Hey there! Have you heard about the recent amendments to the RBI’s KYC Master Direction? These changes, introduced on April 28, 2023, and May 4, 2023, aim to combat money laundering, terrorist financing, and other related risks. The RBI issued these amendments to align with the recommendations of the FATF (Financial Action Task Force) and keep up with the industry’s shift towards digitization, particularly in relation to non-face-to-face customer onboarding.
We understand that the revised RBI guidelines on KYC can be confusing in several areas. At HyperVerge, we empathize with you and have taken the initiative to simplify these changes for you. Let’s break down the major points of the amendments:
AML (Anti-Money Laundering):
REs must screen users against UNSC and UAPA Sanction Lists. Daily verification of customer databases against specified sanction lists is mandated.
To combat money laundering and financial crimes, the recent amendments in the Master Direction put a spotlight on AML screening. Regulated entities such as banks, NBFCs, and PSPs now have a specific requirement to screen users against the UNSC Sanctions Lists, UAPA Sanction Lists, and politically exposed persons (PEPs) along with their relatives and close associates. This screening helps identify individuals or entities that may have terrorist links and helps mitigate the risks associated with money laundering.
In addition, a new Section 54A has been introduced, urging regulated entities to utilize technological innovations and tools for effective name screening against individuals and entities suspected of having terrorist links. Furthermore, the RBI emphasizes the significance of profile-based risk assessments and periodic reassessments of onboarded users as best practices.
To strengthen the AML framework, regulated entities are required to conduct “daily verification” of their customer databases against various sanction lists specified in the directions.
V-CIP (Video-based Customer Identification Process):
For V-CIP using the cloud model, REs must own the data completely. The timeframe for XML file/QR code generation has changed to 3 “working” days from the date of conducting the V-CIP.
Video verification is considered equivalent to a face-to-face customer identification process. It’s a significant step towards digitizing customer onboarding. Regulated Entities (REs) must ensure complete ownership of data if the cloud model is used for V-CIP. Data should be transferred to the RE immediately after the call, with no data residing on third-party provider servers. The video recordings and data should be stored securely with date and time stamps, and all data and recordings must be stored in India for security and compliance.
The recent amendments have changed the guideline for XML file/QR code generation. Previously, it had to be done within 3 days, but now it should be completed within 3 “working” days from the date of conducting the V-CIP process. In the event of a dropped or disconnected call, the entire Video KYC process needs to be initiated again, but disruptions or pauses within a single video session are allowed. However, multiple video files should not be created.
In case you’re wondering about the implications for non-face-to-face customer onboarding, here’s what you need to know. Customers who open accounts using Aadhaar verification modes like CKYC & Digilocker, along with PAN verification, will be subject to high-risk monitoring until their identity is verified face-to-face or through V-CIP. If the RE has the option of using V-CIP, it should be provided as the primary choice for remote onboarding.
Non-Face-to-Face Mode of KYC:
REs must verify the current address through positive confirmation methods like address verification letters, contact point verification, etc before customers can operate their accounts. First transaction for non-face-to-face accounts must be a credit from a KYC-compliant bank account.
If you’re curious about the ins and outs of non-face-to-face customer onboarding, let’s dive into it. The non-face-to-face mode of customer onboarding offers regulated entities (REs) the flexibility to establish relationships without physical or V-CIP verification. There are different options available, including CKYCR, DigiLocker, equivalent e-documents, and even non-digital methods like obtaining a certified copy of Officially Valid Documents (OVD).
RBI has made it clear that before customers start operating their accounts, REs must verify their current address using positive confirmation methods. This can involve address verification letters, contact point verification, and other deliverables. Digital methods can also be utilized, where the provided address is matched with geolocation data. In this case, customers may be required to conduct contact point verification from the given address as a means of verification.
Now, when customers open accounts using Aadhaar OTP based e-KYC, in non-face-to-face mode there are a few important things to consider. To ensure security, it’s crucial to send transaction alerts, OTPs, and notifications exclusively to the mobile number registered with Aadhaar. Linking alternate mobile numbers for transaction OTPs and updates post-CDD should not be allowed for such accounts. REs should have a board-approved policy that outlines a robust process for verifying requests to change the mobile number associated with these accounts.
Lastly, for these non-face-to-face accounts, the first transaction must be a credit from the customer’s existing KYC-compliant bank account. This step adds an extra layer of assurance, ensuring the legitimacy of the account.
REs can obtain KYC identifier with explicit customer consent to download records from CKYCR for CDD. If downloaded documents expire, customers must submit the same records or provide additional identification documents.
