BBL1 : KYC - Overview

1. Definition of a Customer
A Customer means:

a) Person or entity that maintains an account and/or has a business relationship with the
bank;

b) One on whose behalf the account is maintained (i.e., the beneficial owner);

c) Beneficiaries of transactions conducted by professional intermediaries such as stock

brokers, Chartered Accountants, Solicitors, etc., as permitted under the Law and

d) Any person or entity connected with a financial transaction, which can pose significant
reputation or other risks to the bank, say, a wire transfer or issue of a high value demand
draft as a single transaction.

The following are the key elements of KYC Policy:

1. Customer Acceptance Policy;
2. Risk Management
3. Customer Identification Procedures.
4. Monitoring of Transactions

2. Customer Acceptance Policy C A P

The general guidelines relating to Customer Acceptance Policy are as under:
2.1 No account shall be opened in anonymous or fictitious/benami name(s).
2.2 No account shall be opened when the bank is unable to apply appropriate customer due
diligence measures, i.e., bank is unable to verify the identity and/or obtain documents
required as per the risk categorization due to non-cooperation of the customer or non-
reliability of the data/information furnished to the Bank.
2.3 No transaction or account-based relationship is undertaken without following the CDD
(Customer Due Diligence) procedure.
2.4 Before opening a new account, necessary checks should be made to ensure that the
identity of the customer does not match with any person with known criminal
background or with banned entities such as individual terrorists or terrorist
organizations, etc.
2.5 Customer Profile: At the time of opening the accounts, a customer profile of the new
customers should be prepared. The customer profile may contain information relating
to customer’s identity, social/financial status, nature of business activity, details of
assets, personal details such as qualification, marital status, etc. However, the nature
and extent of information sought from the customer is based on the risk category of
customers. The customer profile will be a confidential document and details contained
therein shall not be divulged for cross selling or any other purposes.
2.6 CDD Procedure is followed for all the joint account holders, while opening a joint
account.
2.7 Branch shall apply the CDD procedure at the CIF level, Thus, if an existing KYC Compliant
customer of bank desires to open another account with the same bank branch, there
shall be no need for a fresh CDD exercise.

2.8 Risk Categorization of Customers:

Generally, customers under risk may be classified in to

(i) Low Risk Customer, (ii) Medium Risk Customer, (iii) High Risk Customer.
(i) Low Risk Customer: Individuals (other than high net worth individuals) and
entities, whose identity and source of income can be easily identified and
transactions in whose accounts by and large conform to the known profile may
be categorized as low risk customers. Examples are:
a. Salaried Employees
b. People belonging to weaker sections of the society
c. People belonging to middle class/lower middle class with small balances
and low turnover.
d. Government Departments and Govt. owned companies.
e. Statutory Bodies etc.

In case of low risk customers, only basic requirements of identifying them and their
location (place of residence/business) should be fulfilled and elaborate details are
not required.
(ii) Medium Risk Customer: Customers not falling in the low risk or high-risk
categories may be classified under Medium Risk Category. They carry an inherently
higher than average risk to the bank depending upon customer`s background, nature
of activity, location, country of origin, source of funds, volume and frequency of
transactions.
Example: High net worth individuals with known source of income such as salary.
The Indicative list of customers belonging to this category are as follows:
Non-banking financial institutions
Stock brokerage
a- Import/export
b- Gas stations
c- Car/Boat /Plane dealership
d- Electronics Wholesale
e- Travel agency
f- Used car sales
g- Tele marketers
h- Pawnshops
i- Cash intensive business as restaurants, retail shops, parking garages,Fastfood
stores and movie theaters
j- Notaries
k- Venture capital firms
 (iii) High Risk Customer: Enhanced due diligence measures will be applied in
respect of high-risk customers especially those, whose sources of funds are not clear.
Examples of high-risk customers are:

a. Non-Resident customers.
b. High Net Worth individuals
c. Trusts, Charities, NGOs & Organisation receiving donations.

d. Firm with ‘sleeping partners’

e. Companies having close family shareholdings or beneficial ownership.
f. Non face-to-face customers

g. Politically Exposed Persons of foreign origin

h. Customers with dubious reputation as per public information available
2.9 Circumstances in which a customer is permitted to act on behalf of another
person/entity will be spelt out in conformity with the established law and practice of
banking.
2.10 Documentation requirements and other information to be collected in respect of
different categories of customers depend on perceived risk and other guidelines issued
by RBI from time to time.
2.11 It is important to bear in mind that the adoption of CAP and its implementation
should not become too restrictive and must not result in denial of Banking Service to
general public, especially to those, who are financially or socially disadvantaged.

3. Customer Identification Procedures ( C I P)

3.1 Customer Identification means identifying the customer and verifying his/her identify
by using reliable, independent source documents, data or information. The Branch
should obtain sufficient information necessary to establish, to its satisfaction, the
identity of each new customer; whether regular or occasional and the purpose of the
intended nature of banking relationship. Being satisfied, means that the branch must be
able to satisfy the competent authorities that due diligence was observed based on the risk
profile of the customers.

