KYC and AML Policy 2023-24 PDF

KYC AND AML POLICY F.Y.2023-24 TJSB Sahakari Bank Ltd (Multi-State Scheduled Co-operative Bank) KNOW YOUR CUSTOMER (KYC) AND ANTI MONEY LAUNDERING (AML) POLICY (For Private Circulation Only) (Prepared by: Operations Department) KYC AND AML POLICY F.Y.2023-24 Policy Custodian Division: Operations Department Version: KYC & AML Policy_2023-24_1.0 Officer-in-charge: Operation Head Policy Version Control S.N Version Number Version Date Summary of Changes 01. KYC & AML Policy_2023-24_1.0 Policy updated as per RBI, Master Direction circular no. updated upto 17th October, 2023. Policy Governance Frequency of Review Annual Last reviewed on 28th March, 2023 Approval Path Board of Management > Audit & Ethics > Board Page 1 of 62 KYC AND AML POLICY F.Y.2023-24 1. Introduction:................................................................................................................................................. 4 2. Purpose:........................................................................................................................................................ 4 3. Objectives of the Policy:................................................................................................................................ 4 4. Scope of the policy:....................................................................................................................................... 5 5. Ownership of The Policy:.............................................................................................................................. 5 6. Definitions:.................................................................................................................................................... 5 7. General:....................................................................................................................................................... 11 8. Compliance of KYC Policy:........................................................................................................................... 11 8.1 Designated Director:............................................................................................................................. 11 8.2 Principal Officer:................................................................................................................................... 12 9. Key Elements of the Policy:......................................................................................................................... 12 9.1 Customer Acceptance Policy:............................................................................................................... 12 9.2 Risk Management:................................................................................................................................ 14 9.2.1 Money Laundering and Terrorist Financing Risk Assessment by Bank:........................................ 19 9.3 Customer Identification Procedure (CIP):............................................................................................. 20 9.3.1 Beneficial Owner (BO):................................................................................................................... 21 9.3.2 Customer Due Diligence Procedure:.............................................................................................. 22 9.3.2a CDD Procedure in case of Individuals:..................................................................................... 22 9.3.3 V-CIP:.............................................................................................................................................. 24 9.3.4 Small Accounts:.............................................................................................................................. 27 9.3.2b CDD Measures for Sole Proprietary firms:............................................................................... 28 9.3.2c CDD Measures for Legal Entities:............................................................................................. 29 i. For opening an Account of a partnership firm......................................................................... 29 ii. For opening an Account of Limited Liabilities Partnership....................................................... 29 iii. For opening an account of a company..................................................................................... 29 iv. For opening an Account of a trust............................................................................................ 30 v. For opening an Account of an unincorporated association or a body of individuals............... 30 vi. For opening an Account of Registered Society......................................................................... 30 vii. For opening an Account of Hindu Undivided Family................................................................ 31 9.3.2d Restrictions on opening of Savings Deposit Accounts in the name of entities:...................... 31 10. On-going Due Diligence:........................................................................................................................... 33 10.1 Enhanced Monitoring Procedures for certain customer categories - ongoing risk management:.... 34 10.2 Accounts of non-face-to-face customers:.......................................................................................... 34 10.3 Accounts of Politically Exposed Persons (PEPs) and India PEPs:........................................................ 35 10.4 Simplified Due Diligence:.................................................................................................................... 36 11. Updation / Periodic Updation of KYC:...................................................................................................... 36 12. Transaction Monitoring - Ongoing Due Diligence:................................................................................... 40 13. Record Management:............................................................................................................................... 41 Page 2 of 62 KYC AND AML POLICY F.Y.2023-24 14. Reporting Requirements to Financial Intelligence Unit-India:................................................................. 42 14.1 Cash Transaction Report (CTR):.......................................................................................................... 42 14.2 Suspicious Transaction Reports (STR):................................................................................................ 43 14.3 Counterfeit Currency Report (CCR):................................................................................................... 44 14.4 Non-Profit Organization Transaction report (NTR):........................................................................... 44 14.5 Cross-border Wire Transfer Report (CWTR):...................................................................................... 44 15. Requirement / Obligation under International Agreements –................................................................. 44 Communications from International Agencies:.......................................................................................... 44 15.1 Obligations under the Unlawful Activities (Prevention) (UAPA) Act, 1967:....................................... 45 15.2 Obligations under Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (WMD Act, 2005):................................................................................. 46 16. Secrecy Obligations and Sharing of Information:.................................................................................... 47 17. Compliance with the provisions of Foreign Contribution (Regulation) Act, 2010.................................... 48 18. CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR):.................... 48 19. Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and................................. 49 Common Reporting Standards (CRS):............................................................................................................. 49 20. Period for presenting payment instruments:........................................................................................... 50 21. Operation of Bank Accounts & Money Mules:......................................................................................... 50 21.1 Identification and monitoring of Money Mule Accounts................................................................... 50 22. Collection of Account Payee Cheques:..................................................................................................... 51 23. Unique Customer Identification Code:..................................................................................................... 51 24. Introduction of New Technologies - Mobile Banking / RTGS / NEFT / IMPS etc.:.................................... 51 25. Issue and Payment of Demand Drafts, etc.:............................................................................................. 51 26. Quoting of PAN:........................................................................................................................................ 51 27. Introduction of New Technologies – Credit cards / debit cards / smart cards / gift cards:..................... 52 28. Selling Third party products:..................................................................................................................... 52 29. Correspondent Banking:........................................................................................................................... 52 30. Wire transfers:.......................................................................................................................................... 