KYC and AML Policy
KYC and AML Policy
1
The Reserve Bank of India has issued comprehensive guidelines on Know Your Customer (KYC) norms
and Anti-Money Laundering (AML) standards and has advised all NBFCs to ensure that a proper
policy framework on KYC and AML measures be formulated and put in place with the approval of the
Board.
The objective of RBI guidelines is to prevent NBFCs being used, intentionally or unintentionally by
criminal elements for money laundering activities. The guidelines also mandate making reasonable
efforts to determine the identity and beneficial ownership of accounts, source of funds, the nature
of customer’s business, reasonableness of operations in the account in relation to the customer’s
business, etc. which in turn helps the Company to manage its risks prudently. Accordingly, the main
objective of this policy is to enable the Company to have positive identification of its customers.
Accordingly, in compliance with the guidelines issued by RBI from time to time, the following KYC &
AML policy of the Company is approved by the Board of Directors of the Company.
This policy is applicable to all categories of products and services offered by the Company.
The Company shall ensure that the compliance with this Policy is being checked in the
InternalAudit conducted on the Company.
The Company shall ensure that the decision-making functions are not outsourced.
All the procedures namely, CDD procedure, risk management, customer identification
processshall be carried out for all the business verticals including co-lending.
CUSTOMER ACCEPTANCE POLICY
Definition of a Customer
A person or entity that maintains an account and/or has a business relationship with
theCompany
One on whose behalf the account is maintained (i.e. the beneficial owner)
Beneficiaries of transactions conducted by professional intermediaries such as Stock Brokers
2
Chartered Accountants, Solicitors etc. as permitted under the law, and
Any other person or entity connected with a financial transaction which can pose significant
reputation or other risks to the Company, say a wire transfer or issue of high value demand
draft as a single transaction.
A “Person” shall have the meaning as defined under KYC policy of RBI (and any amendment from time
to time by RBI) which at present is as follows:
‘Person’ shall include:
a. an Individual;
b. a Hindu Undivided Family;
c. a Company;
d. a Trust
e. a Firm;
f. an association of persons or a body of individuals, whether incorporated or not;
g. every artificial juridical person, not falling within any one of the above person (a toe);
h. any agency, office or branch owned or controlled by any one of the above persons (a to f)
3
iv. Subject to the above-mentioned norms and caution, at the same time all the employees of
Company will also ensure that the above norms and safeguards do not result in any kind of
harassment or inconvenience to bona fide and genuine customers who should not feel
discouraged while dealing with the Company.
v. The Risk Team shall, at the time of approving a financial transaction/activity, or executing
any transaction, verify the record of identity, signature proof and proof of current address or
addresses including permanent address of the customer. For co-lending loans, this shall be
verified by the NBFC partner. The Company shall however maintain a repository of KYC
documents of borrowers under the co-lending programme as well.
ii. The profile of new customers will be prepared on risk categorization basis. Such profile will
containthe following information about the new customers:
Customer’s Identity
Social/Legal and financial status of the customer
Nature of the business activity
Information about the business of the customer’s clients and their locations
iii. There will be level-wise categorization of customers i.e. Level-I, Level-II and Level-III. Such levels
will be decided based on risk element involved in each case which will be determined by
considering the following information submitted by the customer:
Nature of business of the Customer and of his Clients
Work place of Customers and of his Clients
Country of Origin
Source of funds
Volume of business six-monthly / annual turn-over
Social/Legal and financial status
Quantum and tenure of facility applied for and proposed schedule for repayment of loan
iv. Information to be collected from the customers will vary according to categorization of customer
from the point of view of risk perceived. However, while preparing customer profile the
Company shall seek only such information from the customer which is relevant to the risk
category and is not intrusive to the customer. Any other information from the customer should
be sought separately with his/her consent and after opening the account.
v. For risk categorization, individual (other than High Net Worth) and entities whose sources of
wealth can be easily identified and transactions in whose accounts by and large confirm to the
known profile, may be categorized as low risk or Level-I category. Normally Level-I customers
would be
Well governed corporates
Salaried employees having definite and well-defined salary structure,
Employees of Government Departments or Government owned companies,
Statutory bodies,
Self-employed individuals, however with regular income and good credit behaviour
4
vi. Cases where the Company is likely to incur higher than average risk will be categorized as
medium or high-risk customers and will be placed in medium or high risk category i.e. Level-II or
Level-III category. While placing the customers in the above categories, the Company will give
due consideration to the following aspects:
Customer’s background,
Country of his origin,
Nature and location of his business activities,
Sources of funds and profile of customer’s clients etc.
