BANKING AND FINANCE

PROJECT

MASTER DIRECTION – KYC DIRECTION, 2016

ANALYZING THE POLICY IN VIEW OF NEW E-KYC PROVISION

SUBMITTED ON AUGUST 04, 2018

Submitted to: Submitted by:

Ms. Rashmi Patowary Shubh Dixit (1245)

Faculty of Law Chinmaya Mudgal (1320)

Semester VII
 -Abstract-

KYC stands for ‘Know Your Customer’ or ‘Know your Client’. It has been declared as a
compulsory process for every bank or financial institution by RBI and is a process to get
information about the identity and address of the customer. This process has been made
compulsory by RBI before opening an account, to guarantee that there must not be any
misuse of any service provided by the banks. As per the order by RBI, banks have to update
the KYC details information at regular intervals of 2,8 or 10 years depending on the risk of
the profile of the customer.

KYC is aimed to make it easier for the banks and other final institutions to know and
understand their customers. Implementation of KYC guidelines for every new bank account
was made compulsory by RBI in the year 2002, which came into force from 1st July 2005.
KYC Norms were made compulsory, aiming to restrict money laundering and to stop terrorist
financing.

RBI issues guidelines for KYC, through Banking Regulation Act, 1949 Section 35A along
with Prevention of Money Laundering (Maintenance of Records) Rules, 2005. If there would
be any violation or contravention by any bank, it would be subject to penalty under the Bank
Regulation Act, 1949.

This paper looks into the Master Direction by RBI on KYC in an attempt to understand the
new contours of e-KYC
 CONTENTS

INTRODUCTION AND BACKGROUND OF KYC ............................................................... 4

POLICY INTRODUCED .......................................................................................................... 5
Applicability .......................................................................................................................... 5
Policy Principles .................................................................................................................... 5
(a) Customer Acceptance Policy ................................................................................... 5
(b) Risk Management .................................................................................................... 6
(c) Customer Identification Procedures (CIPs) ............................................................. 6
(d) Monitoring of Transactions ..................................................................................... 7
Procedure for KYC ................................................................................................................ 7
e-KYC .................................................................................................................................... 8
Record Management ............................................................................................................ 10
Requirements/Obligations Under International Agreements Communications From
International Agencies ......................................................................................................... 10
ADVANTAGES AND DISADVANTAGES OF KYC .......................................................... 11
CONCLUSION ........................................................................................................................ 13
 INTRODUCTION AND BACKGROUND OF KYC

KYC (Know Your Customer) is the platform on which the company operates to avoid
shortcomings in operational, legal and reputation risks to the institution and the consequential
losses by scrupulously following various procedures laid down for opening and conduct of
accounts. Money laundering is involvement in any transaction or series of transactions
seeking to conceal or disguise the nature or source of proceeds derived from illegal activities
including drug trafficking, armed robbery, tax evasion, smuggling, etc. KYC guidelines are
accepted internationally as an important anti-money laundering measure. In compliance with
the guidelines issued by RBI from time to time, the following AML & KYC policy of the
Company is approved by the Board of Directors of the Company.

KYC is a process of establishing customer information by a financial institution involving:

(a) Identification (b) Confirmation (c) Verification (d) Declaration. As India’s Central Bank,
RBI purpose of KYC is to safeguard banks from being used by criminal elements for money
laundering activities and to enable banks to understand the risk posed (through customers,
products and services, delivery channels). The purpose of the above regulation will entail
banks to assess internally and prudently manage its risk. The purpose of the master direction
is that it prescribes that Regulated Entities (REs) are required to follow certain customer
identification procedures while undertaking a transaction either by establishing an account
based relationship or otherwise and monitor their transactions in terms of the provisions of
Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering
(Maintenance of Records) Rules, 2005. It also prescribes that REs shall take steps to
implement provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of
Money-Laundering (Maintenance of Records) Rules, 2005, as amended from time to time,
including operational instructions issued in pursuance of such amendment(s). The Master
Direction is in accordance with the changes carried out in the PML Rules vide Gazette
Notification GSR 538 (E) dated June 1, 2017 and thereafter and is subject to the final
judgment of the Hon’ble Supreme Court in the case of Justice K.S. Puttaswamy (Retd.) &
Anr. V. Union of India, W.P. (Civil) 494/20121 etc. (Aadhaar cases).

