Guidelines on Electronic Know Your Customer

(e-KYC)

Bangladesh Financial Intelligence Unit

2nd Annex Building, 11th Floor
Bangladesh Bank, Motijheel
Dhaka-1000.

Volume: 01
Page | I
Dated: December, 2019
Revision date: None
 Preface
Bangladesh is one of the fastest growing economies in the world and looking
forward to transforming itself into a developed economy by 2041. The
Sustainable Development Goal (SDG) Agenda -1 (one) emphasizes to put in
place a sound policies and gender sensitive development strategies for
poverty eradication and Agenda 8(10) of the same urges for capacity
building of domestic financial institutions to encourage and expand access to
banking, insurance and financial services for all. Financial Action Task
Force (FATF), an inter governmental and global standards setting body on
combating money laundering and financing of terrorism also encourage
jurisdictions to pursue financial inclusion through risk based approach.
The Vision 2021 reaffirms the Bangladesh government commitment to
provide financial service at doorstep of the citizens in an easy, faster and low
cost manner. In this backdrop, implementation of Electronic Know Your
Customer (e-KYC) can contribute to achieve the above mentioned target of
SDG Agenda and Vision 2021. Additionally, the National Strategy for
prevention of Money Laundering and Combating Financing of Terrorism
Strategy 2019-2021 published by the Bangladesh Government also has set a
comprehensive strategic objective (Strategy No. 08) to promote FinTech and
RegTech, financial inclusion and ensuring cyber security. The action item
no. 9 of the strategy has set a deadline to implement e-KYC/Digital KYC by
December 2020.
Since the digitalization enable easy access of customer, even from the
remote location, into the financial services, this may pose some
underlying risk of money laundering, terrorism financing and related
criminal activities by abusing financial institutions and its services. As
such, while preparing this Guideline relevant international best
practices are meticulously consulted. Beside the best practices, a
multiagency working group led by Executive Director, Bangladesh Bank
along with Bangladesh Financial Intelligence Unit (BFIU) worked since
2017 to test the viability of e-KYC in Bangladesh. Therefore, the working
group has completed hands on nationwide pilot project on e-KYC

II
participated by 18 banks and 01 non-bank financial institutions. This pilot
project covers customer onboarding using biometrics and different
technologies, where customer’s identity was checked by using National
Identification (NID) card issued by National Identity Registration Wing
NIDW) of Election Commission (EC) of Bangladesh. The technologies used
in the pilot project were fingerprint devices, face matching devices, artificial
intelligence, optical character recognition (both in Bangla and English) and
so on. In the pilot project, the average rate of successful on-boarding has
been found to be higher for the fingerprint technology than the facial
matching technology. The draft report of the pilot project also acknowledged
that the success rate of customer on-boarding through fingerprint and face
matching technology might increase based on the institutional capacity and
the training.

The data provided by the institutions showed that the e-KYC can save time
of onboarding from 4-5 days to 5-6 minutes, cost of customer onboarding
and KYC reduces 5-10 times and the growth of business (in particular to the
client base) is around 25% compared to the traditional onboarding and KYC
mechanism.

Therefore, the BFIU issued this Guideline for the financial institutions
including banks, non-bank financial institutions, insurance companies,
capital market intermediaries, MFS, DFS and the other companies licensed
by the Bangladesh Bank under the power conferred in the Section 23(1)(d)
of the Money Laundering Prevention Act, 2012 and the Section 15(1)(d) of
the Anti Terrorism Act, 2009. The BFIU expects every financial institution
to implement this Guideline by December 2020 to enhance their service
capacity by reducing cost and time and achieve steady business growth.
Subsequently, prevent any misuse of their products, services and delivery
channels from money laundering, terrorist financing and relevant predicate
crimes. The financial institutions are free to choose required technology and
any suggested models mentioned in this Guideline, however, they have to
follow every steps of the chosen model.

III
Table of Contents

Abbreviations.................................................................................................................................VI

1. Introduction………................................................................................................................1

1.1 Background…………………………………………………………… …………....1

1.2 Scope……....................................................................................................................4
1.3 Objective......................................................................................................................5

2. e-KYC Process…....................................................................................................................6

2.1 Definitions……............................................................................................................6

2.2 Process..........................................................................................................................6

2.3 Applicability.................................................................................................................7

3. Customer on Boarding-Simplified.......................................................................................10