In such cases, the Company will apply higher due diligence measures keeping in view the risk level.
vii. Special care and diligence will be taken and exercised in respect of those customers who happen
to be high profile and/or Politically Exposed Persons (“PEP”) within or outside country. Such
personswill include:
Foreign Delegates or those working in Foreign High commissions or Embassies,
Senior Politicians,
Senior Judicial Officers,
Senior Military Officers,
Senior Executives of State Owned Corporations and
Officials of important and leading political parties (as explained in Master Direction - Know
YourCustomer (KYC) Direction, 2016).
About the accounts of PEPs, in the event of an existing customer or the beneficial owner of an
existingaccount subsequently becoming PEP, the Company shall obtain Credit Committee approval in
such cases to continue the business relationship with such person, and undertake enhanced
monitoring.
viii. The extent of due diligence requirement will vary from case to case as the same will depend
upon risk perceived by the Company while granting credit facilities to customers.
For the purpose of preparing customer profile only such relevant information from the customers
will be sought based on which the Company can easily decide about the risk category in which the
customers are to be placed. Ordinarily, the customer profile maintained by the Company will be kept
confidential except for cases where the customer himself allows and/or gives consent for the use of
the information given in customer profile / application form for offering other products / services of
other companies / entities belonging to the Company’s group or any other legal entity with whom
the Company is having any business tie-ups. However, while taking any such permission or consent
of the customer for using his above referred information provided to the Company, it will be ensured
that such permission / consent of the customer is unambiguous and explicit.
ix. Cases in which the risk level is higher will require intensive due diligence exercise. Such cases will
include those where the sources of funds to be used for business operations or sources to repay
the loan to the Company are not clearly disclosed or cannot be ascertained from the financial
statements submitted by the customer to the Company. Besides above, some of such customers
in whose cases the Company will require higher due diligence measures, especially those for
whom the source of funds is not clear, are mentioned below:
NRI Customers
Trusts (except trusts appropriately set up under a specific regulation)
Societies
Charitable Institutions
NGOs and other organizations receiving donations from within or outside the country
Partnership firms with sleeping partners
Family owned companies
5
Persons with dubious or notorious reputation as per the information available from different
sources like media, newspapers etc
Companies having close family shareholding or beneficial ownership
Politically exposed persons (PEPs) of foreign origin means individuals who are or have been
entrusted with prominent public functions in a foreign country, e.g. Heads of States or of
Governments, Senior Politicians, Senior Government, important political officials
High net worth individuals
Non-face to face customers
6
B) Verify Domicile of Residence:
i. Example: Obtain copies of utility bill receipts or other form of objective verification of
Residence, UID or Physical Aadhaar card/letter or e-Aadhaar letter (if the address provided
by the customer is the same on the document submitted for identity proof)
C) Verify the previous year’s Employment Record:
i. Obtain and call the previous employer to check the credentials of the prospective employee
ii. Check and verify the address of employee
D) Check References:
i. Obtain 2 or more professional employment references from the prospective employee.
ii. The prospective manager of the employee, or, the Human Resources department, must
personally converse with the prospect’s references The Company shall maintain files for each
employee hired together with copies of all data obtained. These files may be maintained in
electronic or physical form and should be accessible quickly when needed.
Further these files will be classified as confidential data and details contained therein shall
notbe divulged for cross selling or any other purpose.
PURPOSEFUL IMPLEMENTATION
The purpose of adopting the above measures and norms while taking decisions on the issue of
customer acceptance is twofold. Firstly, the Company should not suffer financially at later stage due
to lack of proper due diligence exercise and lack of information which is the exclusive possession of
the customers.
