The October of 2023 banged with the KYC changes implemented by RBI! Do you what was more shocking than this? This was the third time in 2023 that RBI amended the master direction of KYC (Know Your Customer) direction, 2016.
Why? You may ask.
Well, just like you many other folks too were highly curious about the depth of information on the key KYC changes being done by RBI and the reasons behind it.
So, in this write-up, we will explain every detail about the KYC changes made by RBI. Also, we will explain the key reasons behind it.
Stay tuned!
(A) KYC Change: Key Highlights
Let’s look at the key KYC changes made by the Reserve Bank of India (India)-
(A.1) Expanding KYC Rules for Better Control
If you’re wondering about the recent changes in the financial scene, here’s a simple breakdown for you-
- Including More Companies: KYC rules, or Know Your Customer rules, have widened their scope. Asset Reconstruction Companies, which weren’t clearly part of the Regulated Entities (REs) before, are now under the watchful eye of these rules. This move aims to keep a closer check on the financial world.
- Going Global with Oversight: KYC rules, initially for local companies, now extend to branches abroad and overseas subsidiaries owned mostly by REs. What this means is that the Reserve Bank of India (RBI) can now tell these companies to take extra steps in managing risks related to money laundering and terrorism financing. It’s like a global watchdog making sure everyone plays by the rules.
The expansion of KYC rules to cover more companies and oversee global operations signals a commitment to keeping the financial system safe and sound. It’s a way of staying ahead in the game and ensuring that everyone follows the rules, no matter where they operate.
(A.2) Recent Amendments in Alignment with KYC Directions
Here’s a breakdown of the significant amendments made to align the KYC Directions with the latest changes to the Prevention of Money Laundering Act (PMLA) Rules in September and October 2023-
(A.2.1) Beneficial Ownership Criteria for Partnerships
The threshold for determining beneficial ownership in partnership firms has been reduced to 10%, and the definition of ‘control’ now includes the right to influence management or policy decisions.
(A.2.2) Principal Officer Appointment
Only management-level officers nominated by the Regulated Entity (RE) can serve as the ‘principal officer’ responsible for providing information to the RBI regarding compliance with KYC Directions.
(A.2.3) Customer Due Diligence (CDD) Enhancements
To adapt to the rise of digital payment systems, REs now need to-
– Undertake CDD using ‘reliable’ and ‘independent’ sources.
– Seek information about transaction purpose, business relationship nature, ownership, and control.
– Determine if the customer is acting on behalf of the beneficial owner.
– Identify and verify the beneficial owner’s identity using ‘reliable’ and ‘independent’ sources.
The shift involves moving away from relying solely on official documents to identify and verify customers and beneficial owners.
(A.2.4) Restriction on Third-Party CDD Reliance
While REs could previously rely on third-party CDD data obtained within two days, the recent change mandates immediate reliance.
(A.2.5) CDD for Trusts
For CDD of trusts, REs must now obtain the name of the ‘protector,’ if applicable.
(A.2.6) Periodic KYC Updation
REs are now required to ensure that information collected for CDD remains up-to-date, especially for high-risk customers, accounts, or transactions.
(A.2.7) Additional Measures for PEPs
Appropriate risk measures must be in place for determining whether the customer or beneficial owner is a Politically Exposed Person (PEP), including establishing the source of funds/wealth.
(A.2.8) Mandatory CDD Program Implementation
REs are now obligated to implement a CDD program covering ML/TF risks identified through National Risk Assessment and the size of the business. Monitoring and suggesting enhanced controls are also part of this requirement.
(A.2.9) Group-Level Policies and Programs
Every RE within a group must implement group-level policies for PMLA Rules compliance, curbing ML/TF, sharing information, and preventing tipping-off.
(A.2.10) Confidentiality Safeguards
Policies and processes must ensure the confidentiality of records maintained for furnishing information to the Director, FIU-IND, including for REs, directors, officers, and personnel.