3.1 Customer on boarding models……............................................................................10

3.2 Customer on boarding by using fingerprint………………………………………… 11

3.2.1 Required Technology……………………… ……………………..….. 13

3.2.2 Sanctions and other screening…………………………………….… 14

3.2.3 Audit trail of customer profile…….………………………………… 14

3.2.4 Matching parameters……………………………..…………………. 15

3.2.5 Security measures…………………….................................................. .15

3.3 Customer on Boarding- by using face matching………………..………………16

3.3.1 Required Technology……………………………………..… 18

3.3.2 Sanctions and other screening………………………….…… 19

3.3.3 Audit trail of customer profile……………………..………….19

IV
 3.3.4. Matching parameters……………………………..…… …. 20

3.4.5 Security measures……………………………………….….20

4. Customer on boarding-regular measure………………………………….21

4.1.Required Technology………………………………………….23

4.2 Sanctions and other screening………………………..……….. 23

4.3 Audit trail of customer profile……………… . ………..……...23

4.4 Matching parameters……………………………….………… 24

4.5 Security measures……………..……………………………….24

5. Other relevant issues……………………………………………………….25

5.1. Record Keeping……………………………………………………… 25

5.2. Reliance on third parties……………………………………………… 25

5.3 Risk Assessment………………………………..…………………….. 26

5.4 Implementation………………………………………………………… 27

5.5 Transformation of existing clients CDD………………………………..27

6.e-KYC Profile- Simplified and Regular…………………………………………28

6.1 Sample e-KYC output for simplified measures……………………………..28

6.2. Sample e-KYC output for regular measures………………………………..29

6.3 Customer Risk Grading Risk Grading Form………..……………………….30

Annexure…………………………………………………………………………….31

V
Abbreviations

AI Artificial Intelligence
BB Bangladesh Bank
BFIU Bangladesh Financial Intelligence Unit
BTRC Bangladesh Telecommunication Regulatory Commission
CDD Customer Due Diligence
CDBL Central Repository of Bangladesh Limited
DNFBPs Designated Non-Financial Business and Professions
e-KYC Electronic Know Your Customer
FATF Financial Action Task Force
KYC Know Your Customer
MFS Mobile Financial Service
ML/TF Money Laundering & Terrorism Financing
NRA National ML/TF Risk and Vulnerability Assessment
NID National Identification Database
OCR Optical Characteristic Recognition
SDD Simplified Due Diligence
SIM Subscriber Identity Module
SDG Sustainable Development Goal
2FA Two Factor Authentication

VI
Introduction

1.1 Background
The concept of Know Your Customer (KYC) within the financial sector and
Designated Non -Financial Business and Professions (DNFBPs) started only
few decades back. It has got momentum when FATF came forward with a
set of recommendations for prevention of money laundering and financing
of terrorism. Within the FATF standards KYC had been emerged as one of
the main preventive measures or tools to protect financial institutions
abusing from criminal activities.
The FATF Recommendation no. 10 requires financial institutions to conduct
KYC, Customer Due Diligence (CDD) either simplified or enhanced based
on the customer risk profile as well as on-going CDD measures. It also
requires that CDD should be undertaken by the financial institutions while
establishing business relationship with customer.
The CDD measures to be taken by the financial institutions as per the FATF
standards are as follows:

(a) Identifying the customer and verifying that customer’s identity using
reliable, independent source documents, data or information;

(b) Identifying the beneficial owner and taking reasonable measures to

verify the identity of the beneficial owner, as such that the financial
institution is satisfied that it knows who the beneficial owner is. For
legal persons and arrangements this should include financial institutions
understanding the ownership and control structure of the customer.

(c) Understanding and, as appropriate, obtaining information on the

purpose and intended nature of the business relationship;

(d) Conducting ongoing due diligence on the business relationship and

scrutiny of transactions undertaken throughout the course of that
relationship to ensure that the transactions being conducted are
consistent with the institution’s knowledge of the customer, their

Page | 1
 business and risk profile, including, where necessary, the source of
fund. The Financial institutions should be required to apply each of the
CDD measures and should determine the extent of such measures using
a risk-based approach (RBA) in accordance with the Interpretive Notes
to this Recommendation. The relevant identification data may be
obtained from a public register, from the customer or from other
reliable and independent sources.

In 2017, the FATF provided a specific supplement to the 2013 Guidance on

AML/CFT Measures and financial inclusion, focusing specifically on CDD
and financial inclusion. The Guideline highlights risk mitigation measures
that Financial Institutions’ should apply commensurate with the nature and
level of risks identified, to mitigate the risks. It also presents different CDD
approaches which can be implemented to facilitate financial inclusion and
remove obstacles linked to the verification of the customer’s identity, either
a broad understanding of the reliable and independent source of information
or simplified due diligence measures. Where the risks of ML and TF are
lower, one or more of the digital ID system’s basic processes, may be less
reliable (i.e., have a lower assurance level) would still satisfy the
requirements of Recommendation 10.

FATF standards are applicable for both traditional and digital financial
services. The digital financial services cover financial products and services,
including payments, transfers, savings, credit, insurance and securities. They
are delivered via digital/electronic technology such as e-money (initiated
either online or on a mobile phone), payment cards and regular bank
accounts.

In Bangladesh, section 25 of Money Laundering Prevention Act (MLPA),

2012 requires financial institutions to collect complete and correct identity of
customer while establishing business relationship with its potential customer.
The Rule 6 to12 of the Money Laundering Prevention (MLP) Rules 2019
provides a detail framework to conduct customer due diligence for the
financial institutions, where Rule no. 10 provides the legal basis to adopt risk
based approach in case of customer due diligence, i.e. application of

Page | 2
simplified measures for lower risk scenario and vis-à-vis enhanced measures
for higher risk scenario. With the spirit of those laws, Bangladesh Financial
Intelligence Unit (BFIU) has issued several circulars and circular letters
instructing the financial institutions’ to conduct know your customer
programs, which starts from customer onboarding.

Digital financial products and services, and digital identity solutions have
developed significantly over the last several years and have major potential
to facilitate access to basic services for unserved and underserved people and
businesses, especially in emerging and developing countries. The
development of branchless banking channels through non-bank agents (e.g.
computer shops, mobile phone shops, commission agent business, grocery
stores etc.), combined with mobile phone solutions, and e-money accounts
have helped to reach vast groups of citizen and offer them basic, but
regulated financial services.

In several countries, the expansion of digital financial services has been

supported by the implementation of a tiered KYC approach. However, in
Bangladesh for lower threshold of transaction and limited wallet size and
considering proven low risk, BFIU directed for Simplified Due Diligence
(SDD) for mobile financial services, digital financial services and other low
or limited risks banking, insurance and securities products. The scope of the
applicable measures of SDD is limited and it applies only when the products
or service are assessed low risk.

The lower ML/TF risk situations may permit the use of digital ID systems
for the purposes of simplified due diligence, for example, when the ML/TF
risks of potential customers are lower, a digital ID system for identity
proofing may be appropriate. Conversely, for higher ML/TF risk situations,
financial institutions may adopt additional independent means of reliable
information to verify customers’ identity details. It is also observed in
several countries that several low risk accounts are being created and
ultimately controlled by one bad actor. Therefore, additional measures are
required to ensure that this type of ML/TF risk is mitigated, for example,
putting restrictions on the use of the account.