Secondly, to curb and prevent any such practice by the customers which is aimed to achieve
unlawful objectives or any other practice by which the financial institutions can be used to
perpetuate any criminal or unlawful activities. However, at the same time, this policy does not aim or
intend to deny the benefit of financial services to those who genuinely need such services / facilities
due to real lack of their own sufficient financial resources.
7
PROOF OF CUSTOMERS’ ADDRESS
A detailed list of the features to be verified and documents that may be obtained from the
Customers are given in Master Direction - Know Your Customer (KYC) Direction, 2016 of this policy
document. A Photostat copy of the proofs should be filed along with the loan application. In case of
need, the Company Manager can depute an official to visit the account holder / loan applicant at the
given address to satisfy about the genuineness of the address.
i. CDD in case of new customer on-boarding for individual customers, proprietor in case of
proprietorship firm, authorised signatories and Beneficial Owners (BOs) in case of Legal Entity (LE)
customers. Provided that in case of CDD of a proprietorship firm, the Company shall also obtain
the equivalent e-document of the activity proofs with respect to the proprietorship firm, as
mentioned in Section 28 of the Master Directions on KYC, apart from undertaking CDD of the
proprietor.
ii. Conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC
authentication as per Section 17 of the Master Directions on KYC.
iii. Updation/ Periodic updation of KYC for eligible customers.
Further the Company shall adhere to the minimum standards specified in the Master Directions
amendment w.r.t V-CIP infrastructure, procedure, record and data management.
The Company shall take assistance of Banking Correspondents (BCs) in facilitating the V-CIP only at
the customer end. However, the company shall maintain the details of the BC assisting the customer,
incase the service of BCs are utilized. The ultimate responsibility for customer due diligence will be
with the Company.
carry out an internal Money Laundering and Terrorist Financing risk assessment
periodicallyinvolving the below mentioned aspects in relation to the onboarded clients
identify, assess and take effective measures to mitigate its money laundering and terrorist
financing risk for clients, countries or geographic areas, products, services, transactions or
delivery channels, etc.
All individual cash transactions in an account during a calendar month, where either debits or credit
summation, computed separately, exceeding Rupees Ten Lakhs or its equivalent in foreign currency,
during the month should be reported to FIU-IND. However, while filing CTR, details of individual cash
10
transactions below Rupees Fifty Thousand may not be indicated.
The Principal Officer should ensure submission of CTR for every month to FIU-IND before 15th of the
succeeding month. CTR should contain only the transactions carried out by the Company on behalf
of their clients/customers excluding transactions between the internal accounts of the Company.
Transactions that involve large amounts of cash inconsistent with the normal and expected activity
of the customer shall attract special attention of the Company. Very high account turnover
inconsistent with the size of the balance maintained may indicate that funds are being ‘washed’
through that account. Company shall ensure that proper record of all transactions and cash
transactions (deposits and withdrawals) of Rs.10 lakhs and above in the accounts is preserved and
maintained as required under the PMLA.
11
The Company shall introduce a system of maintaining proper record of the following transactions:
All cash transactions of the value of more than rupees Ten lakhs to its equivalent in foreign
currency;
All series of cash transactions integrally connected to each other which have been valued
below rupees Ten lakhs or its equivalent in foreign currency where such series of
transactions have taken place within a month and the aggregate value of such transactions
exceeds rupees Ten lakhs;
All transactions involving receipts by non-profit organizations of rupees ten lakhs or its
equivalent in foreign currency;
All suspicious transactions, where forged or counterfeit currency notes or bank notes have
been used as genuine and where any forgery of valuable security or a document has taken
place facilitating the transactions;
All suspicious transactions whether or not made in cash and by way of as mentioned in the
Rules.
The Company shall ensure that it continues to maintain proper record of all cash transactions
(deposits and withdrawals) of Rs. 10 lakhs and above. The internal monitoring system shall have an
inbuilt procedure for reporting of such transactions and those of suspicious nature whether made in
cash or otherwise, to controlling / head office on a fortnightly basis.
