The Reserve Bank of India (RBI) has issued comprehensive ‘Know Your Customer’ (KYC) Guidelines to all Non-Banking Financial Companies (NBFCs) in the context of the recommendations made by the Financial Action Task Force (FATF) and Anti Money Laundering (AML) standards and Combating Financing of Terrorism (CFT) policies as these being used as the International Benchmark for framing the stated policies, by the regulatory authorities. In view of the same, SelFin India (“Company”) has adopted the said KYC guidelines with suitable modifications depending on the activity undertaken by it. The Company has ensured that a proper policy framework on KYC and AML measures are formulated in line with the prescribed RBI guidelines and duly approved by its Board (“Board /Committee”).
The objective of KYC guidelines is to prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering activities or terrorist financing activities.
KYC procedures shall also enable the Company to know and understand its Customers and its financial dealings better which in turn will help it to manage its risks prudently. Thus, the KYC policy has been framed by the Company for the following purposes:
1. To prevent criminal elements from using Company for money laundering activities.
2. To enable Company to know and understand its Customers and their financial dealings
better which, in turn, would help the Company to manage risks prudently.
3. To put in place appropriate controls for detection and reporting of suspicious activities in
accordance with applicable laws/laid down procedures.
4. To comply with applicable laws and regulatory guidelines.
5. To ensure that the concerned staff are adequately trained in KYC/AML/CFT procedures.
This KYC Policy is applicable to all branches/offices and including any outsourced manpower working for the Company and is to be read in conjunction with related operational guidelines issued from time to time. Policy shall be applicable to all verticals / products of the Company whether existing or rolled out in future. This Policy includes key elements as under:
a) Customer Acceptance Policy (CAP).
b) Customer Identification Procedures (CIP).
c) Monitoring of Transactions.
d) Risk Management.
The Senior Management of the Company will be responsible to effectively implement the policy.
Any person or entity that is engaged/ proposes to engage in financial transaction with the Company; or
Any person on whose behalf the person who is engaged in the financial transaction is made or proposed to be made.
All Customers shall be non-face-to-face customers, i.e., customers who open accounts without visiting the branch/offices of the Company or meeting the officials of the Company.
A "transaction" means a purchase, sale, loan, pledge, gift, transfer, delivery, or the arrangement thereof and includes-
- Opening of an account for the purpose of availing a loan / having a financial arrangement.
- Deposits, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means.
- Entering into any fiduciary relationship.
- Any payment made or received in whole or in part of any contractual or other legal obligation.
- Any payment made in respect of playing games of chance for cash or kind including such activities associated with casino; and
- establishing or creating a legal person or legal arrangement.
“Senior Management” means the Promoter Director (Ms Amrit Kaur), Co-Founder and Chief Credit Officer.
“Offline Verification”, as defined in the Aadhaar and Other Law (Amendment) Ordinance, 2019, means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by the Aadhaar regulations.
“Politically Exposed Persons/ PEPs” means individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States/Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
“Suspicious Transaction” means a transaction which, to a person acting in good faith (a) gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or (b) appears to be made in circumstances of unusual or unjustified complexity; or (c) appears to have no economic rationale or bonafide purpose or (d) gives rise to a reasonable ground of suspicion that it may involve financing of activities relating to terrorism.
“UIDAI” means the Unique Identification Authority of India.
It may be noted that KYC – AML policy as stated in this document shall prevail over anything else contained in any other document / process/circular/letter/instruction in this regard (KYC-AML). This policy shall be applicable to all verticals/products of the Company whether existing or rolled out in future.
Officially valid document (OVD)
OVD is defined to mean any one of the following:
· the passport,
· the driving license,
· proof of possession of Aadhaar number
· the Voter’s Identity Card issued by Election Commission of India,
· job card issued by NREGA duly signed by an officer of the State Government,
· letter issued by the National Population Register containing details of name and address.
a. where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India.
b. where the OVD furnished by the customer does not have updated address, the following documents shall be deemed to be OVDs for the limited purpose of proof of address: -
i. utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill).
ii. property or Municipal tax receipt.
iii. pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings if they contain the address.
iv. letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and license agreements with such employers allotting official accommodation.
c. the customer shall submit OVD with current address within a period of three months of submitting the documents specified at ‘b’ above
d. where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.
