KYC Know Your Customer Definition Know Your Customer

KYC- Know Your Customer Definition Know Your Customer is the process of verifying the identity of customer. The objective of KYC guidelines is to prevent banks from being used by criminal elements for Money Laundering or terrorist financing activities.

Purpose • KYC enables banks to better understand their customers & their financial dealings. • This helps banks to manage their risks in a welljudged manner. • KYC guidelines are issued by – a) Financial Action Task Force(FATF) b) Anti Money Laundering(AML) c) Combating Financing of Terrorism (CFT).

Officially Valid Documents (OVD) Passport Aadhaar card Driving license PAN – Permanent Account Number. Voters Identity Card Pan Card of NREGA (National Rural Employment Guarantee Act 2005) • Photo identity – issued by Govt. PSU, Scheduled commercial Banks or certified by a gazetted officer – with attestation. • • •

KYC Policy a) b) c) d) Customer Acceptance Policy (CAP) Customer Identification Policy (CIP) Monitoring of Transactions Risk Management

Customer Acceptance Policy (CAP) • No account be opened in or fictitious name. • Risk measurement -Business Activity, its location, their client base, mode of payment turnover, financial & social status etc. • Information &Documents to be collected from different Customers. • Not to open a/c in doubted cases. • Person’s identity – when account is operated by PA (Power of Attorney) holder. • Observance of RBI’s Sanction list. • CAP should not aim at serial of Banking facilities to public in general.

Customer Identification Procedure (CIP) • Due diligence & customer identification procedure to be carried out at different stages. a) While establishing Banking Relationship. b) While carrying out financial Transactions. c) Bank is doubted about identity. d) Sale of third party products by bank as agent. e) Any sale to customer beyond 50, 000/- owned or any other product. f) Carrying out transactions for non customer exceeds 50, 000/g) Walk in transactions below 50, 000/-.

Centralized KYC • • • Most of the banks are going for centralised KYC – to eliminate RISK. KYC- cell – on time information. Scanned copies of documents. Delay in opening the a/c.

Customer Due Diligence Requirement (CDD) • Individuals • Certified copy of Officially Valid Documents(OVD) • Identification person • Verification of Address Proof.

Small Accounts • No strict compliance of KYC- provided 1. In a financial year credits does not exceed Rs. 1 Lac. 2. Total of withdrawals &transfer does not exceed Rs. 10, 000/- in a month. 3. Balance does not exceed 50, 000/-

No frill Accounts • An account opened and maintained with “Zero” balance. – Financial Inclusion. • Frills means – Services • Facilities offered to the a/c are limited. • BSBDA – Basic Savings Bank Deposit Account. • As per RBI circular dt. 10 -8 -2012. • Meant for Low Income Individuals. • Deposits 2 -3 times withdrawal 2 -3 times a month.

PEP – Politically Exposed Persons • “who has been entrusted with prominent public function”. • All level politicians – Z. P. , Municipality Corporation, • Legislative Council/Assembly, Member of parliamentso on &so forth • Prominent place – may make them vulnerable to corruption. The immediate family members & known close associates are also coming under the preview. • Monitor a/c – on going process. • Watch conversion of regular a/c into PEP.

Sole Proprietary Concern a) Registration Certificate/ Shop Act Licence. b) Required Licence to transact if any (firecrackers) c) Income Tax Returns d) GST Registration.

Partnership Firm a) b) c) d) Partnership Deed Registration Certificate KYC of all individual partners. GST Registration.

Company -under Co. ’s Act a) Memorandum &Article of Association b) Certificate of Incorporation. c) Resolution to open an account &authority to operate. d) KYC of Directors/Executives/officials who are authorised to transact.

Trust / Club a. Trust Deed / Club Regulations b. Registration Certificate – charity Commissioner. c. KYC of persons authorised to transact.