(A.2.11) International Compliance
Enhanced compliance requirements, including undertaking countermeasures, are now mandated if called upon by any international or inter-governmental organization accepted by the Central Government.
These amendments signify a comprehensive effort to strengthen anti-money laundering and counter-terrorism financing measures in the financial sector.
(A.3) Determining the Frequency of Risk Assessment
The Board of the Regulated Entity (RE) or a designated Board Committee holds the authority to decide how often the Money Laundering (ML) and Terrorism Financing (TF) risk assessment should take place. The frequency of these reviews is not fixed but rather subject to the discretion and decision-making of the Board or its Committee.
This flexibility allows the RE to tailor the periodicity of risk assessments according to the evolving nature of ML and TF risks, the pace of changes in the financial landscape, and the specific circumstances relevant to the entity. By granting such authority to the Board or its Committee, the regulatory framework acknowledges the dynamic nature of financial risks and emphasizes the importance of a tailored and responsive approach to risk assessment.
In essence, this provision reflects the regulatory intent to ensure that ML/TF risk assessments remain relevant and effective by allowing the RE to adapt the review frequency based on its unique operational context and the prevailing risk environment.
(A.4) Clarification on Customer Information Record Management
In a recent amendment, Regulated Entities (REs) is now explicitly mandated to maintain records of ‘customer information,’ expanding the scope beyond just ‘customer account information.’ This clarification eliminates any ambiguity, making it clear that the obligation to maintain records extends to all customers, including walk-in customers, irrespective of whether they hold an actual account with the entity.
The revised requirement underscores the importance of comprehensive record-keeping, emphasizing that customer information, beyond mere account details, should be diligently documented. This inclusive approach aligns with the evolving standards of record management in the financial sector, aiming to capture a broader spectrum of customer interactions, inquiries, and engagements.
By addressing the previous uncertainty, the amendment ensures a more robust and thorough record-keeping framework, promoting transparency and accountability in the management of customer information across all interactions within the Regulated Entity. This change reflects a commitment to maintaining a comprehensive and accurate record of customer-related activities, contributing to enhanced regulatory compliance and risk management.
(A.5) Heightened Due Diligence for Non-FATF Compliant Jurisdictions
In a significant development, Regulated Entities (REs) are now obligated to engage in enhanced due diligence for jurisdictions not in compliance with the Financial Action Task Force (FATF) standards. This means that REs must actively undertake due diligence measures that are proportionate and effective, aligning with the risks associated with business relationships and transactions in non-FATF-compliant jurisdictions.
The requirement emphasizes a tailored approach, ensuring that the due diligence measures are commensurate with the specific risks posed by transactions or relationships within these jurisdictions. This aligns with the FATF Recommendations, which serve as a benchmark for implementing effective anti-money laundering and counter-terrorism financing measures globally.
By mandating enhanced due diligence, the regulatory framework seeks to mitigate potential risks stemming from transactions in non-compliant jurisdictions. This proactive stance underscores the commitment to maintaining the integrity of the financial system, aligning with international best practices, and promoting risk-aware business practices within the purview of global regulatory standards.
(A.6) Additional Compliance Measures for Regulated Entities (REs)
- Reporting Inability to Comply with CDD Measures: REs are now mandated to consider filing Suspicious Transactions Reports (STR) even if they are unable to adhere to Customer Due Diligence (CDD) measures for a customer. This emphasizes the importance of reporting any suspicious activities, ensuring that potential risks are thoroughly examined and addressed.
- Accounts with Non-Banking Finance Companies (NBFCs): Non-Banking Finance Companies (NBFCs) are required to exercise heightened vigilance for accounts opened through simplified processes (without complete CDD). Continuous monitoring of activities and transactions related to such accounts is essential. If there are suspicions of Money Laundering (ML) or Terrorism Financing (TF) activities, NBFCs must complete the CDD process for these accounts, even before the permitted 12-month conditional period elapses from the account opening date.