However, KYC framework should not be intrusive in nature nor too strict resulting in denial
of banking services to general public. Even Government initiatives of PMJDY (Pradhan
Mantri Jan Dhan Yojana) have encouraged banking for all but with adequate safeguards.

POLICY INTRODUCED

Applicability
In exercise of the powers conferred by Sections 35A of the Banking Regulation Act, 1949
and the Banking Regulation Act (AACS), 1949, read with Section 56 of the Act and Rule
9(14) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 the Reserve
Bank of India promulgated the circular. 2

The provisions are applicable to “Regulated Entities”(RE). They are defined in section 3 (b)
(xiii) as entities defined as ‘Banks’ under section 22 of the Banking Regulation Act, 1949.
Apart from banks, REs include All India Financial Institutions, NBFCs, Payment System
Providers like PayTM, and all authorised agents regulated by RBI.

The circular imposed a mandatory requirement for the Board of Directors of REs or any
committee of the Board to which power has been delegated to form a KYC policy.

Policy Principles
The policy laid down y Board of Directors of the REs, must also ensure compliance with the
policy. Para 7 of the Master Direction provides for a Principal Officer, who shall be
responsible for ensuring compliance with the KYC policy.

The circular lays down the key elements of the KYC policy:

(a) Customer Acceptance Policy3

REs are directed under the circular to have a Customer Acceptance Policy as a core KYC
Policy. RBI directs that no account must be open with anonymous name. Also, the bank is
directed to not open account of any customer if due diligence cannot happen due to non-

1
https://www.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf
2
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016, para 2
3
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016, Chapter III
cooperation or non-reliability of documents. CAP also must state the mandatory information
sought by the RE. Optional information is obtained with the consent of the customer and after
the account has been opened.

(b) Risk Management4

The Board of Directors of the bank should ensure that an effective KYC programme is put in
place by establishing appropriate procedures and ensuring their effective implementation. It
should cover proper management oversight, systems and controls, segregation of duties,
training and other related matters. Responsibility should be explicitly allocated within the
bank for ensuring that the bank’s policies and procedures are implemented effectively. Banks
may, in consultation with their boards, devise procedures for creating Risk Profiles of their
existing and new customers and apply various Anti Money Laundering measures keeping in
view the risks involved in a transaction, account or banking/business relationship.

Banks’ internal audit and compliance functions have an important role in evaluating and
ensuring adherence to the KYC policies and procedures. As a general rule, the compliance
function should provide an independent evaluation of the bank’s own policies and
procedures, including legal and regulatory requirements. Banks should ensure that their audit
machinery is staffed adequately with individuals who are well-versed in such policies and
procedures. Concurrent/ Internal Auditors should specifically check and verify the
application of KYC procedures at the branches and comment on the lapses observed in this
regard. The compliance in this regard may be put up before the Audit Committee of the
Board on quarterly intervals.

Banks must have an ongoing employee training programme so that the members of the staff
are adequately trained in KYC procedures. Training requirements should have different
focuses for frontline staff, compliance staff and staff dealing with new customers. It is crucial
that all those concerned fully understand the rationale behind the KYC policies and
implement them consistently.

(c) Customer Identification Procedures (CIPs)5

The Master Direction requires that 6 types of transactions, the RE is mandatorily to conform
to the KYC Norms:

4
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016, Chapter IV
5
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016, Chapter V
 (a) Commencement of an account-based relationship with the customer.
(b) Carrying out any international money transfer operations for a person who is not an
account holder of the bank.
(c) When there is a doubt about the authenticity or adequacy of the customer
identification data it has obtained.
(d) Selling third party products as agents, selling their own products, payment of dues of
credit cards/sale and reloading of prepaid/travel cards and any other product for more
than rupees fifty thousand.
(e) Carrying out transactions for a non-account based customer, that is a walk-in
customer, where the amount involved is equal to or exceeds rupees fifty thousand,
whether conducted as a single transaction or several transactions that appear to be
connected.
(f) When a RE has reason to believe that a customer (account- based or walk-in) is
intentionally structuring a transaction into a series of transactions below the threshold
of rupees fifty thousand.

(d) Monitoring of Transactions

The objective if the KYC policy is to curb black money and money laundering. This policy
collects the data of customer so that he can be traced down using that information and e held
accountable for uncounted transactions.