Risk Categorization • Low risk – teachers, farmers, salaried employees. • Medium Risk - Professionals, businessmen with volatile income. • High Risk – Politicians , Share brokers, businessmen dealing in higher risk countries. • KYC – Up dations • Low Risk – 10 Years • Medium Risk – 8 years • High Risk – 2 years.

Non compliance of KYC/Up dations. • Partial Freezing – allow credits only. • Partial freezing – 3 months notice • Partial freezing a/c be made “in operative “. • If compliance not made within 6 months. • Bank can close such non compliant a/c after issuing necessary notice. • Simplified norms for SHGS 1. KYC for all group members 2. KYC required only for office – bearers.

UCIC – Unique Customer Identification code. • Mandatory – RBI notification 26 -6 -2014. • To all Commercial Banks & subsequently to all Coop. Banks. • All accounts at all branches – collectively assessed. • Reduces AML risk. • Collective review of all a/cs can be taken. • Compliance be verified in Internal/ Concurrent Audits.

KYC for RTGS / NEFT • Account of Co-op. Societies – obtain an undertaking from that the KYC of their customers availing this facility, is properly done. • Non- customers – identity , customer profile ; • Financial & Social background. • Nature of business, location etc.

2. Policy on Central KYC Records Registry (CKYCR) The Government has vide a notification dated 7 -7 -2015, amended the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 for setting

Need for C-KYC Registry • It is a centralized repository of KYC records of customers in the financial sector with uniform KYC norms & inter-usability of the KYC records across the sector with an objective to reduce the burden of producing KYC documents & getting those verified every time when the customers creates a new relationship with a financial entity.

Timelines for the KYC records to be uploaded • As per PML(Maintenance of Records) • Amendment Rules, 2015, entity should within 3 days after the commencement of an Accountbased relationship with a client file the electronic copy of the client’s KYC records with the Central KYC Registry.

All individual investors of mutual funds are now required to fulfill KYC requirements as per Central KYC norms before 9 -2 -2017. • C-KYC in Banking started from 1 -2 -2017. • C-KYC is Mandatory in banking from 25 -92017.

Salient features of central KYC Registry: a) User friendly web portal b) Unique KYC Identifier linked with independent ID proofs c) KYC data and documents stored in a digitally secure electronic format d) Secure and advanced user authentication mechanisms for system access e) Data de duplication to ensure single KYC identifier per applicant f) ID authentication with issuing authorities like Aadhaar/ PAN etc. g) Substantial cost reduction by avoiding multiplicity of registration and data upkeep h) Real time notification to institutions on up dation in KYC details i) Regulatory reports to monitor compliance.

OPERATING GUIDELINES TO THE REPORTING ENTITIES

Operating Guidelines to the Reporting Entities a) Central KYC Registry application can be accessed by registered /authorized institutions or other notified institutions under the Prevention of Money Laundering Act or rules framed by the Government of India or any Regulator(RBI, SEBI, IRDA and PFRDA)there under. b) Every reporting entity has to register itself on the Central KYC Registry portal(https: //www. ckycindia. in) with 2 Primary Users who in turn can create more users (makers and checkers).

A. Registration • Registration process entails the following: i. Entry of the requisite details on the registration screen by the Nodal Officer/Authorized Signatory of the reporting entity and online submission of the same. ii. Upon submission , reference ID will be generated an email shall be sent to Nodal Officer/Authorized Signatory’s registered email ID. Reporting entity can check the current registration status on the CKYC Portal by the reference number generated.

iii)Duly signed form along with following supporting documents shall be sent to Central KYC Registry: Duly signed institution registration form. Regulator License/Certificate/Notification. PAN Card of the entity. Corporate Identification Number (in case regulator issues multiple licenses to an entity) • Authorization letter by Competent Authority for Admin users • Certified copy of photo identity card of the Admin users issued by the institution • Certified copy of the proof of the identity of the Admin users • •

After verification of the documents , Central KYC Registry’s administrator will authorize the request for registration of entity. • In case of discrepancies, Registry’s administrator shall put the request on hold till the discrepancies are rectified. • Upon successful registration , user credentials will be emailed to the Admin and Co-Admin users.

