POLICY ON KNOW YOU CUSTOMER (KYC) STANDARD AND ANTI MONEY LAUNDERING/COMBATING FINANCIAL TERRORISM MEASURES
Reserve Bank of India has been issuing guidelines in regard to Know Your Customer (KYC) standards to be followed by banks and measures to be taken in regard to Anti Money Laundering (AML) and Combating Financial Terrorism (CFT). The guidelines incorporate the:
- Obligations cast on banks under the Prevention of Money Laundering Act (PMLA), 2002
- Recommendations made by the Financial Action Task Force (FATF) on AML standards and CFT
- Paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision
- Banks are required to put in place a comprehensive policy framework, duly approved by the Board of Directors, in this regard. This policy document has been prepared in line with the SBI Policy on KYC, AML and CFT.
Objective, Scope and Application of the Policy:
The primary objective of the Policy is to prevent the Bank from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities. Purposes proposed to be served by the Policy are:
- To prevent criminal elements from using the Bank for money laundering activities.
- To enable the Bank to know/understand the customers and their financial dealings better, which in turn, would help the Bank to manage risks prudently.
- To put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws/laid down procedures.
- To comply with applicable laws and regulatory guidelines.
- To ensure that the concerned staff are adequately trained in KYC/AML/CFT procedures.
This Policy is applicable to all branches/offices of the Bank and is to be read in conjunction with related operational guidelines issued from time to time.
Definition of Money Laundering
Section 3 of PMLA has defined the offence of money laundering as under:
Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as untainted property shall be guilty of offence of money laundering.
Money launderers use the banking system for cleansing dirty money obtained from criminal activities with the objective of hiding/disguising its source. The process of money laundering involves creating a web of financial transactions so as to hide the origin and true nature of these funds.
For the purpose of this document, the term money laundering would also cover financial transactions where the end use of funds goes for terrorist financing irrespective of the source of the funds.
Obligations under Prevention of Money Laundering (PML) Act 2002
Section 12 of PMLA places certain obligations on every banking company, financial institution and intermediary, which include
- maintaining a record of prescribed transactions
- furnishing information of prescribed transactions to the specified authority
- verifying and maintaining records of the identity of its clients
- preserving records in respect of (i), (ii) and (iii) above for a period of ten years from the date of cessation of transactions with the clients.
- These requirements have come into effect from the 1st July, 2005 i.e. the date on which PMLA was notified by the Government of India and rules framed there under.
Non compliance with KYC standards, use of the portals of the Bank for Money Laundering/financing terrorism activities expose the Bank to various risks, such as Operational Risk, Reputation Risk, Compliance Risk and Legal Risk etc.
Definition of a Customer
A customer, for the purpose of the Policy is defined as:
- a person or an entity that maintains an account and/or has a business relationship with the Bank
- beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors etc. as permitted under the law, and
- any person or entity connected with a financial transaction.
Key Elements of the KYC Policy
The KYC Policy of the Bank has the following key elements:
- Customer Acceptance Policy
- Customer Identification Procedures
- Monitoring of Transactions and
- Risk Management
While the Policy directions are given in this documents, the detailed operating guidelines are issued separately from time to time through circulars which should be referred to for effective implementation of the Policy.
Customer Acceptance Policy
Bankâ€™s Customer Acceptance Policy (CAP) lays down the criteria for acceptance of customers. The guidelines in respect of the customer relationship in the Bank broadly are:
- No account is to be opened in anonymous or fictitious/benami name(s)/entity(ies)
- Accept customers only after verifying their identity, as laid down in Customer Identification Procedures (discussed later)
- Classify customers into various risk categories and, based on risk perception, apply the acceptance criteria for each category of customers. Also, a profile of each customer will be prepared based on risk categorization
- Documentation requirements and other information to be collected, as per PMLA and RBI guidelines/instructions, to be complied with
- Not to open an account or close an existing account (except as provided in paragraph 7.5 of this Policy), where identity of the account holder cannot be verified and/or documents/information required could not be obtained/confirmed due to non-cooperation of the customer
- Identity of a new customer to be checked so as to ensure that it does not match with any person with known criminal background or banned entities such as individual terrorist organizations etc.
- Implementation of CAP should not become too restrictive and result in denial of banking services to general public, especially those who are financially or socially disadvantaged.
Circumstances in which a customer of the Bank is permitted to act on behalf of another person / entity is given as under:
- To represent individual for transactions / agreement within the delegated authority by way of express documentary mandate in his favour by the maker of such mandates and to the extent permitted by such mandate subject to laws of the land.
