5-Vol-V-RBI_Master_Direction_on_KYC_(Updated)20230704122611000000.docx
Document Details
Uploaded by LeanConcreteArt
Tags
Full Transcript
RBI/DBR/2015-16/18 ================== February 25, 2016 ================= **(Updated as on May 04, 2023)** (Updated as on April 28, 2023) ============================== **(Updated as on May 10, 2021)** (Updated as on April 01, 2021) ============================== **(Updated as on March 23, 202...
RBI/DBR/2015-16/18 ================== February 25, 2016 ================= **(Updated as on May 04, 2023)** (Updated as on April 28, 2023) ============================== **(Updated as on May 10, 2021)** (Updated as on April 01, 2021) ============================== **(Updated as on March 23, 2021)** (Updated as on December 18, 2020) ================================= **(Updated as on April 20, 2020)** (Updated as on April 01, 2020) ============================== **(Updated as on January 09, 2020)** (Updated as on August 09, 2019) =============================== INTRODUCTION 2 CHAPTER -- I 3 PRELIMINARY 3 [CHAPTER -- II 14](#chapter-ii) [General 14](#general) [CHAPTER -- III 16](#chapter-iii) [Customer Acceptance Policy 16](#customer-acceptance-policy) [CHAPTER -- IV 17](#chapter-iv) [Risk Management 17](#risk-management) [Chapter V 18](#chapter-v) [Customer Identification Procedure (CIP) 18](#customer-identification-procedure-cip) [Chapter VI 19](#chapter-vi) [Customer Due Diligence (CDD) Procedure 19](#customer-due-diligence-cdd-procedure) [Part I - Customer Due Diligence (CDD) Procedure in case of Individuals 19](#part-i---customer-due-diligence-cdd-procedure-in-case-of-individuals) [Part II - CDD Measures for Sole Proprietary firms 29](#part-ii---cdd-measures-for-sole-proprietary-firms) [Part III- CDD Measures for Legal Entities 30](#part-iii--cdd-measures-for-legal-entities) [Part IV - Identification of Beneficial Owner 32](#part-iv---identification-of-beneficial-owner) [Part V - On-going Due Diligence 33](#part-v---on-going-due-diligence) [Part VI - Enhanced and Simplified Due Diligence Procedure 37](#part-vi---enhanced-and-simplified-due-diligence-procedure) Chapter VII 41 Record Management 41 [Chapter VIII 42](#chapter-viii) [Reporting Requirements to Financial Intelligence Unit - India 42](#reporting-requirements-to-financial-intelligence-unit---india) Chapter IX 43 Requirements/obligations under International Agreements 43 [Communications from International Agencies 43](#communications-from-international-agencies) Chapter X 46 Other Instructions 46 Chapter XI 58 Repeal Provisions 58 Annex I 59 Annex II 62 Annex III 72 Annex IV 81 Appendix Error! Bookmark not defined. ===================================== 1INTRODUCTION ============= CHAPTER -- I PRELIMINARY ======================== 1. **Short Title and Commencement.** a. These Directions shall be called the Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016. b. These directions shall come into effect on the day they are placed on the official website of the Reserve Bank of India. 2. Applicability ============= c. The provisions of these Directions shall apply to every entity regulated by Reserve Bank of India, more specifically as defined in 3 (b) (xiii) below, except where specifically mentioned otherwise. d. These directions shall also apply to those branches and majority owned subsidiaries of the REs which are located abroad, to the extent they are not contradictory to the local laws in the host country, provided that: i. where applicable laws and regulations prohibit implementation of these guidelines, the same shall be brought to the notice of the Reserve Bank of India. ii. in case there is a variance in KYC/AML standards prescribed by the Reserve Bank of India and the host country regulators, branches/ iii. branches/ subsidiaries of foreign incorporated banks may adopt the more stringent regulation of the two i.e., standards prescribed by the Reserve Bank of India and their home country regulators. Definitions =========== e. Terms bearing meaning assigned in terms of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005: i. ^2^"Aadhaar number" shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016); ii. "Act" and "Rules" means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto. iii. ^3^"Authentication", in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. iv. Beneficial Owner (BO) a. Where the **customer is a company**, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical persons, has/have a controlling ownership interest or who exercise control through other means. 1. ^4^"Controlling ownership interest" means ownership of/entitlement to more than 10 percent of the shares or capital or profits of the company. 2. "Control" shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements. b. Where the **customer is a partnership firm**, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 15 percent of capital or profits of the partnership. c. Where the **customer is an unincorporated association or body of individuals**, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 15 percent of the property or capital or profits of the unincorporated association or body of individuals. d. ^5^Where the customer is a **trust**, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership. v. 6"Certified Copy" - Obtaining a certified copy by the RE shall mean comparing the copy of the proof of possession of Aadhaar number where offline verification cannot be carried out or officially valid document so produced by the customer with the original and recording the same on the copy by the authorised officer of the RE as per the provisions contained in the Act. Provided that in case of Non-Resident Indians (NRIs) and Persons of Indian Origin (PIOs), as defined in Foreign Exchange Management (Deposit) Regulations, 2016 {FEMA 5(R)}, alternatively, the original certified copy, certified by any one of the following, may be obtained: - authorised officials of overseas branches of Scheduled Commercial Banks registered in India, - branches of overseas banks with whom Indian banks have relationships, - Notary Public abroad, - Court Magistrate, - Judge, - Indian Embassy/Consulate General in the country where the non-resident customer resides. vi. "Central KYC Records Registry" (CKYCR) means an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer. vii. "Designated Director\" means a person designated by the RE to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and shall include: e. the Managing Director or a whole-time Director, duly authorized by the Board of Directors, if the RE is a company, f. the Managing Partner, if the RE is a partnership firm, g. the Proprietor, if the RE is a proprietorship concern, h. the Managing Trustee, if the RE is a trust, i. a person or individual, as the case may be, who controls and manages the affairs of the RE, if the RE is an unincorporated association or a body of individuals, and j. a person who holds the position of senior management or equivalent designated as a \'Designated Director' in respect of Cooperative Banks and Regional Rural Banks. viii. ^7^"Digital KYC" means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the RE as per the provisions contained in the Act. ix. ^8^"Digital Signature" shall have the same meaning as assigned to it in clause x. ^9^"Equivalent e-document" means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016. xi. ^10^"Group" -- The term "group\" shall have the same meaning assigned to it in clause (e) of sub-section (9) of section 286 of the Income-tax Act,1961 (43 of 1961). xii. ^11^"Know Your Client (KYC) Identifier" means the unique number or code assigned to a customer by the Central KYC Records Registry. xiii. ^12^"Non-profit organisations" (NPO) means any entity or organisation, constituted for religious or charitable purposes referred to in clause (15) of section 2 of the Income-tax Act, 1961 (43 of 1961), that is registered as a trust or a society under the Societies Registration Act, 1860 or any similar State legislation or a company registered under Section 8 of the Companies Act, 2013 (18 of 2013). xiv. "Officially Valid Document" (OVD) means the passport, the driving licence, 13proof of possession of Aadhaar number, the Voter\'s Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address. k. where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India. l. ^14^where the OVD furnished by the customer does not have updated address, the following documents or the equivalent e-documents thereof shall be deemed to be OVDs for the limited purpose of proof of address:- i. utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill); ii. property or Municipal tax receipt; iii. pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address; iv. letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation; m. the customer shall submit OVD with current address within a period of three months of submitting the documents specified at 'b' above n. where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address. xv. ^15^"Offline verification" shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016). xvi. "Person" has the same meaning assigned in the Act and includes: o. an individual, p. a Hindu undivided family, q. a company, r. a firm, s. an association of persons or a body of individuals, whether incorporated or not, t. every artificial juridical person, not falling within any one of the above persons (a to e), and u. any agency, office or branch owned or controlled by any of the above persons (a to f). xvii. ^16^"Politically Exposed Persons" (PEPs) are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials. xviii. "Principal Officer" means an officer nominated by the RE, responsible for furnishing information as per rule 8 of the Rules. xix. "Suspicious transaction" means a "transaction" as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith: v. gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or w. appears to be made in circumstances of unusual or unjustified complexity; or x. appears to not have economic rationale or *bona-fide* purpose; or y. gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism. xx. A 