• User ID and a link for generation of password will be provided to the users on their registered email. For password generation , the reporting entity admin user will be required to click on the link provided in e-mail. The link will direct the user to the screen for password generation / reset where the user has to enter the registered mobile number. Upon authentication of the mobile 7. • Number an OTP will be sent to the user via SMS which needs to be entered on the screen and then user may reset the password.

Access hierarchy: • The Admin / Co-Admin users of the institutions may create Maker/Checker users as per their institution’s requirement. • Institution - Admin – User • Region - Admin – User • Branch - Admin – User • All activities e. g. creation/ deactivation of users, creation/ up dation of KYC records , fee payments etc. require Maker-Checker process. • Digital Signature : a) Every reporting entity can have access to CKYCR portal through digital signature. b) Digital Signature is validated each time. c) Type of Digital Signature required is Class II or class III d) For Digital Signature refer the utility along with instruction

Test bed Environment: a) Before getting approval from CERSAI( Central Registry of Securitization Asset Reconstruction and Security Interest) of India live environment, all procedure should be done in test bed &verified according to test bed check list. b) After online application for FI registration , e-mail will be sent to both administrators c) In the email , there will containing a link for generation OTP which will help to generate the admin. d) After that again log in have to do at http: //testbed. ckycindia. in test bed site along with Digital signature. e) In the test bed, all date except assignment of user ID will be dummy for testing purpose in order to get familiar with requirement. f) After completing all the functionalities , live environment will come in play from www. ckycindia. in

SFTP Access(Secure File Transfer Protocol) • Sftp access is provided to reporting entities to upload/download files over a secure connection. B. Capturing &upload of KYC Record a) i. The data can be captured as per the common KYC template form or institution account opening form can be modified. ii. It is to be uploaded on the Central KYC portal along with the scanned copy of the supporting documents(Pol/Po. A). for an individual record , the signature and photograph is to be cropped separately and uploaded.

iii) Different template for individual and legal entity iv) Various account types for individuals Normal, Simplified and Small. • The account type can be identified from the nomenclature of CKYC identifier issued to the customer. q For normal account , any of six officially valid documents (PAN, AADHAAR, Voter ID , Passport , Driving licence NREGA Job Card) can be submitted for the ID of the customer. q For simplified Measures Account , there additional OVDs that are allowed as per RBI Circular RBI/201516/42 dated July 1, 2015 – Point no. 2. 3(i)&(ii) and point 3. 2. 2 I. A(iv) & (v).

• The KYC identifier for Simplified Measures Account will have a prefix “L”. • OVD • For POI- identity card issued by SG/CG/Govt. co. or letter issued by Gazette officer • POA – utility bill , pension letter issued by Govt dept, Municipal tax receipts etc. q. For Small Account types only personal details and photograph duly certified by the customer are required to be submitted.

• For Small Accounts : Balance not to exceed at any point of time Rs. 50000/ • Total Credit in one year should not exceed Rs. 1. 00 lakhs. • Total withdrawal and transfers should not exceed Rs. 10000/-in a month. • The KYC Identifier for Small Account will have a prefix “S”.

b) The specifications for scanning the supporting documents and photograph are stated below : ” i) Document should be scanned in grey-scale with a scanning resolution of 150 -200 DPI. a) Photograph must be a recent passport size , preferably in colour. However , scanning has to be in colour mode. b) Dimensions 200*230 pixels c) Size of photograph should be between 20 kb-50 kb. i. ii. Acceptable file format : . tif’ , . tiff’ , . pdf’ , . jpeg, . jpg’ File size (maximum limit): 350 kb for individual KYC record.