Explanation: For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name. Any equivalent e-document of OVD (other than Aadhaar through E-KYC or Offline Verification) containing details of the identity and address can be accepted.
For an equivalent e-document of any OVD (other than Aadhaar through E-KYC or Offline Verification), the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issued thereunder shall be followed and a live photo be taken as specified under Master Direction - Know Your Customer (KYC) Direction, 2016 (Digital KYC), from time to time.
“Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
Digital KYC means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, (where offline verification of Aadhaar cannot be carried out), along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the Company as per the provisions contained in the Act.
“Digital Signature” is as defined under clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
The Customer Acceptance Policy of the company is aimed at ensuring that explicit guidelines are in place on the following aspects of customer relationship:
- No account is opened in anonymous or fictitious/benami name(s).
- Parameters of risk perception are clearly defined in terms of the location of customer and his clients and mode of payments, volume of turnover, social and financial status, etc. to enable categorization of customers into low, medium, and high risk. These parameters will be defined by RMC (Risk Management Committee) and reviewed periodically
- Documentation requirements and other information which is to be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of Prevention of Money Laundering Act 2002 as amended by PMLA 2009 and subsequent amendments, (hereinafter referred to as PMLA), rules framed there under and guidelines issued from time to time by regulators.
- Not to open an account or close an existing account where the company is unable to apply appropriate customer due diligence measures, i.e., the company is unable to verify the identity and /or obtain documents required as per the risk categorization due to non-co-operation of the customer or non-reliability of the data/information furnished.
- Circumstances, in which a customer is permitted to act on behalf of another person/entity, should be in conformity with the established law and practices, and the customer should be able to explain satisfactorily the reason/ occasion why an account is required to be operated by a mandate holder or where an account may be opened by an intermediary in a fiduciary capacity; and
- Necessary checks before opening a new account so as to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc.
- A profile is required to be prepared for each new customer based on risk categorization. The customer profile may contain information relating to the customer’s identity, social/financial status, nature of business activity, information about his clients’ business and their location, etc. The nature and extent of due diligence will depend on the risk perceived. While preparing customer profile the care is to be taken to seek only such information which is relevant to the risk category and is not intrusive. Any other information from the customer should be sought separately with his/her consent and after opening the loan account. The customer profile is a confidential document and details contained therein shall not be divulged for cross selling or any other purposes.
- For the purpose of risk categorization, individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, are to be categorized as low risk. Illustrative examples of low-risk customers could be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments & Government owned companies, regulators, and statutory bodies, etc. In such cases, only the basic requirements of verifying the identity and location of the customer are to be met.
- Customers that are likely to pose a higher-than-average risk may be categorized as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile, etc. In such cases enhanced due diligence measures are required to be applied based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence may include
(a) Non-resident customers,
(b) High net worth individuals,
(c) Trusts, charities, NGOs, and organizations receiving donations,
(d) Companies having close family shareholding or beneficial ownership,
(e) Firms with 'sleeping partners',
(f) Politically exposed persons (PEPs) of foreign origin,
(g) Non-face to face customers, and
(h) Those with dubious reputation as per public information available, etc.
As regards the accounts of PEPs it is advised that in the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, the Company would obtain senior management approval in such cases to continue the business relationship with such person, and also undertake enhanced monitoring as specified in Annexure – A.
While accepting and executing a client relationship the Company has adopted a risk based approached as under:
(a) Customers like Salaried people– wherein all their income and expenses details are transparent and well structured. (b) Wherein only customers basic requirements of verifying the identity and location are to be met
Customers those are less risky in nature as compare to high-risk customers – can be categorized as Medium Risk.
Customers that are likely to pose a higher-than-average risk may be categorized as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile, etc.
List of Customers as per Risk category
(a) Salaried employees whose salary structures are well defined,
(b) People belonging to lower economic strata of the society whose accounts show small balances and low turnover,
(c)Government departments & Government owned companies, regulators, and statutory bodies, etc.
(d)Micro/Small/Medium enterprises filing regular ITR, good banking relationship, existing trade records with any Financial institutions etc.