54 30.1 Cross-border wire transfers:............................................................................................................... 57 30.2 Domestic wire transfers:..................................................................................................................... 58 31. At-par cheque facility availed by co-operative banks:............................................................................. 58 32. Issuance of Prepaid Payment Instruments (PPIs):.................................................................................... 59 33. Customer Education:................................................................................................................................. 59 34. Responsibilities of the Staff:..................................................................................................................... 59 35. Hiring of Employees:................................................................................................................................. 59 36. Review of the Policy:................................................................................................................................. 60 37. Annexure:.................................................................................................................................................. 60 37.1 Risk Indicators:.................................................................................................................................... 60 Page 3 of 62 KYC AND AML POLICY F.Y.2023-24 1. Introduction: Bank has a policy in place on KNOW YOUR CUSTOMER (KYC) norms and ANTI MONEY LAUNDERING (AML) measures. It has last been reviewed and approved by the Board on 28th March, 2023. The policy has been compiled taking into account, cognizance of the guidelines enumerated in RBI Master Circular No:- Master Direction/DBR.AML.BC.NO.81/14.01.001/2015-16,dated 25th February 2016. RBI has been updating and amending the Master Direction from time to time. This policy has now been updated to reflect the changes in the RBI Master Direction up to 17th October, 2023 and are now been incorporated in our policy. The Policy guidelines on Know Your Customer (KYC) Norms / Anti Money laundering (AML) Standards / Combating of Financing of terrorism (CFT) Measures / Obligation of the Bank under Prevention of Money Laundering Act (PMLA), 2002 shall be called as Know Your Customer (KYC) Policy. Further, the bank will take necessary action including application of additional measures to manage the ML/TF risks, as advised by RBI time to time. The contents of the policy shall always be read in tandem / with the changes / modifications which may be advised by RBI and / or by PMLA and its amendments / or by any regulators and / or by Bank from time to time. In case of any changes in regulatory guidelines / directions, the Bank’s KYC & AML Policy will be appropriately updated. 2. Purpose: The purpose of the KYC policy is to put in place customer acceptance, identification, ongoing due diligence and risk management procedures for opening of accounts and monitoring transactions in the accounts for detection of transactions of suspicious nature. 3. Objectives of the Policy: To lay down policy framework for abiding by the Know Your Customer Norms and Anti Money Laundering Measure as set out by Reserve Bank of India, based on the recommendations of the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks issued by the Basel Committee on Banking Supervision To prevent the Bank from being used, intentionally or unintentionally, by criminal elements for money laundering activities or terrorists financing activities KYC procedures also enable the Bank to know / understand the customers and their financial dealings better and manage their risks prudently To put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws / laid down procedures and regulatory guidelines To take necessary steps to ensure that the dealing staff is adequately trained in KYC / AML procedures Page 4 of 62 KYC AND AML POLICY F.Y.2023-24 Our KYC policy covers the following areas: ✓ Customer Acceptance Policy ✓ Customer identification Procedures. ✓ Monitoring of Transactions and ✓ Risk Management 4. Scope of the policy: All branches / offices of the Bank shall take all necessary steps to implement this KYC policy and provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, as amended from time to time, including operational instructions issued in pursuance of such amendment(s). 5. Ownership of The Policy: KYC Section, Head-Operations Department will be the owner and shall be responsible for formulating / reviewing / periodic updating of the policy. 6. Definitions: In terms of RBI’s Master Direction on KYC, unless the context otherwise requires, the terms herein shall bear the meanings assigned to them below: A. Terms bearing meaning assigned in terms of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005: i. “Aadhaar number” shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) ii. “Act” and “Rules” means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money- Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto. “Central KYC Records Registry" (CKYCR) means an entity defined under Rule 2(1) (aa) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer iii. “Authentication”, in the context of Aadhaar authentication, means the process as defined under sub- section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. iv. “Certified Copy of OVD” – Obtaining a certified copy by the bank shall mean comparing the copy of officially valid document so produced by the customer with the original and recording the same on the copy by the authorized officer of the branch. Branch Official will also attest the duly signed photograph of the customer. Provided that in case of Non-Resident Indians (NRIs) and Persons of Indian Origin (PIOs), as defined in Foreign Exchange Management (Deposit) Regulations, 2016 {FEMA 5(R)}, alternatively, the original certified copy, certified by any one of the following, may be obtained: Page 5 of 62 KYC AND AML POLICY F.Y.2023-24 Authorized officials of overseas branches of Scheduled Commercial Banks registered in India Branches of overseas banks with whom Indian banks have relationships Notary Public abroad Court Magistrate Judge Indian Embassy / Consulate General in the country where the non-resident customer resides v. “Central KYC Records Registry” (CKYCR) means an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer vi. “Designated Director" means a person designated by the Bank to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules vii. “Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the Bank as per the provisions contained in the Act viii. “Digital Signature” shall have the same meaning as assigned to it in clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000) ix. “Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016 x. “Group” – The term “group" shall have the same meaning assigned to it in clause (e) of sub-section (9) of section 286 of the Income-tax Act,1961 (43 of 1961) xi. “Know Your Client (KYC) Identifier” means the unique number or code assigned to a customer by the Central KYC Records Registry xii. “Non-profit organizations” (NPO) means any entity or organization, constituted for religious or charitable purposes referred to in clause (15) of section 2 of the Income-tax Act, 1961 (43 of 1961), that is registered as a trust or a society under the Societies Registration Act, 1860 or any similar State legislation or a company registered under Section 8 of the Companies Act, 2013. (18 of 2013) xiii. “Officially Valid Document” (OVD) means the passport, the driving license, proof of possession of Aadhaar number, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address Provided that, a. where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India Page 6 of 62 KYC AND AML POLICY F.Y.2023-24 b. where the OVD furnished by the customer does not have updated address, the following documents or the equivalent e-documents thereof shall be deemed to be OVDs for the limited purpose of proof of address: - utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill) property or Municipal tax receipt pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address Letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions, listed companies and leave and license agreements with such employers allotting official accommodation c. Further, at the time of on-boarding of the customer, an undertaking should be obtained from the customer along with AOF / OVDs stating that Customer shall submit his OVD with updated current address within 3 months d. Where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address Explanation: For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name. xiv. “Offline verification” shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) xv. “Person” has the same meaning assigned in the Act and includes: an individual a Hindu Undivided Family a company a firm an association of persons or a body of individuals, whether incorporated or not every artificial juridical person, not falling within any one of the above persons, and any agency, office or branch owned or controlled by any of the above persons xvi. “Principal Officer” means an officer at the management level nominated by the Bank, responsible for furnishing information xvii. “Suspicious transaction” means a “transaction” as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith: a. gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or Page 7 of 62 KYC AND AML POLICY F.Y.2023-24 b. appears to be made in circumstances of unusual or unjustified complexity; or c. appears to not have economic rationale or bona-fide purpose; or d. Gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism. Explanation: Transaction involving financing of the activities relating to terrorism includes transaction involving funds suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organization or those who finance or are attempting to finance terrorism xviii. “Transaction” means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes: a. opening of an account; b. deposit, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means; c. the use of a safety deposit box or any other form of safe deposit; d. entering into any fiduciary relationship; e. any payment made or received, in whole or in part, for any contractual or other legal obligation; or f. Establishing or creating a legal person or legal arrangement. xix. “UCIC” means Unique Customer Identification Code, i.e., unique customer-ID allotted to individual customers while entering into new relationships as well as to the existing customers. All the accounts of an individual customer will be opened under his / her UCIC xx. “Video based Customer Identification Process (V-CIP)”: an alternate method of customer identification with facial recognition and customer due diligence by an authorized official of the Bank by undertaking seamless, secure, live, informed-consent based audio-visual interaction with the customer to obtain identification information required for CDD purpose, and to ascertain the veracity of the information furnished by the customer through independent verification and maintaining audit trail of the process. Such processes complying with prescribed standards and procedures shall be treated on par with face-to-face CIP for the purpose of this Master Direction. B) Terms bearing meaning assigned, unless the context otherwise requires, shall bear the meanings assigned to them below: i. “Common Reporting Standards” (CRS) means reporting standards set for implementation of multilateral agreement signed to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters ii. “Customer” means a person who is engaged in a financial transaction or activity with the Bank and includes a person acting on behalf of the person who is engaged in the transaction or activity, iii. “Walk-in Customer” means a person who does not have an account-based relationship with the Bank, but undertakes transactions with the Bank. iv. “Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner using reliable and independent sources of identification. Page 8 of 62 KYC AND AML POLICY F.Y.2023-24 Explanation: The CDD, at the time of commencement of an account-based relationship or while carrying out occasional transaction of an amount equal to or exceeding rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected, or any international money transfer operations, shall include: a. Identification of the customer, verification of their identity using reliable and independent sources of identification, obtaining information on the purpose and intended nature of the business relationship, where applicable; b. Taking reasonable steps to understand the nature of the customer's business, and its ownership and control; c. Determining whether a customer is acting on behalf of a beneficial owner, and identifying the beneficial owner and taking all steps to verify the identity of the beneficial owner, using reliable and independent sources of identification. v. “Customer identification” means undertaking the process of CDD vi. “FATCA” means Foreign Account Tax Compliance Act of the United States of America (USA) which, inter alia, requires foreign financial institutions to report about financial accounts held by U.S. taxpayers or foreign entities in which U.S. taxpayers hold a substantial ownership interest vii. “IGA” means Inter Governmental Agreement between the Governments of India and the USA to improve international tax compliance and to implement FATCA of the USA viii. “KYC Templates” means templates prepared to facilitate collating and reporting the KYC data to the CKYCR, for individuals and legal entities ix. “Non-face-to-face customers” means customers who open accounts without visiting the branch / offices of the Bank or meeting the officials of Bank x. “Payable-through accounts” The term payable-through accounts refer to correspondent accounts that are used directly by third parties to transact business on their own behalf xi. “On-going Due Diligence” means regular monitoring of transactions in accounts to ensure that those are consistent with Bank’s knowledge about the customers, customers’ business and risk profile, the source of funds / wealth. xii. “Periodic Updation” means steps taken to ensure that documents, data or information collected under the CDD process is kept up-to-date and relevant by undertaking reviews of existing records at periodicity prescribed by the Reserve Bank xiii. “Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions in a foreign country, including the Heads of States / Governments, senior politicians, senior government / judicial / military officers, senior executives of state-owned corporations, important political party officials Customers who are closed relatives of PEPs and accounts of which a PEP is the ultimate beneficial owner. As PEPs under PMLA cover individuals in prominent public functions in a foreign country, the following category of customers has been additionally defined: Page 9 of 62 KYC AND AML POLICY F.Y.2023-24 India Politically Exposed Persons (IPEPs) are individuals who are or have been entrusted with prominent public functions in India, including Heads of States / Governments, senior politicians, senior government / judicial / military officers, senior executives of state-owned corporations, important political party officials xiv. “Bank” means TJSB Sahakari Bank Ltd. and its branches / offices/ Business correspondents xv. “Shell Bank” means a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial group that is subject to effective consolidated supervision. Physical presence means meaningful mind and management located within a country. The existence simply of a local agent or low-level staff does not constitute physical presence xvi. “Wire transfer” means a transaction carried out, directly or through a chain of transfers, on behalf of an originator person (both natural and legal) through a bank by electronic means with a view to making an amount of money available to a beneficiary person at a bank. “Wire transfer” related definitions: a. Batch transfer: Batch transfer is a transfer comprised of a number of individual wire transfers that are being sent to the same financial institutions but may / may not be ultimately intended for different persons b. Beneficiary: Beneficiary refers to a natural or legal person or legal arrangement who / which is identified by the originator as the receiver of the requested wire transfer c. Beneficiary Bank: Means the Bank, which receives the wire transfer from the ordering financial institution directly or through an intermediary Bank and makes the funds available to the beneficiary d. Cover Payment: Cover Payment refers to a wire transfer that combines a payment message sent directly by the ordering financial institution to the beneficiary financial institution with the routing of the funding instruction (the cover) from the ordering financial institution to the beneficiary financial institution through one or more intermediary financial institutions e. Cross-border wire transfer: Cross-border wire transfer refers to any wire transfer where the ordering financial institution and beneficiary financial institution are located in different countries. This term also refers to any chain of wire transfer in which at least one of the financial institutions involved is located in a different country f. Domestic wire transfer: Domestic wire transfer refers to any wire transfer where the ordering financial institution and beneficiary financial institution are located in India. This term, therefore, refers to any chain of wire transfer that takes place entirely within the borders of India, even though the system used to transfer the payment message may be located in another country g. Financial Institution: In the context of wire-transfer instructions, the term ‘Financial Institution’ shall have the same meaning as has been ascribed to it in the FATF Recommendations, as revised from time to time h. Intermediary Bank: Intermediary Bank which handles an intermediary element of the wire transfer, in a serial or cover payment chain and that receives and transmits a wire transfer on behalf of the ordering financial institution and the beneficiary financial institution, or another intermediary financial institution i. Ordering Bank: Ordering Bank, which initiates the wire transfer and transfers the funds upon receiving the request for a wire transfer on behalf of the originator j. Originator: Originator refers to the account holder who allows the wire transfer from that account, or where there is no account, the natural or legal person that places the order with the ordering financial institution to perform the wire transfer k. Serial Payment: Serial Payment refers to a direct sequential chain of payment where the wire transfer and accompanying payment message travel together from the ordering financial institution to the beneficiary financial institution directly or through one or more intermediary financial institutions (e.g., correspondent banks) Page 10 of 62 KYC AND AML POLICY F.Y.2023-24 l. Straight-through Processing: Straight-through processing refers to payment transactions that are conducted electronically without the need for manual intervention m. Unique transaction reference number: Unique transaction reference number refers to a combination of letters, numbers or symbols, determined by the payment service provider, in accordance with the