• c) The reporting entity can bulk upload the KYC details and scanned images. Images for each record will be required to be zipped separately. The master zip file will be digitally signed by the reporting entity. • d) Bulk files can be uploaded either at the branch , region or institution level. After 14 digit KYC number will be get allotted to the client. • e) The entity should ensure adequate internet bandwidth for bulk upload. Bulk upload is provided via SFTP. For bulk upload of size less than 20 MB the Central KYC front end application may also be used. Based on validations , a response file will be generated. This file will contain the success records , error records and download records. The response file is available for download from the Central KYC application.

When Updation is required to do • A financial institution will initiate an update request when there is a change in the information of the customer as existing in the records of Central KYC Registry. • Where the customer submits a request for updation of the data in the Central KYC Registry, financial institution will accordingly initiate the request after duly verifying the supporting documents. The financial institution will be required to update the details in the following cases: q There is change in the details / information as existing in the KYC records in the linked registry.

q. There is doubt about the adequacy or veracity of previously obtained client identification data. q. There is a change of the account type (e. g. Minor account to Normal account ). The updated data along with the scanned copy of supporting document, where required, will be uploaded in Central KYC Registry. In order to initiate a modification request , the financial institution will need to be linked with the latest KYC record of the customer.

C. Search and Download of KYC record a) Reporting entity can search for the record by entering CKYC identifier or by entering a valid ID type and number. a) Reporting entity can download single/ bulk records by entering CKYC identifier and an authentication factor (viz. date of birth / date of incorporation).

D. Update of KYC record • In case of change of existing information of a customer (including minor turning major) in the records of Central KYC Registry, a reporting entity will initiate an update request. a) The updated data along with the scanned copy of the supporting document , where required, will be uploaded on the Central KYC Register portal.

• b) In order to initiate an updation request, the reporting entity will need to have the latest KYC record of the customer. • c) On updation of a KYC record at the Central KYC Registry , all linked entities (institutions that have either uploaded or downloaded the KYC record for that particular KYC record), will receive an electronic update notification of KYC record. The entities can download the last updated record of the customer.

E. Multiple correspondence addresses: • Central KYC Registry will enable linkage of multiple correspondence addresses. • An individual can fill Annexure-A 1 for multiple addresses and submit the details to the reporting entity which in turn will initiate the update request on the Central KYC application.

F. Processing of Records at Central KYC Registry • De-duplication: • The KYC data uploaded on the Central KYC Registry will go through de-duplication process • on the basis of the demographics (i. e. customer name, maiden name, gender, date of birth, • mother’s name, father/spouse name, addresses, mobile number, email id etc. ) and identity details • submitted.

Update notification: • On update of a customer record being processed at the Central KYC Registry, all linked financial institutions (institutions that have either uploaded or downloaded the KYC record for that customer), will receive an electronic update notification of KYC record. The financial institutions need to download the last updated record of the customer. • Linked institution mean who has updated or uploaded or downloaded that concerned client KYC data on Registry.

Reconciliation of Probable match: • A. Central KYC Registry will provide the probable match cases to the reporting entities for reconciliation and resolution. • B. Where the reporting entity confirms the KYC record as an exact match, it will need to download the existing KYC record of the customer. • C. Where the reporting entity confirms the KYC record as a “no match”, it shall be forwarded for processing and a unique KYC identifier will be generated for the record. • D. The reporting entity will have to resolve the probable matches within 5 working days , beyond which the record will be withdrawn by the Central KYC Registry. However , the same can be uploaded as a new record, if “no match” is found.

ID Match: • The identity detail will be matched by the Central KYC Registry with the ID issuing authority wherever feasible and mechanism is established. Where the ID is not confirmed by the ID issuing authority or the name does not match with the records therein, the record will not be accepted by the Registry and sent back to the reporting entity for verification and uploading again with the uploaded details. • • We may further advise that the ID match wherever feasible with source authority for de-duplication process by CKYYC Record Registry does not substitute the statutory/Regulatory obligations to be fulfilled by reported entities under the respective statutory provisions/regulatory guidelines.

KYC Identifier • a) A 14 digit unique KYC identifier will be generated for new customer records and notified to the reporting entity. • b) For “Small Accounts” the KYC identifier will additionally have a prefix ”S”. • c) For “Simplified Measures Accounts” the KYC identifier will additionally have a prefix ”L”.