The records shall be preserved in the following manner:
i) The nature of transactions
ii) The amount of the transaction and the currency in which it was denominated
iii) The date on which the transaction was conducted
iv) The parties to the transaction
The information in respect of the transactions referred to in clauses I, II and III referred above will be
submitted to the Director - FIU every month by the 15th day of the succeeding month.
The information in respect of the transactions referred to in clause IV referred above will be
furnishedpromptly to the Director - FIU in writing, or by fax or by electronic mail not later than seven
working days from the date of occurrence of such transaction.
The information in respect of the transactions referred to in clause V referred above will be
furnished promptly by the Director - FIU in writing, or by fax or by electronic mail not later than
seven working days on being satisfied that transaction is suspicious.
Strict confidentiality will be maintained by the Company and its employees of the fact of furnishing /
reporting details of such suspicious transactions.
As advised by the FIU-IND, New Delhi; the Company will not be required to submit 'NIL' reports in
casethere are no Cash / Suspicious Transactions, during a particular period.
The reporting of the requisite information in respect of cash transactions and suspicious transactions
shall be as per the provided formats1 and shall be in accordance with the reporting guide provided by
FIU-IND.
The required information will be furnished by the Company directly to the FIU-IND, through the
designated Principal Officer.
1
https://fiuindia.gov.in/files/downloads/Filing_Information.html#Report_link
12
High risk accounts shall be subjected to intensified monitoring. The Company shall set key indicators
for such high risk accounts, taking note of the background of the customer, which will include
country of origin, source of funds, the type of transactions involved (like accounts having unusual
transactions, inconsistent turnover, etc) and other risk factors. Additionally, the Company shall put in
place a system of periodical review of risk categorization of accounts and the need for applying
enhanced due diligencemeasures basis the revised risk categories.
In addition to the Ordinary Monitoring Standards, any high-risk accounts should also receive the
following monitoring:
Conduct periodic (at least quarterly) reviews of all medium to high-risk accounts
Create additional reports designed to monitor all transactions in an account to detect
patternsof potential illegal activities
Follow up on any expectations detected from the monitoring reports by contacting the
account owner personally to inquire about the unusual activity detected and regularly report
status of account inquiries to Compliance Officer.
The Company shall monitor and report such transactions in a manner specified in “Annexure 2”.
RISK MANAGEMENT
I. For effective implementation of KYC policy there will be a proper co-ordination, communication
and understanding amongst all the departments of the Company. The Board of Directors shall ensure
that an effective KYC program is put in place by establishing proper procedures and ensuring their
effective implementation. Heads of all the Departments will ensure that the respective responsibilities
in relation to KYC policy are properly understood, given proper attention and appreciated and
discharged with utmost care and attention by all the employees of the Company.
II. The Risk department of the Company will carry out quarterly checks to find out as to whether all
features of KYC policy are being followed and adhered to by all the Departments concerned. The Risk
Department shall sign off on the KYC documents for corporate entities, before every disbursement.
The Company shall also mandatorily include KYC adherence in its internal audit scope every quarter.
For co-lending partners, the Company shall carry out sample quarterly KYC sample audit by
independent audit firms to assess adherence with the KYC norms.
III. Company will take steps to ensure that its internal auditors are made well versed with this policy
that will carry out regular checks about the compliance of KYC procedures by all the branches of the
Company. Any lapse or short coming observed by the internal auditors will be brought to the notice
ofDepartment Heads concerned. There will be quarterly assessment to check the compliance level by
a committee to be constituted by the Board.
V. The inadequacy or absence of KYC standards can subject the Company to serious risks
especiallyreputational, operational, legal and concentration risks.
a. Reputational risk is defined as the risk of loss of confidence in the integrity of the
13
institution, that adverse publicity regarding the Company's business practices and
associations, whether accurate or not causes.
b. Operational risk can be defined as the risk of direct and indirect loss resulting from
inadequate or failed internal processes, people and systems or from external events.
c. Legal risk is the possibility that law suits, adverse judgments or contracts that turn out to
beunenforceable can disrupt or adversely affect the operations or condition of the Company.
d. Concentration risk although mostly applicable on the assets side of the balance sheet, may
affect the liability as it is also closely associated with funding risk, particularly the risk of early
and sudden withdrawal of funds by large depositors, with potentially damaging
consequencesfor the liquidity of the Company.
