CHAPTER 1

HISTORY
Worldwide Impact:
The main purpose of KYC norms was to restrict money laundering and
terrorist financing when it was introduced in late the 1990s in the United States.
The US government turned very strict after 9/11 and all regulations were
finalized before 2002 for KYC.
The US has made changes in its major legislations -- Bank Secrecy Act,
USA Patriot Act -- to make KYC norms really effective for the banking sector.
Taking a leaf out of the US book, the Reserve Bank of India too directed
all banks to implement KYC guidelines for all new accounts in the 2nd half of
2002.
For existing accounts, imposing KYC norms was a little difficult, so the
RBI issued guidelines for the same at the end of 2004.
Background:
The Reserve Bank of India (RBI) had issued a directive that banks
should draw up a time bound action plan for obtaining customer identification
documents under new KYC norms in respect of all the old accounts and
complete the entire exercise by 31.12.2004. Accordingly, the Zones/Branches
had been advised to comply with the RBI directive as per the action plan. All
the Zones had confirmed compliance of the KYC norms for all the accounts
based on branch confirmations and the final certificate was furnished by the
Bank to the RBI in April, 2005.

 RBI Follow-up:
1.

We have, thereafter, been time and again reiterating the importance of

extremely careful compliance of KYC guidelines.

2. In spite of these instructions and compliance certificates, instances of noncompliance of KYC norms have been pointed out by the RBI Auditors and
Internal/Concurrent Auditors.
3. At every quarterly meeting, the RBI has been expressing serious concern
over the continue instances of non-compliance of KYC guidelines.
4. They had categorically advised that the Bank should adopt zero tolerance
policy in respect of deviation from adherence to KYC norms in all accounts
including existing accounts and confirm compliance to them.
KYC Test Checks:
In the above scenario, as per the directions of the Top Management,
Inspection & Audit Department has carried out test checks at select
Branches in each Zone to check the extent of implementation of KYC
norms.
The Auditors were advised to select all types of accounts over a period
and submit their findings.
It means that the Branches are not complying with the KYC guidelines
extremely careful and the requirement of KYC compliance is not being
taken seriously by some branches.

KYC Compliance Measures:

 The primary objective of KYC guidelines is to prevent banks from being

used by criminal elements for money laundering and terrorist activities
and avert occurrence of frauds.
KYC procedures also enable banks to understand their customers and
their financial dealings better and thereby facilitating prudential
management of risks.
Following are measure for achieving full KYC compliance in all the
existing accounts as per the RBI directives:
Public Notice in News Papers:
RBI then published a general notice in newspapers in English and Hindi
at the national level inviting the customers attention to the need to urgently
comply with the KYC requirements. In order to ensure that all the territories are
covered, RBI also arranged to publish the notice in local newspapers of different
States. Branches should display this Notice prominently in the Branch premises
and confirm to their respective Zonal Offices of having done so.
Identification of KYC Non-compliant Accounts:
The task of identifying accounts requiring KYC compliance at each
Branch shall be carried out by the Zones on priority. In order to ensure that the
exercise is done diligently, the scrutiny of accounts to identify the KYC noncompliant accounts at a Branch shall be done by Officer/s deputed from a
different Branch.
Subsequent verification of KYC compliance of the accounts is completed
within one month from the date of this Circular. (Now days it takes 8 to 9
days). The deputed Officers should verify all types of accounts at the Branches.
3

The documents are required to be obtained for all customers in case of

every individual, every Proprietor, each Joint account holder/ Partner/ Director/
Trustee/ HUF Member, each other Authorized signatory if any. Upon
completion of the task, the Officers should hand over a copy of the Report to the
Branch Head with a copy to the respective Zonal Office.
Branch Notice to KYC Non-compliant Customers:
Once the accounts are identified for KYC non-compliance and the nature
of deficiency is established, Branches shall address a suitable communication to
each such identified account holder requesting for submission of the necessary
documents for compliance of the KYC requirements.
The Branch should ensure that any change of address communicated by
the customer is properly recorded and the notice is sent to the correct address.
The customers may be given seven days time for complying with the
Banks requirements. In case the KYC norms are not complied within the period
stipulated therein, the account/s shall be frozen.
The Notice should be sent by Registered Post A.D. and if it undelivered
then the Branches should make efforts to contact the customers and send fresh
Notices to them at the correct address so as to provide a fair opportunity to each
customer for compliance with KYC norms, before freezing the accounts.
Reporting of KYC Non-compliant Accounts by Branches/Zones:

After the expiry of the notice period, the Branches shall submit their
reports to the Zonal Offices within seven days. The Zonal Offices will
consolidate the reports of all the Branches in their zones and submit their report
to RBI within seven days in the same format.

Final Public Notice in News Papers:

Upon receipt of confirmation from all the Zones regarding completion of
the KYC exercise mentioned above, RBI published a Second and Final Notice
in the newspapers, drawing the customers attention to the earlier newspaper
notice as well as the individual notice sent by the Branches and their failure to
comply with the KYC guidelines despite the said notices.
The Notice shall give a definite deadline of seven days to the customers
for fulfilling the KYC documentation and notify to them that transactions in
their accounts shall be ceased and accounts frozen after expiry of the deadline,
if KYC compliance is not fulfilled by that date.
On receipt of intimation of publishing this notice, Branches should display the
notice in the Branch premises so to draw the attention of the customers to the
urgency in the matter.

Freezing of KYC Non-compliant Accounts:

Accounts which remain non - compliant despite all the above process and
even after expiry of the deadline shall be frozen.

Situations may arise whereby in respect of accounts which are frozen,

cheques may be presented across the counter/in clearing for payment by third
parties. Branches may, on case to case basis, allow payment of such instruments
by unfreezing the status.
Care should be taken to re-freeze the account after each such transaction.
The act of unfreezing and re-freezing shall be permitted only by the Branch
Head. Such arrangement may be allowed only for a period of one month from
the date of the first freezing.
Each time an account is unfrozen for permitting operation, the respective
customer should be made aware of the urgent need to become KYC
compliant without which continuing operations would not be permitted and that
Banks action of allowing operations should not be construed by the customer as
permission for any subsequent transactions.