Fees: a) Reporting entities can avail services of central KYC Registry on payment of prescribed fee, in advance. b) For every service availed, the requisite amount will be deducted from the advance payment made. If the available balance is insufficient , the reporting entity will not be able to avail services until the balance is replenished. c) To make the advance payment, the reporting entity will be required to generate the proforma invoice through the Central KYC application. The reporting entity is required to make an advance payment through NEFT/RTGS in CERSAI bank account and mention the system generated proforma invoice reference number as the mark.

• Upon confirmation of payment receipt from the bank, balance will be updated. In case of tax deducted at source(TDS), the reporting entity is required to submit a copy of TDS certificate to the Central KYC Registry. • Reporting entity will be intimated when the balance goes below the prescribed limit set by them. The reporting entity user can download /print the usage details till the previous day.

Fee structure for Client Transaction: • Upload Rs. 1. 10 • Download Rs. 0. 80 • Update Rs 1. 15 • Above rates are inclusive of service taxes for the time being in force.

V. Reports • Central KYC application shall provide reports including dashboards, access trail and audit trail. Administration Operational Accounts Log Report Dashboard Ledger Access Trail Daily MIS User Master Bulk Upload Institution Master Unsolicited Updates

1. Log Report • Log report provides the details of the users of the reporting entity who have logged into the Central KYC application, for a specified period of time. 2. Access Trail • Access trail report provides an admin user, the pages accessed by the users created under his on the Central KYC application. 3. User Master • User Master provides the details of the users under the reporting entity for the purposes of accessing Central KYC application. 4. Bulk Upload • Using this report , admin user can view the current status along with the count of records for each uploaded batch.

5. Dashboard • Institution admin user can view the summary of all uploaded KYC records for a specified time period. 6. Daily MIS • Daily MIS provides the Admin User the details of the uploads for a specified time period. 7. Update Notification • This report provides the notifications for the updates done on a KYC record that is linked to the reporting entity, for a specified time period. 8. Ledger • This provides the summary of payments made and utilized for the transaction on Central KYC Registry.

VI. Retention of Records • a) Central KYC Registry shall ensure retention of the Know Your Customer (KYC) records in an electronic format for a specified by the rules and shall ensure that the retrieval of the information is facilitated within specified time period. VII. Grievance Mechanism • Central KYC Registry shall provide for the grievances of reporting entities to be redressed in a timely and appropriate manner and ensure records are maintained for such resolution.

CERSAI • • • Central Registry Of Securitization Asset Reconstruction &Security Interest of India 2 floor Rear Block, Jeevan Vihar Building, 3, Parliament Street, New Delhi 110 001.

Material available on ckycindia. in 1. 2. 3. 4. 5. 6. User Manual FAQ Digital signature utility Form template System Design specification Test bed check list and bulk files

How to Prevent Frauds 59

Fraud is the intentional use of false or misleading information in an attempt to illegally deprive another person or utility of money, property or legal rights. RBI definition of fraud“ A deliberate act of omission or commission by any person, carried out in the course of banking transaction or in the books of accounts maintained manually or under computer system in banks resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank. 60

Magnitude of Frauds RBI says during 2015 -16 magnitude was 18699 cr. 2016 -17 - 23934 cr. 2017 -18 - 41168 cr. 2018 -19 magnitude touches 71500 cr. Bank fraud means obtaining money or property held by bank or customer of the bank in order to make more money. The reason of making fraud is to cheat the bank for financial purpose. Two major factors responsible increasing bank frauds a) Complexity of banking transactions b) Failure in observance of procedure & norms laid down in branch operations. 61

Frauds Offline v. Theft of Mail Passward v. Theft of Debit / Credit Card Password / pin v. Theft of Chequebook. Online v. Phissing or Spooling. v. Request via Fake emails, websites, popup Windows. 62