(e) A non-face to face customer’s profile shall, whose application is accepted by any available mode of verification other than VCIP, as per the applicable laws, change from High Risk to Low/Medium as and when the physical due diligence is carried out.
(a) Client with over investment of Rs. 50 Lakh where identity and sources of wealth are not supported by public documents like income returns, registered conveyance deeds etc.
(b) Clients with sudden spurt in volumes or investment without apparent reasons.
(c) Clients who trade in derivatives.
(d) Customers having speculative income. (e)Person in business/industry or trading activity where scope or history of unlawful trading / business activity dealings is more, etc.
(b) High net worth individuals,
(c) Trusts, charities, NGOs, and organizations receiving donations, (d) Companies having close family shareholding or beneficial ownership,
(e)Firms with 'sleeping partners', (f)Politically exposed persons (PEPs) of foreign origin,
(g) Non face to face customer other than the customer accepted by V-CIP, and
(h) Those with dubious reputation as per public information available, etc.
(i) NPA customers
It is important to bear in mind that the adoption of Customer Acceptance Policy and its implementation should not become too restrictive and must not result in denial of the company’s services to general public, especially to those, who are financially or socially disadvantaged. Customer Identification Procedure.
6.1 The Company shall undertake identification of its Customers during the following stages:
- Commencement of an account-based relationship with the Customer.
- When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
- Selling third party products as agents, selling their own products, payment of dues of credit cards/sale and any other product for more than Rs. 50,000.
- When the Company has reason to believe that a customer is intentionally structuring a transaction into a series of transactions below the threshold of Rs. 50,000.
6.2 While undertaking customer identification, the Company shall be mindful that decision-making functions of determining compliance with KYC norms shall not be outsourced by the Company.
For undertaking CDD, the Company shall obtain the following from the customer while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity:
(a) a certified copy of any OVD containing details of his identity and address
(b) one recent photograph
(c) the Permanent Account Number or Form No. 60 as defined in Income-tax Rules, 1962
Provided that, Customer may carry out offline verification of a customer if he is desirous of undergoing Aadhaar offline verification for identification purpose. In cases where successful authentication has been carried out, other OVD and photograph need not be submitted by the customer.
Company shall, where its customer submits his Aadhaar number, ensure such customer to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act.
For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out.
In addition to the above, any two of the following documents as a proof of business/ activity in the name of the proprietary firm shall also be obtained:
(a) Registration certificate
(b) Certificate/licence issued by the municipal authorities under Shop and Establishment Act.
(c) Sales and income tax returns.
(d) CST/VAT/ GST certificate (provisional/final)
(e) Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
(f) IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
(g) Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax authorities.
(h) Utility bills such as electricity, water, landline telephone bills, etc.
In cases where the Company is satisfied that it is not possible to furnish two such documents, Company may, at its discretion, accept only one of above documents as proof of business/activity. Provided Company undertake contact point verification and collect such other information and clarification as would be required to establish the existence of such firm, and shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern.
The Company may, in terms of the applicable guidelines issued by the Reserve Bank of India or any other applicable law, carry out verification of its customers through Digital KYC process. Annex-D provides the process to be followed for the purpose of Digital KYC.
- In case of Politically Exposed Persons (PEPs), the Company shall undertake the following additional compliances:
- sufficient information including information about the sources of funds accounts of family members and close relatives should be gathered on the PEP.
- the identity of the person should be verified before accepting the PEP as a Customer.
- the decision to open an account for a PEP should be taken at a senior level in accordance with the terms of the Policy.
- all such accounts would be subjected to enhanced monitoring on an on-going basis.
- in the event of an existing Customer subsequently becoming a PEP, senior management’s approval shall be required to continue the business relationship.
- Where the Company is unable to comply with the customer due diligence requirements, the Company shall not open the customer account, commence business relations, or sanction loans.
Video-based Customer Identification Process (V-CIP) may be developed by the company for the purpose of customer identification. V-CIP is a method of customer identification by an official of the company by undertaking seamless, secure, real-time, consent based audio-visual interaction with the customer to obtain identification information and to ascertain the veracity of the information furnished by the customer. Such process shall be treated as face-to-face process for the purpose. Annex-E provides the process to be followed for the purpose of V-CIP.