Page | 3
In Bangladesh, Election Commission of Bangladesh holds the citizens (18
years and above) identity data with their biometrics has higher level of
assurance and authenticity, where, the financial institutions’ can have access
to check the authenticity of customer provided identity data and bio-metrics
by using this database. Therefore, this e-KYC Guideline is based on the
national ID card and the bio-metrics data stored against each NID card.
This e-KYC guideline contains a set of instructions for the financial
institutions to enable them to conduct customer due diligence in a digital
means.

1.2 Scope
This Guideline shall be known as Electronic Know Your Customer (e-KYC)
Guidelines which deals with electronic customer onboarding, identification
and verification of customer identity, creating of customer digital KYC
profile as well as risk grading of customer in a digital means. The scope of
this Guideline will be as follows:
(a) The provisions of this Guideline shall be applicable only for natural
person;
(b) The requirements of this guideline shall be applicable based on the risk
exposures of the customers of the financial institutions. For example, for
an assessed low risk customer, financial institution shall be required to
conduct simplified e-KYC which includes electronic customer
onboarding, verify customer identity and preserve customer profile
digitally, whereas, financial institution shall be required to conduct
regular and enhanced e-KYC which includes electronic customer
onboarding, verify customer identity, preserve KYC and risk grading in a
digital manner for a customer with a regular and higher risks scenario;
(c) The e-KYC requirement of this Guideline is based on the biometric
verification; therefore, a client whose status is legal person or legal
arrangement excluded from the obligation of this Guideline. In this case,
KYC and CDD norms for the legal person or legal arrangement shall be
undertaken as per the provisions of the MLPA 2012, Anti-Terrorism Act
Page | 4
 (ATA), 2009, the MLP Rules, 2019, Anti Terrorism (AT) Rules 2013;
and instructions contained in the circulars and guidelines issued the BFIU
time to time.
(d) Where e-KYC attempts failed due to any technical reason, the traditional
KYC approach should be followed for the natural person.

1.3 Objectives
The key objective of promoting e-KYC is that it can provide an ample scope
of quick onboarding of customer by verifying customer identity through
digital means which can leverage saving of time and provide ease both for
the client and service providers. Additionally, e-KYC can save institutional
cost as well as foster growth of customer base compare to the traditional
growth. Therefore, the basic objectives of implementing e-KYC are as
follows:
 Establish good governance within the financial industry;
 Enhancing the growth of financial inclusion;
 Protect financial sector from abuse of criminal activities;
 Ensure integrity and stability of the financial sector;
 Manage ML/TF risks;
 Reduction of cost related to customer on boarding and managing
CDD;
 Promote fintech services; and
 Participate in the national level well-being.

Page | 5
 2. E-KYC Process

2.1 Definitions
E-KYC is a combination of paperless customer onboarding, promptly
identifying and verifying customer identity, maintaining KYC profile in a
digital form and determining customer risk grading through digital means.
It is a faster process of doing KYC of customer verifying his/her identity
document or bio-metric data.
The e-KYC module can be divided into following two types1 based on the
customer’s risk exposures:

(a) Simplified e-KYC: Where a customer can be onboarded and verifying

customer identity electronically using simplified digital KYC form in
case of proven lower risk scenario. No risk grading will be required
while onboarding of customer. However, sanction screening should be
undertaken and KYC review shall be done every five years; and
(b) Regular e-KYC: Where a customer can be onboarded and verifying
customer identity electronically, a prescribed digital KYC required to be
filled in and stored as well as a risk grading exercise required to be
documented. However, based on the risk grading exercise where
customer rated as high risk or some specific scenarios (for example.
PEPs), some Enhanced Customer Due Diligence (EDD)2 required to be
undertaken as per provided sample in the section 6.2 of this Guideline.

2.2 Process
The traditional KYC process requires to be filled in the KYC form and
collect photo ID and signature of the customers along with required
documents. All the way it's a manual process. However, e-KYC is a digital
process where financial institutions can open a customer account by filling

1
This guideline suggested two types of biometrics i.e. fingerprint and face matching, however, if the infrastructure
permit Financial Institution can introduce other type of biometric for example iris.
2
The EDD measures should include collection of additional information, monitoring of account activity and
approval from Chief AML/CFT Compliance officer

Page | 6
up a digital form, taking photograph on the spot, and authenticate the
customer’s identification data (ID No., biometric information, address proof)
instantaneously. Such bio metric information or digital signatures or
electronic signatures may be used for transaction authentication as well. The
customer onboarding process may undertake via followings means:
(a) Assisted customer onboarding: Where a financial institution or its
nominated agent or third-party visit customer or customer visit financial
institution or its nominated agent or third party’s premises and open
account with the direct assistance of financial institution or its nominated
agent or third party; and

(b) Self check- in: Where customer can on board at his own by using kiosk,
smart phone, computer or other digital means abiding by the norms of
this e-KYC Guidelines. Self check in shall be allowed for face matching
model only as described section 3.3 of this Guideline.

2.3 Applicability
e-KYC shall only be applicable for natural person who have valid NID
document. Natural person without NID and a legal entity or arrangement has
to follow the KYC norms as prescribed by the BFIU from time to time.
Therefore, ‘simplified’ and ‘regular’ e-KYC norms shall be applicable based
on threshold and risk mentioned in this Guideline. As such this Guideline
applicable for the Bank, Non- Bank Financial Institutions, Insurance
Companies, Capital Market Intermediaries and the other companies licensed
by the Bangladesh Bank, herein after in this Guideline will be referred as
financial institutions. The threshold mentioned in this Guideline may be
changed from time to time by the BFIU. The financial institutions shall
conduct paper based customer onboarding and simplified or regular KYC
and CDD measures if any customer unable to onboard with this e-KYC
mechanism.