Activation of Accounts on KYC Compliance:

After following the above process, all KYC non-compliant accounts
shall remain frozen. Such accounts will be activated any time thereafter
only upon fulfillment of KYC procedures, with the approval of the Branch
Head.
Let's check other aspects of KYC.

To prevent the possible misuse of banking activities for anti-national or

illegal activities, the RBI has given various directives to banks:
Before giving any finance at branch level, making sure that the person
has no links with notified terrorist entities and reporting any such 'suspect;'
accounts to the government.
Regular 'Internal Audit' by internal and concurrent auditors to check if the
KYC guidelines are being properly adhered to or not by banks.
Most important, banks must keep an eye out for all banking transactions
and identify suspicious ones. Such transactions will be immediately reported to
the bank's head office and authorities and norms shall also be laid down for
freezing of such accounts.

RESERVE BANK OF INDIA

The RBI had also directed all banks to make a policy for
implementing 'Know Your Customer' and anti-money laundering measures
and remain fully compliant with given guidelines before December 31,
2005.
But there have been instances of lapses in the implementation of
KYC guidelines by several banks. That resulted into the infamous IPO
scam. Since January 2006, the RBI has slapped penalties on several leading
banks. Till date we have not come across any case of money laundering,
terrorist financing or transfer of funds for anti-national activities, but in
case of any more lapses in the 'Know Your Customer' guidelines, the threat
of the misuse of the banking channels for anti-national activities always
lurks around the corner.

CHAPTER 2
INTRODUCTION:
2.1

Know Your Customer (KYC) Norms/Anti-Money Laundering (AML)

Measures/Combating of Financing of Terrorism (CFT)/Obligations of

banks under PMLA, 2002
The objective of KYC/AML/CFT guidelines is to prevent banks from
being used, intentionally or unintentionally, by criminal elements for money
laundering or terrorist financing activities. KYC procedures also enable banks
to know/understand their customers and their financial dealings better which in
turn help them manage their risks prudently.

2.2

What is KYC?
KYC is an acronym for Know your Customer a term used for Customer

identification process. It involves making reasonable efforts to determine, the

true identity and beneficial ownership of accounts, source of funds, the nature of
customers business, reasonableness of operations in the account in relation to
the customers business, etc which in turn helps the banks to manage their risks
prudently.
The objective of the KYC guidelines is to prevent banks being used,
intentionally or unintentionally by criminal elements for money laundering.

2.3 Who is a Customer?

9

For the purpose of KYC policy, a Customer is defined as:

A person or entity that maintains an account and/or has a business

relationship with the bank;

One on whose behalf the account is maintained (i.e. the beneficial

owner);

Beneficiaries of transactions conducted by professional intermediaries,

such as Stock Brokers, Chartered Accountants, Solicitors etc. as permitted
under the law, and

Any person or entity connected with a financial transaction which can

pose significant reputational or other risks to the bank, say, a wire
transfer or issue of a high value demand draft as a single transaction.

10

CHAPTER 3
GUIDELINE:
3.1

General:

I) Banks should keep in mind that the information collected from the customer
for the purpose of opening of account is to be treated as confidential and details
thereof are not to make known for cross selling or any other like purposes.
Banks should, therefore, ensure that information sought from the customer is
relevant to the perceived risk, is not intrusive, and is in conformity with the
guidelines issued in this regard. Any other information from the customer
should be sought separately with his/her consent and after opening the account.
II) Banks should ensure that the provisions of Foreign Contribution
(Regulation) Act, 1976 as amended from time to time, wherever applicable are
strictly adhered to.
3.2 KYC Policy:
Banks should frame their KYC policies incorporating the following four key
elements:
Customer Acceptance Policy;
Customer Identification Procedures;
Monitoring of Transactions; and
Risk Management.
3.3 Customer Acceptance Policy (CAP):

11

a) Every bank should develop a clear Customer Acceptance Policy laying down
explicit criteria for acceptance of customers. The Customer Acceptance Policy
must ensure that explicit guidelines are in place on the following aspects of
customer relationship in the bank.
(i) No account is opened in anonymous or fictitious/benami name(s);
(ii) Parameters of risk perception are clearly defined in terms of the nature of
business activity, location of customer and his clients, mode of payments,
volume of turnover, social and financial status etc.
(iii) Documentation requirements and other information to be collected in
respect of different categories of customers depending on perceived risk and
keeping in mind the requirements of PML Act, 2002 and instructions/guidelines
issued by Reserve Bank from time to time;
(iv) Not to open an account or close an existing account where the bank is
unable to apply appropriate customer due diligence measures i.e. bank is unable
to verify the identity and /or obtain documents required as per the risk
categorisation due to non cooperation of the customer or non reliability of the
data/information furnished to the bank. It is,
v) Circumstances, in which a customer is permitted to act on behalf of another
person/entity, should be clearly spelt out in conformity with the established law
and practice of banking as there could be occasions when an account is operated
by a mandate holder or where an account is opened by an intermediary in
fiduciary capacity.

b) Banks should prepare a profile for each new customer based on risk
categorisation. The customer profile may contain information relating to

12

customers identity, social/financial status, nature of business activity,

information about his clients business and their location etc.

c) It is important to bear in mind that the adoption of customer acceptance

policy and its implementation should not become too restrictive and must not
result in denial of banking services to general public, especially to those, who
are financially or socially disadvantaged.

3.4 Customer Identification Procedure (CIP):

a) Customer identification means identifying the customer and verifying his/her
identity by using reliable, independent source documents, data or information.
Banks need to obtain sufficient information necessary to establish, to their
satisfaction, the identity of each new customer, whether regular or occasional,
and the purpose of the intended nature of banking relationship.
For customers that are natural persons, the banks should obtain sufficient
identification data to verify the identity of the customer, his address/location
and also his recent photograph.
For customers that are legal persons or entities, the bank should
(i) Verify the legal status of the legal person/entity through proper and relevant
documents.
(ii) Verify that any person supporting to act on behalf of the legal person/entity
is so authorized and identify and verify the identity of that person.