'Small Account\' means a savings account which is opened in terms of sub- rule (5) of the PML Rules, 2005. Details of the operation of a small account and controls to be exercised for such account are specified in Section 23. xxi. "Transaction" means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes: z. opening of an account; a. deposit, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means; b. the use of a safety deposit box or any other form of safe deposit; c. entering into any fiduciary relationship; d. any payment made or received, in whole or in part, for any contractual or other legal obligation; or e. establishing or creating a legal person or legal arrangement. f. Terms bearing meaning assigned in this Directions, unless the context otherwise requires, shall bear the meanings assigned to them below: iv. "Common Reporting Standards" (CRS) means reporting standards set for implementation of multilateral agreement signed to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters. v. ^17^Correspondent Banking: Correspondent banking is the provision of banking services by one bank (the "correspondent bank") to another bank (the vi. "Customer" means a person who is engaged in a financial transaction or activity with a Regulated Entity (RE) and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting. vii. "Walk-in Customer" means a person who does not have an account-based relationship with the RE, but undertakes transactions with the RE. viii. ^18^"Customer Due Diligence (CDD)" means identifying and verifying the customer and the beneficial owner. ix. "Customer identification" means undertaking the process of CDD. x. "FATCA" means Foreign Account Tax Compliance Act of the United States of America (USA) which, inter alia, requires foreign financial institutions to report about financial accounts held by U.S. taxpayers or foreign entities in which xi. "IGA" means Inter Governmental Agreement between the Governments of India and the USA to improve international tax compliance and to implement FATCA of the USA. xii. "KYC Templates" means templates prepared to facilitate collating and reporting the KYC data to the CKYCR, for individuals and legal entities. xiii. "Non-face-to-face customers" means customers who open accounts without visiting the branch/offices of the REs or meeting the officials of REs. xiv. "On-going Due Diligence" means regular monitoring of transactions in accounts to ensure that they are consistent with the customers' profile and source of funds. xv. ^19^Payable-through accounts: The term payable-through accounts refers to correspondent accounts that are used directly by third parties to transact business on their own behalf. xvi. "Periodic Updation" means steps taken to ensure that documents, data or information collected under the CDD process is kept up-to-date and relevant by undertaking reviews of existing records at periodicity prescribed by the Reserve Bank. xvii. "Regulated Entities" (REs) means a. all Scheduled Commercial Banks (SCBs)/ Regional Rural Banks (RRBs)/ Local Area Banks (LABs)/ All Primary (Urban) Co-operative Banks (UCBs) b. All India Financial Institutions (AIFIs) c. All Non-Banking Finance Companies (NBFCs), Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs) d. All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers) e. All authorised persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator. xviii. ^20^Shell Bank" means a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial group that is subject to effective consolidated supervision. Physical presence means meaningful mind and management located within a country. The existence simply of a local agent or low-level staff does not constitute physical presence. xix. ^21^"Video based Customer Identification Process (V-CIP)": an alternate method of customer identification with facial recognition and customer due diligence by an authorised official of the RE by undertaking seamless, secure, live, informed- consent based audio-visual interaction with the customer to obtain identification information required for CDD purpose, and to ascertain the veracity of the information furnished by the customer through independent verification and maintaining audit trail of the process. Such processes complying with prescribed standards and procedures shall be treated on par with face-to-face CIP for the purpose of this Master Direction. xx. ^22^"Wire transfer" related definitions: a. Batch transfer: Batch transfer is a transfer comprised of a number of individual wire transfers that are being sent to the same financial institutions but may/may not be ultimately intended for different persons. b. Beneficiary: Beneficiary refers to a natural or legal person or legal arrangement who / which is identified by the originator as the receiver of the requested wire transfer. c. Beneficiary RE: It refers to a financial institution, regulated by the RBI, which receives the wire transfer from the ordering financial institution directly or through an intermediary RE and makes the funds available to the beneficiary. d. Cover Payment: Cover Payment refers to a wire transfer that combines a payment message sent directly by the ordering financial institution to the beneficiary financial institution with the routing of the funding instruction (the cover) from the ordering financial institution to the beneficiary financial institution through one or more intermediary financial institutions. e. Cross-border wire transfer: Cross-border wire transfer refers to any wire transfer where the ordering financial institution and beneficiary financial institution are located in different countries. This term also refers to any chain of wire transfer in which at least one of the financial institutions involved is located in a different country. f. Domestic wire transfer: Domestic wire transfer refers to any wire transfer where the ordering financial institution and beneficiary financial institution are located in India. This term, therefore, refers to any chain of wire transfer that takes place entirely within the borders of India, even though the system used to transfer the payment message may be located in another country. g. Financial Institution: In the context of wire-transfer instructions, the term 'Financial Institution' shall have the same meaning as has been ascribed to it in the FATF Recommendations, as revised from time to time. h. Intermediary RE: Intermediary RE refers to a financial institution or any other entity, regulated by the RBI which handles an intermediary element of the wire transfer, in a *serial* or *cover* payment chain and that receives and transmits a wire transfer on behalf of the ordering financial institution and the beneficiary financial institution, or another intermediary financial institution. i. Ordering RE**:** Ordering RE refers to the financial institution, regulated by the RBI, which initiates the wire transfer and transfers the funds upon receiving the request for a wire transfer on behalf of the originator. j. Originator: Originator refers to the account holder who allows the wire transfer from that account, or where there is no account, the natural or legal person that places the order with the ordering financial institution to perform the wire transfer. k. Serial Payment: Serial Payment refers to a direct sequential chain of payment where the wire transfer and accompanying payment message travel together from the ordering financial institution to the beneficiary financial institution directly or through one or more intermediary financial institutions (e.g., correspondent banks). l. Straight-through Processing: Straight-through processing refers to payment transactions that are conducted electronically without the need for manual intervention. m. Unique transaction reference number: Unique transaction reference number refers to a combination of letters, numbers or symbols, determined by the payment service provider, in accordance with the protocols of the payment and settlement system or messaging system used for the wire transfer. n. Wire transfer: Wire transfer refers to any transaction carried out on behalf of an originator through a financial institution by electronic means with a view to making an amount of funds available to a beneficiary at a beneficiary financial institution, irrespective of whether the originator and the beneficiary are the same person. g. All other expressions unless defined herein shall have the same meaning as have been assigned to them under the Banking Regulation Act, 1949, the Reserve Bank of India Act, 1935, the Prevention of Money Laundering Act, 2002, the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the ^23^Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and regulations made thereunder, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be. CHAPTER -- II ============= General ======= 4. \(a) There shall be a Know Your Customer (KYC) policy duly approved by the Board of Directors of REs or any committee of the Board to which power has been delegated. 5. The KYC policy shall include following four key elements: h. Customer Acceptance Policy; i. Risk Management; j. Customer Identification Procedures (CIP); and k. Monitoring of Transactions 265A. Money Laundering and Terrorist Financing Risk Assessment by REs: ====================================================================== a. REs shall carry out 'Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment' exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc. b. The risk assessment by the RE shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of c. The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated, and should be available to competent authorities and self-regulating bodies. d. REs shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. Further, REs shall monitor the implementation of the controls and enhance them if necessary. 