2.31. Simplified e-KYC

The scope of simplified e-KYC covers the followings which may be revised
by the BFIU based on identified risk and consultation with relevant
stakeholders from time to time:

Page | 7
 a) Digital Financial services
o Mobile Financial Services (MFS) approved by
Bangladesh Bank;
o Payment Service Providers (PSPs) approved by
Bangladesh Bank;
o Payment Services Operators (PSO) approved by
Bangladesh Bank; and
o Fintech Companies with a proven low risk scenario.
b) Financial inclusion products
o Subsidy and allowances paid by the Government under
its safety net programs (G2P);
o All receipt by the government (P2G);
o Existing financial inclusion products.
c) Agent banking products:
o Existing agent banking products within the transaction
limits set by the Bangladesh Bank time to time
d) Banking products:
o Deposit or Withdrawal not exceeding BDT 1,00,000 per
month in a checking account;
o Term Deposit upto. BDT 10,00,000;
o Special deposit scheme with maturity value upto
exceeding BDT 10,00,000
e) Non-Bank Financial institutions Products:
o Any type of NBFI products not exceeding BDT
10,00,000;
f) Securities Market Products3:
o Deposit to the BO account up to BDT 15,00,000;

g) Insurance Products4:
o Life Insurance: The sum assured within the range of
BDT 3,00,000 - 20,00,000 with an annual premium shall
not be exceeds BDT 2,50,000.

3
This includes customer initial deposit plus amount transferred through link account.
4
Any sum insured lower than BDT 3,00,000 for life insurance and any sum premium lower than BDT 20,000 will
be given flexibility to follow this e-KYC regulation. However, it is encouraged to use digital onboarding in such
case by using at least a photo ID document.

Page | 8
 o Non-Life Insurance: Any sum premium not exceeding
BDT 20,000 -250,000.

2.3.2 Regular e-KYC

The scope of regular e-KYC covers the followings:
a) Agent banking accounts:
o When agent banking customer performed transaction
with the branch as a regular customer;

b) Banking products:
o Other banking products except the banking products
mentioned in section 2.3.1(d);

c) Non-Bank Financial institutions Products:

o Any type of NBFI products exceeding BDT 10,00,000;

d) Securities Market Products:

o Deposit to the BO account exceeds BDT 15,00,000;

e) Insurance Products:
o Life Insurance: Any sum assured exceeds BDT
3,00,000 - 20, 00,000 and/or any annual premium
exceeds BDT 2, 50,000.
o Non-Life Insurance: Any sum premium exceeds BDT
20,000 -250,000.

Page | 9
3. Customer Onboarding-Simplified

3.1 Customer onboarding models

The financial institutions’ are allowed to follow customer boarding under
this Guidance which is based on national identification document,
information stored within a specific NID plus any one of the bio-metric
verification out of fingerprint matching, face matching, voice matching and
iris matching5. The customer onboarding should also be covered self check-
in, check in with assistance of service providers and other relevant means as
required necessary.

An electronic customer onboarding involves multiple activities. An efficient

customer onboarding starts from clients’ identity information and can be
segmented into following steps:

a) Data capture and generation;

b) Identity verification;
c) Sanction and other screening;
d) Account opening;
e) Customer profiling (e-KYC Profile); and
f) Customer risk grading (as applicable).

For the purpose of undertaking e-KYC, this guideline suggests initially

following two bio-metric based models of customer onboarding which are as
follows:

(a) Customer onboarding by using fingerprint; and

(b) Customer onboarding by matching face.

5
The financial institutions are free to choose any model based on their preparation and infrastructure.

Page | 10
However, other two models i.e. voice matching and iris matching can also be
used if there are sufficient infrastructural and logistics facilities available.
Moreover, financial institutions can also introduce other innovative models
using biometric beyond these four models having prior approval from BFIU.

3.2 Customer onboarding by using fingerprint

The customer onboarding by using fingerprint matching is one of the
commonly used methods where customer fingerprint will be used as a main
identifier of a person’s identity. The minimum generic approach for this
model will be as follows:

(a) Step-one
NID Number:.............................................................................................
Date of Birth: (DD/MM/YYYY)..............................................................
Next
Biometric verification................................................................................

In this step, a customer approaches to a financial institution or its agent or a

financial institution or its agent approaches to a customer for account
opening or BO account opening or policy opening process using e-KYC.
Then, the customer will provide his or her NID. The financial institution or
its agent inserts NID number and Date of Birth (DOB) into the specified
template and also collects fingerprint, then press Next button. Once the
financial institution or its agent presses Next button the information of NID
number, DOB and fingerprint data will be matched with NID database, if the
data is matched, then next template will be appeared.

Page | 11
 (b) Step-two6
Applicant’s Name: ...............................................................................................................
Mother’s Name: ....................................................................................................................
Father’s Name: ......................................................................................................................
Spouse Name: ......................................................................................................................
Gender (M/F/T): ……………………………...
Profession: ……………………………………………….
Mobile Phone Number: ………………………………………………………..
Present Address: ................................................
Permanent Address: .........................................................
Nominee: ……………… Relation: …………… Photograph: …………… Next

In step two, financial institutions or its agent will insert or punch customer's
personal information data as far as possible. It is encouraged that Financial
institution use the technology that enable data fetching from the NID and
wherever required insert rest other information manually. On completion of
personal information, the financial institution or agent will press Next
option.

(c) Step-Three
Photograph: ..................................................................................................................
Next

In step three, financial institution or its agent or client will capture or upload
customer’s photograph. However, when there is self check in occurs, then
live selfie with proper light and camera frame is required7; then press Next
option.