3.2 For customers, who are natural persons, the branches should obtain sufficient
identification data to verify the identity of the customer, his address/location and also his
recent photograph.
3.3 For customers who are legal persons/entities, the branch should –
3.3.01 Verify legal status of the legal person/entity through proper and relevant documents
3.3.02 Verify that any person purporting to act on behalf of the legal person/entity is so
authorized and verify the identity of that person
3.3.03 understand the ownership and control structure and determine the natural
persons who ultimately control the legal person.
3.4 The features to be verified in respect of different categories of customers and the
documents that may be obtained for the purpose from them are furnished in
Annexure-1. In addition, the existing procedure forming part of the due diligence
process should be strictly complied with.
3.5 Branches should take extra care in respect of a few categories such as Trust/Nominee
or fiduciary accounts, accounts of companies/ and firms, accounts of politically
exposed persons
3.6 Based on our experience of dealing with different types of customers as well as the
modus operandi of various frauds committed in our Bank/Other Banks, we
may formulate additional guidelines or safeguards for identifying customers, in future.
Customer Identification Procedure Documents that may be obtained from
customers.

Customers/Clients Documents (Certified copy of any one of the

following officially valid document)

Accounts of individuals, ( i. A certified copy of any OVD containing details of

while establishing an account
based relationship or an
individual, who is beneficial
owner, authorised signatory
or power of attorney holder
related to any legal entity.)
- Proof of Identity and
Address
his identity and address.
ii. One recent photograph.
iii. The Permanent Account Number or Form No 60
as defined in Income Tax Rules,1962 and
iv. Such other documents pertaining to the nature
of business or financial status specified by the Bank
in their KYC policy.
OVDs:

1.Passport,
2.Driving licence,
3.Voter's Identity Card issued by the Election
Commission of India,
4.Job card issued by NREGA duly signed by an
officer of the State Government,
5. Letter issued by the National Population Register
containing details of name and address.
6. Proof of possession of Aadhaar number, (It is to
be submitted in the form as are issued by the
Unique Identification Authority of India)

“Provided that in case the OVD furnished by the

customer does not contain updated address, the
following documents shall be deemed to be OVDs
for the limited purpose of proof of address:-
i. utility bill which is not more than two months old
of any service provider (electricity, telephone,
post-paid mobile phone, piped gas, water bill);
ii. property or Municipal tax receipt;
iii. pension or family pension payment orders (PPOs)
issued to retired employees by Government
Departments or Public Sector Undertakings, if they
contain the address;
iv. letter of allotment of accommodation from
employer issued by State Government or Central
Government Departments, statutory or regulatory
bodies, public sector undertakings, scheduled
commercial banks, financial institutions and listed
companies and leave and licence agreements with
such employers allotting official accommodation; .
V. The Customer shall submit OVD with current
address within a period of three months of
submitting the documents specified as above.

VI. Branches shall obtain the Aadhaar number

from an individual who is desirous of receiving
any benefit or subsidy under any scheme notified
under section 7 of the Aadhaar (Targeted Delivery
of Financial and Other subsidies, Benefits and
Services) Act, 2016 (18 of 2016). Banks, at receipt
of the Aadhaar number from the customer,
branch may carry out authentication of the
customer’s Aadhaar number using e-KYC
authentication facility provided by the Unique
Identification Authority of India upon receipt of
the customer’s declaration that he is desirous of
receiving any benefit or subsidy under any
scheme notified under section 7 of the Aadhaar
(Targeted Delivery of Financial and Other
Subsidies Benefits and Services) Act, 2016 (18 of
2016) in his account.
VII. Branches may carry out Aadhaar
authentication/ offline-verification of an
individual who voluntarily uses his Aadhaar
number for identification purpose.
VIII. In cases where successful authentication has
been carried out, other OVD and photograph need
not be submitted by the customer.
VIX. Provided further that in case biometric e-
KYC authentication cannot be performed for an
individual desirous of receiving any benefit or
subsidy under any scheme notified under
section 7 of the Aadhaar (Targeted Delivery of
Financial and Other subsidies, Benefits and
Services) Act, 2016 owing to injury, illness or
infirmity on account of old age or otherwise,
 and similar causes, branches shall, apart from
obtaining the Aadhaar number, perform
identification preferably by carrying out offline
verification or alternatively by obtaining the
certified copy of any other OVD from the
customer. CDD done in this manner shall
invariably be carried out by an official of the
branch and such exception handling shall be a
part of the concurrent audit as mandated in
Section 8. Branches shall ensure to duly record
the cases of exception handling in a centralised
exception database. The database shall contain
the details of grounds of granting exception,
customer details, name of the designated
official authorising the exception and
additional details, if any. The database shall be
subjected to periodic internal audit/inspection
by the RE and shall be available for supervisory
review.

Explanation 1: Branches shall, where its

customer submits his Aadhaar number, ensure
such customer to redact or blackout his
Aadhaar number through appropriate means
where the authentication of Aadhaar number is
not required under section 7 of the Aadhaar
(Targeted Delivery of Financial and Other
Subsidies Benefits and Services) Act.

Explanation 2: Biometric based e-KYC

authentication can be done by bank
official/business correspondents/business
facilitators.