6. Designated Director*:* ====================== l. A "Designated Director" means a person designated by the RE to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules and shall be nominated by the Board. m. The name, designation and address of the Designated Director shall be communicated to the FIU-IND. n. ^27^Further, the name, designation, address and contact details of the Designated Director shall also be communicated to the RBI. o. In no case, the Principal Officer shall be nominated as the \'Designated Director\'. 7. Principal Officer: ================== p. The Principal Officer shall be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law/regulations. q. The name, designation and address of the Principal Officer shall be communicated to the FIU-IND. r. ^28^Further, the name, designation, address and contact details of the Principal Officer shall also be communicated to the RBI. 8. Compliance of KYC policy ======================== s. REs shall ensure compliance with KYC Policy through: i. Specifying as to who constitute 'Senior Management' for the purpose of KYC compliance. ii. Allocation of responsibility for effective implementation of policies and procedures. iii. Independent evaluation of the compliance functions of REs' policies and procedures, including legal and regulatory requirements. iv. Concurrent/internal audit system to verify the compliance with KYC/AML policies and procedures. v. Submission of quarterly audit notes and compliance to the Audit Committee. t. REs shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced. CHAPTER -- III ============== Customer Acceptance Policy ========================== 9. REs shall frame a Customer Acceptance Policy. 10. Without prejudice to the generality of the aspect that Customer Acceptance Policy may contain, REs shall ensure that: u. No account is opened in anonymous or fictitious/benami name. v. No account is opened where the RE is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer. w. No transaction or account-based relationship is undertaken without following the CDD procedure. x. The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, is specified. y. ^29^Additional information, where such information requirement has not been specified in the internal KYC Policy of the RE, is obtained with the explicit consent of the customer. z. REs shall apply the CDD procedure at the UCIC level. Thus, if an existing KYC compliant customer of a RE desires to open another account with the same RE, there shall be no need for a fresh CDD exercise. a. CDD Procedure is followed for all the joint account holders, while opening a joint account. b. Circumstances in which, a customer is permitted to act on behalf of another person/entity, is clearly spelt out. c. ^30^Suitable system is put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists indicated in Chapter IX of this MD. d. ^31^Where Permanent Account Number (PAN) is obtained, the same shall be verified from the verification facility of the issuing authority. e. ^32^Where an equivalent e-document is obtained from the customer, RE shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000). f. ^33^Where Goods and Services Tax (GST) details are available, the GST number shall be verified from the search/verification facility of the issuing authority. 11. Customer Acceptance Policy shall not result in denial of banking/financial facility to members of the general public, especially those, who are financially or socially disadvantaged. CHAPTER -- IV ============= Risk Management =============== 12. For Risk Management, REs shall have a risk-based approach which includes the following. g. Customers shall be categorised as low, medium and high-risk category, based on the assessment and risk perception of the RE. h. ^35^Broad principles may be laid down by the REs for risk-categorisation of customers. i. ^36^Risk categorisation shall be undertaken based on parameters such as customer's identity, social/financial status, nature of business activity, and information about the customer's business and their location, geographical risk covering customers as well as transactions, type of products/services offered, delivery channel used for delivery of products/services, types of transaction undertaken -- cash, cheque/monetary instruments, wire transfers, forex transactions, etc. While considering customer's identity, the ability to confirm j. ^37^The risk categorisation of a customer and the specific reasons for such categorisation shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer. Chapter V ========= Customer Identification Procedure (CIP) ======================================= 13. REs shall undertake identification of customers in the following cases: k. Commencement of an account-based relationship with the customer. l. ^39^Carrying out any international money transfer operations for a person who is not an account holder of the RE. m. When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained. n. Selling third party products as agents, selling their own products, payment of dues of credit cards/sale and reloading of prepaid/travel cards and any other product for more than rupees fifty thousand. o. Carrying out transactions for a non-account-based customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected. p. When a RE has reason to believe that a customer (account- based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand. q. REs shall ensure that introduction is not to be sought while opening accounts. 14. For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, REs, shall at their option, rely r. ^40^Records or the information of the customer due diligence carried out by the third party is obtained within two days from the third party or from the Central KYC Records Registry. s. Adequate steps are taken by REs to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay. t. The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act. u. The third party shall not be based in a country or jurisdiction assessed as high risk. v. The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the RE. Chapter VI ========== Customer Due Diligence (CDD) Procedure ====================================== Part I - Customer Due Diligence (CDD) Procedure in case of Individuals ====================================================================== 15. **^41^**Deleted 16. **^42^**For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: w. the Aadhaar number where, i. he is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or ii. he decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or x. the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962; and y. such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by the RE: i. Aadhaar number under clause (a) above to a bank or to a RE notified under first proviso to sub-section (1) of section 11A of the PML Act, such bank or RE shall carry out authentication of the customer's Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India. Further, in such a case, if customer wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository, he may give a self-declaration to that effect to the RE. ii. proof of possession of Aadhaar under clause (aa) above where offline verification can be carried out, the RE shall carry out offline verification. iii. an equivalent e-document of any OVD, the RE shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issues thereunder and take a live photo as specified under [Annex I]. iv. any OVD or proof of possession of Aadhaar number under clause (ab) above where offline verification cannot be carried out, the RE shall carry out verification through digital KYC as specified under [Annex I]. 17. Accounts opened using Aadhaar OTP based e-KYC, in non-face-to-face mode, are subject to the following conditions: i. There must be a specific consent from the customer for authentication through OTP. ii. ^45^As a risk-mitigating measure for such accounts, REs shall ensure that transaction alerts, OTP, etc., are sent only to the mobile number of the customer registered with Aadhaar. REs shall have a board approved policy delineating a robust process of due diligence for dealing with requests for change of mobile number in such accounts. iii. The aggregate balance of all the deposit accounts of the customer shall not exceed rupees one lakh. In case, the balance exceeds the threshold, the account shall cease to be operational, till CDD as mentioned at (v) below is complete. iv. The aggregate of all credits in a financial year, in all the deposit accounts taken together, shall not exceed rupees two lakh. v. As regards borrowal accounts, only term loans shall be sanctioned. The aggregate amount of term loans sanctioned shall not exceed rupees sixty thousand in a year. vi. ^46^Accounts, both deposit and borrowal, opened using OTP based e-KYC shall not be allowed for more than one year unless identification as per Section 16 or as per Section 18 (V-CIP) is carried out. If Aadhaar details are used under Section 18, the process shall be followed in its entirety including fresh Aadhaar OTP authentication. vii. If the CDD procedure as mentioned above is not completed within a year, in respect of deposit accounts, the same shall be closed immediately. In respect of borrowal accounts no further debits shall be allowed. viii. ^47^A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be opened using OTP based KYC in non- face-to-face mode with any other RE. Further, while uploading KYC information to CKYCR, REs shall clearly indicate that such accounts are opened using OTP based e-KYC and other REs shall not open accounts based on the KYC information of accounts opened with OTP based e-KYC procedure in non-face- to-face mode. ix. REs shall have strict monitoring procedures including systems to generate alerts in case of any non-compliance/violation, to ensure compliance with the above mentioned conditions. 