3 types of frauds classified by Ghosh committee Ø insiders Ø outsiders Ø Both insiders & outsiders 59 % frauds by employees 41% frauds by customers 63

Frauds by Insiders Ø Ø Ø Fraudulent loans Wire frauds - wrong credits Demand Draft Frauds Fraudulent documents / forged documents. Theft of Identity- password misuse. 64

Frauds by Outsiders Ø Ø Ø Letter of credit Frauds Bills Discounting Frauds stolen chequeʼs Increasing cheque amounts Altered chequeʼs Credit card Frauds. 65

RBI Guidelines Ø Full proof system of internal controls Ø More use of qualified external auditors in banking supervision. Ø Audit trails or checks in software Ø Maker –Checker Concept. 66

RBI on Frauds Ø Primary responsibility for preventing frauds lies with individual bank. Ø Banks are dealing with public money & hence it is imperative that employees should exercise due care & diligence on handling the transactions in the banks. Ø RBI is advising Banks from time to time about the major fraud prone areas & the safeguards necessary for prevention of frauds. 67

Reporting of frauds to RBI Return – FMR 1 For frauds involving Rs. 5 lacs & above banks are required to send. Soft copy of the reports (FMR 1/B) to the central office of the deptt. of banking supervision (DBS) within three weeks of detection of frauds etc. FMR -2 - Report on frauds Outstanding - Quarterly. FMR-3 – Progress Report of Frauds. Special Committee of Board for Monitoring High Value Frauds. 68

Reporting cases of Theft Burglary, Dacoity & Robberies Immediately the reporting to be made by fax/ e-mail Principal CGM- RBI Deptt. Of Co-op Banking Supervision Central office - Bandra – Kurla Complex. Regional Office RBI Deptt. Of Co-op Banking Supervision Regional office - Bandra – Kurla Complex. Police complaint be filed in case of fraudulent encashment of DDs / TTs/ Pay orders / Chequeʼs etc. Master circular Dt. 1 -7 -2015 referred. 69

How to Prevent Frauds v multi layer authentication. v Age old method of calling customer regarding chequeʼs v sending e-mails cheque/s is/are presented v Audit trails in the software v Printing of statement / looking into details of A/c trail. v Monitor operations in the A/c cash withdrawal of frequency; average size of payment; etc. 70

v watching transactions above a set limit say 1 lac. v Daily reconciliation for all business. v Triple control one person creates transaction , other approves it & third one effects the same. v Cheque presented on counter ask for ID - Cell no. v signed chequeʼs be prevented - advice customers. v change counters of employees – officials at regular interval say 3 years. 71

v employees not to share their password / to change the same every week / fortnight. v Frauds in loan - robust appraisal system. v Genuineness of bills discounted. v confirmation of LIC by emails v Leave record of employees. v S/B A/c balances of employees/ deposits. v Efficient internal / concurrent audit systems. v Disciplinary Action against employees v Noting of mortgages with SARSAI 72

RBI in its mandate Dt. 2/11/2017 introduced LEI ( Legal Entity Identifier). Legal Entity Identifier India Ltd. (LEIL) a wholly owned subsidiary of the clearing corp. of India Ltd. - acts as a local operating unit (LOU) for issuing globally compatible Legal Entity Identifiers (LEIʼs) in India. LEIL has been recognized by RBI as an “Issuer” of LEI under payment & settlement system Act 2007. Registration costs 6000 + GST. Banks will be required to acquire LEI Number from the borrower & report it to CRILC (Central Repository of Information on Large Credit), a database of loan above 5 cr. Is maintained. 73

Timeline to adhere to LEI Exposure to SCBS Deadline Ø 1000 Cr & above 31 -03 -2018 Ø 500 to 1000 Cr 30 -06 -2018 Ø 100 to 500 Cr 31 -03 -2019 Ø 500 to 100 Cr 31 -12 -2019 Ø 5 to 50 Cr Instructions to Follow Alertness is key to prevention of frauds. 74