protocols of the payment and settlement system or messaging system used for the wire transfer n. Wire transfer: Wire transfer refers to any transaction carried out on behalf of an originator through a financial institution by electronic means with a view to making an amount of funds available to a beneficiary at a beneficiary financial institution, irrespective of whether the originator and the beneficiary are the same person o. Domestic and cross-border wire transfer: When the originator bank and the beneficiary bank is the same person or different person located in the same country, such a transaction is a domestic wire transfer, and if the ‘originator bank’ or ‘beneficiary bank’ is located in different countries such a transaction is cross-border wire transfer All other expressions unless defined herein shall have the same meaning as have been assigned to them under the Banking Regulation Act, 1949, the Reserve Bank of India Act, 1935, the Prevention of Money Laundering Act, 2002, the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and regulations made thereunder, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be 7. General: Bank’s KYC policy framework should seek to ensure compliance with PML Act/Rules, including regulatory instructions in this regard to provide a bulwark against threats arising from money laundering, terrorist financing, proliferation financing and other related risks. While ensuring compliance of the legal/regulatory requirements as above, Bank continues to consider adoption of best international practices taking into account the FATF standards and FATF guidance notes, for managing risks better. 8. Compliance of KYC Policy: Compliance with KYC Policy is to be ensured through: Branches, Business Correspondents, CPC Department will be responsible for effective implementation of policies and procedures Independent evaluation of the compliance to the Bank’s KYC policies and procedures, including legal and regulatory requirements will be managed by the Audit team Concurrent is in place to verify compliance with KYC / AML policies and procedures Submission of Half Yearly audit notes and compliance to the Board 8.1 Designated Director: Designated Director" means a person designated by the Bank to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and shall include: - Person who holds the position of senior management or equivalent designated as a 'Designated Director' in respect of Cooperative Banks and Regional Rural Banks. Explanation – Page 11 of 62 KYC AND AML POLICY F.Y.2023-24 For the purpose of this clause, the terms "Managing Director" and "Whole-time Director" shall have the meaning assigned to them in the Companies Act, 2013. The Managing Director or a whole-time Director, duly authorized by the Board of Directors The name, designation and address of the Designated Director shall be communicated to the RBI Further, the name, designation, address and contact details of the Designated Director shall also be communicated to the RBI In no case, the Principal Officer shall be nominated as the 'Designated Director' In view of the above amendments Bank has appointed MD and CEO as Designated Director and informed the same to FIU accordingly. 8.2 Principal Officer: i. The Principal Officer shall be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law / regulations ii. The name, designation and address of the Principal Officer shall be communicated to the RBI iii. Further, the name, designation, address and contact details of the Principal Officer shall also be communicated to the RBI A senior management officer shall be designated as Principal Officer. Principal Officer shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. He shall maintain close liaison with enforcement agencies, bank and any other institution which are involved in the fight against money laundering and combating financing of terrorism. The name, designation and address of the Principal Officer shall be communicated to the FIU-IND. Currently, Head Operations is designated as the Principal Officer and his name and contact details have been communicated to FIU-India 9. Key Elements of the Policy: KYC policy is based on following four key elements: ▪ Customer Acceptance Policy; ▪ Risk management. ▪ Customer Identification Procedures; ▪ Monitoring of Transactions 9.1 Customer Acceptance Policy: A Customer Acceptance Policy has been framed by the Bank. Without prejudice to the generality of the aspect that Customer Acceptance Policy may contain, it is to be ensured that: No account is opened in anonymous or fictitious / benami name Page 12 of 62 KYC AND AML POLICY F.Y.2023-24 Not to open an account where the bank is unable to apply appropriate customer due diligence measures, i.e., the bank is unable to verify the identity and / or obtain required documents either due to non-cooperation of the customer or non-reliability of the documents / Information furnished by the customer. The Bank shall consider filing an STR, if necessary, when it is unable to comply with the relevant CDD measures in relation to the customer. Parameters of risk perception are clearly defined in terms of the nature of the business activity, location of customer and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorization of customers into low, medium and high risk Documentation requirements and other information to be collected in respect of different categories of customers depending on perceived risk and keeping in mind the guidelines issued by RBI from time to time No transaction or account-based relationship is undertaken without following the CDD procedure No account is to be opened for persons / entities considered as anti-social / antinational elements. No account is to be opened for persons having a record of fraud, misappropriation, cheating or forgery. No account should be opened for correspondent banks which have not implemented KYC and prevention of money laundering measures Branch Managers should keep themselves well informed about market developments such as failure or adverse publicity regarding any customers / potential customers / bank associates etc.as reported in the press. If any such person / concern of doubtful reputation approaches for opening accounts the request must be re- examined and approved by Regional Head. Opening of Accounts of persons who have adverse reputation / criminal background must be re-examined by branch. After recommendation of Regional Head, it has to be approved from Head – Operation. The decision to open an account for a PEP will be taken by the Regional Head / Operation Head Bank shall seek ‘mandatory’ information required for KYC purpose which the customer is obliged to give while opening an account or during periodic updation. Other ‘optional’ customer details / additional information, if required, may be obtained separately after the account is opened The mandatory information to be sought for KYC purpose at the time periodic updation is listed in detail in this policy titled as “Periodic Updation” Instructions have been amended to clarify that additional information, where such information requirement has not been specified in the internal KYC Policy of the Bank, is obtained with the explicit consent of the customer. Where GST number is available, the same shall be verified through the search / verification facility provided by the issuing authority The CDD procedure is to be applied at the customer level. Thus, if an existing KYC compliant customer of Bank desires to open another account with the same Bank, there is no need for a fresh CDD exercise Page 13 of 62 KYC AND AML POLICY F.Y.2023-24 CDD Procedure is followed for all the joint account holders, while opening a joint account. If the account has a Power of Attorney (POA) holder, then CDD will be done for the POA. For non-individual accounts, the CDD procedure would apply to the entity, the authorized signatories, the BOs and the UBOs The Permanent Account Number (PAN) shall be verified from the verification facility of the issuing authority Circumstances in which a customer is permitted to act on behalf of another person / entity should be clearly spelt out Ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India indicated under UAPA Act (ISIL (Da’esh) & Al-Qaida Sanctions List, Taliban Sanctions List). Screening is done through automated system by matching names in the data of ‘World-Check’ list It is to be ensured that the Customer Acceptance Policy shall not result in denial of banking / financial facility to members of the general public, especially those, who are financially or socially disadvantaged Where Bank forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR with FIU-IND Where an equivalent e-document is obtained from the customer, Bank shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) No account will be opened for shell companies No account will be opened for casinos, gambling companies, Multi-Level Marketing Firms No account will be opened for Money Services Bureaus/ Exchange Houses 9.2 Risk Management: For Risk Management, Bank has adopted risk-based approach which includes the following: Customer Risk categorization ‘Customer Risk’ rating refers to the Money Laundering and terrorist financing risk associated with a particular customer from Bank perspective. The risk rating is based on risk perception assessed by the Bank considering the customer’s profile, social and financial status, products and channels used, account activity, nature of transactions, client’s business, location etc. At client onboarding, customers shall be categorized as low, medium and high-risk category based on the assessment and risk perception of the Bank. As part of ongoing risk management, the risk categorization will be updated if the Bank becomes aware of any adverse media or change in client profile