- Periodical Updation of KYC Documents:
Based on the risk profile of a client, clients shall be asked to update his/her KYC documents periodically. Full KYC exercise will be required to be done,
a) at least every two years for high-risk individuals and entities. (Definition of Risk category of client are mentioned below in customer acceptance policy)
b) at least every ten years for low risk and
c) at least every eight years for medium risk individuals and entities taking into account whether and when client due diligence measures have previously been undertaken and the adequacy of data obtained. Physical presence of the clients may, however, not be insisted upon at the time of such periodic updates.
d) Fresh photographs will be required to be obtained from minor customer on becoming major.
It is the duty of the client to advise immediately any change of his registered address. In case a client is found not residing in his recorded address, he/she shall be asked to submit updated KYC documents along with current address proof at the earliest.
- Monitoring of Transactions
Ongoing monitoring is an essential element of effective KYC procedures. The officials have to effectively control and reduce the risk by understanding the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of each account. Officials should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The Company may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should particularly attract the attention of the officials. Very high account turnover inconsistent with the means of the customer may indicate that funds are being 'washed' through/into the account. High-risk accounts have to be subjected to intensified monitoring. The Company should put in place a system of periodical review of risk categorization of accounts and the apply enhanced due diligence measures wherever required.
The aim of this policy is to ensure that an effective KYC Program is in place by establishing appropriate procedures and ensuring their effective implementation. Officials involved with day to day functioning and interaction with the clients including those at administrative offices supervising them need to have proper management oversight, systems and controls, segregation of duties, training, and other related matters to ensure statutory compliance with the KYC program. Responsibility should be explicitly allocated within the Company for ensuring that the policies and procedures are implemented effectively. Accordingly, company has detailed, through its Credit Risk management and Policy, the Underwriting criteria, that are enhanced due diligence and customer identification and acceptance procedure.
The Company’s Internal Audit /Compliance functions will evaluate and ensure adherence to the KYC Policies and procedures. As a general rule, the compliance function will provide an independent evaluation of the Company’s own policies and procedures, including legal and regulatory requirements. The Management of the Company under the supervision of the Board shall ensure that the Compliance function is staffed adequately with skilled individuals. The compliance in this regard shall be put up before the Board along with their normal reporting frequency. Further, the Company shall have an adequate screening mechanism in place as an integral part of their recruitment/ hiring process of personnel so as to ensure that person of criminal nature/ background do not get an access, to misuse the financial channel.
Company shall have an ongoing employee training programs so that the members of the staff are adequately trained in KYC/ AML/ CFT procedures. Training requirements shall have different focuses for front line staff, compliance staff and officer/ staff dealing with new Customers so that all those concerned fully understand the rationale behind the KYC Policies and implement them consistently.
- Maintenance of records of transactions: The Company shall maintain proper record of the transactions as required under Section 12 of the PMLA read with Rule 3 of the Prevention of Money Laundering Rules, 2005 (PML Rules) as mentioned below:
a) All cash transactions of the value of more than Rupees Ten Lakhs (Rs. 10, 00, 000/-) or its equivalent in foreign currency, though by policy the Company neither accept cash deposits nor in foreign currency.
b) All series of cash transactions integrally connected to each other which have been valued below Rupees Ten Lakhs (Rs. 10,00,000/-) or its equivalent in foreign currency where such series of transactions have taken place within a month.
c) All transactions involving receipts by non-profit organizations of Rupees ten lakhs or its equivalent in foreign currency.
d) All cash transactions, where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place, any such transactions.
e) All suspicious transactions whether or not made in cash and in manner as mentioned in the PML Rules framed by the Government of India under PMLA. An Illustrative List of suspicious transaction pertaining to financial services is given in Annexure C.
- Records to contain the specified information The Records referred to above in Rule 3 of PML Rules to contain the following information:
a) the nature of the transactions.
b) the amount of the transaction and the currency in which it was denominated.
c) the date on which the transaction was conducted.
d) the parties to the transaction.
- Maintenance and preservation of records Section 12 of PML Act requires the Company to maintain records as under: a) records of all transactions referred to in clause
(a) of sub-section (1) of Section 12 read with Rule 3 of the PML Rules is required to be maintained for a period of Ten (10) years from the date of transactions between the customers and Company.
b) records of the identity of all Customers of Company are required to be maintained for a period of Ten (10) years from the date of cessation of transactions between the Customers and Company.
c) Company shall take appropriate steps to evolve a system for proper maintenance and preservation of information in a manner (in hard and/or soft copies) that allows data to be retrieved easily and quickly whenever required or as/ when requested by the competent authorities.