- To present legal / fiduciary entities for transactions / agreements / arrangements with the Bank, within the express documentary delegated authority in his favour by the maker of such mandate subject to laws of the land.
- To enter into transactions / agreements with the Bank as directed by Legislative / Executive / Judicial authorities to the extent and for the purpose specified by such authority.
Customer Identification Procedures
Customer identification requires identifying the customer and verifying his/her identity by using reliable, independent source documents, data or information. Thus, the first requirement of Customer Identification Procedures (CIP) is to be satisfied that a prospective customer is actually who he/she claims to be. The second requirement of CIP is to ensure that sufficient information is obtained on the identity and the purpose of the intended nature of the banking relationship. This would enable risk profiling of the customer and also to determine the expected or predictable pattern of transactions. Identification data, as under, would be required to be obtained in respect of different classes of customers:
- For customers that are natural persons:
- Address/location details
- Recent photograph
- For customers that are legal persons:
- Legal status of the legal person/entity through proper and relevant documents
- Verification that any person purporting to act on behalf of the legal person/entity is so authorized and identity of that person is established and verified.
- Understand the ownership and control structure of the customer and determine who are the natural persons who ultimately control the legal person.
Wherever applicable, information on the nature of business activity, location, mode of payments, volume of turnover, social and financial status etc. will be collected for completing the profile of the customer.
Customers will be classified into three risk categories namely High, Medium and Low, based on the risk perception. The risk categorization will be reviewed periodically.
The Customer Identification Procedures are to be carried out at the following stages:
- While establishing a banking relationship;
- When the bank feels it is necessary to obtain additional information from the existing customers based on the conduct or behaviour of the account.
- Customer identification data (including photograph/s) should be periodically updated after the account is opened. Such verification should be done at least once in five years in case of low risk category customers and not less than once in two years in case of high and medium risk customers.
- Customer Identification will also be carried out in respect of non-account holders approaching bank for high value one-off transaction as well as any person or entity connected with a financial transaction which can pose significant reputational or other risks to the Bank.
Small Deposit (No Frills) Accounts:
With a view to ensuring financial inclusion such that persons, especially those belonging to low income group both in urban and rural areas, who are not able to produce such documents required by the Bank to satisfy about their identity and address, are not denied banking services, branches may open Small Deposit (No Frills) accounts, for natural persons only, with relaxed KYC standards. Persons desirous of opening such accounts can keep aggregate balances not exceeding Rs.50,000/- (Rupees fifty thousand only) in all their accounts taken together and the total credit, again in all accounts taken together, should not exceed Rs.1,00,000/- (Rupees one lac only) in a year.
If at any point, the balances in all his/her accounts with the Bank (taken together) exceeds Rs.50,000/- (Rupees fifty thousand only) or total credit in all accounts taken together exceeds Rs.1,00,000/- (Rupees one lac only) in a year, no further transaction will be permitted until full KYC procedure is completed. Bank would notify the customers when the balances reach Rs.40,000/- (Rupees forty thousand only) or total credit in a year reaches Rs.80,000/- (Rupees eighty thousand only) so that appropriate documents, for complying with full KYC requirements are submitted well in time to avoid blocking of transactions in the account.
Monitoring and Reporting of Transactions
Monitoring of transactions will be conducted taking into consideration the risk profile of the account. Special attention will be paid to all complex, unusually large transactions and all unusual patterns, which have no apparent economic or visible lawful purpose. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer will be subjected to detailed scrutiny.
System supported monitoring of transactions will be done by the AML team under the Principal Officer, based on alerts thrown up by the AML software acquired by the Bank and on the basis of feedback/inputs from Regional Office(s) / Branches. Simultaneously, however the branches will maintain oversight over the transactions with a view to identifying suspicious transactions and bringing them to the notice of the Principal Officer at the Head Office.
After due diligence at the appropriate level in the Bank, transactions of suspicious nature and/or any other type of transaction notified under PMLA will be reported by the Principal Officer to Financial Intelligence Unit â€“ India(FIU-IND), the appropriate authority. A record of such transactions will be preserved and maintained for the period as prescribed in PMLA.
Transactions in the accounts will also be monitored with a view to timely submitting, the Cash Transaction Report(CTR) in respect of cash transactions of Rs. 10,00,000/- (Rupees ten lacs only) and above undertaken in an account either singly or in an integrally connected manner.