(d) Step-Four8
Client wet signature or electronic signature or digital signature or PIN……………………….
Next

6
This template given here is the minimum information. The financial institutions may add few more fields where
necessary (especially for insurance and capital market intermediaries). Where necessary, financial institutions may
add additional fields for additional nominee(s) and/ or where additional guardian information required for the minor
account.
7
There should a mechanism that system only captured real persons’ picture only.
8
Where necessary, the financial institutions may collect physical signature at the later stage and preserve it digitally
for further future use.

Page | 12
In step four, customer wet signature (signature using pen) or customer
electronic signatures (signature using devices) or digital signature or
personal identification number (PIN) is required to be preserved for future
reference.

(e) Step-Five
Account Opening Notification

In step five, after completion of all the processes, system will generate a
notification of account opening in process. After completion of necessary
sanction and other screening, account opening confirmation notification
should be sent to the customer.

The simplified customer onboarding process will be completed once the

client gets notification from the financial institution. However, at any point
of relationship, the financial institution may ask for additional information
from customer and will preserved it in the digital KYC profile of customer.

In case of joint customer (more than one) onboarding the similar process
need to be followed. All the field mentioned in step- two is the minimum
requirement, however, financial institution especially banks, MFS and non-
bank financial institutions may add few fields where necessary. On the other
hand, the capital market intermediaries and the insurance companies may
add necessary relevant fields as per CDBL requirement and policy proposal
form respectively.

3.2.1 Required technology

The electronic customer onboarding and e-KYC process requires technology

platform. Therefore, based on the simplified e-KYC model at a minimum,
following technology and instruments may be used to complete the
process;

(a) Software/App/Program compatible to the above process;

Page | 13
 (b) Internet connection;

(c) Online connection to the NID verification server9;

(d) Fingerprint capturing devices;

(e) Electronic signature capturing devices (where necessary) etc.

3.2.2 Sanction and other screening

The full-fledged account procedures will be completed by completion of

sanction and other necessary screening which includes as follows:

(a) UNSCRs screening;

(b) Adverse media screening (where necessary); and
(c) Internal or external exit list (where necessary).

3.2.3 Audit trail of customer profile

To maintain an audit trail, a Financial institution or their nominated third

parties required to preserve a digital KYC profile and relevant logbook, even
for low risk or financial inclusion products, which should include the
followings:

(a) Customer details (name, contact, address, etc) with photograph;

(b) Customer ID image (both side);

(c) Customer signature (where necessary);

(d) Customer risk review process (once in 5 years);

(e) Transaction pattern etc; and

(f) Others information as deemed necessary to complete customer

KYC.

9
Means NID database either hold by NID Wing of Election Commission and/or Government established any other
Authority for identity verification.

Page | 14
 The financial institution should maintain a digital log for all successful and
unsuccessful client onboarding, matching parameters etc. for further work
and audit trail. All the data should be preserved and stored digitally for
further both for internal and external audit purposes. The sample e-KYC
profile, at a minimum, should be look like as per 6.1.

3.2.4 Matching parameters10

As the electronic onboarding requires matching customer’s ID stored data

with the national identification database, the following elements or
information required to be matched as per described percentile:

Particulars Matching Percentage

Applicants’ Name ≥ 80%

Date of Birth 100%

Fingerprint ≥ 80%

NID number 100%

Fathers’ Name ≥ 80%

Mothers’ Name ≥ 80%

3.2.5. Security measures

The financial institution may use additional security measures in the

customer onboarding process which may contains checking the phone
number by generating PIN codes and other measures as deemed necessary.
Additionally, security of data recorded and preserved under this e-KYC
should be maintained properly by the Financial institution so that no
customer data to be hacked or compromised. This Guideline also suggest to

10
Applicant’s name, parent name filled may be left as editable form for correction of spelling mistake, however,
date of birth, NID number should be kept in un-editable form.

Page | 15
 preserved customer data locally hosted server or cloud sever and put in place
necessary data protection and data security measures as prescribed by the
prudential and self regulators and/or by the government of Bangladesh.

3.3 Customer onboarding by using face matching

The financial institution may adopt customer onboarding using face
matching model where customer face biometrics will be used as a main
identifier of a person’s identity along with the national ID number.
Following steps will be required for onboarding of a customer by using face
matching model:

(a) Step-one11

 Taking picture of customer NID (original copy)-front page

 Taking picture of customer NID (original copy)-back page
Next

In this step, a customer approaches to a financial institution or its agent or a

financial institution or its agent approaches to a customer or customer
engaged in self check-in for account opening, or BO account opening or
insurance policy opening process by using e-KYC procedures. Then, it
requires to capture photograph or scanning front page of the customer NID
followed by the back page. An optical character recognition (OCR) should
be used to capture the NID data both in Bangla and English. In the back end
all NID data will be preserved within specific format.

(b) Step-two12
 Taking picture of customer face
Next

In step two, financial institution or its agent or client will take an appropriate
photograph of the customer’s face by using high resolution camera or

11
System should be capable enough to capture front page of NID first, then followed by back page.
12
There should a mechanism that system only captured real persons’ picture only.

Page | 16
 webcam. While taking picture agent or client required to be tactful enough to
take the face only of the customer as well as visible quality of the photograph.
(c) Step-Three13
Applicant’s Name: ...............................................................................................................
Mother’s Name: ....................................................................................................................
Father’s Name: ......................................................................................................................
Spouse Name: ......................................................................................................................
Gender (M/F/T): ……………………………...
Profession: ……………………………………………….
Mobile Phone Number: ………………………………………………………..
Present Address: ................................................
Permanent Address: .........................................................

Next
Nominee: ……………… Relation: …………… Photograph: …………

In step three, all necessary information will be fetched up in the above digital
format. Furthermore, additional input may be punched to fulfill the whole
template.

(d) Step-Four14
Client wet signature or electronic signature or digital signature or PIN……………………….
Next

In step four, customer wet signature (signature using pen) or customer

electronic signatures (signature using devices) or digital signature or
personal identification number (PIN) is required to be preserved for future
reference.