Explanation 3: The use of Aadhaar, proof of

possession of Aadhaar etc., shall be in
accordance with the Aadhaar (Targeted
Delivery of Financial and Other Subsidies
Benefits and Services) Act, the Aadhaar and
Other Law (Amendment) Ordinance, 2019 and
the regulations made thereunder.

Accounts of Companies (i) Certificate of incorporation;

(ii) Memorandum and Articles of Association;
(iii)Permanent Account Number of the company.
 (iv)A resolution from the Board of Directors and
power of attorney granted to its managers, officers
or employees to transact on its behalf;

(v) (a) one of the OVD and

(b) Permanent Account Numbers or Form 60 as
defined in the Income-tax Rules, 1962,
issued to managers, officers or employees holding
an attorney to transact on the company’s behalf.
Accounts of Partnership firms (i) Registration certificate;
(ii) Partnership deed;
(iii)Permanent Account Number of the partnership
firm: and

(iv) (a) One of the OVD and

Accounts of Trusts
(b) Permanent Account Number or Form 60 as
defined in the Income-tax Rules, 1962, issued to the
person holding an attorney to transact on its behalf.
(i) Registration certificate;
(ii) Trust deed;
(iii)Permanent Account Number of Form No 60 of
the Trust and
(iv) (a) One of the OVD ; and
(b) Permanent Account Number or Form 60 as
defined in the Income-tax Rules, 1962, issued to the
person holding an attorney to transact on its behalf.

Accounts of unincorporated (i)Resolution of the managing body of such

association or a body of association or body of individuals;
individuals (ii)Permanent Account Number or Form No 60 of the
unincorporated association or a body of individuals.
(iii) Power of attorney granted to him to transact on
its behalf;
(iv)(a) One of the OVD ; and
Permanent Account Number or Form 60 as defined
in the Income-tax Rules, 1962, issued to the person
holding, an attorney to transact on its behalf.
Accounts of Apart from Customer identification procedure as
Proprietorship applicable to the proprietor/individual any two of
Concerns. the following documents in the name of the
Proof proprietary concern would suffice:
Proof of the name, address 1. Registration certificate (in the case of a
and activity of the concern registered concern),
2. Certificate/licence issued by the Municipal
authorities under Shop & Establishment Act
3. GST and income tax returns
4. GST certificate
5. Certificate/registration document issued by Sales
Tax/Service Tax/ Professional Tax
6. Licence issued by the Registering authority like
Certificate of Practice issued by Institute of
Chartered Accountants of India, Institute of Cost
Accountants of India, Institute of Company
 Secretaries of India, Indian Medical Council, Food
and Drug Control Authorities

7. Registration/licensing document issued in the

name of the proprietary concern by the Central
Government or State Government Authority/
Department

8. IEC (Importer Exporter Code) issued to the

proprietary concern by the office of DGFT
9. The complete Income Tax Return (not just the
acknowledgement) in the name of the sole
proprietor where the firm's income is reflected,
duly authenticated/acknowledged by the Income
Tax authorities.

10. Utility bills such as electricity, water, and

landline telephone bills in the name of the
Proprietary concern/firm.
In cases where the branches are satisfied that it Is
not possible to furnish two such documents, they
would have the discretion to accept only one of
those documents as activity proof. In such cases,
the branches, however, would have to undertake
contact point verification, collect such information
as would be required to establish the existence of
such firm, confirm, clarify and satisfy themselves
that the business activity has been verified from the
address of the proprietary firm.

Customer Identification Requirements:

1 Trust/Nominee or Fiduciary Accounts:

1.1 The branches should determine whether the customer is acting on behalf of another
person as trustee/nominee or any other intermediary. If so, branches must insist on
satisfactory evidence of the identity of intermediaries and of the persons on whose
behalf they are acting, as also obtain details of the nature of the trust or other
arrangements in place.
1.2 While opening the account for a trust, precautions to be taken to verify the identity of
the trustees and the settlers of trust (including any person settling assets into the trust),
grantors, protectors, beneficiaries and signatories. Beneficiaries should be identified
when they are defined.
1.3 In case of ‘foundation’, steps should be taken to verify the founder managers/directors
and the beneficiaries if defined.
2 Accounts of Companies and Firms:

2.1 Branches should examine the control structure of the entity, determine the sources of
funds and identify the natural persons who have a controlling interest and who comprise the
management.
2.2 These requirements may be moderated according to the risk perception. Example: In
the case of a public company, it is not necessary to identify all the shareholders.

3 Client accounts opened by professional intermediaries:

3.1 When the client account opened by a professional intermediary is on behalf of a single
client, that client must be identified.

3.2 Where funds held by the intermediaries are not commingled at the branches and there
are ‘sub-accounts’ each of them attributable to a beneficial owner, all the beneficial owners
must be identified. Where such funds are commingled at the branch, the branch should still
look through to the beneficial owners.

3.3 When the branches rely on the customer due diligence done by an intermediary, they
should satisfy that the intermediary is regulated and supervised and has adequate systems
to comply with KYC requirements.

************************