Company shall designate a senior employee / Director as ‘Principal Officer’ (PO) who shall be located at the Head/Corporate office and shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. PO shall maintain close liaison with enforcement agencies, NBFCs and any other institution which are involved in the fight against money laundering and CFT.
In the event the Principal Officer arrives at a conclusion that any transaction, or a series of transactions integrally connected are of suspicious nature, he must furnish a Suspicious Transaction Report (“STR”) within 7 working days of the same and must record his reasons for treating any transaction or a series of transactions as suspicious.
The Company shall also report all such attempted transactions in STRs, even if not completed by Customers, irrespective of the amount of the transaction.
The Company is also directed to make STRs if they have reasonable ground to believe that the transaction involves proceeds of crime (irrespective of the amount of transaction).
The Principal Officer will report information relating to suspicious transaction to the Director, FIU-IND as per the terms of the PML Rules, in the prescribed formats as designed and circulated by RBI at the following address:
Financial Intelligence Unit-India,
6th Floor, Hotel Samrat,
Chanakyapuri, New Delhi – 110021
- The Principal Officer shall also ensure that it retains a copy of such information for the purposes of official record.
The employees of Company shall maintain strict confidentiality of the fact of furnishing/ reporting details of suspicious transactions.
- Customer Education:
Company shall educate Customers on the objectives of the KYC program so that Customer understands and appreciates the motive and purpose of collecting such information. The Company shall prepare specific literature/ pamphlets, terms, and conditions etc. so as to educate the Customer about the objectives of the KYC program. The front desk staff shall be specially trained to handle such situations while dealing with Customers.
- Introduction of new technologies:
Company shall pay special attention to any money laundering threats that may arise from new or developing technologies including online transactions that may favor anonymity, and take measures, if needed, to prevent their use in money laundering. Company shall ensure that any remittance of funds by way of demand draft, mail/telegraphic transfer or any other mode for any amount is affected by cheques and not against cash payment.
- Applicability to Branches and Subsidiaries outside India:
This Policy shall also be applicable to the branches and majority owned subsidiaries located abroad, especially, in countries which do not or insufficiently apply the FATF Recommendations, to the extent local laws permit as and when the Company opens overseas branches. When local applicable laws and regulations prohibit implementation of these guidelines, the same will be brought to the notice of RBI.
- Closure of Accounts/Termination of Financing/Business Relationship:
Where Company is unable to apply appropriate KYC measures due to non-furnishing of information and/or non-operation by the Customer, Company shall terminate Financing/Business Relationship after issuing due notice to the Customer explaining the reasons for taking such a decision. Such decision shall be taken with the approval of Chairman & Managing Director or key managerial persons authorized for the purpose.
- KYC for the Existing Accounts:
While the KYC Policy will apply to all new Customers, the same would be applied to the existing Customers on the basis of materiality and risk. However, transactions with existing Customers would be continuously monitored for any unusual pattern in the operation of the accounts.
- Updation in KYC Policy of Company
PO shall, after taking the due approval from the Board, make the necessary amendments/modifications in the KYC/ AML/ CFT Policy or such other related guidance notes of Company, to be in line with RBI or such other statutory authority’s requirements/updates/ amendments from time to time.
- Consequences of breach/ default
- The Director, FIU-IND is empowered to impose a fine in case of failure to comply with the obligations of maintenance of records, furnishing information and verifying the identity of the Customers. In such case, the amount of fine may vary from Rs. 10,000 to Rs. 1,00,000 for each failure.
- In case the Company is found in contravention of any KYC guideline set out by the RBI specifically, it shall be penalized in terms of Section 58G of the RBI Act, 1934.
- Given that the regulatory authorities seek to curb the offence of money-laundering wherein it involves any attempt, directly or indirectly, to indulge or knowingly assist or knowingly be a party or be actually involved in any process or activity connected with the proceeds of crime including its concealment, possession, acquisition or use and projecting or claiming it as untainted property, any such concealment or act of disguising the true origins of tainted proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets, is punishable. As such, whoever commits the offence of money-laundering is punishable with rigorous imprisonment for a term which shall not be less than three years, but which may extend to seven years and shall also be liable to fine.
