‘Know Your Customer’ Guidelines and Anti Money Laundering Standards
1. Know Your Customer Standards
a) The objective of the KYC guidelines is to prevent payment institutions from being used, intentionally or
unintentionally, by criminal elements for money laundering activities. KYC procedures enable
payment institutions to know/understand their customers and their financial dealings better which in turn help
them manage their risks prudently. The revised KYC policy of the payment institution incorporates the following
- i. Customer Acceptance Policy (CAP)
- ii. Customer Identification Procedures (CIP)
- iii. Monitoring of Transactions; and
- iv. Risk Management
b) A customer for the purpose of KYC Policy is defined as:
- A person or entity that maintains an account and/or has a business relationship with the payment institution
- One on whose behalf the account is maintained (i.e., the beneficial owner)
- Any person or entity connected with a financial transaction which can pose significant
reputational or other risks to the payment institution, say, a wire transfer or issue of high value demand
draft as a single transaction.
2. Customer Acceptance Policy (CAP)
a) The following Customer Acceptance Policy indicating the criteria for acceptance of customers shall
be followed in the payment institution. Payment institution shall accept customer strictly in accordance with the said
- i. No account shall be opened in anonymous or fictitious/benami name(s)
- ii. Parameters of risk perception shall be clearly defined in terms of the nature of business
activity, location of customer and his clients, mode of payments, volume of turnover,
social and financial status etc., to enable categorization of customers into low, medium
and high risk called Level I, Level II and Level III respectively; Customers requiring very
high level of monitoring e.g., Politically Exposed Persons (PEPs) may be categorized as
- iii. Payment institution shall collect documents and other information from the customer depending
on perceived risk and keeping in mind the requirements of AML Act, 2002
- iv. Payment institution shall close an existing account or shall not open a new account where it is
unable to apply appropriate customer due diligence measures i.e., branch is unable to
verify the identity and/or obtain documents required as per the risk categorization due to
non cooperation of the customer or non reliability of data/information furnished to the
branch. Payment institution shall, however, ensure that these measures do not lead to the
harassment of the customer. However, in case the account is required to be closed on this
ground, payment institution shall do so only after permission of J/DGM (I&V) of their concerned
Zonal Offices is obtained. Further, the customer should be given a prior notice of at least
20 days wherein reasons for closure of his account should also be mentioned.
- v. The Updated Manual of Instructions (Chapter 2 Volume I) provides detailed guidelines as
to the mode of operations of different types of accounts and the circumstances in which a
customer is permitted to act on behalf of another person/entity. Payment institution is
advised to strictly follow these instructions.
- vi. Payment institution shall make necessary checks before opening a new account so as to ensure
that the identity of the customer does not match with any person with known criminal
background or with banned entities such as individual terrorists or terrorist organizations,
b) Payment institution shall prepare a profile for each new customer based on risk categorization.
It has devised a revised Composite Account Opening Form for recording and maintaining the
profile of each new customer. Revised form is separate for Individuals, Companies and other legal entities or special accounts e.g., account in the name of brand names, domain names, etc.
c) The risk to the customer shall be assigned on the following basis:
The persons requiring very high level of monitoring may be categorized as Level IV.
- i. Low Risk (Level I):
Individuals (other than High Net Worth) and entities whose identities and sources of wealth can
be easily identified and transactions in whose accounts by and large conform to the known profile
may be categorized as low risk.
ii. Medium Risk (Level II):
Customers that are likely to pose a higher than average risk to the payment institution may be categorized as
medium or high risk depending on customer’s background, nature and location of activity, country
of origin, sources of funds and his client profile etc;
iii. High Risk (Level III):
Payment institution may apply enhanced due diligence measures based on the risk assessment, thereby
requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the
sources of funds are not clear.
3. Customer Identification Procedure (CIP)
a) Customer identification means identifying the person and verifying his/her identity by using
reliable, independent source documents, data or information. Payment institution need to obtain
sufficient information necessary to establish, to their satisfaction, the identity of each new
customer, whether regular or occasional. Being satisfied means that payment institution is able to satisfy the competent authorities
that due diligence was observed based on the risk profile of the customer in compliance of the
extant guidelines in place. Besides risk perception, the nature of information/documents required
would also depend on the type of customer (individual, corporate, etc). For customers that are
natural persons,payment institution shall obtain sufficient identification data to verify the identity of the
customer, his address/location, and also his passport. For customers that are legal
persons or entities, payment institution shall (i) verify the legal status of the legal person/entity through
proper and relevant documents (ii) verify that any person purporting to act on behalf of the legal
person/entity is so authorized and identify and verify the identity of that person (iii) understand
the ownership and control structure of the customer and determine who are the natural persons
who ultimately control the legal person. Customer Identification requirements in respect of a few
typical cases, especially, legal persons requiring an extra element of caution are given in
guidance of payment institution.
b) If payment institution decides to accept such accounts in terms of the Customer Acceptance Policy, it shall take reasonable measures to identify the beneficial owner(s) and verify his/her/their
identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are. An
indicative list of the nature and type of documents/information that may be relied upon for
4. Monitoring of Transactions
a) Continuous monitoring is an essential ingredient of effective KYC procedures and the extent of
monitoring should be according to the risk sensitivity of the account. Payment institution shall pay special
attention to all complex, unusually large transactions and all unusual patterns which have no
apparent economic or visible lawful purpose. High risk accounts shall be subjected to intensive monitoring.
b) Compliance shall specifically check and verify the application of KYC
procedures at payment institution and comment on the lapses if any observed in this regard. All staff members shall be provided training on Anti Money Laundering. The focus of training
shall be different for frontline staff, compliance staff and staff dealing with new customers.
5. KYC for the Existing Accounts
As per extant guidelines, payment institution is required to obtain Composite Account Opening
Form from all the existing customers.