The Reserve Bank of India (“RBI”) vide circular dated October 17, 2023 (“Circular”) has introduced significant amendments to its Master Directions with respect – Know Your Customer (KYC) Directions, 2016 (“Directions”).
Per the Directions, banks, banking companies, and non-banking financial companies (NBFCs), financial institutions, intermediaries, and other entities regulated by the RBI (the “Reporting Entities” or “REs”) are obligated to follow prescribed procedures for the purpose of identifying their customers while undertaking a transaction or entering a financial relationship with the relevant customer, with the objective of curbing money laundering/terrorist financing (ML/TF) risks – in line with the Prevention of Money Laundering Act, 2000 and the rules framed thereunder (“PML Act).
Notably, as part of the recent amendments, various procedures and definitions contained in the Directions have been revised, strengthened, and aligned by the RBI with the recommendations issued by the international Financial Action Task Force (FATF).
A synopsis of the key amendments introduced by the RBI vides the Circular is as follows:
Scope of Application and Reporting Entities
The scope of the entities included under the ambit of REs (for the purpose of the amended Directions) has been expanded to explicitly include Asset Reconstruction Companies (ARCs).
Previously. the Directions mandated that REs operating in jurisdictions other than India were to notify the RBI in the event the applicable laws and regulations of the relevant jurisdiction prevented them from implementing the procedures prescribed in the Directions. In this regard, the (amended) Directions now provide that the RBI can advise such REs regarding necessary action and additional measures to be taken by such REs to manage ML/TF risks.
The Directions previously provided that a natural person who (dependently or independently) held ownership/entitlement of more than 15 percent of the capital or profits of a partnership firm would be deemed the beneficial owner within the partnership firm. In this regard, the (amended) Directions now have lowered the threshold (for an individual to be identified as the beneficial owner of the partnership firm) to 10 percent.
Further, the Directions now provide that a natural person who exercises “control through other means” in a partnership firm may also be deemed as a beneficial owner. In this regard, it has been clarified that the term “control” will encompass the “right to control the management or policy decision” in a partnership firm.
Customer Due Diligence (CDD)
The Directions previously defined the term CDD as the identification and verification of a customer or beneficial owner. Pursuant to the Circular, the Directions now specify that CDD must be undertaken by REs using “reliable and independent sources of identification”.
For ease of understanding, an explanation has further been incorporated in the Directions, which provides that CDD must be undertaken at the time of commencement of an account-based relationship or any international money transfer operations or while carrying out occasional transaction (whether conducted as a single transaction or a series of inter-connected transactions) of an amount of at least INR 50000 (USD 600 approx.).
The Directions further provide that CDD must (inter-alia) include: identification/verification of the customer using reliable and independent sources of identification; obtaining of information on the purpose and intended nature of the business relationship; taking reasonable steps to understand the nature of the customer’s business, its ownership, and control; determining whether a customer is acting on behalf of a beneficial owner, and identifying the beneficial owner using reliable and independent sources of identification.
Ongoing Due Diligence (ODD)
While previously the Directions required REs to undertake regular monitoring of transactions in accounts as part of ODD, the Directions now require REs to ensure such transactions are consistent with the Res’s knowledge about the customers, customers’ business and risk profile, and the source of funds/wealth.
Group Wide Policies
The (amended) Directions require REs (which are part of a group) to implement group-wide programs to combat money laundering and terror financing in line with the PML Act (which also sets out obligations in this regard for banking companies, financial institutions and intermediaries) – including through group-wide policies for sharing information required for the purposes of CDD and ML/TF risk management and through the adoption of adequate safeguards on the confidentiality and use of information exchanged such as safeguards to prevent tipping-off.
Risk-Based Approach (RBA)
In order to mitigate and manage ML/TF risks, the (amended) Directions mandate REs to apply for a Risk-Based Approach, with board-approved policies, controls, and procedures in this regard. As part of such RBA, REs are inter alia required to implement a CDD program in accordance with the Direction.
NBFC and Trust Accounts
In addition to other conditions previously stipulated in the Directions as regards opening of an NBFC account, the (amended) Directions require REs to monitor such account and state that in pursuance of a “suspicion of ML/TF activities or other high-risk scenarios” the identity of the customer has to established.
As regards opening an account for a trust, the Directions now mandate that REs must ensure that trustees disclose their status at the commencement of an account-based relationship or when carrying out transactions in line with the Directions.
Updation/Periodic Updation of KYC
The amended Directions also mandate that REs, while adopting a risk-based approach for periodic updating of KYC, should also ensure that the data which is collected as part of CDD is “kept up-to-date and relevant, particularly where there is high risk”.
Accounts of Politically Exposed Persons (PEPs)
In addition to normal CDD procedures, the Directions now provide that REs may establish a financial relationship with a PEP, whether a customer or the beneficial owner, subject to obtaining approval to open an account for a PEP from the senior management and the following new requirements: putting in place appropriate risk management systems to determine whether the customer or the beneficial owner is a PEP and reasonable measures for establishing the source of funds/wealth of PEP.
Interestingly, the Directions provide that the above requirements shall also be applicable to accounts of family members or close associates of PEPs.
Obligations of Reporting Entities to Furnish Information
The (amended) Directions provide that REs should not place a restriction on operations in accounts merely based on a Suspicious Transaction Report (STR) filed with the Financial Intelligence Unit (FIU). Further, these clarify that every RE, while furnishing information to the FIU, must ensure that such information is confidential, such confidentiality requirement will not inhibit the sharing of information of “any analysis of transactions and activities which appear unusual” pursuant to the Master Direction
As regards FATF regulations, the (amended) Directions require REs to apply “enhanced due diligence measures, which are effective and proportionate to the risks, to business relationships and transactions with natural and legal persons (including financial institutions) from countries for which this is called for by the FATF” (being countries which do not apply or insufficiently apply the FATF Recommendations).
Foreign Contribution (Regulation) Act, 2010 (FCRA)
The (amended) Directions have introduced a new provision regarding compliance with FCRA. Per the same, all banks are required to adhere to the provisions of the Foreign Contribution (Regulation) Act, 2010 and the Rules made thereunder. Further, banks are required to ensure “meticulous compliance with any instructions/ communications” on the subject matter, as may be issued from time to time by RBI.
The (amended) Directions mandate all REs to adhere to the Directions concerning the opening of accounts and monitoring of transactions. In particular, all banks are mandated to “undertake diligence measures and meticulous monitoring to identify accounts” being operated as ‘money mules’ (that is, being used to transfer illicit funds to other accounts). In this regard, banks are mandated to take appropriate action and to report suspicious transactions to FIU, India.