18. ^48^REs may undertake V-CIP to carry out: i. CDD in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorised signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers. ii. Conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC authentication as per Section 17. iii. Updation/Periodic updation of KYC for eligible customers. a. V-CIP Infrastructure ==================== i. The RE should have complied with the RBI guidelines on minimum baseline cyber security and resilience framework for banks, as updated from time to time as well as other general guidelines on IT risks. The technology infrastructure should be housed in own premises of the RE and the V-CIP connection and interaction shall necessarily originate from its own secured network domain. Any technology related outsourcing for the process should be compliant with relevant RBI guidelines. ^50^Where cloud deployment model is used, it shall be ensured that the ownership of data in such model rests with the RE only and all the data including video recording is transferred to the RE's exclusively owned / leased server(s) including cloud server, if any, immediately after the V-CIP process is completed and no data shall be retained by the cloud service provider or third-party technology provider assisting the V-CIP of the RE. ii. The RE shall ensure end-to-end encryption of data between customer device and the hosting point of the V-CIP application, as per appropriate encryption iii. The V-CIP infrastructure / application should be capable of preventing connection from IP addresses outside India or from spoofed IP addresses. iv. The video recordings should contain the live GPS co-ordinates (geo-tagging) of the customer undertaking the V-CIP and date-time stamp. The quality of the live video in the V-CIP shall be adequate to allow identification of the customer beyond doubt. v. The application shall have components with face liveness / spoof detection as well as face matching technology with high degree of accuracy, even though the ultimate responsibility of any customer identification rests with the RE. Appropriate artificial intelligence (AI) technology can be used to ensure that the V-CIP is robust. vi. Based on experience of detected / attempted / 'near-miss' cases of forged identity, the technology infrastructure including application software as well as work flows shall be regularly upgraded. Any detected case of forged identity through V-CIP shall be reported as a cyber event under extant regulatory guidelines. vii. ^51^The V-CIP infrastructure shall undergo necessary tests such as Vulnerability Assessment, Penetration testing and a Security Audit to ensure its robustness and end-to-end encryption capabilities. Any critical gap reported under this process shall be mitigated before rolling out its implementation. Such tests should be conducted by the empanelled auditors of Indian Computer Emergency Response Team (CERT-In). Such tests should also be carried out periodically in conformance to internal / regulatory guidelines. viii. The V-CIP application software and relevant APIs / webservices shall also undergo appropriate testing of functional, performance, maintenance strength before being used in live environment. Only after closure of any critical gap found during such tests, the application should be rolled out. Such tests shall also be carried out periodically in conformity with internal/ regulatory guidelines. b. V-CIP Procedure =============== ix. Each RE shall formulate a clear work flow and standard operating procedure for V-CIP and ensure adherence to it. The V-CIP process shall be operated only by officials of the RE specially trained for this purpose. The official should be capable to carry out liveness check and detect any other fraudulent manipulation or suspicious conduct of the customer and act upon it. x. ^52^Disruption of any sort including pausing of video, reconnecting calls, etc., should not result in creation of multiple video files. If pause or disruption is not leading to the creation of multiple files, then there is no need to initiate a fresh session by the RE. However, in case of call drop / disconnection, fresh session shall be initiated. xi. The sequence and/or type of questions, including those indicating the liveness of the interaction, during video interactions shall be varied in order to establish that the interactions are real-time and not pre-recorded. xii. Any prompting observed at end of customer shall lead to rejection of the account opening process. xiii. The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the name appearing in some negative list should be factored in at appropriate stage of work-flow. xiv. The authorised official of the RE performing the V-CIP shall record audio-video as well as capture photograph of the customer present for identification and obtain the identification information using any one of the following: a. OTP based Aadhaar e-KYC authentication b. Offline Verification of Aadhaar for identification c. KYC records downloaded from CKYCR, in accordance with Section 56, using the KYC identifier provided by the customer d. Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through DigiLocker xv. If the address of the customer is different from that indicated in the OVD, suitable records of the current address shall be captured, as per the existing requirement. It shall be ensured that the economic and financial profile/information submitted by the customer is also confirmed from the customer undertaking the V-CIP in a suitable manner. xvi. RE shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority including through DigiLocker. xvii. Use of printed copy of equivalent e-document including e-PAN is not valid for the V-CIP. xviii. The authorised official of the RE shall ensure that photograph of the customer in the Aadhaar/OVD and PAN/e-PAN matches with the customer undertaking the V-CIP and the identification details in Aadhaar/OVD and PAN/e-PAN shall match with the details provided by the customer. xix. Assisted V-CIP shall be permissible when banks take help of Business Correspondents (BCs) facilitating the process only at the customer end. Banks shall maintain the details of the BC assisting the customer, where services of BCs are utilized. The ultimate responsibility for customer due diligence will be with the bank. xx. All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process and its acceptability of the outcome. xxi. All matters not specified under the paragraph but required under other statutes such as the Information Technology (IT) Act shall be appropriately complied with by the RE. c. V-CIP Records and Data Management ================================= xxii. The entire data and recordings of V-CIP shall be stored in a system / systems located in India. REs shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp that affords easy historical data search. The extant instructions on record management, as stipulated in this MD, shall also be applicable for V-CIP. xxiii. The activity log along with the credentials of the official performing the V-CIP shall be preserved. 19. ^55^Deleted 20. ^56^Deleted 21. ^57^Deleted 22. Deleted 23. ^58^Notwithstanding anything contained in Section 16 and as an alternative thereto, in case an individual who desires to open a bank account, banks shall open a 'Small Account', which entails the following limitations: i. the aggregate of all credits in a financial year does not exceed rupees one lakh; ii. the aggregate of all withdrawals and transfers in a month does not exceed rupees ten thousand; and iii. the balance at any point of time does not exceed rupees fifty thousand. 59Provided, that this limit on balance shall not be considered while making deposits through Government grants, welfare benefits and payment against procurements. z. The bank shall obtain a self-attested photograph from the customer. a. The designated officer of the bank certifies under his signature that the person opening the account has affixed his signature or thumb impression in his presence. b. Such accounts are opened only at Core Banking Solution (CBS) linked branches or in a branch where it is possible to manually monitor and ensure that foreign remittances are not credited to the account. c. Banks shall ensure that the stipulated monthly and annual limits on aggregate of transactions and balance requirements in such accounts are not breached, before a transaction is allowed to take place. d. The account shall remain operational initially for a period of twelve months which can be extended for a further period of twelve months, provided the account holder applies and furnishes evidence of having applied for any of the OVDs during the first twelve months of the opening of the said account. e. The entire relaxation provisions shall be reviewed after twenty-four months. f. ^61^Notwithstanding anything contained in clauses (e) and (f) above, the small account shall remain operational between April 1, 2020 and June 30, 2020 and such other periods as may be notified by the Central Government. g. ^62^The account shall be monitored and when there is suspicion of money laundering or financing of terrorism activities or other high-risk scenarios, the identity of the customer shall be established as per Section 16 or Section 18. h. ^63^Foreign remittance shall not be allowed to be credited into the account unless the identity of the customer is fully established as per Section 16 or Section 18. 24. ^64^**Simplified procedure for opening accounts by Non-Banking Finance Companies (NBFCs)**: In case a person who desires to open an account is not able to produce documents, as specified in Section 16, NBFCs may at their discretion open accounts subject to the following conditions: i. The NBFC shall obtain a self-attested photograph from the customer. j. The designated officer of the NBFC certifies under his signature that the person opening the account has affixed his signature or thumb impression in his presence. k. ^65^The account shall remain operational initially for a period of twelve months, within which CDD as per Section 16 or Section 18 shall be carried out. l. Balances in all their accounts taken together shall not exceed rupees fifty thousand at any point of time. m. The total credit in all the accounts taken together shall not exceed rupees one lakh in a year. n. The customer shall be made aware that no further transactions will be permitted until the full KYC procedure is completed in case Directions (d) and (e) above are breached by him. o. The customer shall be notified when the balance reaches rupees forty thousand or the total credit in a year reaches rupees eighty thousand that appropriate documents for conducting the KYC must be submitted otherwise the operations in the account shall be stopped when the total balance in all the accounts taken together exceeds the limits prescribed in direction (d) and (e) above. 