etc. Bank will also reassess the client rating every quarter based on the account activity/ turnover. The risk categorization will also be updated if the Bank identifies any suspicious activity/ behavior of the client/ account The risk categorization of a customer and the specific reasons for such categorization shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer. Page 14 of 62 KYC AND AML POLICY F.Y.2023-24 In case of customer sub type as Minor, risk will be defined as per guardian’s risk profile. For eg. If guardian’s risk profile is in medium category, risk of minor customer will be medium. Low Risk: - Individuals (other than High Net Worth, ) & entities whose identities & source of wealth can be easily identified & transactions in whose accounts by & large are in accordance with the customer profile. Medium & High Risk: - Customers that are likely to pose higher than average risk to the bank depending on customer’s background, nature & location of activity, country of origin, source of funds, client profile etc. An indicative list of different types of customers classified on the basis of risk perception given as under Indicative List of High-Risk Customers i. Individuals or entities listed in the schedule to the order under section 51A of the Unlawful Activities (Prevention) Act, 1967 relating to the purposes of prevention of, and for coping with terrorist activities. ii. Individuals and entities in watch lists issued by Interpol and other similar international organizations iii. Customers with dubious reputation as per public information locally available or commercially available. iv. Individuals and entities specifically identified by regulators, FIU and other competent authorities as high-risk v. Customers conducting their business relationship or transactions in unusual circumstances, such as significant and unexplained geographic distance between vi. the institution and the location of the customer, frequent and unexplained movement of accounts to different institutions, frequent and unexplained movement of funds between institutions in various geographic locations etc. vii. Customers based in high risk countries / jurisdictions or locations as identified by FATF from time to time. vii. Politically exposed persons (PEPs) of foreign origin, customers who are close relatives of PEPs and accounts of which a PEP is the ultimate beneficial owner; viii. India PEPs – politically exposed persons in India ix. Non-resident customers and foreign nationals in High Risk countries x. Accounts of Embassies / Consulates; xi. Off-shore (foreign) corporation / business xii. Non-face-to-face customers xiii. High net worth individuals [HNIs] xiv. Firms with 'sleeping partners' xv. Companies having close family shareholding or beneficial ownership xvi. Complex business ownership structures, which can make it easier to conceal underlying beneficiaries, where there is no legitimate commercial rationale xvii. Shell companies which have no physical presence in the country in which it is incorporated. The existence simply of a local agent or low-level staff does not constitute physical presence xviii. Investment Management / Money Management Company / Personal xix. Investment Company xix. Accounts for "gatekeepers" such as accountants, lawyers, or other professionals for their clients where the identity of the underlying client is not disclosed to the financial institution. xx. Client Accounts managed by professional service providers such as law firms, accountants, agents, brokers, fund managers, trustees, custodians, etc. xxi. Trusts, charities, NGOs / NPOs (especially those operating on a “cross border” basis) unregulated clubs and organizations receiving donations (excluding NPOs / NGOs promoted by United Nations or its agencies) xxii. Money Service Business: including seller of: Money Orders / Travelers Checks / Money Transmission / Check Cashing / Currency Dealing or Exchange Page 15 of 62 KYC AND AML POLICY F.Y.2023-24 xxiii. Business accepting third party checks (except supermarkets or retail stores that accept payroll checks / cash payroll checks) xxiv. Gambling / gaming including “Junket Operators” arranging gambling tours xxv. Dealers in high value or precious goods (e.g. jewel, gem and precious metals dealers, art and antique dealers and auction houses, estate agents and real estate brokers). xxvi. Customers engaged in a business which is associated with higher levels of corruption (e.g., arms manufacturers, dealers and intermediaries. xxvii. Customers engaged in industries that might relate to nuclear proliferation activities or explosives. *No fresh account to be opened if name appears in the list. However, if any existing account is placed in the list subsequently, the same shall be frozen and placed in high risk till its final closure. Indicative List of Medium Risk Customers i. Non-Bank Financial Institution ii. Travel agency iii. Stock brokerage iv. Used car sales v. Import / Export vi. Telemarketers vii. Gas Station viii. Providers of telecommunications service, internet café, IDD call service, phone cards, phone center ix. Car / Boat / Plane Dealership x. Travel agency xi. Electronics (wholesale) xii. Used car sales xiii. Dot-com company or internet business xiv. Sole Practitioners or Law Firms (small, little known) xv. Pawnshops xvi. Notaries (small, little known) xvii. Auctioneers xviii. Secretarial Firms (small, little known) xix. Accountants (small, little known firms) xx. Venture Capital companies xxi. Cash-Intensive Businesses such as restaurants, retail shops, parking garages, fast food stores, movie theatres, etc. List of High / Medium Risk Products & Services i. Electronic funds payment services such as Electronic cash (e.g., stored value and payroll cards), funds transfers (domestic and international), etc. ii. Monetary instruments such as Travelers’ Cheque iii. Electronic banking iv. Foreign correspondent accounts v. Private banking (domestic and international) vi. Trade finance (such as letters of credit) vii. Trust and asset management services viii. Special use or concentration accounts ix. Lending activities, particularly loans secured by cash collateral and marketable securities x. Currency exchange transactions xi. Non-deposit account services such as Non-deposit investment products and Insurance xii. Project financing of sensitive industries in high-risk jurisdictions xiii. Transactions undertaken for non-account holders (occasional customers) xiv. Trade finance services and transactions involving high-risk jurisdictions Page 16 of 62 KYC AND AML POLICY F.Y.2023-24 xv. Provision of safe custody and safety deposit boxes xvi. Services offering anonymity or involving third parties xvii. Services offering cash, monetary or bearer instruments; cross-border transactions, etc. xviii. Services involving banknote and precious metal trading and delivery High / Medium Risk Geographic risk i. The customer should be subjected to higher due diligence if following criteria falls under “high-risk” geographies Country of nationality (individuals) Country of residential address (individuals) Country of incorporation (legal entities) Country of residence of principal shareholders / beneficial owners (legal entities) Country of business registration such as branch / liaison / project office Country of source of funds Country of the business or correspondence address Country with whom customer deals (e.g. 50% of business – trade, etc.) Apart from the risk categorization of the countries, branches / offices should categorize the geographies / locations within the country on both Money Laundering (ML) and Financing Terrorism (FT) risk. Indicative List of High / Medium Risk Geographies A. Countries / Jurisdictions i. Countries subject to sanctions, embargos or similar measures in the United Nations Security Council Resolutions (“UNSCR”). ii. Jurisdictions identified in FATF public statement as High Risk jurisdictions having significant strategic deficiencies in their regimes to counter money laundering and terrorist financing (ML/TF) risks (www.fatf-gafi.org). Democratic People’s Republic of Korea Iran iii. Jurisdictions identified in FATF public statement as jurisdictions with increased monitoring as these countries are actively working with FATF to address the deficiencies in their regimes to counter ML/ TF risks. (www.fatf-gafi.org). Jurisdictions under increase monitoring (Grey list) Albania Barbados Bulgaria Burkina Faso Cameroon Cayman Islands Democratic Republic of Congo Croatia Gibraltar Haiti Jamaica Jordan Mali Mozambique Nigeria Panama Philippines Senegal South Africa South Sudan Syria Tanzania Türkiye Uganda United Arab Emirates Vietnam Yemen *The risk category under grey list countries will be Medium and risk for the countries under black list will be high iv. Tax havens or countries those are known for highly secretive banking and corporate law practices. Page 17 of 62 KYC AND AML POLICY F.Y.2023-24 B. Locations i. Locations within the country known as high risk for terrorist incidents or terrorist financing activities (e.g. sensitive locations / cities and affected districts eg Jammu and Kashmir, North east, Naxal affected districts) ii. Locations identified by credible sources as having significant levels of criminal, terrorist, terrorist financing activity. iii. Locations identified by the bank as high-risk because of its prior experiences, transaction history, or other factors. Risk categorization at onboarding / periodic updation Bank will consider a combination of parameters such as client’s legal status, financial status, profession/ business of the entity, location, PEP status etc to determine the risk classification. This will have to be done manually and updated on the system A. Customer Type - INDIVIDUAL 1. Customer Sub Type: Individual Customer Sub Type