- Wire Transfers: For wire transfers below INR 50,000 from a non-account holder customer, the ordering RE is only obligated to include a Unique Transaction Reference (UTR) number, provided it can be traced back to the originator customer or beneficiary. Additionally, the RE must furnish originator information (or trackable beneficiary information) to the intermediary RE, beneficiary RE, or competent authorities within 3 days of receiving a request.
Furthermore, the obligation to file STR and report to the Financial Intelligence Unit (FIU) has been extended to all REs, broadening the scope beyond Money Transfer Service Scheme providers. This ensures a comprehensive approach to monitoring and reporting potentially illicit financial activities across different types of entities.
(A.7) Additional Measures for Banks Compliance
| Additional Measures | Detail |
| Compliance with the Foreign Contribution Act | Banks are now required to meticulously comply with the provisions of the Foreign Contribution Act, 2010, aligning with instructions from the Reserve Bank of India (RBI) and the Ministry of Home Affairs. This step aims to enhance transparency and regulatory coherence, ensuring that banks adhere to legal requirements related to foreign contributions. |
| Identification of Money Mules Accounts | Banks are mandated to implement comprehensive measures for identifying Money Mules accounts, and taking appropriate actions, including reporting to the Financial Intelligence Unit of India (FIU-IND). This proactive approach strengthens the banking sector’s ability to detect and address potential instances of money laundering. |
| Correspondent Banking | In addition to gathering information, banks are now required to understand the nature of the business of respondent correspondent banks. Utilizing publicly available information, banks must assess the reputation and quality of supervision at the respondent bank. A specific directive is in place to refrain from initiating or continuing correspondent banking relationships with shell banks, enhancing due diligence in correspondent banking. |
| Amendments to UAPA and WMD Act Obligations | Processes and procedures under Annexures II and III of the KYC Directions have been updated in alignment with amendments to the Unlawful Activities (Prevention) Act, 1967 (UAPA) on August 29, 2023. Additionally, the revisions correspond to the updated Government instructions under its order dated September 1, 2023, related to the Weapons of Mass Destruction (Prohibition of Unlawful Activities) Act, 2005 (WMD Act, 2005). |
These changes reflect a commitment to adapting banking practices in response to evolving legal frameworks concerning unlawful activities and potential threats.
(B) Reasons: Why RBI introduced KYC Changes?
The Reserve Bank of India (RBI) has implemented a series of modifications to the Know Your Customer (KYC) process, due to several reasons.
Go through the following table to find out-
| Objectives | Key Changes |
| Enhanced Customer Convenience | Simplified re-KYC process, self-declaration, and remote channels for hassle-free updates without branch visits. |
| Compliance with Regulations | Mandated periodic reviews and fresh KYC procedures to uphold AML and CTF compliance, contributing to system integrity. |
| Risk Management | Introduction of risk categorization parameters for effective assessment and mitigation of potential risks. |
| Validity of KYC Documents | Fresh KYC process prevents misuse by ensuring valid and current document submission. |
| Simplified Re-KYC Process | May 2021: Simplified re-KYC process with self-declaration, non-face-to-face channels, and easy compliance options. |
| Fresh KYC Process | Periodic reviews to keep records up-to-date, offering options for branch visits or Video-based Customer Identification. |
| Risk Categorization Parameters | Introduction of parameters, empowering REs to frame broad principles for risk categorization. |
| Streamlining convenience & regulations | Streamlining KYC for customer convenience and stringent compliance with anti-money laundering regulations. |
Now, let’s dive into the details-
(B.1) Enhanced Customer Convenience
- The revamped re-KYC process prioritizes customer convenience by offering a simplified mechanism for updating KYC information, minimizing unnecessary hassles.
- The introduction of self-declaration for re-KYC reduces paperwork and enhances user-friendliness.
- Leveraging remote channels such as email, mobile apps, and ATMs allows customers to fulfill KYC requirements without the need to visit a physical branch.
(B.2) Compliance with Regulation
- The RBI’s mandate for periodic reviews and updates of KYC records is aimed at ensuring strict compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.