13

(iii) Understand the ownership and control structure of the customer. Banks
may, however, frame their own internal guidelines based on their experience of
dealing with such persons/entities.
Banks can use any supplementary evidence such as a letter received
through post for further verification of the address. While issuing operational
instructions to the branches on the subject, banks should keep in mind the spirit
of instructions issued by the Reserve Bank and avoid undue hardships to
individuals who are, otherwise, classified as low risk customers.
b) Banks should introduce a system of periodical updation of customer
identification data (including photograph/s) after the account is opened.
c) An indicative list of the nature and type of documents/information that may
be may be relied upon for customer identification is given in Annex-II.

3.5 Customer Identification Requirements Indicative Guidelines:

i) Trust/Nominee or Fiduciary Accounts:
Banks should determine whether the customer is acting on behalf of
another person as trustee/nominee or any other intermediary. If so, banks
should insist on receipt of satisfactory evidence of the identity of the
intermediaries and of the persons on whose behalf they are acting, as also
obtain details of the nature of the trust or other arrangements in place. While
opening an account for a trust, banks should take reasonable precautions to
verify the identity of the trustees and the settlers of trust (including any person
settling assets into the trust), grantors, protectors, beneficiaries and signatories.
ii) Accounts of companies and firms:
14

Banks should examine the control structure of the entity, determine the
source of funds and identify the natural persons who have a controlling interest
and who comprise the management. These requirements may be moderated
according to the risk perception e.g. in the case of a public company it will not
be necessary to identify all the shareholders.
iii) Client accounts opened by professional intermediaries:
When the bank has knowledge or reason to believe that the client account
opened by a professional intermediary is on behalf of a single client, that client
must be identified. Banks may hold 'pooled' accounts managed by professional
intermediaries on behalf of entities like mutual funds, pension funds or other
types of funds. Where funds held by the intermediaries there are 'sub-accounts',
each of them attributable to a beneficial owner, all the beneficial owners must
be identified. Where such funds are co-mingled at the bank, the bank should still
look through to the beneficial owners. Where the banks rely on the 'customer
due diligence' (CDD) done by an intermediary, they should satisfy themselves
that the intermediary is regulated and supervised and has adequate systems in
place to comply with the KYC requirements. It should be understood that the
ultimate responsibility for knowing the customer lies with the bank.
iv) Accounts of Politically Exposed Persons (PEPs) resident outside India:
Politically exposed persons are individuals, who are or have been entrusted
with prominent public functions in a foreign country.
e.g., Heads of States or of Governments, senior politicians, senior
government/judicial/military

officers,

senior

executives

of

state-owned

corporations, important political party officials, etc. Banks should gather

sufficient information on any person/customer of this category intending to
establish a relationship and check all the information available on the person in

15

the public domain. Banks should verify the identity of the person and seek
information about the sources of funds before accepting the PEP as a customer.
v) Accounts of non-face-to-face customers:
With the introduction of telephone and electronic banking, increasingly
accounts are being opened by banks for customers without the need for the
customer to visit the bank branch. In the case of non-face-to-face customers,
apart from applying the usual customer identification procedures, there must be
specific and adequate procedures to mitigate the higher risk involved.
Certification of all the documents presented should be insisted upon and, if
necessary, additional documents may be called for.

3.6

Small Deposit Accounts:

Although flexibility in the requirements of documents of identity and

proof of address has been provided in the above mentioned KYC guidelines, it
has been observed that a large number of persons, especially, those belonging to
low income group both in urban and rural areas are not able to produce such
documents to satisfy the bank about their identity and address. This would lead
to their inability to access the banking services and result in their financial
exclusion.
Accordingly, the KYC procedure also provides for opening accounts for
those persons who intend to keep balances not exceeding Rupees Fifty
Thousand (`.50,000/-) in all their accounts taken together and the total credit in
all the accounts taken together is not expected to exceed Rupees One Lakh (`.
1,00,000/-) in a year. In such cases, if a person who wants to open an account
and is not able to produce documents mentioned in Annex II banks should open
an account for him, subject to: Introduction from another account holder who
has been subjected to full KYC procedure. The introducers account with the
bank should be at least six months old and should show satisfactory
16

transactions. Photograph of the customer who proposes to open the account and
also his address needs to be certified by the introducer, or any other evidence as
to the identity and address of the customer to the satisfaction of the bank.
3.7

Monitoring of Transactions:
Ongoing monitoring is an essential element of effective KYC procedures.

Banks can effectively control and reduce their risk only if they have an
understanding of the normal and reasonable activity of the customer so that they
have the means of identifying transactions that fall outside the regular pattern of
activity. However, the extent of monitoring will depend on the risk sensitivity of
the account. Banks should pay special attention to all complex, unusually large
transactions and all unusual patterns which have no apparent economic or
visible lawful purpose. Banks may prescribe threshold limits for a particular
category of accounts and pay particular attention to the transactions which
exceed these limits.
Every bank should set key indicators for such accounts, taking note of the
background of the customer, such as the country of origin, sources of funds, the
type of transactions involved and other risk factors. Banks should put in place a
system of periodical review of risk categorization of accounts and the need for
applying enhanced due diligence measures. Such review of risk categorisation
of customers should be carried out at a periodicity of not less than once in six
months.
3.8 Closure of accounts:
Where the bank is unable to apply appropriate KYC measures due to nonfurnishing of information and /or non-cooperation by the customer, the bank
should consider closing the account or terminating the banking/business
relationship after issuing due notice to the customer explaining the reasons for
17

taking such a decision. Such decisions need to be taken at a reasonably senior

level.
3.9 Types of risks involved in KYC.
There are five types of risks that an effective KYC policy can help to mitigate:
Reputational
Operational
Legal
Financial
Concentration.

