The Reserve Bank of India, the governing authority for Financial Institutions operating in India, has issued a detailed directive RBI/DBR/2015-16/18
Master Direction – DBR.AML.BC.No.81/14.01.001/2015-16 on conducting the KYC process (RBI master direction on KYC) for complying with PMLA.
Accordingly, Regulated Entities (REs) are required to adhere to customer identification procedures while onboarding the customer or entering into a transaction. The directive issued by the RBI is in line with the provisions of the Prevention of Money-Laundering Act, 2002, and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
The reporting entities are required to maintain a Know Your Customer (KYC) Policy approved by the board of directors or any committee empowered for this purpose.
4 Essential Elements of KYC Policy
- Customer Acceptance Policy
- Risk Management
- Customer Identification Procedures (CIP) and
- Monitoring of Transactions
Further, the Reporting Entities are required to perform Money Laundering and Terrorist Financing Risk Assessment, also known as ML/TF Risk Assessment/Enterprise Wide Risk Assessment (EWRA)/Business Risk Assessment (BRA)/Firm-Wide Risk Assessment (FWRA).
For effective risk management, regulated entities are advised to adopt a risk-based approach (RBA), perform customer risk assessment, and classify them into Low, Medium, and High-Risk.
The directive requires regulated entities to establish customer due diligence procedures for individuals and corporations.
Non-Banking Finance companies can adopt simplified procedures for customer onboarding purposes, considering the nature and size of their business.
The directive also emphasizes the need for identifying beneficial owners, and ongoing due diligence, and record management for 5 years.
It lays down requirements for enhanced due diligence and simplified due diligence.
Further, it requires regulated entities to fulfill their reporting requirements to the Financial Intelligence Unit (FIU-IND) in relation to Cash Transaction Reports (CTR) and Suspicious Transaction Reports (STR).
Reporting entities must adhere to Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967, and amendments thereto. Accordingly, UNSC Sanctions screening is required to be performed by the regulated entities. They are also required to apply freezing measures in accordance with UAPA order.
As per the RBI master direction on KYC, it also requires adherence to FATCA and CRS requirements.