(e) Step-Five
Account Opening Notification

13
This template given here is the minimum information. The financial institutions may add few more fields where
necessary (especially for insurance and capital market intermediaries). Where necessary, reporting entities may add
additional fields for additional nominee(s) and/ or where additional guardian information required for the minor
account.
14
Where necessary, the reporting entity may collect physical signature at the later stage and preserve it digitally for
further future use.

Page | 17
 In step five, after completion of all the processes, system will generate a
notification of account opening in process. After completion of necessary
sanctions and other screening, account opening confirmation notification
should be sent to the customer.

The simplified customer onboarding process will be completed once the

client gets notification from the financial institution. However, at any point
of relationship, the financial institution may ask for additional information
from customer and will preserve it in the digital KYC profile of customer.

In case of joint customer (more than one) onboarding, the similar process
required to be followed. All the field mentioned in step- two is the minimum
requirement, however, financial institutions especially banks, MFS and non-
bank financial institutions may add few fields where necessary. On the other
hand, the capital market intermediaries and the insurance companies may
add necessary relevant fields as per CDBL requirement and policy proposal
form respectively.

3.3.1. Require technology

At a minimum, the customer onboarding via face matching model requires

to use the following technology to complete the whole customer
onboarding process;

(a) Software/App/Program compatible to the above process;

(b) Internet connection;

(c) Smart phone or desktop computer with high resolution webcam;

(d) Online connection to the NID verification server15;

(e) Electronic signature capturing devices (where necessary) etc.

15
Means NID database either hold by NID Wing of Election Commission and/or Government established any other
Authority for identity verification.

Page | 18
 3.3.2 Sanctions and other screening

The full-fledged account procedures will be completed by completion of

sanction and other necessary screening which includes as follows:

(a) UNSCRs screening;

(b) Adverse media screening (where necessary); and

(c) Internal or external exit list (where necessary).

3.3.3. Audit trail of customer profile

To maintain an audit trail a financial institution or their nominated third

parties are required to preserve a digital KYC profile and relevant logbook,
even for low risk or financial inclusion products, which should include the
followings:

(a) Customer details (name, contact, address, etc) with photograph;

(b) Customer ID image (both side);

(c) Customer signature (where necessary);

(d) Customer risk review process (once in 5 years);

(e) Transaction pattern etc; and

(f) Others information as deemed necessary to complete customer

KYC.

The financial institution should maintain a digital log for all successful and
unsuccessful clients onboarding, matching parameters etc. for further use
and audit trail. All the technology data should be preserved and stored
digitally for further both internal and external audit purposes. The sample e-
KYC profile, at a minimum, should be look like as per annex -1.

Page | 19
 3.3.4. Matching parameters16

As the electronic onboarding requires matching customer’s ID stored data

with the national identification database, the following elements or
information required to be matched as per described percentile:

Particulars Matching Percentage

Applicants’ Name ≥ 80%

Date of Birth 100%

Fingerprint ≥ 80%

NID number 100%

Fathers’ Name ≥ 80%

Mothers’ Name ≥ 80%

3.3.5. Security measures

The financial institution may use additional security measures in the

customer onboarding process which may contains checking the phone
number by generating PIN codes and other measures as deemed necessary.
Additionally, security of the data recorded and preserved under this e-KYC
should be maintained properly by the financial institution so that no
customer data to be hacked or compromised. This Guideline also suggest to
preserved customer data locally hosted server or cloud sever and put in place
necessary data protection and data security measures as prescribed by the
prudential and self regulators and/or by the government of Bangladesh.

16
Applicant’s name, parent name filled may be left as editable form, however, date of birth, NID number should be
kept in un-editable form.

Page | 20
4. Customer onboarding- Regular measure

The financial institutions are encouraged to use electronic onboarding and e-

KYC procedures for the products and services which are not fall under proven
low risk or limited risks as well. This means electronic onboarding and e-
KYC procedures are also applicable for any sorts of financial products.

Both the technology-based model i.e. fingerprints and faces matching

technologies are applicable for regular onboarding and managing KYC.
Similarly, such onboarding process only applicable for natural person who
have valid NID.

Initially onboarding process for the regular e-KYC is similar, however, it

requires few modes of additional information and conduct additional customer
due diligence compared to the simplified method. The reporting entities are
required to create digital customer KYC profile and risk grading exercise
digitally during the regular e-KYC. This means similar step by step17
procedures have to be followed in case of different models (fingerprint and
face matching) as discussed above to complete the regular e-KYC procedures.

Therefore, the component of regular e-KYC includes the following elements:

a) A digital template with more information compared to simplified e-KYC;

b) A more stringent KYC profile of the customer;

c) Screening of customer other than UN Sanctions (for example: PEPs/IPs,

Beneficial Owner, Adverse Media, Internal External list checking etc.);
and

d) Risk grading exercise.

17
All steps mentioned in this Guideline are generic; the financial institution may reorganize this step by step process where
necessary.

Page | 21
Along with the process of digital onboarding already discussed above, the
digital information template at a minimum required for regular e-KYC would
be as follows:
Account Name……………………………………… Account Type……………
Account Number…………...................Unique Account Number………............
Applicant’s Name: .................................................................................................
Mother’s Name: .....................................................................................................
Father’s Name: .....................................................................................................
Spouse Name :.....................................................................................................
Gender (M/F/T)……………………………... Date of Birth…………………….
Profession……………………… Monthly income…………… Sources of Fund……….
Mobile Phone Number:………………………………………………………
Present Address: .......................................................... Nationality…………………….
Permanent Address: .........................................................
Nominee:………Date of Birth……….. Relation……………… Photograph…………………

NB: a) Incorporate ‘add’ button of similar field if there is more than one applicant;
b) Incorporate ‘add’ button of similar field if there is more than one nominee;
c) If applicant is minor then they should proceed for traditional methods of account opening;
d) Incorporate ‘add’ the following field if nominee is ‘Minor’
i) Name of minor nominee… ii) Name of Guardian… iii) Address…. iv) Relation….
v) NID of Guardian……. vi) Photograph of Guardian………….