All cash transaction, where forged or counterfeit Indian currency notes have been used, shall also be reported immediately by the branches, by way of Counterfeit Currency Reports (CCRs) to the Principal Officer, through proper channel, for onward reporting to FIU-IND.
Closure of Accounts
Where the appropriate KYC measures could not be applied due to non-furnishing of information and/or non-cooperation by the customer, the account can be considered for closure or terminating the banking / business relationship. Before exercising this option, all efforts will be made to obtain the desired information and, in the event of failure, due notice, will be given to the customer explaining the reasons for taking such a decision. The competent authority to permit closure of such accounts shall be the Branch Head.
While the Bank has adopted a risk based approach to the implementation of this policy, it is necessary to establish appropriate framework covering proper management oversight, systems, controls and other related matters.
Bank’s Internal Audit of compliance with KYC/AML Policy will provide an independent evaluation of the same including legal and regulatory requirements. Concurrent/Internal Auditors shall specifically check and verify the application of KYC/AML procedures at the branches and comment on the lapses observed in this regard. The compliance in this regard will be placed before the Audit Committee of the Board at quarterly intervals.
The Principal Officer designated by the Bank in this regard will have overall responsibility for maintaining oversight and coordinating with various functionaries in the implementation of KYC/AML/CFT policy. However, primary responsibility of ensuring implementation of KYC/AML/CFT Policy and related guidelines will be vested with the branches. Suitable checks and balances in this regard will be put in place at the time of introducing new products/procedures as also at the time of review of existing product/procedures for overall risk and compliance management. For this purpose, Head Office will designate an official as Money Laundering Reporting Officer (MLRO) who would ensure proper implementation and reporting, as per provisions of this Policy, to the Principal Officer.
Bank will depute its employees for the training programme, of 6 days duration or more, where at least one or two sessions is devoted in KYC Standards/AML/CFT measures so that the employees are adequately trained in KYC/AML/CFT procedures.
Recruitment/Hiring of Employees
KYC norms/AML standards/CFT measures have been prescribed to ensure that criminals are not allowed to misuse channel of the Bank. Bank will put in place necessary and adequate screening mechanism as an integral part of its recruitment/hiring process of personnel.
The Bank recognizes the need to spread awareness on KYC, Anti Money Laundering measures and the rationale behind them amongst the customers and shall take suitable steps for the purpose.
Introduction of New technologies
Bank will pay special attention to the money laundering threats arising from new or developing technologies and take necessary steps to prevent its misuse for money laundering activities. Bank will ensure that appropriate KYC procedures are duly applied to the customers using new technology driven products.
KYC for the existing accounts
While the KYC guidelines will apply to all new customers, the same would be applied to the existing customers on the basis of materiality and risk. However, transactions in existing accounts would be continuously monitored for any unusual pattern in the operation of the accounts. On the basis of materiality and risk the existing accounts of companies, firms, trusts, charities, religious organizations and other institutions are subjected to minimum KYC standards which would establish the identity of the natural / legal person and those of the beneficial owners. Similarly, the Bank will also ensure that term / recurring deposit accounts are subject to revised KYC procedures at the time of renewal of the deposits on the basis of materiality and risk.
- Information collected from the customers for KYC compliance should be relevant to the perceived risk, not intrusive and should be treated as confidential. The same is not to be used/divulged for any purpose.
- Any remittance of funds by way of demand drafts, mail/telegraphic transfer or any other mode and issue of travellers cheques for value Rs.50,000/- and above is effected only by debit to customer’s account or against cheques/drafts and not against cash.
- Provision of Foreign Contribution (Regulation) Act, 1976, as amended from time to time, wherever applicable, should be strictly adhered to.
The Chairman of the bank shall be the Principal Officer for KYC/AML/CFT matters who shall be responsible for implementation of and compliance with this policy. His illustrative duties, in this regard, will be as follows :-
- Overall monitoring of the implementation of the Bank’s KYC/AML/CFT policy.
- Monitoring and reporting of transactions, and sharing of information, as required under the law.
- Interaction with MLROs for ensuring full compliance with the Policy.
- Timely submission of Cash Transaction Reports (CTRs), Suspicious Transaction Reports (STRs) and Counterfeit Currency Reports (CCRs) to FIU-IND.
- Maintaining liaison with the law enforcement agencies, banks and other institutions which are involved in the fight against money laundering and combating financing of terrorism.
- Ensuring submission of periodical reports to the Board.
Review of the Policy
The Policy will be reviewed as and when considered necessary by the Board