Procedure for KYC

In case of individuals: For undertaking CDD, REs shall obtain the following information
from an individual while establishing an account based relationship or while dealing with the
individuals.6

From an individual who is eligible for enrolment of Aadhar, the Aadhar number; the
Permanent Account Number (PAN) or Form No. 60 as defined in Income-tax Rules, 1962, as
amended from time to time. In a case where an Aadhar number has not been assigned to an
individual, proof of application of enrolment for Aadhar shall be obtained wherein the
enrolment is not older than 6 months and in case PAN is not submitted, certified copy of an
OVD containing details of identity and address and one recent photograph shall be obtained.
Furthermore, RE’s at the time of receipt of Aadhar number, shall carry out, with the explicit

6
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 Para 15
consent of the customer7, e-KYC authentication (biometric or OTP based) or Yes/No
authentication. But this authentication shall not be carried out while establishing an account
based relationship. In case where this authentication is carried out, REs shall ensure to carry
out biometric or OTP based e-KYC authentication within a period of six months after
carrying out authentication. Authentication in respect of beneficial owners of a legal entity
shall suffice in respect of existing accounts or while establishing an account based
relationship. Where OTP based authentication is performed in ‘non-face to face’ mode for
opening new accounts, the limitations as specified in Section 17 shall be applied. Biometric
based e-KYC authentication can be done by bank official/business correspondents/business
facilitator/Biometric enabled ATMs.

e-KYC
e-KYC stands for electronic KYC. The service of e-KYC can only be used by those who
have Aadhar numbers. Customers by their own consent needs to authorize their Unique
Identification Authority of India (UIDAI), to reveal their identity or address information
through biometric authentication to their respective bank branches or business correspondent
(BC). After this the UIDAI sends the customers data comprising of customer name, age,
gender, and photograph electronically to the bank. It is a valid process for KYC verification
and under PML Rules, information provided under e-KYC process will be considered as an
‘Officially Valid Document’.

The Second schedule of the IT Act 2000 was amended to incorporate a new electronic
signature technique called 'e-authentication technique using Aadhaar e- KYC services' ('e-
Sign')('e-KYC' means 'electronic Know Your Customer').8 The 'Digital Certificates' in the
case of e-Sign are issued under two classes:

(a) Aadhaar-eKYC - OTP: This class of certificates shall be issued for individuals use
based on OTP authentication of subscriber through Aadhaar e-KYC;9
(b) Aadhaar-eKYC - Biometric (FP/lris): This class of certificate shall be issued based on
biometric authentication of subscriber through Aadhaar e-KYC service10

7
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 para 15 (d)
8
Rishabh Sant Tiwari; Deepansh Goyal, The Role of Digital Signatures in the Digitisation of Loan
Documentation in India, 14 Digital Evidence & Elec. Signature L. Rev. 61 (2017)
9
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 para 17
10
ASP On-Boarding Guide (Draft for discussion only), Controller of Certifying Authorities Department of
Electronics and Information Technology Ministry of Communications and Information Technology, Version
1.0, April 2015
Benefits of eKYC to the Government, to the public and to institutions are:
(i) Consent Based
eKYC is consent-based in the sense an individual can share data only after he or she uses
Aadhaar or any other approved authentication for verification. An individual that requires a
service or utility must file for eKYC of his or her own accord and consent. This protects the
individual’s right to privacy which is a fundamental right bestowed upon us by our
constitution.

(ii) Paperless System

eKYC is a paperless system that replaces the need for document management with paper-
based documents. This enables a company, State or Country to reduce their carbon footprints
by going eco-friendly and using a cloud-based online system. Not only does going paperless
save the planet, it also helps in reducing costs associated with normal KYC compliance.

(iii) Compliant With The IT Act

eKYC is compliant with the Information Technology Act of 2000. eKYC data transfer is
enabled by digital signatures and the use of encryption making an eKYC document
legally equivalent to a paper document. According to section 66C of the IT Act, 2000 any
individual is punishable for identity theft with respect to eKYC as well.

(iv) Non-Repuidable
Non-repudiable means a person does not have the ability to deny. The entire process of
eKYC is non-repudiable to all the parties involved because it involves the use of
authentication (Aadhaar and OTP/Biometric scan) by the customer, application of digital
signature by the Service Provider (under UIDAI).

(v) Instantaneous
The eKYC service is completely automated online. This means that KYC data can be
transferred in real-time without the need for any manual intervention. The paper-based KYC
process can take days up to weeks to get verified, but the eKYC process takes just a few
minutes to verify and issue.