Reputational risk: The reputation of a business is usually at the core of

its success. The ability to attract good employees, customers, funding and
business is dependent on reputation. Even if a business is otherwise doing
all the right things, if customers are permitted to undertake illegal
transactions through that business, its reputation could be irreparably
damaged. A strong KYC policy helps to prevent a business from being
used as a vehicle for illegal activities.
Operational risk: This is the risk of direct or indirect loss from faulty or
failed internal processes, management and systems. In today's
competitive environment, operational excellence is critical for
competitive advantage. If a KYC policy is faulty or poorly implemented,
then operational resources are wasted, there is an increased chance of
being used by criminals for illegal purposes, time and money is then
spent on legal and investigative actions and the business will be viewed
as operationally unsound.
18

 Legal risk: If a business is used as a vehicle for illegal activity by

customers, it faces the risk of fines, penalties, injunctions and even forced
discontinuance of operations. Apart from regulatory risk, involvement in
illegal activities could lead to third-party judgments and unenforceable
contracts.
Due to the nature of business, these risks can never entirely be
eliminated. However, if a business does not have an effective KYC
policy, it will be inviting legal risk. By strictly implementing and
following a KYC policy, a business can mitigate legal risk to itself and its
staff.
Financial risk: If a business does not adequately identify and verify
customers, it may run the risk of unwittingly allowing a customer to pose
as someone they are not. The consequences of this may be far reaching. If
a business does not know the true identity of its customers, it will also be
difficult to retrieve any money that the customer owes.
Concentration risk: This type of risk occurs on the assets side of a
business if there is too much exposure to one customer or a group of
related customers. It also occurs on the liabilities side if the business
holds large concentrations of funds from one customer or group (in which
case it faces liquidity risk if these funds are suddenly withdrawn).

3.10 Risk Management:

19

a) The Board of Directors of the bank should ensure that an effective KYC
programme is put in place by establishing appropriate procedures and ensuring
their effective implementation. It should cover proper management oversight,
systems and controls, segregation of duties, training and other related matters.
Responsibility should be explicitly allocated within the bank for ensuring that
the banks policies and procedures are implemented effectively. Banks should,
in consultation with their boards, devise procedures for creating risk profiles of
their existing and new customers and apply various anti money laundering
measures keeping in view the risks involved in a transaction, account or
banking/business relationship.
b) Banks internal audit and compliance functions have an important role in
evaluating and ensuring adherence to the KYC policies and procedures. As a
general rule, the compliance function should provide an independent evaluation
of the banks own policies and procedures, including legal and regulatory
requirements. Banks should ensure that their audit machinery is staffed
adequately with individuals who are well-versed in such policies and
procedures. Concurrent/ Internal Auditors should specifically check and verify
the application of KYC procedures at the branches and comment on the lapses
observed in this regard. The compliance in this regard should be put up before
the Audit Committee of the Board on quarterly intervals.

20

By implementing an effective KYC policy, a business can identify the entire

scope of the asset and liability risk faced in relation to each customer and
group of customers.

CHAPTER 4
INTRODUCTION OF NEW TECHNOLOGIES
CREDIT CARDS/DEBIT CARDS/ SMART CARDS/GIFT
CARDS:

Banks should pay special attention to any money laundering threats that
may arise from new or developing technologies including internet banking that
might favour anonymity, and take measures, if needed, to prevent their use in
money laundering schemes. Many banks are engaged in the business of issuing
a variety of Electronic Cards that are used by customers for buying goods and
services, drawing cash from ATMs, and can be used for electronic transfer of
funds. Banks are required to ensure full compliance with all KYC/AML/CFT
21

guidelines issued from time to time, in respect of add-on/ supplementary

cardholders also. Further, marketing of credit cards is generally done through
the services of agents. Banks should ensure that appropriate KYC procedures
are duly applied before issuing the cards to the customers. It is also desirable
that agents are also subjected to KYC measures.

With effect from 1st July 2011:

4.1

If any customer forgot his ATM card in ATM machine then he should file
case or inform to bank within 7days.Accordingly bank have to see into
matter to overcome the problem as early as possible. In such case if bank
fails to overcome the problem then that particular bank is liable to pay
fine up to rs.100/- for each day to customer till the problem exists in
nature.
Earlier for each transaction we need not to provide pin code for each
transaction. But now days it has made compulsory to provide pin code for
each withdrawals.
We never know what will happen with us, suppose we went to ATM for
withdraw money and while transaction someone came and pointing out
gun towards us ask to withdraw cash as much he want! Then in such case
if we need to re-enter are pin code from end to start (e.g. pin code is
1234, so we should enter it like 4321).Then it will work like helpline and
one call will go to near police station.

4.2

GLOBAL EFFECT:

22

The global banking sector is continually battling against fraudulent gangs

and individuals, from online banking to credit and debit card fraud.
In 2008 UK bank fraud losses totaled 53 million. As with card fraud,
UK online banking customers are not liable for fraud losses as all banks have
published online guarantees that state, providing a customer does not breach
their terms and conditions, they will not be held liable for any losses. Recently it
was reported that UK credit and debit card fraud losses totaled 440m in 2009.
Official figures from the trade body UK Payments Association indicate
that online banking fraud increased to 59.7 million in 2009. This was an 18 per
cent increase on the year before and more than a doubling since 2007 when
there were 22.6 million of losses
It is imperative for banks to confirm the identity of all their customers
(Know Your Customer-KYC) and employees (Know Your Employees-KYE);
this not only ensures legal/regulatory compliance but reduces business risk.