The customer onboarding process and instructions as discussed above for the
simplified measures will be similar for regular e-KYC. After opening
account financial institution may collect additional information and
customer wet signature to create full digital profile of the client.

Page | 22
4.1. Required technology

The same technologies mentioned in this Guideline for simplified e-KYC

also be applicable for regular e-KYC.

4.2. Sanctions and other screening

The screening mechanism for regular e-KYC is quite stringent compare to

the simplified one. The full-fledged account procedures will be completed
by completion of sanctions and other necessary screening which includes as
follows:

(a) UNSCRs screening;

(b) PEPs/IPs Screening;

(c) Identification of beneficial ownership (if any);

(d) Adverse media screening;

(e) Risk grading of customer;

(f) Customer Due Diligence template;

(g) Enhanced Due Diligence (if needed).

4.3. Audit trail of customer profile

To maintain an audit trail a financial institution or their nominated third

parties are required to preserve a digital KYC profile and relevant log book
or data which should include the followings:

(a) Customer details (Name, contact, address, etc) with photograph;

(b) Customer ID image (both side);

(c) Customer signature (where necessary);

Page | 23
 (d) Risk grading of customer (where necessary);

(e) Customer Due Diligence template (where necessary)

(f) Customer transaction pattern; and

(g) Others information as deemed necessary to complete customer

KYC.

The financial institution should maintain a digital log for all successful and
unsuccessful e-KYC onboarding process for further work and audit trail. All
the technology data should be preserved and stored digitally for further audit
purposes. The sample e-KYC profile, at a minimum, should look like as per
6.2.

4.4. Matching parameters

The similar matching parameters mentioned in the simplified e-KYC will be

applicable for regular e-KYC.

4.5. Security measures

The financial institution may use additional security measures in the customer
onboarding process which may contains checking the phone number by
generating pin codes and other measures as deemed necessary. Additionally,
security of the data recorded and preserved under this e-KYC should be
maintained properly by the financial institution so that no customer data to be
hacked or compromised. This Guideline also suggest to preserved customer
data locally hosted server or cloud sever and put in place necessary data
protection and data security measures as prescribed by the prudential and self
regulators and/or by the government of Bangladesh.

Page | 24
5. Other relevant issues

5.1. Record Keeping

The financial institution should maintain all sorts of digital data and log until
five years after the closure of the account or business relationship. The
digital data shall contain customer onboarding, customer identity
verification, KYC profile, risk grading exercise; transaction related data and
their analysis; all sorts of correspondence with customer; data collected later
for CDD purposes; and all other relevant files.

Digital footprint and log should contain but not limited to information
collected during clients’ identity verifications and other relevant information
related to the screening measures also required to be preserved. The
financial institutions also may collect other complementary data (such as,
geo location, IP addresses, etc.) which could also support ongoing due
diligence.

5.2. Reliance on third parties

To implement the e-KYC, the financial institution may rely on the third-
party technology providers either full or part to implement e-KYC. Though a
financial institution may be engaged with third party, the ultimate
responsibility still lies with them. This means financial institution may rely
on another entity or technology providers that satisfies the criteria described
above to conduct customer due diligence which covers (i) customer
identification and verification data from independent and reliable sources;
(ii) identify and understand who the beneficial owner(s) is; and (iii) identify
the purpose and intended nature of business and relevant CDD measures in a
digital manner. Yet, the financial institution itself should ensure the
reliability and authenticity of the data collected. The following condition
may apply while engaging with any third party for the financial Institutions:

Page | 25
  Immediately obtain the necessary information concerning the identity
of the customer as mentioned in (i) –(iii) in the above.

 Take adequate steps to satisfy itself that the third party will make
available copies of identity evidence or other appropriate forms of
access to the data or digital log as mentioned (i) –(iii) in the above and
in this Guideline without delay.
 The activities of the third party shall be regulated under this e-KYC
Guidance and will be monitored by the financial institutions.

 Third party shall ensure customer and financial institutions’ data

protection according to the IT security policy of Bangladesh
Government and the respective prudential and self regulators.

 Both the third party and the financial institution covered under this
guidance shall ensure the customer data collected under this guidance
shall not digitally transmitted or transferred outside Bangladesh
without prior approval of the prudential regulators and/or BFIU. In
this case, BFIU Circular No. 23 dated 31/01/2019 will be applicable.

5.3 Risk Assessment

The financial institution shall have to conduct a risk assessment of new

technology based electronic KYC mechanism to understand how it may be
abused and put in place appropriate measures to prevent such abuse as per
the circulars and Guidance issued by BFIU. The financial institution also
required to conduct customer risk assessment as mentioned in 6.3 of this
Guideline.

Page | 26
5.4 Implementation

The financial institutions should implement this regulation by December

2020 as the timeline set out in the National Strategy Paper for preventing
ML/TF 2019-2021 published by the Government People’s Republic of
Bangladesh.

5.5 Transformation of existing clients CDD

The financial institution may transform their existing clients CDD related
documents into digital form following above mentioned procedures where
applicable.

Page | 27
 6. e-KYC Profile- Simplified and Regular

6.1 Sample output of the simplified e-KYC18

Photo Photo
Customer Others

Applicant’s Name: ...............................................................................................................

Mother’s Name: .................................................................................................
Father’s Name :.....................................................................................................................
Spouse Name-----------------------------------------------------------------------------
Date of Birth ……………………………... Gender (M/F/T)…………………………..
Profession………………………………………………….
Mobile Phone Number………………………………………………………..
Present Address: ................................................
Permanent Address: .........................................................
Nominee:………………………….: Relation………………… Photograph……………….
Specimen signature/digital signature (where necessary) …………………………….………

Front side of NID Back side of NID

1. Has UNSCRs check done? (Yes) (No)

2. Has review of customer profile done (existing customer)? if so, date of review…..
3. What is the average range of customer transaction (over 6/12 months)?.........
4. Any other relevant field may be add here…………………………..