(vi) Transparency Of Transactions Or Usage

Bank employees, private agents, unregulated sim card providers, etc. may sometimes indulge
in providing favours for known accomplices, family and friends by misusing their position.
eKYC enables all records and data to be stored permanently online. Any misuse, illicit gain
or illegal activity can be traced back to the individual or parties involved in such transactions
or usage of services.

(vii) Regulator friendly

All eKYC requests can be audited by the ministry or regulator. The Service providers provide
a portal for the regulator to access and audit the same. The RBI, IRDA, PFRDA and SEBI
have accepted and currently use the UIDAI’s eKYC as a valid KYC.

Record Management
The following steps shall be taken regarding maintenance, preservation and reporting of
customer account information, with reference to provisions of PML Act and Rules. REs shall,
maintain all necessary records of transactions between the RE and the customer, both
domestic and international, for at least five years from the date of transaction. The records
pertaining to the identification of the customers and their addresses obtained while opening
the account and during the course of business relationship, for at least five years after the
business relationship is ended must also be preserved.11 RE’s shall ensure availability of
identification records and transaction data to the competent authority if they request for it.
Another obligation is to introduction of a proper system of maintaining record of transactions
prescribed under Rule 3 of Prevention of Money Laundering Rules, 2005 which includes the
nature of transactions, amount of transaction and the currency in which it was denominated,
date and parties to the transaction. They must maintain records of the identity and addresses
of their customers and to have a system for maintenance of records so that they can easily be
retrieved in case a competent authority requests for the same.

Requirements/Obligations Under International Agreements Communications From

International Agencies
REs shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention)
(UAPA) Act, 1967, they do not have any account in the name of individuals/entities
appearing in the lists of individuals and entities, suspected of having terrorist links, which are
approved by and periodically circulated by the United Nations Security Council (UNSC).
12
These lists are: The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of
individuals and entities associated with the Al-Qaida , The“1988 Sanctions List”, consisting
of individuals (Section A of the consolidated list) and entities (Section B) associated with the

11
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 Chapter VII
12
Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 Chapter XI
Taliban. If any such account is found which resembles to the entities in the list, it must be
reported to the FIU-IND apart from advising Ministry of Home Affairs as under UAPA
Notification.

ADVANTAGES AND DISADVANTAGES OF KYC

The purpose of KYC remediation is to verify the identity of the person you are doing
business with. If a company/institution does not have sufficient information about a client,
that client might be able to launder money or partake in other corrupt activities without any
red flags being raised. This could get the company/institution in serious legal trouble down
the line, possibly leading to fines and even jail time for employees.

1. Prevention of Money Laundering Activities: Money laundering is the process of

transforming the proceeds of crime and corruption into legitimate assets. Anti money
laundering provisions are there in Prevention of Money Laundering Act, 2002. KYC
guidelines are very important to prevent money laundering. Recently, Rs.6100 crores
was remitted abroad from a branch of a public sector bank, wherein RBI observed that
current accounts of several entities were opened without fulfilling KYC norms.
RBI also stated that proper due diligence was not exercised by the bank. It
is important for banks to exercise proper due diligence specially while opening
current account which may include visiting the place of business,
ensuring genuineness of KYC documents submitted, such as verifying PAN and
Aadhar online. Understanding the nature and volume of business of the customer is
also important because transactions should allowed based on it13 for example, a small
trader having annual turnover of Rs.5 lacs, depositing Rs.1 crore in accounts is a
suspicious transaction.
2. Prevent Financing of Terrorism: One of the major objectives of KYC is to establish
the identity of the customer and understanding their business and financial dealings.
Without understanding financial dealings of customer, it is not possible to check if
there are suspicious transactions, which may actually be going to some terrorist
organization.