Individual Non-Resident Risk Type Indian (NRI) PEP/Relative of PEP YES HIGH PEP/Relative of PEP YES HIGH HNI YES HIGH (Operational Handling) HNI YES HIGH (Operational Handling) Sensitive Location (Black Countries) YES HIGH (Operational Handling) Sensitive Location (Grey Countries) YES MEDIUM (Operational Handling) 2. Profession: System will be calculating Risk for Individuals on basis of following criteria: a. Customer Sub Type b. Profession whichever is higher *In case of profession (nature of business), same needs to be compare with industry sub type. Risk category whichever is higher in both cases to be applied. Same needs to be handled operationally. B. Customer Type – NON-INDIVIDUAL/ENTITY/COMPANY/CORPORATE System will be calculating Risk for Non-Individuals/Entities on basis of following criteria: a. Customer Sub Type b. Industry Sub Type (Nature of Business) whichever is higher. Page 18 of 62 KYC AND AML POLICY F.Y.2023-24 Customer Registered Unregistered Credit Consumer Employee Subtype Housing Co Housing Co Op Society Credit Society Credit Society Op Society Society Risk Low Low HIGH Depends on Depends on Documents Documents (Operational (Operational Handling) Handling) Any Authorized HIGH HIGH HIGH HIGH HIGH Signatory/BO/UBO is PEP *Any Authorized Signatory/BO/UBO is NRI, then Risk will be calculated as per Risk of NRI (Individual) and should be operationally handled. **Partnership firms with sleeping partners, risk to be mark as high (Operationally handled). ***Partnership firm under vintage parameter with less than one-year risk to be mark as Medium (Operationally handled). Customer Sub Type Risk Type Trust/NGO Depends on Documents (Operational Handling) Association of Persons Depends on Documents (Operational Handling) Government HIGH (Operational Handling) 9.2.1 Money Laundering and Terrorist Financing Risk Assessment by Bank: a) Bank shall carry out Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment exercise not less than once in a year to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc. The assessment process will consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, Bank will take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator / supervisor may share with the Bank from time to time. b) The risk assessment by the Bank shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of activities/structure, etc. of the Bank. Further, the periodicity of risk assessment exercise shall be determined by the Board. In alignment with the outcome of the risk assessment exercise. However, it should be reviewed at least annually. c) The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated, and should be available to competent authorities and self-regulating bodies. At present, the powers are delegated to Audit and Ethics Committee, where the outcome of the exercise shall be put up. Bank shall apply a Risk Based Approach (RBA) for mitigation and management of the risks (identified on their own or through national risk assessment) and should have Board approved policies, controls and procedures in this regard. Bank shall implement a CDD program, having regard to the ML/TF risks identified and the size of business. Further, Bank shall monitor the implementation of the controls and enhance them if necessary. Submission of annual review on internal risk assessment of money laundering and terrorist financing (ML/TF) to Audit and Ethics Committee Page 19 of 62 KYC AND AML POLICY F.Y.2023-24 9.3 Customer Identification Procedure (CIP): Identification of a customer is an important pre-requisite for opening of an account. No account is opened for any person without verification of the identity of the person. Careless handling of the matter may give room for undesirable customers to commit frauds, misappropriation and deceive the general public. Customer identification means identifying the customer and verifying his / her identity by using reliable independent source documents, data or information. Customer Identification Procedure to be carried out at different stages i.e. The Branches need to obtain sufficient information necessary to establish, to their satisfaction, the identity of each new customer and the purpose of the intended nature of banking relationship Due diligence is to be observed based on the risk profile of the customer in compliance with the extant guidelines in place a) For customers who are natural persons, the branches should obtain sufficient identification data to verify the identity of the customer, i.e., his / her valid id and address proof and also his / her recent photograph. b) For customers who are legal persons or entities, the branches should i. verify the legal status of the legal person / entity through proper and relevant documents, ii. verify that any person purporting to act on behalf of the legal person / entity is so authorized and identify and verify the identity of that person and iii. understand the ownership and control structure of the customer and determine natural persons who ultimately control the legal person (Identification of Beneficial Owner / ultimate beneficial owner) Bank needs to undertake identification of customers in the following cases: Commencement of an account-based relationship with the customer When there is a doubt about the authenticity or adequacy of the customer identification data obtained When banks sell third party products as agents While selling banks’ own products, travel cards/reloading of travel cards and any other product for more than Rs. 50,000 / - Carrying out transactions for a non-account-based customer, that is a walk-in customer, whether conducted as a single transaction or several transactions that appear to be connected When Bank has a reason to believe that a customer (account-based or walk in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand It is to be ensured that introduction is not to be sought while opening account Carrying out any international money transfer operations for a person who is not an account holder of the Bank Page 20 of 62 KYC AND AML POLICY F.Y.2023-24 For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, Bank shall rely on customer due diligence done by a third-party subject to the following conditions: - a. Records or the information of the customer due diligence carried out by the third party is obtained immediately from the third party or from the Central KYC Records Registry b. Adequate steps are taken by bank to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay c. The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act d. The third party shall not be based in a country or jurisdiction assessed as high risk e. The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the bank f. The approval of appointment of third-party agency to be done by Board / Committee of Board and subject to compliance of procedure / terms as per its approval. 9.3.1 Beneficial Owner (BO): For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) shall be identified and all reasonable steps to verify his / her identity shall be undertaken keeping in view the following: a) Where a customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical persons, has / have a controlling ownership interest or who exercise control through other means: “Controlling ownership interest” means ownership of / entitlement to more than 10 percent of the shares or capital or profits of the company “Control” shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements b) Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has / have ownership of / entitlement to more than 10 percent of capital or profits of the partnership or who exercises control through other means. Explanation: “Control” shall include the right to control the management or policy decision. c) Where the customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has / have ownership of / entitlement to more than 15 percent of the property or capital or profits of the unincorporated association or body of individuals. Explanation: Term ‘body of individuals’ includes societies. Where no natural person is identified above, the beneficial owner is the relevant natural person who holds the position of senior managing official. Page 21 of 62 KYC AND AML POLICY F.Y.2023-24 d) Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership. Identification of Beneficial Owner: a) Where the customer or the owner of the controlling interest is (i) an entity listed on a stock exchange in India, or (ii) it is an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions, or (iii) it is a subsidiary of such listed entities; it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities. b) Fiducial Transactions: Extra Care must be taken where the accounts are opened through mandate. If the account is opened and operated by “A” for the sake of “B” (the account holder), the identity of “A & B” must be thoroughly checked and the underlying purpose for such an arrangement must be got satisfied by the Branch Manager that there is nothing unusual or suspicious about such arrangement. Such operation by a person for the sake of the customer / beneficial owner is permissible in the following cases: - a. In the case of a family member first degree relatives i.e. father, mother, sister etc., holding letter of authority. b. In the case of a near relatives authorized by a duly executed Power of Attorney. c. In the case of an official of a company authorized by Board Resolution (the authorised person himself should not be a signatory to the resolution). d. Investment Consultant of an NRI customer holding a properly executed power of attorney. e. Any partner of the firm, if a letter of partnership (in lieu of partnership deed / our printed form is taken) signed by all the partners. f. If a partnership deed has been taken, the partner as authorized and to the