- In addition, failure to report suspected money laundering (including attempted transactions even if not completed by the Customer, irrespective of the amount of the transaction and/or threshold limit envisaged for predicate offences) may result in comparable fines and terms of imprisonment.
Annex – A
CUSTOMER IDENTIFICATION REQUIREMENTS - INDICATIVE GUIDELINES
Trust/Nominee or Fiduciary Accounts
There exists the possibility that trust/nominee or fiduciary accounts can be used to circumvent the customer identification procedures. Officials should determine whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary. If so, Officials may insist on receipt of satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also obtain details of the nature of the trust or other arrangements in place. While opening an account for a trust, Officials should take reasonable precautions to verify the identity of the trustees and the settlors of trust (including any person settling assets into the trust), grantors, protectors, beneficiaries, and signatories. Beneficiaries should be identified when they are defined. In the case of a 'foundation', steps should be taken to verify the founder managers/directors and the beneficiaries, if defined. If the Official decides to accept such accounts in terms of the Customer Acceptance Policy, the company shall take reasonable measures to identify the beneficial owner(s) and verify his/her/their identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are
Accounts of companies and firms
Officials will be vigilant against business entities being used by individuals as a ‘front’ for maintaining accounts with the Company. Officials shall verify the legal status of the legal person / entity through proper and relevant documents. Official shall verify that any person purporting to act on behalf of the legal / juridical person/entity is so authorized and identify and verify the identity of that person. Officials shall examine the control structure of the entity, determine the source of funds, and identify the natural persons who have a controlling interest and who comprise the management. These requirements may be moderated according to the risk perception, e.g., in the case of a public company it will not be necessary to identify all the shareholders.
Client accounts opened by professional intermediaries
When the Official has knowledge or reason to believe that the client account opened by a professional intermediary is on behalf of a single client, that client must be identified. Officials may hold 'pooled' accounts managed by professional intermediaries on behalf of entities like mutual funds, pension funds or other types of funds. Where the Officials rely on the 'customer due diligence' (CDD) done by an intermediary, they shall satisfy themselves that the intermediary is regulated and supervised and has adequate systems in place to comply with the KYC requirements. It shall be understood that the ultimate responsibility for knowing the customer lies with the Company
Accounts of Politically Exposed Persons (PEPs) resident outside India
Politically exposed persons are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc. Officials should gather sufficient information on any person/customer of this category intending to establish a relationship and check all the information available on the person in the public domain. Officials should verify the identity of the person and seek information about the sources of funds before accepting the PEP as a customer. The decision to open an account for PEP should be taken at a senior level. Officials should also subject such accounts to enhanced monitoring on an ongoing basis. The above norms may also be applied to the accounts of the family members or close relatives of PEPs.
Accounts of non-face-to face customers
In the case of non-face-to-face customers, apart from applying the usual customer identification procedures, additional safeguards are necessary to mitigate the higher risk involved. Certification of all the documents presented may be insisted upon and, if necessary, additional documents may be called for. In the case of cross-border customers, there is the additional difficulty of matching the customer with the documentation and the Official may have to rely on third party certification/introduction. In such cases, it must be ensured that the third party is a regulated and supervised entity and has adequate KYC systems in place.
Annex – B
Customer Identification Procedure
Documents that may be obtained from customers
Documents (Certified copy of any one of the following officially valid document)
Accounts of individuals
b) PAN Card.
c) Voter’s Identity Card.
d) Driving License.
e) Identity card (subject to the Company’s satisfaction).
f) Aadhar Card; (Company shall, where its customer submits his Aadhaar number, ensure such customer to redact or blackout his Aadhaar number through appropriate means)
g) Letter from a recognized public authority or public servant verifying the identity and residence of the Customer to the satisfaction of the Company.
Any one document which provides Customer information to the satisfaction of the Company will suffice.
One recent photograph except in case of transactions referred to in Rule 9 (1) (b) of the PML Rules.
Accounts of Companies
– Name of the company.
– Principal place of business.