All these risks are interrelated. Any one of them can result in significant financial cost to the
Company and diverts considerable management time and energy to resolving problems that
arise.
a) Records of all transactions referred to in clause (a) of Sub-section (1) of section 12 read with Rule
3 of the PML Rules [referred to in Para 5. Supra] are required to be maintained for a period of ten
years from the date of transactions between the Clients and the Company.
b) Records of the identity of all clients of the Company are required to be maintained for a period of
ten years from the date of cessation of transactions between the Clients and the Company.
The Company will ensure that the appropriate steps are taken to evolve a system for proper
maintenance and preservation of information in a manner (in hard and soft copy) that allows data to
be retrieved easily and quickly whenever required or when requested by the competent authorities.
15
REPORTING TO FINANCIAL INTELLIGENCE UNIT - INDIA
The Principal Officer will report information relating to cash and suspicious transactions if detected,
to the Director, Financial Intelligence Unit-India (FIU-IND) as advised in terms of the PMLA rules, in
the prescribed formats as designed and circulated by RBI at the following address:
Director, FIU-IND,
Financial Intelligence Unit,
India,6th Floor, Hotel Samrat,
Chanakyapuri,
New Delhi - 110021
Where the Principal Officer has reason to believe that a single transaction or series of transactions
integrally connected to each other have been valued below the prescribed value to so to defeat the
provisions of PMLA rules, such officer shall furnish information in respect of such transactions to the
Director, FIU-IND, within the prescribed time.
A copy of all information furnished shall be retained by the Principal Officer for the purposes of
officialrecord.
GENERAL
The Company shall ensure that the provisions of PMLA and the Rules framed thereunder and the
Foreign Contribution and Regulation Act, 1976, wherever applicable, are adhered to strictly.
Where the Company is unable to apply appropriate KYC measures due to non-furnishing of
information and /or non-cooperation by the customer, the Company may consider closing the
account or terminating the business relationship after issuing due notice to the customer explaining
the reasons for taking such a decision. Such decisions need to be taken at a reasonably senior level.
16
Annexure I
2
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=4246&Mode=0
17
iii. An account where there are several cash deposits/withdrawals below a specified threshold
level to a avoid filing of reports that may be necessary in case of transactions above the
threshold level, as the customer intentionally splits the transaction into smaller amounts for
the purpose of avoiding the threshold limit.
Unusual Activities
i. An account of a customer who does not reside/have office near the branch even
thoughthere are bank branches near his residence/office.
ii. A customer who often visits the safe deposit area immediately before making cash deposits,
especially deposits just under the threshold level.
iii. Funds coming from the list of countries/centers which are known for money laundering.
Customer who provides Insufficient or Suspicious Information
i. A customer/company who is reluctant to provide complete information regarding the
purposeof the business, prior banking relationships, officers or directors, or its locations.
ii. A customer/company who is reluctant to reveal details about its activities or to provide
financialstatements.
iii. A customer who has no record of past or present employment but makes frequent large
transactions.
Certain Suspicious Funds Transfer Activities
i. Sending or receiving frequent or large volumes of remittances to/from countries outside India.
ii. Receiving large TT/DD remittances from various centers and remitting the consolidated
amount to a different account/center on the same day leaving minimum balance in the
account.
iii. Maintaining multiple accounts, transferring money among the accounts and using one
accountas a master account for wire/funds transfer.
Certain Bank Employees arousing Suspicion
i. An employee whose lavish lifestyle cannot be supported by his or her salary.
ii. Negligence of employees/willful blindness is reported repeatedly.
Some examples of suspicious activities/transactions to be monitored by the operating staff-
Large Cash Transactions
Multiple accounts under the same name
Frequently converting large amounts of currency from small to large denomination notes
Placing funds in term Deposits and using them as security for more loans
Large deposits immediately followed by wire transfers
Sudden surge in activity level
Same funds being moved repeatedly among several accounts
Multiple deposits of money orders, Banker’s cheques, drafts of third parties
Transactions inconsistent with the purpose of the account
18
Maintaining a low or overdrawn balance with high
activityCheck list for preventing money-laundering activities:
A customer maintains multiple accounts, transfer money among the accounts and uses one
account as a master account from which wire/funds transfer originates or into which
wire/funds transfer are received (a customer deposits funds in several accounts, usually in
amounts below a specified threshold and the funds are then consolidated into one master
account and wired outside the country).
A customer regularly depositing or withdrawing large amounts by a wire transfer to, from, or
through countries that are known sources of narcotics or where Bank secrecy laws facilitate
laundering money.
A customer sends and receives wire transfers (from financial haven countries) particularly if
there is no apparent business reason for such transfers and is not consistent with the
customer’s business or history.
A customer receiving many small incoming wire transfer of funds or deposits of cheques and
money orders, then orders large outgoing wire transfers to another city or country.
A customer experiences increased wire activity when previously there has been no regular
wireactivity.
Loan proceeds unexpectedly are wired or mailed to an offshore Bank or third party.
A business customer uses or evidences or sudden increase in wired transfer to send and
receive large amounts of money, internationally and/ or domestically and such transfers are
not consistent with the customer’s history.
Deposits of currency or monetary instruments into the account of a domestic trade or
business, which in turn are quickly wire transferred abroad or moved among other accounts
for no particular business purpose.
Sending or receiving frequent or large volumes of wire transfers to and from offshore
institutions.
Instructing the Bank to transfer funds abroad and to expect an equal incoming wire transfer
from other sources.
Wiring cash or proceeds of a cash deposit to another country without changing the form of
thecurrency
Receiving wire transfers and immediately purchasing monetary instruments prepared for
payment to a third party.
Periodic wire transfers from a person’s account/s to Bank haven countries.
A customer pays for a large (international or domestic) wire transfers using multiple
monetaryinstruments drawn on several financial institutions.
A customer or a non-customer receives incoming or makes outgoing wire transfers involving
currency amounts just below a specified threshold, or that involve numerous Bank or
travelerscheques
A customer or a non customer receives incoming wire transfers from the Bank to ‘Pay upon
proper identification’ or to convert the funds to bankers’ cheques and mail them to the
customer or non-customer, when
19
o The amount is very large (say over Rs.10lakhs)
o The amount is just under a specified threshold (to be decided by the Bank based
onlocal regulations, if any)
o The funds come from a foreign country or
o Such transactions occur repeatedly.
A customer or a non-customer arranges large wire transfers out of the country which are paid
for by multiple Bankers’ cheques (just under a specified threshold).
20
Annexure 2
Process for monitoring and reporting of suspicious transactions
1. Raising suspicion
When the concerned officer has reason to believe that a transaction is/ may be a suspicious
transaction, which may be linked with terrorist activity or money laundering, s/he must flag
the issue forthwith to the senior management. The concerned officer may consider the
following for the purpose of flagging such issue:
Amount involved are related to crimes of money laundering, the financing of
terrorism,or the financing of illegal organisations;
Amount involved are intended to be used in an activity related to such crimes.
Once the issue is flagged, a formal due diligence is to be conducted to evaluate the suspicion,
which shall factor all the attributes and nature of the transaction and in terms of volume,
track record, time of transaction, KYC records, behavioural patterns, customer due-diligence
information etc.
Mere presence of an indicator of suspicion does not necessarily always mean that a
transaction is suspicious and needs to be reported. When determining whether a transaction
is suspicious, consideration to be given to the nature of the specific circumstances, including
the products or services involved, and the details of the customer in the context of its due
diligence profile. In some cases, patterns of activity or behaviour that might be considered as
suspicious in relation to a specific customer or a particular product type, might not be
suspicious in regard to another.
In case, the concerned officer is not satisfied, it shall be further evaluated, and a formal
reportshall be submitted to senior management.
3. Reporting of STR
The senior management may record the reasons therein and evaluate on onward reporting
to FIU-IND. Once the senior management is satisfied, that the suspicious transaction is valid
and reportable, the same is reported to FIU-IND in accordance with the prescribed formats.
The fact of furnishing of suspicious transactions shall be strictly kept confidential to ensure
thatthere is no tipping off to the customer at any level.
21