extent authorized by the deed to be permitted to operate the account. g. A Trustee in terms of the Trust Deed and to the extent permitted by the Deed. 9.3.2 Customer Due Diligence Procedure: 9.3.2a CDD Procedure in case of Individuals: For undertaking CDD, Bank shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorized signatory or the power of attorney holder related to any legal entity: i. A certified copy of any OVD containing details of his identity and address ii. One recent colored photograph (Clear, passport size) iii. The KYC Identifier with an explicit consent to download records from CKYCR iv. KYC Identifier under clause above, the Bank shall retrieve the KYC records online from the CKYCR in accordance with Section 56. v. The Permanent Account Number or Form No. 60 as defined in Income-tax Rules, 1962, and Provided that, Page 22 of 62 KYC AND AML POLICY F.Y.2023-24 a) Banks shall obtain the Aadhaar number from an individual who is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016). Banks, at receipt of the Aadhaar number from the customer may carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India upon receipt of the customer’s declaration. b) Banks may carry out Aadhaar authentication / offline-verification of an individual who voluntarily uses his Aadhaar number for identification purpose. Further, the Bank other than banks may carry out offline verification of a customer if he is desirous of undergoing Aadhaar offline verification for identification purpose. c) Where a customer has provided his Aadhaar number under section-16(c.I.i) of Master Direction - Know Your Customer (KYC) Direction, 2016 for identification and wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository, he may give a self- declaration to that effect to the Regulated Entity. d) In cases where successful authentication has been carried out, other OVD need not be submitted by the customer. e) Provided further that in case e-KYC authentication cannot be performed for an individual desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 owing to injury, illness or infirmity on account of old age or otherwise, and similar causes, Bank shall, apart from obtaining the Aadhaar number, perform identification preferably by carrying out offline verification or alternatively by obtaining the certified copy of any other OVD from the customer. f) CDD done in this manner shall invariably be carried out by an official of the Bank and such exception handling shall also be a part of the concurrent audit as mandated in Section 8. Bank shall ensure to duly record the cases of exception handling in a centralized exception database. The database shall contain the details of grounds of granting exception, customer details, name of the designated official authorizing the exception and additional details, if any. The database shall be subjected to periodic internal audit / inspection by the Bank and shall be available for supervisory review. Explanation 1: Bank shall, where its customer submits his Aadhaar number, ensure such customer to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act. Explanation 2: Biometric based e-KYC authentication can be done by bank official / business correspondents / business facilitators. Explanation 3: The use of Aadhaar, proof of possession of Aadhaar etc., shall be in accordance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act, the Aadhaar and Other Law (Amendment) Ordinance, 2019 and the regulations made thereunder. Page 23 of 62 KYC AND AML POLICY F.Y.2023-24 g) Accounts opened using Aadhaar OTP based e-KYC, in non-face-to-face mode are subject to the following conditions: i. There must be a specific consent from the customer for authentication through OTP ii. As a risk-mitigating measure for such accounts, Bank shall ensure that transaction alerts, OTP, etc., are sent only to the mobile number of the customer registered with Aadhaar iii. A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be opened using OTP based KYC in non-face-to-face mode with any other Bank. Further, while uploading KYC information to CKYCR, Bank shall clearly indicate that such accounts are opened using OTP based e-KYC and other Bank shall not open accounts based on the KYC information of accounts opened with OTP based e-KYC procedure in non-face-to-face mode. Declaration shall be obtained from the customer to the effect that no other account has been opened iv. Bank shall have strict monitoring procedures including systems to generate alerts in case of any non- compliance / violation, to ensure compliance with the above-mentioned conditions Enhanced Due Diligence for individuals as High/ Medium Risk at Onboarding If the individual to be onboarded is categorized as High/ Medium Risk, then enhanced due diligence needs to be carried out. 9.3.3 V-CIP: h) Banks may undertake V-CIP to carry out: i. CDD in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorized signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers. Provided that in case of CDD of a proprietorship firm, Bank shall also obtain the equivalent e-document of the activity proofs with respect to the proprietorship firm, as mentioned under CDD Measures for Sole Proprietary firms, apart from undertaking CDD of the proprietor. ii. Conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC authentication as per Section 17. iii. Periodic updation of KYC for eligible customers. Bank opting to undertake V-CIP, shall adhere to the following minimum standards: ❖ V-CIP Infrastructure Bank should have complied with the RBI guidelines on minimum baseline cyber security and resilience framework for banks, as updated from time to time as well as other general guidelines on IT risks. The technology infrastructure should be housed in own premises of the Bank and the V-CIP connection and interaction shall necessarily originate from its own secured network domain. Any technology related outsourcing for the process should be compliant with relevant RBI guidelines. Where cloud deployment model is used, it shall be ensured that the ownership of data in such model rests with the Bank only and all the data including video recording is transferred to the Bank’s exclusively owned / leased server(s) including cloud server, if any, immediately after the V-CIP process is completed and no data shall be retained by the cloud service provider or third-party technology provider assisting the V-CIP of the Bank. Page 24 of 62 KYC AND AML POLICY F.Y.2023-24 The Bank shall ensure end-to-end encryption of data between customer device and the hosting point of the V-CIP application, as per appropriate encryption standards. The customer consent should be recorded in an auditable and alteration proof manner. The V-CIP infrastructure / application should be capable of preventing connection from IP addresses outside India or from spoofed IP addresses. The video recordings should contain the live GPS co-ordinates (geo-tagging) of the customer undertaking the V-CIP and date-time stamp. The quality of the live video in the V-CIP shall be adequate to allow identification of the customer beyond doubt. The application shall have components with face liveness / spoof detection as well as face matching technology with high degree of accuracy, even though the ultimate responsibility of any customer identification rests with the Bank. Appropriate artificial intelligence (AI) technology can be used to ensure that the V-CIP is robust. Based on experience of detected / attempted / ‘near-miss cases of forged identity, the technology infrastructure including application software as well as work flows shall be regularly upgraded. Any detected case of forged identity through V-CIP shall be reported as a cyber event under extant regulatory guidelines. The V-CIP infrastructure shall undergo necessary tests such as Vulnerability Assessment, Penetration testing and a Security Audit to ensure its robustness and end-to-end encryption capabilities. Any critical gap reported under this process shall be mitigated before rolling out its implementation. Such tests should be conducted by suitably accredited agencies as prescribed by RBI. Such tests should also be carried out periodically in conformance to internal / regulatory guidelines. The V-CIP application software and relevant APIs / web services shall also undergo appropriate testing of functional, performance, and maintenance strength before being used in live environment. Only after closure of any critical gap found during such tests, the application should be rolled out. Such tests shall also be carried out periodically in conformity with internal / regulatory guidelines. ❖ V-CIP Procedure Bank shall formulate a clear work flow and standard operating procedure for V-CIP and ensure adherence to it. The V-CIP process shall be operated only by officials of the Bank specially trained for this purpose. The official should be capable to carry out liveliness check and detect any other fraudulent manipulation or suspicious conduct of the customer and act upon it. Disruption of any sort including pausing of video, reconnecting calls, etc., should not result in creation of multiple video files. If pause or disruption is not leading to the creation of multiple files, then there is no need to initiate a fresh session by the Bank. However, in case of call drop / disconnection, fresh session shall be initiated. The sequence and / or type of questions, including those indicating the liveness of the interaction, during video interactions shall be varied in order to establish that the interactions are real-time and not pre-recorded. Any prompting, observed at end of customer shall lead to rejection of the account opening process. Page 25 of 62 KYC AND AML POLICY F.Y.2023-24 The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the name appearing in