- Fresh KYC procedures contribute to maintaining accurate and up-to-date customer information, thereby reinforcing the overall integrity of the financial system.
(B.3) Risk Management
- The RBI introduces risk categorization parameters, empowering banks to assess and manage risks effectively.
- Parameters like geographical risk, product/service types, and transaction channels are considered to categorize customers, facilitating a thorough risk assessment process.
- A meticulous risk assessment enables banks to identify and mitigate potential risks associated with various customer profiles.
(B.4) Validity of KYC Documents
- Recognizing the expiration of KYC documents over time, the fresh KYC process ensures that customers provide valid and current documents.
- This measure serves to prevent the misuse of accounts and enhances overall security within the banking system.
(B.5) Simplified Re-KYC Process
- In May 2021, the RBI introduced a simplified re-KYC process, streamlining the periodic updation of KYC.
- For cases with no changes in KYC information, a self-declaration from the individual customer is now sufficient to complete the re-KYC process.
- Banks offer this convenience through non-face-to-face channels like registered email IDs, mobile numbers, ATMs, online banking, and mobile applications. Address changes can also be updated through these channels, with verification within two months.
(B.6) Fresh KYC Process
- Banks are obligated to keep records up-to-date through periodic reviews and updates.
- A fresh KYC process may be necessary when existing documents do not conform to the current list of officially valid documents or when the validity of previously submitted documents has expired.
- Customers can undertake fresh KYC either by visiting a bank branch or remotely through a Video-based Customer Identification Process (V-CIP).
(B.7) Risk Categorization Parameters
- The RBI introduces new risk categorization parameters, encompassing geographical risk, product/service types, delivery channels, and transaction types.
- Regulated Entities (REs) are tasked with framing broad principles for the risk categorization of customers.
These changes are designed to streamline the KYC process, prioritize customer convenience, and ensure stringent compliance with anti-money laundering regulations.¹²³⁴
(C) Key Takeaways from the KYC Changes Made by RBI
So what did you learn from the KYC changes made by RBI? Go through the following table and the key takeaways will be clear to you-
| Key Takeaways | Details |
| Proactive Alignment with Laws | The Reserve Bank of India (RBI) has demonstrated a proactive approach by aligning the KYC Directions with other relevant Know Your Customer (KYC) and Anti-Money Laundering/Terrorism Financing (AML/TF) laws. This alignment serves to prevent potential regulatory uncertainty, ensuring a cohesive and consistent regulatory framework. |
| Significant Impact on REs Processes | Anticipated to bring about substantial changes, these amendments are poised to significantly impact the processes and procedures of Regulated Entities (REs), particularly concerning Customer Due Diligence (CDD) processes. The adjustments reflect a commitment to staying abreast of evolving financial landscapes and adopting measures to address emerging risks effectively. |
| Emphasis on Combatting ML/TF Risks | The amendments underscore the crucial role played by REs in combating Money Laundering (ML) and Terrorism Financing (TF) related risks. By re-emphasizing the importance of robust KYC procedures, the RBI aims to strengthen the defenses of REs against potential threats, safeguarding both customers and the nation’s financial system. |
| National Financial System Protection | The overarching objective of these amendments is to safeguard not only individual customers but also the broader integrity of the nation’s financial system. By reinforcing the regulatory framework, the RBI aims to fortify the financial sector against illicit activities, contributing to the overall resilience and security of the country’s financial ecosystem. |
(D) Summing Up the KYC Changes Made by RBI
In essence, the RBI’s recent KYC changes aim to simplify and enhance the customer verification process. These adjustments prioritize customer convenience by allowing self-declaration, remote updates, and minimizing paperwork.
Additionally, compliance with anti-money laundering regulations is a crucial motive, ensuring the financial system’s integrity. The introduction of risk categorization parameters and a streamlined re-KYC process reflects a proactive approach to managing and mitigating potential risks.
Overall, these changes signify a commitment to staying current with evolving financial landscapes, fostering a secure and convenient environment for customers while upholding regulatory standards.