– Mailing address of the company.
– Telephone/Fax Number.
a) Certificate of incorporation and Memorandum & Articles of Association.
b) Resolution of the board of directors to open an account and identification of those who have authority to operate the account.
c) Power of attorney granted to its managers, officers, or employees to transact business on its behalf.
d) an officially valid document in respect of managers, officers or
employees holding an attorney to transact on its behalf.
e) Copy of PAN allotment letter.
f) Copy of telephone bill
Accounts of Partnership firms
a) Registration certificate, if registered.
b) Partnership deed.
c) Power of attorney granted to a partner or an employee of the firm to transact business on its behalf.
d) Any officially valid document identifying the partners and the persons holding the Power of attorney and their addresses.
e) Telephone bill in the name of firm/partners.
Accounts of Trusts and foundations – Names of trustees, settlers, beneficiaries, and signatories.
a) Certificate of registration, if registered.
b) Trust Deed.
c) Power of attorney granted to transact business on its
d) Any officially valid document to identify the trustees, settlers, beneficiaries, and those holding power of attorney,
founders/ managers/ directors and their addresses.
e) Resolution of the managing body of the foundation/association.
f) Telephone bill.
Accounts of unincorporated association or a body of individuals
a) Resolution of the managing body of such association or body of individuals.
b) power of attorney granted to him to transact on its behalf.
c) an officially valid document in respect of the person holding an attorney to transact on its behalf and such other information as may be required by Company to collectively establish the legal existence of such as association or body of individuals.
Accounts of Proprietorship Concerns Proof of the name, address, and activity of the concern
Apart from Customer identification procedure as applicable to the proprietor any two of the following documents in the name of the proprietary concern would suffice
(a) Registration certificate (in the case of a registered concern)
(b) Certificate/license issued by the Municipal authorities under Shop & Establishment Act,
(c) Sales and income tax returns
(d) CST/VAT certificate
(e) Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities
(f) License/certificate of practice issued in the name of the proprietary concern by any professional body incorporated
under a statute. The complete Income Tax return (not just the
acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/ acknowledged by the Income Tax Authorities.
In cases where the Company is satisfied that it is not possible to furnish two such documents, it would have the discretion to accept only one of those documents as activity proof. In such cases, the
Company, however, would have to undertake contact point verification, collect such information as would be required to establish the existence of such firm, confirm, clarify, and satisfy.
themselves that the business activity has been verified from the address of the proprietary concern.
*compulsory in case of non-resident individuals.
If any of the above documents are in any language other than English, it shall be translated into English along with a certificate from translator / notary public.
Annex – C
ILLUSTRATIVE LIST OF SUSPICIOUS TRANSACTIONS PERTAINING TO LOANS:
a. Customer is reluctant to provide information, data, documents.
b. Submission of false documents, data, purpose of loan, details of accounts.
c. Refuses to furnish details of source of funds by which initial contribution is made, sources of funds are doubtful etc.
d. Reluctant to meet in person, represents through a third party/Power of Attorney holder without sufficient reasons.
e. Approaches a branch/office of the company which is away from the customer’s residential or business address provided in the loan application when there is the company branch/office nearer to the given address.
f. Unable to explain or satisfy the numerous transfers in the statement of account/ multiple accounts.
g. Initial contribution made through unrelated third-party accounts without proper justification.
h. Availing a top-up loan and/or equity loan, without proper justification of the end use of the loan amount.
i. Suggesting dubious means for the sanction of loan.
j. Where transactions do not make economic sense.
k. There are reasonable doubts over the real beneficiary of the loan and the flat to be purchased.
l. Encashment of loan amount by opening a fictitious bank account.
m. Applying for a loan knowing fully well that the property/dwelling unit to be financed has been funded earlier and that the same is outstanding.
n. Sale consideration stated in the agreement for sale is abnormally higher/lower than what is prevailing in the area of purchase.
o. Multiple funding of the same property/dwelling unit.
p. Request for payment made in favour of a third party who has no relation to the transaction.
q. Usage of loan amount by the customer in connivance with the vendor/builder/developer/broker/agent etc. and using the same for a purpose other than what has been stipulated.
r. Multiple funding / financing involving NGO / Charitable Organization / Small / Medium Establishments (SMEs) / Self Help Groups (SHGs) / Micro Finance Groups (MFGs)
s. Frequent requests for change of address.
t. Overpayment of instalments with a request to refund the overpaid amount.