some negative list should be factored in at appropriate stage of work flow. The authorized official of the Bank performing the V-CIP shall record audio-video as well as capture photograph of the customer present for identification and obtain the identification information using any one of the following: ✓ OTP based Aadhaar e-KYC authentication ✓ Offline Verification of Aadhaar for identification ✓ KYC records downloaded from CKYCR, in accordance with Section 56, using the KYC identifier provided by the customer ✓ Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through Digi locker iv. Bank shall ensure to redact or blackout the Aadhaar number in terms of Section 16. In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than three working days from the date of carrying out V-CIP. v. Further, in line with the prescribed period of three working days for usage of Aadhaar XML file / Aadhaar QR code, Bank shall ensure that the video process of the V-CIP is undertaken within three working days of downloading / obtaining the identification information through CKYCR / Aadhaar authentication / equivalent e-document, if in the rare cases, the entire process cannot be completed at one go or seamlessly. However, Bank shall ensure that no incremental risk is added due to this. vi. If the address of the customer is different from that indicated in the OVD, suitable records of the current address shall be captured, as per the existing requirement. It shall be ensured that the economic and financial profile / information submitted by the customer is also confirmed from the customer undertaking the V-CIP in a suitable manner. vii. The Authorized officer of Bank shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority including through Digi locker. viii. Use of printed copy of equivalent e-document including e-PAN is not valid for the V-CIP. ix. The authorized official of the Bank shall ensure that photograph of the customer in the Aadhaar / OVD and PAN / e-PAN matches with the customer undertaking the V-CIP and the identification details in Aadhaar / OVD and PAN / e-PAN shall match with the details provided by the customer. x. Assisted V-CIP shall be permissible when banks take help of Banking Correspondents (BCs) facilitating the process only at the customer end. Banks shall maintain the details of the BC assisting the customer, where services of BCs are utilized. The ultimate responsibility for customer due diligence will be with the bank. xi. All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process and its acceptability of the outcome. xii. All matters not specified under the paragraph but required under other statutes such as the Information Technology (IT) Act shall be appropriately complied with by the RE. Page 26 of 62 KYC AND AML POLICY F.Y.2023-24 ❖ V-CIP Records and Data Management i. The entire data and recordings of V-CIP shall be stored in a system / system located in India. Bank shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp that affords easy historical data search. The extant instructions on record management, as stipulated in the MD issued by RBI, shall also be applicable for V-CIP. ii. The activity log along with the credentials of the official performing the V-CIP shall be preserved 9.3.4 Small Accounts: A 'Small Account' means a savings account which is opened in terms of sub rule (5) of rule 9 of the PML Rules, 2005. For persons who are not able to provide normal KYC, in case an individual customer who does not possess any of the OVDs and (Notwithstanding anything contained in Section 16 and as an alternative thereto, in case an individual) desires to open a bank account, banks shall open a ‘Small Account’, which entails the following limitations: The aggregate of all credits in a financial year does not exceed rupees one lakh; The aggregate of all withdrawals and transfers in a month does not exceed rupees ten thousand; and The balance at any point of time does not exceed rupees fifty thousand. Provided, that this limit on balance shall not be considered while making deposits through Government grants, welfare benefits and payment against procurements. Further, small accounts are subject to the following conditions: i. The bank shall obtain a self-attested photograph from the customer. ii. The designated officer of the bank certifies under his signature that the person opening the account has affixed his signature or thumb impression in his presence. iii. Provided that where the individual is a prisoner in a jail, the signature or thumb print shall be affixed in presence of the officer in-charge of the jail and the said officer shall certify the same under his signature and the account shall remain operational on annual submission of certificate of proof of address issued by the officer in-charge of the jail. iv. Such accounts are opened only at Core Banking Solution (CBS) linked branches or in a branch where it is possible to manually monitor and ensure that foreign remittances are not credited to the account. v. Banks shall ensure that the stipulated monthly and annual limits on aggregate of transactions and balance requirements in such accounts are not breached, before a transaction is allowed to take place. vi. The account shall remain operational initially for a period of twelve months which can be extended for a further period of twelve months, provided the account holder applies and furnishes evidence of having applied for any of the OVDs during the first twelve months of the opening of the said account. vii. The entire relaxation provisions shall be reviewed after twenty-four months. Page 27 of 62 KYC AND AML POLICY F.Y.2023-24 viii. Notwithstanding anything contained in above clauses (vi and vii), the small account shall remain operational between April 1, 2020 and June 30, 2020 and such other periods as may be notified by the Central Government ix. The account shall be monitored and when there is suspicion of money laundering or financing of terrorism activities or other high-risk scenarios, the identity of the customer shall be established as per Section 16 or Section 18 x. Foreign remittance shall not be allowed to be credited into the account unless the identity of the customer is fully established as per Section 16 or Section 18 KYC verification once done by one branch / office of the Bank shall be valid for transfer of the account to any other branch / office of the Bank, provided full KYC verification has already been done for the concerned account and the same is not due for periodic updation. 9.3.2b CDD Measures for Sole Proprietary firms: For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out. In addition to the above, any two of the following documents as a proof of business / activity in the name of the proprietary firm shall also be obtained: i. Registration certificate including Udyam Registration Certificate (URC) issued by the Government ii. Certificate / license issued by the municipal authorities under Shop and Establishment Act iii. GST certificate (final) iv. Certificate / registration document issued by Professional Tax authorities v. IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT / License / certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute. vi. Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated / acknowledged by the Income Tax authorities. vii. Utility bills such as electricity, water and landline telephone bills etc. (For address proof only, to be taken along with any one of the above documents) In cases where the Bank is satisfied that it is not possible to furnish two such documents, Bank may, at their discretion, accept only one of those documents as proof of business / activity. (This document cannot be a utility bill) Branch should undertake contact point verification of the business address and collect such other information and clarification as would be required to establish the existence of such firm, and shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern. Page 28 of 62 KYC AND AML POLICY F.Y.2023-24 9.3.2c CDD Measures for Legal Entities: i. For opening an Account of a partnership firm, the certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: For opening an account of a partnership firm, the certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: a. Registration certificate b. Registered Partnership deed c. Permanent Account Number of the partnership firm d. Registered Power of attorney if any e. Documents as specified in Section 16, relating to beneficial owners, managers, officers or employees, as the case may be, holding an attorney to transact on its behalf f. The names and OVDs of all the partners and g. Address of the registered office, and the principal place of its business, if it is different ii. For opening an Account of Limited Liabilities Partnership, certified copies of each of the following documents shall be obtained: a. Copy of Limited Liability Partnership Agreement signed by all the partners b. Certified copy of incorporation documents filled with Registrar of companies c. Certificate issued by Registrar of Companies d. Pan card of the firm e. Registered Power of attorney if any with OVDs of POA holder f. List and OVDs of all existing designated partners & designated partner identification number (DPIN) issued by the Central Government on letter head g. List and OVDs of authorized signatories (if any) h. Address proof of the entity i. Board Resolution j. The registered office and the principal place of its business, if it is different. iii. For opening an account of a company, certified copies of each of the following documents or the equivalent e- documents shall be obtained: a. Certificate of incorporation b. Certificate of Commencement of Business (for Public Ltd Mand

KYC and AML Policy 2023-24 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue