Globally, the Know your Customer (KYC) process is a way for banks, financial institutions, service provider companies (for e.g., telecom, power, gas, internet, DTH TV et al.), various government departments,
educational institutions, and many others to verify the identity of their clients. A business is a complex body of related and interconnected processes, which dynamically runs on some economic or commercial parameters. KYC is a due diligence process for business entities, especially banks and financial institutions, which is of paramount importance as a risk mitigation measure. Over a decade or so, KYC has become common to prevent fraud, identify theft, money laundering (ML), and terror financing (TF) activities.
A bank or financial institution faces a plethora of systematic and unsystematic risks- counter-party risk and credit risk being two of the prime ones, which, if not contained, may lead to an abnormal financial loss for the company. By definition, counter party risk is the risk to each party of a contract, that the other party will not live up to its contractual obligations. A credit risk is the risk of default on a debt that may arise from a borrower failing to make required payments. Intuitively, an effort to contain Counter party risk is, in a way, a precursor to have control over credit risk.
Genesis of Customer Due Diligence (CDD) dates back to the United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, 1988. To address the increasing concern over money laundering, specifically in respect of the growing drug trafficking menace, the Financial Action Task Force (FATF) was established at the G7 Economic Summit held in Paris the following year. FATF is an inter-governmental body, currently comprising of 34 member jurisdictions and two regional organisations, whose main purpose is to set standards and promote effective implementation of legal, regulatory, and operational measures for combating money laundering, terrorist financing and other related threats to the international financial system. CDD was included in the initial 40 recommendations of FATF published in 1990. Subsequently, in 2001, the Basel Committee on Banking Supervision (BCBS) came out with detailed guidelines for banks on CDD.
With the passing of Prevention of Money Laundering Act (PMLA) in 2002 and Rules framed under it for Maintenance of Records in 2005, the KYC process started getting a proper shape in India. As the financial system consisting of banks, financial institutions and non-banking financial companies was the prime focus area, the RBI took the lead and issued a set of KYC / AML guidelines for such constituents. The RBI advised banks to frame their individual KYC policy which needs to be Board approved, and the entire products and processes of the bank needs to be fitted into the said framework. Another aspect of the KYC policy is that it is to be subjected to periodic review. The international financial system has to constantly deal with newer challenges and threats from unscrupulous movement of dirty money around the globe, between the nations. Hence, based on the FATF Assessment, amendments are made in the relevant statute which ultimately necessitates realignment of the KYC guidelines.
Four main elements of the KYC policy as envisaged by
1. Customer Acceptance Policy (CAP)
2. Customer Identification Procedure (CIP)
3. Monitoring of Transactions
4. Risk Management
CAP of a bank needs to clearly define the acceptable credential criterion of the customers, so the risk of dealing with ML / TF / Frauds may be mitigated. CIP happens to be the most important part of the KYC policy which lays down the actual procedure and documentation to be followed to determine and establish the identity of a prospective customer. Since the bulk of banking transactions are not from individuals (i.e. natural persons), but juridical persons (i.e. entities created by the law), it is an accepted norm to establish the identities of the individual key persons (read Beneficial owners) behind the shroud of the juridical entity. In a chain ownership, the bank is expected to examine the shareholding structure tree to the level where they can be reasonably satisfied that the natural persons who qualify as “beneficial owners” of the entity have been established and identified.
The documentation criterion for KYC process has also emerged over the period and many times that has created a lot of confusion in the customer’s mind. As mentioned earlier, the banking sector, nudged by the apex bank, took the lead in adopting the KYC process. In a short time other regulators eg SEBI (controlling stock brokers, asset management companies, portfolio managers et al), IRDA, NPS, TRAI,CBDT, different governmental departments, corporate sector, educational institutions fell in line and adopted the KYC process to be on the right side of the law. Officially Valid Documents (OVD) as specified under Rule 2(d) of the PML Rules broadly outlines the documents that may be considered for identity verification. Now OVD definition includes - the passport, the driving license, the Voter’s Identity Card issued by Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government, the letter issued by the National Population Register containing details of name, address or any other document as notified by the Central Government in consultation with the Regulator.There are a few other documents to be considered as Proof of Address viz utility bills (not more than two months’ old), municipal tax receipt, bank or post office savings account statement, Pension or Family Pension Payment Order etc. which are deemed to be OVDs.
The creation of the Unique Identification Authority of India (UIDAI) a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (popularly known as “Aadhaar Act 2016”) on July 12, 2016, by the Government of India (Ministry of Electronics and Information Technology) had ushered in the concept of e-KYC. Under PML Rule 9, e KYC service of UIDAI became a valid process for KYC verification and the customer facial photograph and information made available from this, was treated as OVD. Essentially, Aadhaar was an identifier and not a client profiling tool. When the idea of e KYC, was fast catching up and there had been substantial progress in its getting acceptance, the Supreme Court verdict on September 26, 2018, was a game change a bank account, for getting mobile connections, investing in mutual funds, buying an insurance policy, using a credit card, to be a member of pension scheme, to save in post office schemes etc. Aadhaar must not be made compulsory for school admission and the administration cannot make it mandatory. However, the SC mandated linking of Aadhaar and PAN as compulsory for filing of Income Tax Return (ITR).
In a way the SC verdict strikes down Section 57 of the Aadhaar Act, which allows the use of the Aadhaar number for establishing the identity of an individual for any purpose—whether by the state or any corporate or person. This means now onwards, the companies that used Aadhaar based e-KYC to acquire new customers, will now have to make changes to how they onboard and verify customers.
As per the industry estimates, enrolment via Aadhaar takes about 30 minutes to get a customer on board, whereas it takes about 5-6 days for company officers to go to customers’ addresses and verify their details for a physical KYC. The apex courts’ decision is likely to saddle companies with longer processing time and higher cost (roughly ` 100 for physical KYC vs ` 15 for e KYC) for new accounts and connections.
Some banks, e Wallets and fintech companies, who designed financial products, on Aadhaar-based e KYC, are jinxed, as the ease of on boarding clients vanished overnight.
Transaction monitoring and review of KYC need to be diligently handled also on a continual basis, tracking millions of transactions passing through the banking system every day is a challenge. Hence, a normative approach will be to identify those transactions which are not consistent with the customer profile and report the same at the appropriate level.
A similar approach may be adopted for the products / services which pose higher risk, for e.g., import remittances, foreign direct investments, transactions in commodities derivatives, crypto currency, diamond and gold trade, etc. As per various guidelines of banking the typical characteristics that need to be examined in these transactions are :
Unusual transactions with no apparent economic rationale
Large and complex transactions with layers
Transaction value just exceeding the prescribed threshold, if any, or just below that
Element of cash movement inconsistent with the normal activity of the customer
High or quick turnover in the account not consistent with the average balance maintained
In conclusion, KYC needs to be recognised and embedded as an essential process in any of the commercial organisation’s workflow. Employees handling customers need to be properly trained and oriented so that they can apply their minds to examine the identity of the customer rather than handling it like a typical routine job of document checking and validation.
Saptarshi Roy Bardhan