ongoing basis. The above norms shall also be applied to the contracts of the family members or close relatives of PEPs.

 

In the event of an existing Customer or the beneficial owner of an existing account, subsequently becoming PEP, the approval of the Head of respective businesses shall be obtained to continue the business relationship and subject the account to the KYC due diligence measures as applicable to the Customers of PEP category including enhanced monitoring on an ongoing basis.

 

Accounts of non‐face‐to‐face Customers

The Company will not do any transactions with non‐face‐to‐face Customers.

 

Identity of Beneficial Owner

The Company shall identify the beneficial owner and take all reasonable steps to verify his identity. The term "beneficial owner" has been defined as the natural person who ultimately owns or controls a Customer and/or the person on whose behalf the transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person. Government of India has since examined the issue and has  specified the procedure  for  determination   of Beneficial  Ownership

 

A)  Where the Customer is a Company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a controlling ownership interest or who exercises control through other means.

Explanation:

        i. "Controlling ownership interest" means ownership of or entitlement to more than twenty‐five percent of shares or capital or profits of the Company;

 

      ii.  "Control" shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements;

 

a)  where the Customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of/entitlement to more than fifteen percent of capital or profits of the partnership;

b)  where the Customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of or entitlement to more than fifteen percent of the property or capital or profits of such association or body of individuals;

c)  where no natural person is identified under (a) or (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official;

d)  where the Customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with fifteen percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership. In case the Customer is acting on behalf of another person as trustee / nominee, the Company shall obtain satisfactory evidence of the identity of the persons on whose behalf they are acting; and

e)  where the Customer or the owner of the controlling interest is a Company listed on a stock exchange, or is a subsidiary of such a Company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.

Annexure - III

Customer Identification Procedure

Features to be verified and documents that may be obtained from customers

Note: Notwithstanding the list of documents as stated above, in case of change, if any, in the regulations as notified by RBI from time to time, the list of documents as prescribed by RBI shall prevail over the above.

Annexure ‐ IV

Illustrative list of activities which would be construed as suspicious transactions

a) Activities not consistent with the customer's business, i.e. accounts with large volume of credits whereas the nature of business does not justify such credits. 

b)  Any attempt to avoid Reporting/Record‐keeping Requirements/provides insufficient / suspicious information: 

a.   A customer who is reluctant to provide information needed for a mandatory report, to have the report filed or to proceed             with a transaction after being informed that the report must be filed.   

b.  Any individual or group that coerces/induces or attempts to coerce/induce the Company employee from not filing any                   report or any other forms.   

c.  An account where there are several cash transactions below a specified threshold level to avoid filing of reports that may be necessary in case of transactions above the threshold level, as the customer intentionally splits the transaction into smaller amounts for the purpose of avoiding the threshold limit. 

c)  Certain Employees of the Company arousing suspicion:   

a.  An employee whose lavish lifestyle cannot be supported by his or her salary. 

b.  Negligence of employees/willful blindness is reported repeatedly.   

d)  Some examples of suspicious activities/transactions to be monitored by the operating staff:   

a.  Multiple accounts under the same name   

b.  Refuses to furnish details of source of funds by which initial contribution is made, sources of funds is doubtful etc;   

c.   There are reasonable doubts over the real beneficiary of the loan

d.   Frequent requests for change of address

  

Risk Category
Category of Customers

Low Risk

1. Salaried Employee whose salary structures are well defined,

2. People belonging to lower economic strata of the society whose accounts show small balances and low turnover,

3. Government departments & Government owned companies, regulators and statutory bodies, etc.

Medium Risk

  1. Customers that are likely to pose a higher-than-average risk to the Company may be categorized as medium or high risk depending on the Customer's background, nature and location of the activity, country of origin, sources of funds Customer profile, etc.

High Risk

1. Non-resident Customers,

2. High net worth individuals,

3.Trusts, charities, NGOs, and organizations receiving donations,

4.Companies having close family shareholding or beneficial ownership,

5.Firms with 'sleeping partners',

6.Politically exposed persons (PEPs) of foreign origin,

7.Non-face-to-face Customers, and

8.Those with dubious reputation as per public information available, etc.

9.Persons whose sources of income are not clear.

Types of Customers
Identification Data to verify the identity of the Customer

Natural Persons

1. Sufficient identification data to verify the identity of the Customer,

2. His address/location, and

3. His recent photograph.

Legal Persons or Entities

  1. Verify the legal status of the legal person/ entity through proper and relevant documents

  2. Verify that any person purporting to act on behalf of the legal person/entity is so authorized and identify and verify the identity of that person,

  3. Understand the ownership and control structure of the Customer and determine who are the natural persons who ultimately control the legal person.

Legal persons requiring an extra element of caution

Customer identification requirements are given in Annex-I.

Features
Documents

Accounts of individuals

o    Legal name and any other names used

o    Correct permanent address

(i) Passport (ii) PAN card (iii) Voter’s Identity Card (iv) Driving licence(v) Identity card (subject to the Company’s satisfaction) (vi) Letter from a recognized public authority or public servant verifying the identity and residence of the customer to the satisfaction of Company

(i) Telephone bill (ii) Bank account statement (iii) Letter from any recognized public authority(iv) Electricity bill (v) Ration card(vi) Letter from employer (subject to satisfaction of the Company)  ( any one document which provides customer information to the satisfaction of the Company will suffice )

Accounts of companies

o    Name of the company

o    Principal place of business

o    Mailing address of the company

o    Telephone/Fax Number

(i) Certificate of incorporation and Memorandum & Articles of Association (ii) Resolution of the Board of Directors to open an account and identification of those who have authority to operate the account (iii) Power of Attorney granted to its managers, officers or employees to transact business on its behalf (iv) Copy of PAN allotment letter (v) Copy of the telephone bill

Accounts of partnership firms

o    Legal name

o    Address

o    Names of all partners and their addresses

o   Telephone numbers of the firm and partners

(i) Registration certificate, if registered(ii) Partnership deed (iii) Power of Attorney granted to a partner or an employee of the firm to transact business on its behalf (iv) Any officially valid document identifying the partners and the persons holding the Power of Attorney and their addresses (v) Telephone bill in the name of firm/partners

Accounts of trusts & foundations

o  Names of trustees, settlers, beneficiaries and signatories

o  Names and addresses of the founder, the managers/directors and the beneficiaries

o  Telephone/fax numbers

(i) Registration certificate, if registered(ii) Partnership deed (iii) Power of Attorney granted to a partner or an employee of the firm to transact business on its behalf (iv) Any officially valid document identifying the partners and the persons holding the Power of Attorney and their addresses (v) Telephone bill in the name of firm/partners

bottom of page