23

WIRE TRANSFER

Banks use wire transfers as an expeditious method for transferring funds

between bank accounts. Wire transfers include transactions occurring within the
national boundaries of a country or from one country to another. As wire
transfers do not involve actual movement of currency, they are considered as a
rapid and secure method for transferring value from one location to another.
6.1 The salient features of a wire transfer transaction are as under:
a) Wire transfer is a transaction carried out on behalf of an originator person
(both natural and legal) through a bank by electronic means with a view
to making an amount of money available to a beneficiary person at a
bank. The originator and the beneficiary may be the same person.
b) Cross-border transfer means any wire transfer where the originator and
the beneficiary bank or financial institutions are located in different
countries. It may include any chain of wire transfers that has at least one
cross-border element.
c) Domestic wire transfer means any wire transfer where the originator and
receiver are located in the same country. It may also include a chain of
wire transfers that takes place entirely within the borders of a single
24

country even though the system used to effect the wire transfer may be
located in another country.
d) The originator is the account holder, or where there is no account, the
person (natural or legal) that places the order with the bank to perform
the wire transfer.

6.2 Prevention of AML:

Wire transfer is an instantaneous and most preferred route for transfer of
funds across the globe and hence, there is a need for preventing terrorists and
other criminals from having unfettered access to wire transfers for moving their
funds and for detecting any misuse when it occurs. This can be achieved if basic
information on the originator of wire transfers is immediately available to
appropriate law enforcement and/or prosecutorial authorities in order to assist
them in detecting, investigating, prosecuting terrorists or other criminals and
tracing their assets. The information can be used by Financial Intelligence Unit India (FIU-IND) for analyzing suspicious or unusual activity and disseminating
it as necessary. The originator information can also be put to use by the
beneficiary bank to facilitate identification and reporting of suspicious
transactions to FIU-IND.
Owing to the potential terrorist financing threat posed by small wire
transfers, the objective is to be in a position to trace all wire transfers with
minimum threshold limits. Accordingly, banks must ensure that all wire
transfers are accompanied by the following information:
(A) Cross-border wire transfers:
i) All cross-border wire transfers must be accompanied by accurate and
meaningful originator information.
25

ii) Information accompanying cross-border wire transfers must contain the

name and address of the originator and where an account exists, the number of
that account. In the absence of an account, a unique reference number, as
prevalent in the country concerned, must be included.
(B) Domestic wire transfers:
i) Information accompanying all domestic wire transfers of `.50000/- (Rupees
Fifty Thousand) and above must include complete originator information i.e.
name; address and account number etc., unless full originator information can
be made available to the beneficiary bank by other means.
ii) If a bank has reason to believe that a customer is intentionally structuring
wire transfer to below `. 50000/- (Rupees Fifty Thousand) to several
beneficiaries in order to avoid reporting or monitoring, the bank must insist on
complete customer identification before effecting the transfer. In case of noncooperation from the customer, efforts should be made to establish his identity
and Suspicious Transaction Report (STR) should be made to FIU-IND.
iii) When a credit or debit card is used to effect money transfer, necessary
information as (i) above should be included in the message.
6.3 Exemptions:
Interbank transfers and settlements where both the originator and beneficiary
are banks or financial institutions would be exempted from the above
requirements.

6.4 Role of Ordering, Intermediary and Beneficiary banks:

(a) Ordering Bank:
An ordering bank is the one that originates a wire transfer as per the order
placed by its customer. The ordering bank must ensure that qualifying wire
26

transfers contain complete originator information. The bank must also verify
and preserve the information at least for a period of ten years.
(b) Intermediary bank:
For both cross-border and domestic wire transfers, a bank processing an
intermediary element of a chain of wire transfers must ensure that all originator
information accompanying a wire transfer is retained with the transfer. Where
technical limitations prevent full originator information accompanying a crossborder wire transfer from remaining with a related domestic wire transfer, a
record must be kept at least for ten years (as required under Prevention of
Money Laundering Act, 2002) by the receiving intermediary bank of all the
information received from the ordering bank.
(c) Beneficiary bank
A beneficiary bank should have effective risk-based procedures in place
to identify wire transfers lacking complete originator information. The lack of
complete originator information may be considered as a factor in assessing
whether a wire transfer or related transactions are suspicious and whether they
should be reported to the Financial Intelligence Unit-India.

27

PRINCIPAL OFFICER

a) Banks should appoint a senior management officer to be designated as

Principal Officer. Principal Officer shall be located at the head/corporate
office of the bank and shall be responsible for monitoring and reporting of
all transactions and sharing of information as required under the law. He will
maintain close liaison with enforcement agencies, banks and any other
institution which are involved in the fight against money laundering and
combating financing of terrorism.
b) The Principal Officer will be responsible for timely submission of CTR,
STR and reporting of counterfeit notes to FIU-IND.

28

CHAPTER 5
MAINTENANCE OF RECORDS: PART: A:

8.1

Maintenance

of

records

of

transactions/Information

to

be

preserved/Maintenance and preservation of records/Cash and Suspicious

transactions reporting to Financial Intelligence Unit- India (FIU-IND):

Government of India, Ministry of Finance, Department of Revenue, vide

its notification dated July 1, 2005 in the Gazette of India, has notified the Rules
under the Prevention of Money Laundering Act (PMLA), 2002. In terms of the
said Rules, the provisions of PMLA, 2002 came into effect from July 1, 2005.
Section 12 of the PMLA, 2002 casts certain obligations on the banking
companies in regard to preservation and reporting of customer account
information. Banks are, therefore, advised to go through the provisions of
PMLA, 2002.

Maintenance of records of transactions:

Banks should introduce a system of maintaining proper record of
transactions prescribed under Rule 3, as mentioned below:

29

a) All cash transactions of the value of more than Rupees Ten Lakh or its
equivalent in foreign currency;
b) All series of cash transactions integrally connected to each other which have
been valued below Rupees Ten Lakh or its equivalent in foreign currency where
such series of transactions have taken place within a month and the aggregate
value of such transactions exceed Rupees Ten Lakh;

(iii) Maintenance and Preservation of record:

Banks are required to maintain the records containing information in
respect of transactions referred to in Rule 3 above.
Banks should take appropriate steps to evolve a system for proper
maintenance and preservation of account information in a manner that
allows data to be retrieved easily and quickly whenever required or when
requested by the competent authorities.
Banks should maintain for at least ten years from the date of transaction
between the bank and the client, all necessary records of transactions,
both domestic and international.
Banks should ensure that records pertaining to the identification of the
customer and his address (e.g. copies of documents like passports,
identity cards, driving licenses, PAN card, utility bills etc.) obtained while
opening the account and during the course of business relationship.
Banks have been advised to pay special attention to all complex, unusual
large transactions and all unusual patterns of transactions.