Annex – D: Digital KYC Process
The Company shall develop an application for digital KYC process which shall be made available at customer touch points for undertaking KYC of their customers and the KYC process shall be undertaken only through this authenticated application of the Company.
The access of the Application shall be controlled by the Company and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login-id and password or Live OTP or Time OTP controlled mechanism given by Company to its authorized officials.
The customer, for the purpose of KYC, shall visit the location of the authorized official of the Company or vice-versa. The original OVD shall be in possession of the customer.
The Company must ensure that the Live photograph of the customer is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the Company shall put a watermark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by Company) and Date (DD:MM: YYYY) and time stamp (HH:MM: SS) on the captured live photograph of the customer.
The Application of the Company shall have the feature that only live photograph of the customer is captured and no printed or video-graphed photograph of the customer is captured. The background behind the customer while capturing live photograph should be of white colour and no other person shall come into the frame while capturing the live photograph of the customer.
Similarly, the live photograph of the original OVD or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall be captured vertically from above and watermarking in readable form as mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph of the original documents.
The live photograph of the customer and his original documents shall be captured in proper light so that they are clearly readable and identifiable.
Thereafter, all the entries in the CAF shall be filled as per the documents and information furnished by the customer. In those documents where Quick Response (QR) code is available, such details can be auto populated by scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e-Aadhaar downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be auto-populated by scanning the QR available on Aadhaar/e-Aadhaar.
Once the above-mentioned process is completed, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number. Upon successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officers registered with the Company shall not be used for customer signature. The Company must check that the mobile number used in customer signature shall not be the mobile number of the authorized officer.
The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will be sent to his mobile number registered with the Company. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.
Subsequent to all these activities, the Application shall give information about the completion of the process and submission of activation request to activation officer of the Company, and also generate the transaction-id/reference-id number of the process. The authorized officer shall intimate the details regarding transaction-id/reference-id number to customer for future reference.
The authorized officer of the Company shall check and verify that: - (i) information available in the picture of document is matching with the information entered by authorized officer in CAF. (ii) live photograph of the customer matches with the photo available in the document.; and (iii) all M. On Successful verification, the CAF shall be digitally signed by authorized officer of the Company who will take a print of CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.
Annex – E: Guidelines for V-CIP:
The Company may undertake live V-CIP, to be carried out by an official of the company for establishment of an account-based relationship with an individual customer, after obtaining his informed consent and shall adhere to the following stipulations:
The official of the Company performing the V-CIP shall record video as well as capture photograph of the customer present for identification and obtain the identification information as below:
1. Company can only carry out Offline Verification of Aadhaar for identification. In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 days from the date of carrying out V-CIP.
2. Company shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority.
3. Live location of the customer (Geotagging) shall be captured to ensure that customer is physically present in India
4. The official of the Company shall ensure that photograph of the customer in the Aadhaar/PAN details matches with the customer undertaking the V-CIP and the identification details in Aadhaar/PAN shall match with the details provided by the customer.
5. The official of the Company shall ensure that the sequence and/or type of questions during video interactions are varied in order to establish that the interactions are real-time and not pre-recorded.
6. All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process.
7. Company shall ensure that the process is a seamless, real-time, secured, end-to-end encrypted audio-visual interaction with the customer and the quality of the communication is adequate to allow identification of the customer beyond doubt. Company shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations.
8. To ensure security, robustness, and end to end encryption, the Company shall carry out software and security audit and validation of the V-CIP application before rolling it out.
9. The audio-visual interaction shall be triggered from the domain of the Company itself, and not from third party service provider, if any. The V-CIP process shall be operated by officials specifically trained for this purpose. The activity log along with the credentials of the official performing the V-CIP shall be preserved.
10. Company shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp.
11. Company is encouraged to take assistance of the latest available technology, including Artificial Intelligence (AI) and face matching technologies, to ensure the integrity of the process as well as the information furnished by the customer. However, the responsibility of customer identification shall rest with the Company.
12. Company shall ensure to redact or blackout the Aadhaar number.