25. ^66^Deleted. 26. ^67^KYC verification once done by one branch/office of the RE shall be valid for transfer of the account to any other branch/office of the same RE, provided full KYC verification has already been done for the concerned account and the same is not due for periodic updation. Part II - CDD Measures for Sole Proprietary firms ================================================= 27. ^68^For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out. 28. ^69^In addition to the above, any two of the following documents or the equivalent e- documents there of as a proof of business/ activity in the name of the proprietary firm shall also be obtained: p. ^70^Registration certificate including Udyam Registration Certificate (URC) issued by the Government q. Certificate/licence issued by the municipal authorities under Shop and Establishment Act r. Sales and income tax returns s. ^71^CST/VAT/ GST certificate t. Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities u. IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute v. Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm\'s income is reflected, duly authenticated/acknowledged by the Income Tax authorities w. Utility bills such as electricity, water, landline telephone bills, etc. 29. In cases where the REs are satisfied that it is not possible to furnish two such documents, REs may, at their discretion, accept only one of those documents as proof of business/activity. Part III- CDD Measures for Legal Entities ========================================= 30. ^72^For opening an account of a company*,* certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: x. Certificate of incorporation y. Memorandum and Articles of Association z. ^73^Permanent Account Number of the company a. A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf b. ^74^Documents, as specified in Section 16, relating to beneficial owner, the managers, officers or employees, as the case may be, holding an attorney to transact on the company's behalf c. ^75^the names of the relevant persons holding senior management position; and d. ^76^the registered office and the principal place of its business, if it is different. 31. ^77^For opening an account of a partnership firm*,* the certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: e. Registration certificate f. Partnership deed g. ^78^Permanent Account Number of the partnership firm h. ^79^Documents, as specified in Section 16, relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney to transact on its behalf i. ^80^the names of all the partners and j. ^81^address of the registered office, and the principal place of its business, if it is different. 32. ^82^For opening an account of a trust*,* certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: k. Registration certificate l. Trust deed m. ^83^Permanent Account Number or Form No.60 of the trust n. ^84^Documents, as specified in Section 16, relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney to transact on its behalf o. ^85^the names of the beneficiaries, trustees, settlor and authors of the trust p. ^86^the address of the registered office of the trust; and q. ^87^list of trustees and documents, as specified in Section 16, for those discharging the role as trustee and authorised to transact on behalf of the trust. a. Resolution of the managing body of such association or body of individuals b. ^89^Permanent Account Number or Form No. 60 of the unincorporated association or a body of individuals c. Power of attorney granted to transact on its behalf d. ^90^Documents, as specified in Section 16, relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney to transact on its behalf and e. Such information as may be required by the RE to collectively establish the legal existence of such an association or body of individuals. a. Document showing name of the person authorised to act on behalf of the entity b. Documents, as specified in Section 16, of the person holding an attorney to transact on its behalf and c. Such documents as may be required by the RE to establish the legal existence of such an entity/juridical person. Part IV - Identification of Beneficial Owner ============================================ 34. For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) shall be identified and all reasonable steps in terms of sub- rule (3) of Rule 9 of the Rules to verify his/her identity shall be undertaken keeping in view the following: a. ^92^Where the customer or the owner of the controlling interest is (i) an entity listed on a stock exchange in India, or (ii) it is an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions, or (iii) it is a subsidiary of such listed entities; it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities. b. In cases of trust/nominee or fiduciary accounts whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary is determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained. Part V - On-going Due Diligence =============================== 35. REs shall undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, customers' business and risk profile; and the source of funds. 36. Without prejudice to the generality of factors that call for close monitoring following types of transactions shall necessarily be monitored: c. Large and complex transactions including RTGS transactions, and those with unusual patterns, inconsistent with the normal and expected activity of the customer, which have no apparent economic rationale or legitimate purpose. d. Transactions which exceed the thresholds prescribed for specific categories of accounts. e. High account turnover inconsistent with the size of the balance maintained. f. Deposit of third-party cheques, drafts, etc. in the existing and newly opened accounts followed by cash withdrawals for large amounts. 37. The extent of monitoring shall be aligned with the risk category of the customer. Explanation: High risk accounts have to be subjected to more intensified monitoring*.* g. A system of periodic review of risk categorisation of accounts, with such periodicity being at least once in six months, and the need for applying enhanced due diligence measures shall be put in place. h. The transactions in accounts of marketing firms, especially accounts of Multi-level Marketing (MLM) Companies shall be closely monitored. ^94^Updation / Periodic Updation of KYC ======================================= a. Individuals: ============ i. **No change in KYC information:** In case of no change in the KYC information, a self-declaration from the customer in this regard shall be obtained through customer's email-id registered with the RE, customer's mobile number registered with the RE, ATMs, digital channels (such as online banking / internet banking, mobile application of RE), letter, etc. ii. **Change in address:** In case of a change only in the address details of the customer, a self-declaration of the new address shall be obtained from the customer through customer's email-id registered with the RE, customer's mobile number registered with the RE, ATMs, digital channels (such as online banking / internet banking, mobile application of RE), letter, etc., and the declared address shall be verified through positive confirmation within two months, by means such as address verification letter, contact point verification, deliverables, etc. iii. **Accounts of customers, who were minor at the time of opening account, on their becoming major:** In case of customers for whom account was opened when they were minor, fresh photographs shall be obtained on their becoming a major and at that time it shall be ensured that CDD documents as per the current CDD standards are available with iv. ^95^Aadhaar OTP based e-KYC in non-face to face mode may be used for periodic updation. To clarify, conditions stipulated in Section 17 are not applicable in case of *updation* / *periodic updation of KYC* through Aadhaar OTP based e-KYC in non-face to face mode. b. Customers other than individuals: ================================= v. **No change in KYC information:** In case of no change in the KYC information of the LE customer, a self-declaration in this regard shall be obtained from the LE customer through its email id registered with the RE, ATMs, digital channels (such as online banking / internet banking, mobile application of RE), letter from an official authorized by the LE in this regard, board resolution, etc. Further, REs shall ensure during this process that Beneficial Ownership (BO) information available with them is accurate and shall update the same, if required, to keep it as up-to-date as possible. vi. **Change in KYC information:** In case of change in KYC information, RE shall undertake the KYC process equivalent to that applicable for on- boarding a new LE customer. c. **^96^Additional measures:** In addition to the above, REs shall ensure that, vii. The KYC documents of the customer as per the current CDD standards are available with them. This is applicable even if there is no change in customer information but the documents available with the RE are not as per the current CDD standards. Further, in case the validity of the CDD documents available with the RE has expired at the time of periodic updation of KYC, RE shall undertake the KYC process equivalent to that applicable for on-boarding a new customer. viii. Customer's PAN details, if available with the RE, is verified from the database of the issuing authority at the time of periodic updation of KYC. ix. Acknowledgment is provided to the customer mentioning the date of receipt of the relevant document(s), including self-declaration from the customer, for carrying out periodic updation. Further, it shall be ensured that the information / documents obtained from the customers at the time of periodic updation of KYC are promptly updated in the records / database of the REs and an intimation, mentioning the date of updation of KYC details, is provided to the customer. x. In order to ensure customer convenience, REs may consider making available the facility of periodic updation of KYC at any branch, in terms of their internal KYC policy duly approved by the Board of Directors of REs or any committee of the Board to which power has been delegated. xi. REs shall adopt a risk-based approach with respect to periodic updation of KYC. Any additional and exceptional measures, which otherwise are not mandated under the above instructions, adopted by the REs such as requirement of obtaining recent photograph, requirement of physical presence of the customer, requirement of periodic updation of KYC only in the branch of the RE where account is maintained, a more frequent periodicity of KYC updation than the minimum specified periodicity etc., shall be clearly specified in the internal KYC policy duly approved by the Board of Directors of REs or any committee of the Board to which power has been delegated. d. ^97^REs shall advise the customers that in order to comply with the PML Rules, in case of any update in the documents submitted by the customer at the time of establishment of business relationship / account-based relationship and thereafter, as necessary; customers shall submit to the REs the update of such documents. This shall be done within 30 days of the update to the documents for the purpose of updating the records at REs' end. 39. 98In case of existing customers, RE shall obtain the Permanent Account Number or equivalent e-document thereof or Form No. 60, by such date as may be notified by the Central Government, failing which RE shall temporarily cease operations in Part VI - Enhanced and Simplified Due Diligence Procedure ========================================================= 40. ^99^**Enhanced Due Diligence (EDD) for non-face-to-face customer onboarding (other than customer onboarding in terms of Section 17):** Non-face-to-face onboarding facilitates the REs to establish relationship with the customer without meeting the customer physically or through V-CIP. Such non-face-to-face modes for the purpose of this Section includes use of digital channels such as CKYCR, DigiLocker, equivalent e-document, etc., and non-digital modes such as obtaining copy of OVD certified by additional certifying authorities as allowed for NRIs and PIOs. Following EDD measures shall be undertaken by REs for non- a. In case RE has introduced the process of V-CIP, the same shall be provided as the first option to the customer for remote onboarding. It is reiterated that processes complying with prescribed standards and procedures for V-CIP shall be treated on par with face-to-face CIP for the purpose of this Master Direction. b. In order to prevent frauds, alternate mobile numbers shall not be linked post CDD with such accounts for transaction OTP, transaction updates, etc. Transactions shall be permitted only from the mobile number used for account opening. RE shall have a Board approved policy delineating a robust process of due diligence for dealing with requests for change of registered mobile number. c. Apart from obtaining the current address proof, RE shall verify the current address through positive confirmation before allowing operations in the account. Positive confirmation may be carried out by means such as address verification letter, contact point verification, deliverables, etc. d. RE shall obtain PAN from the customer and the PAN shall be verified from the verification facility of the issuing authority. e. First transaction in such accounts shall be a credit from existing KYC-complied bank account of the customer. f. Such customers shall be categorized as high-risk customers and accounts opened in non-face to face mode shall be subjected to enhanced monitoring until the identity of the customer is verified in face-to-face manner or through V-CIP. Accounts of Politically Exposed Persons (PEPs) ============================================== A. REs shall have the option of establishing a relationship with PEPs provided that: a. sufficient information including information about the sources of funds accounts of family members and close relatives is gathered on the PEP; b. the identity of the person shall have been verified before accepting the PEP as a customer; c. the decision to open an account for a PEP is taken at a senior level in accordance with the REs' Customer Acceptance Policy; d. all such accounts are subjected to enhanced monitoring on an on-going basis; e. in the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, senior management's approval is obtained to continue the business relationship; f. the CDD measures as applicable to PEPs including enhanced monitoring on an on-going basis are applicable. B. These instructions shall also be applicable to accounts where a PEP is the beneficial owner Client accounts opened by professional intermediaries: ====================================================== i. Clients shall be identified when client account is opened by a professional intermediary on behalf of a single client. j. REs shall have option to hold \'pooled\' accounts managed by professional intermediaries on behalf of entities like mutual funds, pension funds or other types of funds. k. REs shall not open accounts of such professional intermediaries who are bound by any client confidentiality that prohibits disclosure of the client details to the RE. l. All the beneficial owners shall be identified where funds held by the intermediaries are not co-mingled at the level of RE, and there are \'sub- accounts\', each of them attributable to a beneficial owner, or where such funds are co-mingled at the level of RE, the RE shall look for the beneficial owners. m. REs shall, at their discretion, rely on the \'customer due diligence\' (CDD) done by an intermediary, provided that the intermediary is a regulated and supervised entity and has adequate systems in place to comply with the KYC requirements of the customers. n. The ultimate responsibility for knowing the customer lies with the RE. B. Simplified Due Diligence =========================== 43. ^100^**Simplified norms for Self Help Groups (SHGs)** o. CDD of all the members of SHG shall not be required while opening the savings bank account of the SHG. p. CDD of all the office bearers shall suffice. q. ^101^ CDD of all the members of SHG may be undertaken at the time of credit linking of SHGs. 44. Procedure to be followed by banks while opening accounts of foreign students ============================================================================ r. Banks shall, at their option, open a Non-Resident Ordinary (NRO) bank account of a foreign student on the basis of his/her passport (with visa & immigration endorsement) bearing the proof of identity and address in the home country together with a photograph and a letter offering admission from the educational institution in India. i. Provided that a declaration about the local address shall be obtained within a period of 30 days of opening the account and the said local address is verified. ii. Provided further that pending the verification of address, the account shall be operated with a condition of allowing foreign remittances not exceeding USD 1,000 or equivalent into the account and a cap of rupees fifty thousand on aggregate in the same, during the 30-day period. s. The account shall be treated as a normal NRO account, and shall be operated in terms of Reserve Bank of India's instructions on Non-Resident Ordinary Rupee (NRO) Account, and the provisions of FEMA 1999. t. Students with Pakistani nationality shall require prior approval of the Reserve Bank for opening the account. 45. Simplified KYC norms for Foreign Portfolio Investors (FPIs) =========================================================== Chapter VII Record Management ============================= 46. The following steps shall be taken regarding maintenance, preservation and reporting of customer account information, with reference to provisions of PML Act and Rules. REs shall, u. maintain all necessary records of transactions between the RE and the customer, both domestic and international, for at least five years from the date of transaction; v. preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended; w. ^102^make available swiftly, the identification records and transaction data to the competent authorities upon request; x. introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005); y. maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following: i. the nature of the transactions; ii. the amount of the transaction and the currency in which it was denominated; iii. the date on which the transaction was conducted; and iv. the parties to the transaction. z. evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities; a. maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in hard or soft format. Chapter VIII ============ Reporting Requirements to Financial Intelligence Unit - India ============================================================= 47. REs shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof. 48. The reporting formats and comprehensive reporting format guide, prescribed/ released by FIU-IND and Report Generation Utility and Report Validation Utility developed to assist reporting entities in the preparation of prescribed reports shall be taken note of. The editable electronic utilities to file electronic Cash Transaction Reports (CTR) / Suspicious Transaction Reports (STR) which FIU- IND has placed on its website shall be made use of by REs which are yet to install/adopt suitable technological tools for extracting CTR/STR from their live transaction data. The Principal Officers of those REs, whose all branches are not fully computerized, shall have suitable arrangement to cull out the transaction details from branches which are not yet computerized and to feed the data into an electronic file with the help of the editable electronic utilities of 49. While furnishing information to the Director, FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a mis-represented transaction beyond the time limit as specified in the Rule shall be constituted as a separate violation. REs shall not put any restriction on operations in the accounts where an STR has been filed. REs shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level. 