It is further clarified that the background including all documents/office

records/memorandums pertaining to such transactions and purpose
thereof should, as far as possible, be examined and the findings at branch
30

as well as Principal Officer Level should be properly recorded. Such

records and related documents should be made available to help auditors
in their day-to-day work relating to scrutiny of transactions and also to
Reserve Bank/other relevant authorities. These records are required to be
preserved for ten years as is required under PMLA, 2002.
(iv) Reporting to Financial Intelligence Unit India:
a) In terms of the PMLA rules, banks are required to report information relating
to cash and suspicious transactions to the Director.

b) Banks should carefully go through all the reporting formats.viz.

i) Cash Transactions Report (CTR);
ii) Summary of CTR
iii) Electronic File Structure-CTR;
iv) Suspicious Transactions Report (STR);
v) Electronic File Structure-STR;
vi) Counterfeit Currency Report (CCR);
vii) Summary of CCR and
viii) Electronic File Structure-CCR. The reporting formats contain detailed
guidelines on the compilation and manner/procedure of submission of the
reports to FIU-IND. The related hardware and technical requirement for
preparing reports in an electronic format, the related data files and data
structures thereof are furnished in the instructions part of the concerned formats.

31

c) FIU-IND have placed on their website editable electronic utilities to enable

banks to file electronic CTR/STR who are yet to install/adopt suitable
technological tools for extracting CTR/STR from their live transaction data
base. It is, therefore, advised that in cases of banks, where all the branches are
not fully computerized, the Principal Officer of the bank should cull out the
transaction details from branches which are not yet computerized and suitably
arrange to feed the data into an electronic file with the help of the editable
electronic utilities of CTR/STR as have been made available by FIU-IND in
their website http://fiuindia.gov.in.

MAINTENANCE OF RECORDS: PART: B

CASH AND SUSPICIOUS TRANSACTION REPORTS:

8.2 Cash Transaction Report (CTR):

While detailed instructions for filing all types of reports are given in the
instructions part of the related formats, banks should scrupulously adhere to the
following:
i) The Cash Transaction Report (CTR) for each month should be submitted to
FIU-IND by 15th of the succeeding month. Cash transaction reporting by
branches to their controlling offices should, therefore, invariably be submitted
on monthly basis (not on fortnightly (weekly) basis) and banks should ensure
to submit CTR for every month to FIU-IND within the prescribed time
schedule.
ii) All cash transactions, where forged or counterfeit Indian currency notes have
been used as genuine should be reported by the Principal Officer to FIU-IND
immediately in the specified format (Counterfeit Currency Report CCR).
32

These cash transactions should also include transactions where forgery of

valuable security or documents has taken place and may be reported to FIUIND in plain text form.
iii) While filing CTR, details of individual transactions below Rupees Fifty
thousand need not be furnished.
iv) CTR should contain only the transactions carried out by the bank on behalf
of their clients/customers excluding transactions between the internal accounts
of the bank.
v) A summary of cash transaction report for the bank as a whole should be
compiled by the Principal Officer of the bank every month in physical form as
per the format specified. The summary should be signed by the Principal
Officer and submitted to FIU-India.
vi) In case of Cash Transaction Reports (CTR) compiled centrally by banks for
the branches having Core Banking Solution (CBS) at their central data centre
level, banks may generate centralised Cash Transaction Reports (CTR) in
respect of branches under core banking solution at one point for onward
transmission to FIU-IND, provided:
a) The CTR is generated in the format prescribed by Reserve Bank in Para
8.1(iv) (b). (KYC) norms /Anti-Money Laundering (AML) standards/
Combating of Financing of Terrorism (CFT)/Obligation of banks under PMLA,
2002 dated July 01, 2009;
b) A copy of the monthly CTR submitted on its behalf to FIU-India is available
at the concerned branch for production to auditors/inspectors, when asked for;
and
c) The instruction on Maintenance of records of transactions; Information to
be preserved and Maintenance and Preservation of records as contained

33

above in Para 8.1 (i), (ii) and (iii) respectively are scrupulously followed by the
branch.
However, in respect of branches not under CBS, the monthly CTR should
continue to be compiled and forwarded by the branch to the Principal Officer
for onward transmission to FIU-IND.
8.3 Suspicious Transaction Reports (STR):
i) While determining suspicious transactions, banks should be guided by
definition of suspicious transaction contained in PMLA Rules as amended from
time to time.
ii) It is likely that in some cases transactions are aborted by customers on being
asked to give some details or to provide documents. It is clarified that banks
should report all such attempted transactions in STRs, even if not completed by
customers, irrespective of the amount of the transaction.
iii) Banks should make STRs if they have reasonable ground to believe that the
transaction involve proceeds of crime generally irrespective of the amount of
transaction and/or the threshold limit envisaged for predicate offences in part B
of Schedule of PMLA, 2002 .
iv) The Suspicious Transaction Report (STR) should be furnished within 7 days
of arriving at a conclusion that any transaction, whether cash or non-cash, or a
series of transactions integrally connected are of suspicious nature. The
Principal Officer should record his reasons for treating any transaction or a
series of transactions as suspicious. Such report should be made available to the
competent authorities on request.

34

9. RBI probes gold loan financiers on KYC

adherence:
The RBI is probing the books of some gold financing companies to assess
the implication of concentration risk that could make the non-banking sector
shaky in the event of a sharp fall in gold prices, as it happened with silver
recently. The banking regulator may also probe whether these companies follow
the know-your-customer (KYC) norms, said two people familiar with the
development.
We are examining the books of select non-banking finance companies
(NBFCs) involved in gold financing, an RBI spokesperson said, confirming the
development. Muthoot Finance and Manappuram General Finance & Leasing
are the largest gold financiers that are listed on the Bombay Stock Exchange.