18
‘Photo Others’ shall include the photograph of nominee(s), beneficial owner(s), joint account holder(s), minor(s)
or their guardian(s) as applicable.

Page | 28
 6.2. Sample output of regular e-KYC

Photo Photo
Customer Others

Applicant’s Name:...............................................................................................................
Account number:........................................... Unique account number……………………….
Mother’s Name: .................................................................................................
Father’s Name :............................................................................................................................
Spouse Name: ……………………………………………………………..
Date of Birth ……………………………... Gender (M/F/T)…………………………..
Profession:…………………… Monthly income…………. Sources of Fund…………..
Mobile Phone Number:………………… Nationality…………….. TIN (if any): ………………….
Present Address: ................................................
Permanent Address:..................................................
Nominee:………………………….: Relation……………………… Photograph……………….
Specimen signature…………………………….………

Front side of NID Back side of NID

5. Has UNSCRs check done? (Yes) (No)

6. Has risk grading done? If assessed risk high then conduct EDD as per BFIU circular.
Risk Type Overall Score
Regular (< 15)
High ( ≥15)

7. Is the customer is IPs/PEPs? If client is PEPs or IPs with higher risk, then conduct EDD as per
BFIU circular.
8. Is there any adverse media news against the customer? If any then conduct EDD.
9. Has the source of und verified/justified? (Yes) (No)
10. Has the beneficial ownership checked? If there any beneficial owner found, then conduct CDD
on beneficial owner. If beneficial owner is PEPs, then conduct EDD.
11. Are any other documents obtained…….?
12. Nominee details:……..
13. Has review of customer profile done (existing customer)? if so, date of review…..
14. What is the average range and usual pattern of customer transaction (over 6/12 months)?....
15. Any other relevant field may be add here…………………………..

Page | 29
6.3 Form for Customer Risk Grading:

1. Type of On-boarding
Branch/Relationship
Manager 2 4. Product and Channel
Direct Sales Agent 2 Risk: Score
Type of Product
Walk-in 3
Savings account 1
Internet/Self check-in/Other
Current account 4
non Face to Face 5
FDR
3
2. Geographic Risks: Score Deposit Scheme upto12 lac
Client is-- 1
Resident Bangladeshi 1 Deposit Scheme above 12 lac 3
Non-resident Bangladeshi 2 Forex account 5
Foreign Citizen 3 S.N.D. 3
R.F.C.D. 5
For Foreigners:
Risk classification of 5. Business and Activity Risk Score
country of origin (a) Business
Does client's country of Please pick Applicable from
citizenship feature in Annexure and put the relevant
FATF/EU/OFAC/UN Black score in the next column …………….
List/Grey List?
(b) Profession
No 0 Please pick Applicable from
Yes 5 Annexure and put the relevant
score in the next column
3. Type of Customer: Score …………….
Is client a PEP/Chief or High 6. Transactional Risks: Score
Official of International What is the lient's Average
Organization, as per BFIU Yearly Transactions Worth?
Circular? <BDT 1 million
No 0 1
Yes 5 From BDT 1 million to 5 million 2
Is client’s family/close associates From BDT 5 million to 50
related to PEP/Chief or High million (5 crores) 3
Official of International More than BDT 50 million (5
Organization? crores) 5
No 0
Yes 5 7. Transparency Risk Score
Is client a IP? or his family/close Des client has Provided
associates related to IP? credible source of funds
No 1 No 5
Yes (based on assessed risk) 5 Yes 1

Page | 30
 Annexure: Select Business or Profession (for 6.3 item no.5)
Client Business Score Client Profession Score

Jeweller/Gold/Valuable Metals Business 5 Pilot/Flight Attendant 5

Money Changer/Courier Service/Mobile 5
Banking Agent Trustee 5
Real Estate Developer/Agent 5 Professional (Journalist, Lawyer, Doctor,
Engineer, Chartered Accountant, etc.) 4
Promoter/Contractor: Construction 5
Projects Director (Private/Public Limited Company) 4
Art and Antiquities Dealer 5 High Official of Multinational Company
(MNC) 4
Restaurant/Bar/Night 5
Club/Parlour/Hotel Homemaker 4
Export/Import 5 Information Technology (IT) sector employee 4
Manpower export 5 Athlete/Media Celebrity/Producer/Director 4
Firearms 5 Freelance Software Developer 4
RMG/Garments Accessories/Buying 5
House Government service 3
Share/Stocks Investor 5 Landlord/Homeowner 3
Software/Information and Technology 5
Business Private Service: Managerial 3
Travel Agent 4 Teacher (Public/Private/Autonomous
Educational Institution) 2
Merchant with over 10 million takas 4
invested in business Private Sector Employee 2
Freight/Shipping/Cargo Agent 4 Self-employed Professional 2
Automobiles business (New or 4
Reconditioned) Student 2
Leather/Leather goods Business 4 Retiree 1
Construction Materials Trader 4 Farmer/Fisherman/Labourer 1
Business Agent 3 Others: (Please State Below and circle
numerical score as needed)
Thread/"Jhut" Merchant 3 1..2..3..4
..5
Transport Operator 3
Tobacco and Cigarettes Business 3
Amusement Park/Entertainment Provider 3
Motor Parts Trader/Workshop 3
Small Business (Investment below BDT 5 2
million)
Computer/Mobile Phone Dealer 2
Manufacturer (except, weapons) 2
Others: (Please State Below and circle
numerical score as needed)
1..2..3..
4..5

Page | 31