13
Ruce, Philip J., Anti-Money Laundering: The Challenges of Know Your Customer Legislation for Private
Bankers and the Hidden Benefits for Relationship Management ('The Bright Side of Knowing Your Customer')
(June 1, 2011). The Banking Law Journal, Vol. 128, No. 6, p. 548, June 2011.
 3. To Manage Risk: Apart from AML and CFT, KYC also helps banks in managing
risk quite prudently. By creating risk profiles and assigning risk categories to
customers, banks can monitor any possible financial frauds and loan defaults. This is
done by analysing a customer’s profile through Customer Identification Procedure
and by considering their financial background, nature of account, purpose behind their
account opening, and nature of transactions etc.14
4. Prevent Identity Theft: Without following KYC norms, there is a risk of benami or
fictitious accounts were being opened.15 Benami or fictitious accounts are those
accounts which are being opened by one person in the name of an unknown person,
who actually does not exist. These accounts are used to evade taxes, park black
money or money earned through criminal activities and for money laundering
purposes.
5. E-KYC: Aside from the obvious benefits like convenience and paperless identity
verification, there are some other benefits which are hard to ignore. They are as
follows –
i. Not everyone can use eKYC verification services. Only agents and institutions that
have been verified by UIDAI can make use of the Aadhaar-based eKYC method. This
means that your credentials will never go into the hands of people with malicious
intent as long as eKYC is used. Currently, even roadside stalls sell mobile sims after
collecting copies of your identity and address proof. This is not a safe arrangement.
eKYC eliminates the possibility of frauds and identity thefts.
ii. The biometric scanners used by agents/institutions too would have to be verified by
UIDAI, which adds another layer of security.
iii. eKYC often allows instant verification and thereby instant opening of bank accounts
or mobile sim activations. This is expected to save much time.
iv. The eKYC process is absolutely free of cost.

However, this system of KYC/e-KYC has its pitfalls. Firstly, banks will have to take your
consent, specifically stating that you are willing to do the authentication through OTP. If you
open a bank account using the eKYC and OTP process, you have limitations in terms of the
balance you can keep in your account. In these bank accounts, the total balance of all your
accounts should not be more than Rs1 lakh. In case you open a bank accounts using the OTP-

14
David Lepann, Mitigating Risk with KYC
15
Para 10(a) of Master Direction DBR.AML.BC.No.81/14.01.001/2015-16
based eKYC, you will have to go through the customer due diligence procedure within a
year. To do this, the bank can send an executive to verify your address and collect your
signature. If due diligence procedure is not completed within a year, the bank account will be
closed immediately. You can have only one such account at any given point of time.

Banks will also strictly monitor these accounts. If you don’t provide the original Aadhaar
document, the bank can print and download your e-Aadhaar directly from the Unique
Identification Authority of India (UIDAI) portal. But you have to be physically present in the
branch or bank during this.

CONCLUSION

To protect financial institutions, the past decade has seen a tremendous amount of new anti-
money laundering rules, regulations, and legislation. These regulations are necessary because
of the global threat that money laundering poses; by some estimates, money laundering
accounts for five percent of the entire world GDP. Money laundering allows criminal funds
to be filtered through the legitimate economy, disguising its origins and allowing criminals to
take advantage of the funds; it essentially makes crime pay.

But the money laundering rules have not been greeted enthusiastically by those who most
need to enforce them: the financial institutions most vulnerable to money laundering activity.
Private banking, which focuses on affluent clientele, is particularly vulnerable to money
laundering because of a perceived high profitability and intense competition for clients, the
high level of confidentiality associated with private banking, and the close relationships and
trust developed between relationship managers and their clients. KYC requirements are often
viewed by private bankers as being additional work, additional red tape, and off-putting to
clients in a highly competitive field.

But those that feel this way have it reversed: meeting regulatory requirements should be a
byproduct of knowing your client, and not the other way around.80 Financial institutions in
general need to discard the idea of a “regulatory burden” and instead focus on the “regulatory
bonus” associated with a higher level of customer data.81 With client inquiries and a detailed
history of who your clients are, what they do, and where there money comes from, a private
banker is better able to develop a meaningful business relationship with the client, is better
able to anticipate the client’s needs, and is better able to tailor the customer’s experience.
Knowing your customer does, it seems, have a bright side.

BILIOGRAPHY

 ASP On-Boarding Guide (Draft for discussion only), Controller of Certifying

Authorities Department of Electronics and Information Technology Ministry of
Communications and Information Technology, Version 1.0, April 2015
 David Lepann, Mitigating Risk with KYC
 Rishabh Sant Tiwari; Deepansh Goyal, The Role of Digital Signatures in the
Digitisation of Loan Documentation in India, 14 Digital Evidence & Elec. Signature
L. Rev. 61 (2017)
 Ruce, Philip J., Anti-Money Laundering: The Challenges of Know Your Customer
Legislation for Private Bankers and the Hidden Benefits for Relationship
Management ('The Bright Side of Knowing Your Customer') (June 1, 2011). The
Banking Law Journal, Vol. 128, No. 6, p. 548, June 2011
 Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016
DBR.AML.BC.No.81/14.01.001/2015-16