35

CHAPTER 6
CUSTOMER EDUCATION/ EMPLOYEE'S TRAINING/
EMPLOYEE'S HIRING:

Customer Education:
Implementation of KYC procedures requires banks to demand certain
information from customers which may be of personal nature or which have
never been called for. This can sometimes lead to a lot of questioning by the
customer as to the motive and purpose of collecting such information. There is,
therefore, a need for banks to prepare specific literature/ pamphlets etc. so as to
educate the customer of the objectives of the KYC programme. The front desk
staff needs to be specially trained to handle such situations while dealing with
customers.
Employee's Training:
Banks must have an ongoing employee training programme so that the
members of the staff are adequately trained in KYC procedures. Training
requirements should have different focuses for frontline staff, compliance staff
and staff dealing with new customers. It is crucial that all those concerned fully
understand the rationale behind the KYC policies and implement them
consistently.
Hiring of Employees:
36

It may be appreciated that KYC norms/AML standards/CFT measures

have been prescribed to ensure that criminals are not allowed to misuse the
banking channels. It would, therefore, be necessary that adequate screening
mechanism is put in place by banks as an integral part of their
recruitment/hiring process of personnel.

Purpose
1. Main purpose for doing so is to prevent future malpractice and financial
frauds.
2. Collection of appropriate data before transaction is must to have idea
about concern customer.
3. To aware customer time to time there must be need for training of
employee.
4. Employee training is an important function that will keep all staff
members current about policies, procedures and the technology used in
the department.

37

ARE KYC NORMS CROSSING THE LIMITS?

Too much of anything is not good, or so the adage goes. This is true in the
case of banks enforcing Know Your Customer (KYC) norms. With the Reserve
Bank of India penalising several banks for violating KYC norms, most banks
are now applying them with zeal, even at the cost of losing customers
sometimes.
The mandatory details required under KYC norms are proof of residence
such as ration card, letter from employer or the housing society and proof of
identity, which could be any photo identity such as passport, voter ID card, PAN
card, and driving licence. But customers often face banks asking for other
personal details.
Recently, a local Mumbai branch of Indian Overseas Bank asked
customers for information about their blood group, along with other details such
as PAN number and proof of residence, as part of KYC. But such personal
details are optional and it is not binding on the customer to provide them, said
an official from the bank.

KYC norms deter rural clients:

Another reason is Know Your Client (KYC) norms where every account
holder has to disclose relevant detail like photo identity, address proof, PAN
card above a certain amount, etc. For rural people it is very difficult to provide
these details as a number of them are not literate especially not in English and
documents are generally maintained in English.

38

If a rural person does not have his own residence, it is a tedious job to
prove his address. In that case, the person prefers not to come to the bank and
goes to the local moneylender who does not ask for such documentation. How
can an old single woman arrange a PAN card to go for a minimum fixed
deposit?
Compliance Risk:
"But it is for the general good. There is a law and there is need to follow a
certain process. World over compliance risk is the biggest risk," he said.
Bank officials point out that all application forms are divided into two
parts mandatory information and optional information.
The mandatory information includes the ISA verification - Identity,
Signature and Address, said Mr. Ghotgalkar, Corporate Head, Retail Banking,
IDBI Ltd.
Other information, such as previous credit history and details about the
customers' assets are usually part of optional information, which the customer
need not reveal.

39

CHAPTER 7
KYC IS NOW `A MODERN DAY INTELLIGENCE ART
FORM:

A question that the Big B may not ask on KBC is:

What does KYC stand for?
a) Kaun Yaar Crorepati
b) Kentucky Yummy Chicken
c) Know Your Customer
d) Kieler Yacht Club?
No prize for the right answer. But penalty is huge if you don't `know
your customer', especially in the world of finance.
Which is why, the Indian Banks' Association (IBA) organized a `focused
briefing' on `Compliance to KYC norms'. IBA's letter about the programme
exudes urgency: "With Financial Intelligence Unit (FIU) formed in India, in
tune with FATF (Financial Action Task Force) guidelines, and RBI (Reserve
Bank of India) stepping up KYC compliance pressures...
KYC is not a one-time effort while signing up a new customer, points out
the IBA. "It involves continuous monitoring of customer behavior as reflected
through his transactions with the bank. It is here that AML technology finds its
use."

40

Even if a financial institution takes all reasonable steps to determine the

veracity of a potential customer, it may still be held responsible if that customer
is subsequently determined to be engaged in criminal or other illegal activities,"
The banker would have to know the source of funds, nature of customer's
business, what constitutes reasonable account activity, and who the customer's
customers are!

41

CHAPTER 8
IS THERE ANY SOFTWARE FOR KYC?

Yes there is software called 3C KYC. 3C KYC provides a single,

consolidated view of all KYC (Know Your Client) cases being managed; and
automates the processes, rules and activities required to ensure fast and secure
compliance to avoid penalties while gaining visibility and control of their
compliance operation.

14.1 3C KYC:
Offers you a data information centre which can be accessed by your compliance
team or other members of your company with built in granular security levels.
3C KYC is designed to store all the compliance information you require to
satisfy both the regulator and your board.

14.2

KYC Task Checker:

The KYC Task Checker can be used to log extra information about the client
or ensure that compliance staff has taken the correct steps during the clients
relationship with the company. The Task Checker is fully customisable by the
Compliance Officer so that any task can be monitored in line with business
requirements.

42

14.3 Regulatory Information:

Contact history with regulatory bodies is also stored with a full audit trail.
Regulatory relationships are easily accessible. Store regulatory public notices,
new sanctions and warnings

14.4 Client Information:

3C KYC - offers your compliance team a 360 view of your client details,
including notes, correspondence and KYC activities. STRs, Complaints and
Court Orders can also be logged against the client details. The client note area
allows you to store and share information about your client.

14.5 Key Personnel Information:

Key Personnel Directorships and responsibilities can cross referenced against
your client details. Staff KYC training can also be logged.