50. Robust software, throwing alerts when the transactions are inconsistent with risk categorization and updated profile of the customers shall be put in to use as a part of effective identification and reporting of suspicious transactions. Chapter IX Requirements/obligations under International Agreements - ==================================================================== Communications from International Agencies ========================================== 51. ^104^Obligations under the Unlawful Activities (Prevention) (UAPA) Act, 1967: ============================================================================= b. REs shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967 and amendments thereto, they do not have any account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC). The details of the two lists are as under: iii. The **"ISIL (Da'esh) &Al-Qaida Sanctions List**", established and maintained pursuant to Security Council resolutions 1267/1989/2253, which includes names of individuals and entities associated with the Al- iv. The **"Taliban Sanctions List"**, established and maintained pursuant to Security Council resolution 1988 (2011)**,** which includes names of individuals and entities associated with the Taliban is available at [https://scsanctions.un.org/3ppp1en-taliban.htm] c. Details of accounts resembling any of the individuals/entities in the lists shall be reported to FIU-IND apart from advising Ministry of Home Affairs (MHA) as required under UAPA notification dated ^105^February 2, 2021 ([Annex II] of this Master Direction). d. Freezing of Assets under Section 51A of UAPA, 1967: The procedure laid down in the UAPA Order dated ^106^February 2, 2021 ([Annex II] of this Master Direction) shall be strictly followed and meticulous compliance with the Order issued by the Government shall be ensured. The list of Nodal Officers for UAPA is available on the website of MHA. 52. ^107^Obligations under Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (WMD Act, 2005): =================================================================================================================================================== e. REs shall ensure meticulous compliance with the "Procedure for Implementation of Section 12A of the Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005" laid down in terms of Section 12A of the WMD Act, 2005 vide Order dated January 30, 2023, by the Ministry of Finance, Government of India ([Annex III] of this Master Direction). f. In accordance with paragraph 3 of the aforementioned Order, REs shall ensure not to carry out transactions in case the particulars of the individual / entity match with the particulars in the designated list. g. Further, REs shall run a check, on the given parameters, at the time of establishing a relation with a customer and on a periodic basis to verify whether individuals and entities in the designated list are holding any funds, financial asset, etc., in the form of bank account, etc. h. In case of match in the above cases, REs shall immediately inform the transaction details with full particulars of the funds, financial assets or economic resources involved to the Central Nodal Officer (CNO), designated as the authority to exercise powers under Section 12A of the WMD Act, 2005. A copy of the communication shall be sent to State Nodal Officer, where the account / transaction is held and to the RBI. REs shall file an STR with FIU- IND covering all transactions in the accounts, covered above, carried through or attempted. i. REs may refer to the designated list, as amended from time to time, available on the portal of FIU-India. j. In case there are reasons to believe beyond doubt that funds or assets held by a customer would fall under the purview of clause (a) or (b) of sub-section k. In case an order to freeze assets under Section 12A is received by the REs from the CNO, REs shall, without delay, take necessary action to comply with the Order. l. The process of unfreezing of funds, etc., shall be observed as per paragraph 53. REs shall verify every day, the 'UNSCR 1718 Sanctions List of Designated Individuals and Entities', as available at [https://[www.mea.gov.in/Implementation-](http://www.mea.gov.in/Implementation-)] [of-UNSC-Sanctions-DPRK.htm], to take into account any modifications to the list in terms of additions, deletions or other changes and also ensure compliance with the 'Implementation of Security Council Resolution on Democratic People's Republic of Korea Order, 2017', as amended from time to time by the Central Government. 54. Jurisdictions that do not or insufficiently apply the FATF Recommendations ========================================================================== m. FATF Statements circulated by Reserve Bank of India from time to time, and publicly available information, for identifying countries, which do not or insufficiently apply the FATF Recommendations, shall be considered. Risks arising from the deficiencies in AML/CFT regime of the jurisdictions included in the FATF Statement shall be taken into account. n. Special attention shall be given to business relationships and transactions with persons (including legal persons and other financial institutions) from or in countries that do not or insufficiently apply the FATF Recommendations and jurisdictions included in FATF Statements. o. The background and purpose of transactions with persons (including legal persons and other financial institutions) from jurisdictions included in FATF Statements and countries that do not or insufficiently apply the FATF Recommendations shall be examined, and written findings together with all documents shall be retained and shall be made available to Reserve Bank/other relevant authorities, on request. Chapter X Other Instructions ============================ 55. ^110^**Secrecy Obligations and Sharing of Information:** p. REs shall maintain secrecy regarding the customer information which arises out of the contractual relationship between the RE and customer. q. Information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose r. While considering the requests for data/information from Government and other agencies, REs shall satisfy themselves that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the transactions. s. The exceptions to the said rule shall be as under: v. Where disclosure is under compulsion of law vi. Where there is a duty to the public to disclose, vii. the interest of RE requires disclosure and viii. Where the disclosure is made with the express or implied consent of the customer. 56. ^111^CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR) ======================================================================================== t. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015. u. In terms of provision of Rule 9(1A) of the PML Rules, the REs shall capture customer's KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer. v. Operational Guidelines for uploading the KYC data have been released by CERSAI. w. REs shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as per the KYC templates prepared for 'Individuals' and 'Legal Entities' (LEs), as the case may be. The templates may be revised from time to time, as may be required and released by CERSAI. x. The 'live run' of the CKYCR started from July 15, 2016 in phased manner beginning with new 'individual accounts'. Accordingly, Scheduled Commercial Banks (SCBs) are required to invariably upload the KYC data pertaining to all new individual accounts opened on or after January 1, 2017, with CKYCR. SCBs were initially allowed time up-to February 1, 2017, for uploading data in respect of accounts opened during January 2017. y. REs shall upload KYC records pertaining to accounts of LEs opened on or after April 1, 2021, with CKYCR in terms of the provisions of the Rules ibid. The KYC records have to be uploaded as per the LE Template released by CERSAI. z. Once KYC Identifier is generated by CKYCR, REs shall ensure that the same is communicated to the individual/LE as the case may be. a. In order to ensure that all KYC records are incrementally uploaded on to CKYCR, REs shall upload/update the KYC data pertaining to accounts of individual customers and LEs opened prior to the above-mentioned dates as per (e) and (f) respectively at the time of periodic updation as specified in Section 38 of this Master Direction, or earlier, when the updated KYC information is obtained/received from the customer. b. REs shall ensure that during periodic updation, the customers are migrated to the current CDD standard. c. Where a customer, for the purposes of establishing an account-based relationship, submits a KYC Identifier to a RE, with an explicit consent to download records from CKYCR, then such RE shall retrieve the KYC records online from the CKYCR using the KYC Identifier and the customer shall not be required to submit the same KYC records or information or any other additional identification documents or details, unless -- i. there is a change in the information of the customer as existing in the records of CKYCR; ii. the current address of the customer is required to be verified; iii. the RE considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client. iv. ^112^the validity period of documents downloaded from CKYCR has lapsed. Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS) =========================================================================================================== d. Register on the related e-filling portal of Income Tax Department as Reporting Financial Institutions at the link [https://incometaxindiaefiling.gov.in/] post login - e. Submit online reports by using the digital signature of the 'Designated Director' by either uploading the Form 61B or 'NIL' report, for which, the schema prepared by Central Board of Direct Taxes (CBDT) shall be referred to. f. Develop Information Technology (IT) framework for carrying out due diligence procedure and for recording and maintaining the same, as provided in Rule 114H. g. Develop a system of audit for the IT framework and compliance with Rules 114F, 114G and 114H of Income Tax Rules. h. Constitute a "High Level Monitoring Committee" under the Designated Director or any other equivalent functionary to ensure compliance. i. Ensure compliance with updated instructions/ rules/ guidance notes/ Press releases/ issued on the subject by Central Board of Direct Taxes (CBDT) from time to time and available on the web site [[http://www.incometaxindia.gov.in/Pages/default.aspx].](http://www.incometaxindia.gov.in/Pages/default.aspx) REs may take note of the following: ix. updated [Guidance Note] on FATCA and CRS x. a [press release] on 'Closure of Financial Accounts' under Rule 114H (8). Period for presenting payment instruments ========================================= Operation of Bank Accounts & Money Mules ======================================== Collection of Account Payee Cheques =================================== 61. \(a) ^113^A Unique Customer Identification Code (UCIC) shall be allotted while entering into new relationships with individual customers as also the existing individual customers by REs. ^115^Introduction of New Technologies ===================================== a. to undertake the ML/TF risk assessments prior to the launch or use of such products, practices, services, technologies; and b. adoption of a risk-based approach to manage and mitigate the risks through appropriate EDD measures and transaction monitoring, etc. ^116^Correspondent Banking ========================== j. Sufficient information in relation to the nature of business of the respondent including information on management, major business activities, level of AML/CFT controls, purpose of opening the account, identity of any third party entities that will use the correspondent banking services, regulatory/supervisory framework in the respondent bank's home country, and publicly available information regarding the reputation of the institution and the quality of supervision, including whether it has been subjected to a ML/TF investigation or regulatory action, shall be gathered. k. Prior approval from senior management shall be obtained for establishing new correspondent banking relationships. However, post facto approval of the Board or the Committee empowered for this purpose shall also be taken. l. The responsibilities of each bank with whom correspondent banking relationship is established shall be clearly documented and understood. m. In the case of payable-through-accounts, the correspondent bank shall be satisfied that the respondent bank has conducted CDD on the customers having direct access to the accounts and is undertaking on-going \'due diligence\' on them. n. The correspondent bank shall ensure that the respondent bank is able to provide the relevant CDD information immediately on request. o. Correspondent relationship shall not be entered into with a shell bank. p. It shall be ensured that the correspondent banks do not permit their accounts to be used by shell banks. q. Banks shall be cautious with correspondent banks located in jurisdictions which have strategic deficiencies or have not made sufficient progress in implementation of FATF Recommendations. r. Banks shall ensure that respondent banks have KYC/AML policies and procedures in place and apply enhanced \'due diligence\' procedures for transactions carried out through the correspondent accounts. ^117^Wire Transfer ================== A. **Information requirements for wire transfers for the purpose of this Master Direction:** i. All cross-border wire transfers shall be accompanied by accurate, complete, and meaningful originator and beneficiary information as mentioned below: a. name of the originator; b. the originator account number where such an account is used to process the transaction; c. the originator's address, or national identity number, or customer identification number, or date and place of birth; d. name of the beneficiary; and e. the beneficiary account number where such an account is used to process the transaction. ii. In case of batch transfer, where several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, they (i.e., individual transfers) are exempted from the requirements of clause (i) above in respect of originator information, provided that they include the originator's account number or unique transaction reference number, as mentioned above, and the batch file contains required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country. iii. Domestic wire transfer, *where the originator is an account holder* of the ordering RE, shall be accompanied by originator and beneficiary information, as indicated for cross-border wire transfers in (i) and (ii) above. iv. Domestic wire transfers of rupees fifty thousand and above, *where the originator is not an account holder of the ordering RE*, shall also be accompanied by originator and beneficiary information as indicated for cross-border wire transfers. v. REs shall ensure that all the information on the wire transfers shall be immediately made available to appropriate law enforcement and/or vi. The wire transfer instructions are not intended to cover the following types of payments: f. Any transfer that flows from a transaction carried out using a credit card / debit card / Prepaid Payment Instrument (PPI), including through a token or any other similar reference string associated with the card / PPI, *for the purchase of goods or services*, so long as the credit or debit card number or PPI id or reference number accompanies all transfers flowing from the transaction. However, when a credit or debit card or PPI is used as a payment system to effect a person-to-person wire transfer, the wire transfer instructions shall apply to such transactions and the necessary information should be included in the message. g. Financial institution-to-financial institution transfers and settlements, where both the originator person and the beneficiary person are regulated financial institutions acting on their own behalf. B. Responsibilities of ordering RE, intermediary RE and beneficiary RE, effecting wire transfer, are as under: =========================================================================================================== vii. **Ordering RE:** h. The ordering RE shall ensure that all cross-border and qualifying domestic wire transfers {viz., transactions as per clauses (iii) and (iv) of paragraph 'A' above}, contain required and accurate originator information and required beneficiary information, as indicated above. i. Customer Identification shall be made if a customer, who is not an account holder of the ordering RE, is intentionally structuring domestic wire transfers below rupees fifty thousand to avoid reporting or monitoring. In case of non-cooperation from the customer, efforts shall be made to establish identity and if the same transaction is found to be suspicious, STR may be filed with FIU-IND in accordance with the PML Rules. j. Ordering RE shall not execute the wire transfer if it is not able to comply with the requirements stipulated in this section. viii. Intermediary RE: ================ k. RE processing an intermediary element of a chain of wire transfers shall ensure that all originator and beneficiary information accompanying a wire transfer is retained with the transfer. l. Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the intermediary RE shall keep a record, for at least five years, of all the information received from the ordering financial institution or another intermediary RE. m. Intermediary RE shall take reasonable measures to identify cross- border wire transfers that lack required originator information or required beneficiary information. Such measures should be consistent with straight-through processing. n. Intermediary RE shall have effective risk-based policies and procedures for determining: (a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and (b) the appropriate follow-up action including seeking further information and if the transaction is found to be suspicious, reporting to FIU-IND in accordance with the PML Rules. ix. Beneficiary RE: =============== o. Beneficiary RE shall take reasonable measures, including post-event monitoring or real-time monitoring where feasible, to identify cross- border wire transfers and qualifying domestic wire transfers {viz., transactions as per clauses (iii) and (iv) of paragraph 'A' above}, that lack required originator information or required beneficiary information. p. Beneficiary RE shall have effective risk-based policies and procedures for determining: (a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and (b) the appropriate follow-up action follow-up action including seeking x. **Money Transfer Service Scheme (MTSS)** providers are required to comply with all of the relevant requirements of this Section, whether they are providing services directly or through their agents. In the case of a MTSS provider that controls both the ordering and the beneficiary side of a wire transfer, the MTSS provider: q. shall take into account all the information from both the ordering and beneficiary sides in order to determine whether an STR has to be filed; and r. shall file an STR with FIU, in accordance with the PML Rules, if a transaction is found to be suspicious. C. Other Obligations ================= xi. **Obligations in respect of REs' engagement or involvement with unregulated entities in the process of wire transfer** i. there is unhindered flow of complete wire transfer information, as mandated under these directions, from and through the unregulated entities involved; ii.