14.6 KYC Checking:

3C KYC provides you with a central data hub to import your watch list
information. The diary area is customisable enabling you to store and monitor
Compliance related activities.

14.7 End to End Compliance:

43

3C KYC offers you an optional integration service to your watch list solutions,
giving you the benefit of on-going due diligence
14.8 Data Storage & Creation:
Centralize all documentation including, professional indemnity and auditors
reports. Standardise compliance documentation with the built in 3C word
processor using your standard letter templates.

14.9 Mail Merge:

3C KYC - has a built in Mail Merge system for use with POI & POA requests
the merge is automatically filed against your client data.

14.10 Scanning:
Scan all your KYC documents, watch list findings and regulatory
documentation straight into your client and regulatory data areas.

14.11 E-mail Management 3C KYC has a built in e-mail management system

which automatically files.

44

KYC NORMS: DOES OUR GOVERNMENT KNOW ITS

CLIENT, CUSTOMER, COUNTERPART,
CONTEMPORARY, CHANDLER OR CONTRACTOR?

For the common man, a KYC (know your customer) process is needed
for every small transaction. For corporates, these norms are more stringent, in
issues concerning security and taxation. But the government ignores all KYC
requirements for large and international corporates, and seems to be happy to
do business with ghosts hiding behind tax havens and opaque corporate
structures.
Today, we are in the amazing position of not knowing who the real
beneficiary owners in India are for the following corporates operating freely in
India, happily hiding behind their tax havens and client/attorney privileges,
changing despondent ownerships like other people change cloths. They all know
who or what the president of India is, can sue or take action against the
government if required, but themselves hide behind their opaque curtains.-+

These include:
1. The largest foreign banks, payment processors, investment banks, stock
market investors and others with the financial strings of our country in their
hands.
2. The largest private security providers, huge empires in their own rights,
carrying out all sorts of activities all over India with access to everything
including our borders, ports and defense posts.
45

3. The largest info-tech companies, including a few ghosts, who

ostensibly appear to be from certain developed countries, but are actually not
from there.
The thing is our government increasingly does not know who or what
they are doing business with. That they have not the faintest clue or wish to
try to impose even pretence of a KYC norm on these large corporate and
entities.
There needs to be something done about this, and soon. It is absolutely
incredible and criminal to have a situation where large corporate working in
India are not subject to at the very least the same KYC fundamentals that the
citizens of India are subject to. And it is also important to try and find out how
things came to this pass.
If our government is selling our country, then we should know, at
least, who are they selling it to?

46

CHAPTER 9
CASE STUDY

1. HDFC BANK:

IPO scam: HDFC Bank, 2 others fined

Mumbai, Feb. 27.2011
The Reserve Bank of India on Monday fined HDFC Bank, IDBI and ING
Vysya Bank for violation of Know Your Customer norms and other irregularities
in relation to the recent IPO scam.
HDFC Bank has been slapped with the highest penalty of

`25

Lakh; ING Vysya Bank - ` 10 Lakh and IDBI Ltd ` 5 Lakh.

This is the second time HDFC Bank has been fined for violation of KYC
norms. In January, the bank was imposed a penalty of `5 Lakh.
According to an RBI release, these banks have been fined, "for violation
of regulations on KYC norms, for breach of prudent banking practices and for
not adhering to its directives/guidelines relating to loans against shares/ IPO."

CHAPTER 10

47

Features to be verified and documents that may be

obtained from customers

Features

Documents

Accounts of individuals

(i) Passport

- Legal name and any other names used

ii) PAN card

(iii) Voters Identity Card
(iv) Driving licence
(v) Identity card (subject to the banks
satisfaction)
(vi) Letter from a recognized public
authority or public servant verifying the
identity and residence of the customer to
the satisfaction of bank.

- Correct permanent address

(i) Telephone bill

(ii) Bank account statement
(iii) Letter from any recognized public
authority
(iv) Electricity bill (v) Ration card

Accounts of companies

(vi) Letter from employer

(i) Certificate of incorporation and

- Name of the company

Memorandum & Articles of Association

- Principal place of business

(ii) Resolution of the Board of Directors

- Mailing address of the company

to open an account and identification of

- Telephone/Fax Number

those who have authority to operate the

account
48

(iii) Power of Attorney granted to its

managers, officers or employees to
transact business on its behalf
(iv) Copy of PAN allotment letter
(v) Copy of the telephone bill
Accounts of partnership firms

(i) Registration certificate, if registered

- Legal name

(ii) Partnership deed

- Address

(iii) Power of Attorney granted to a

- Names of all partners and their

partner or an employee of the firm to

addresses

transact business on its behalf

-Telephone numbers of the firm and

(iv) Any officially valid document

partners

identifying the partners and the persons

holding the Power of Attorney and their
addresses
(v) Telephone bill in the name of
firm/partners

Accounts of trusts & foundations

(i) Certificate of registration, if

- Names of trustees, settlers,

registered

beneficiaries and signatories

(ii) Power of Attorney granted to

- Names and addresses of the founder,

transact business on its behalf

the managers/directors and the

beneficiaries

(iii) Any officially valid document to

- Telephone/fax numbers

identify the trustees, settlors,

beneficiaries and those holding Power of
49

Attorney, founders/managers/ directors

and their addresses
(iv) Resolution of the managing body of
the foundation/association
(v) Telephone bill

CHAPTER 11
CONCLUSION

50

 Positive part:
KYC (know Your Customer) do provide protection against Anti-Money
Laundering (AML) Measures/Combating of Financing of Terrorism (CFT).
It helps banks and financial institution by providing security measure to prevent
future defaults.
Negative part:
In place of KYC it has become H2HYC (How to Harres Your Customer).
Even with all these the people who want to do all these things they get
away with everything, but only innocent people getting harassed by the banks
with these policy. For simple customers all these ruling are there. But for the
big fish all these rules are getting by passed that is the reason even after putting
all these condition they are able to manage the show. This is the reason for all
malpractice going on all over the world.

CHAPTER 12
BIBLOGRAPHY
51