The RBI recognizes CKYC as a valid method for conducting KYC processes in the non-face-to-face onboarding scenario. However, it’s important to note that only the PAN number is needed to retrieve data from the registry. To ensure the data belongs to the person being onboarded, additional verification may be required. Regulated entities should perform due diligence on the KYC documents to validate their authenticity and ensure they belong to the individual undergoing KYC. To verify if the submitted documents truly belong to the person, video KYC or alternative methods like face match and liveness checks can be employed.
REs can obtain KYC identifier with explicit customer consent to download KYC records from CKYCR for Customer Due Diligence (CDD). If the validity period of the downloaded documents has expired, customers will be required to submit the same KYC records or provide additional identification documents.
Additionally, REs are required to collect and upload customer KYC records onto CKYCR within 10 days of establishing an account-based relationship.
KYB (Know Your Business):
Verification of an entity’s GST number is now mandatory prior to onboarding. The threshold for identifying individual Beneficial Owners and Trusts has been reduced to 10%. Udyam registration certificate recognized as valid business proof for sole proprietary firms.
Now, it’s mandatory to verify the GST number of an entity before onboarding them. This helps ensure authenticity and reliability by cross-checking the GST document with other KYC documents. Additionally, the threshold for identifying an individual as a Beneficial Owner of a Company & Trust has been changed to 10% instead of the previous 25% or 15%.
The RBI now recognizes the Udyam registration certificate as a valid business proof for sole proprietary firms, which is great news for small business owners. And for companies, partnership firms, and trusts, there’s a requirement to declare additional documents/information for Customer Due Diligence (CDD). This includes names of relevant persons holding senior management positions, registered office and principal office addresses, names of all partners in a partnership firm, and names of all beneficiaries, trustees, settlor, and authors of a trust.
Updation / Periodic Updation of KYC Data:
V-CIP is not the only mode for periodic KYC updation; Aadhaar OTP-based e-KYC in non-face-to-face mode is also acceptable. High-risk customers need to update their KYC every 2 years.
Let’s talk about the updation of KYC data and how it works. The RBI has provided guidance on this matter, emphasizing the importance of periodically updating KYC details. Regulated entities need to take a risk-based approach when updating KYC data, and it’s not limited to just the Video Customer Identification Process (V-CIP). In fact, Aadhaar OTP-based e-KYC in the non-face-to-face mode can also be used for periodic updation.
To ensure that the records are up to date, customers should be informed by the regulated entities to submit any updated documents within 30 days of the update. This helps in maintaining accurate and current KYC records.
For wire transfers, verifying the identity of both the originator and beneficiary is mandatory. The collected information should be transmitted from the originating RE to the intermediary RE, and then to the beneficiary RE.
When it comes to wire transfers, verifying the identity of both the originator and beneficiary is a crucial step, whether it’s for domestic or cross-border transfers. To ensure proper verification, there are specific pieces of information that need to be collected and verified.
For the originator, the following details should be collected and verified: their name, account number, address, national identity number, customer identification number, or date and place of birth.
Similarly, for the beneficiary, the name and account number need to be collected and verified. This ensures that the funds are being transferred to the intended recipient. To facilitate this process, the collected information should be transmitted from the originating regulated entity (RE) to the intermediary RE, and then finally to the beneficiary RE.
Customers undergo risk categorization based on factors such as identity, social/financial status, business activity, location, and transaction types to assess their risk profile.
Customers are categorized based on various factors, such as their identity, social/financial status, nature of business activity, and location. Different types of transactions, including cash, checks, wire transfers, and forex transactions, are also considered in the risk assessment.
The risk category assigned to a customer and the specific reasons for the categorization is kept confidential to prevent tipping off the customer. This helps regulated entities evaluate the risks associated with each customer and tailor their compliance measures accordingly.
It is crucial for regulated entities to stay updated with these amendments and ensure their compliance with the revised KYC Master Direction. By adopting robust KYC processes, leveraging technological innovations, and maintaining diligent compliance practices, entities can contribute to the fight against financial crimes and protect their customers and the broader financial ecosystem.
We understand that staying compliant with the latest regulatory guidelines is a top priority for you as a regulated entity (RE). At HyperVerge, we are here to support you with a comprehensive tools to assist you in meeting these regulatory requirements seamlessly.
- Our AML Solution is designed to cover all the new lists mentioned by the RBI such as the UNSC and UAPA Sanction Lists, among others, with close to 1000+ lists in total.
- These lists are updated at a frequency of every 7 minutes, ensuring you have access to the most current data.
- Positive confirmation of address through Digital CPV. By matching the provided address with geolocation data, our solution ensures efficient and compliant verification.
- The best part is, our APIs are designed for easy integration, allowing you to go live in a few days.
Don’t let compliance worries hold you back. With HyperVerge as your partner, you can navigate the regulatory landscape confidently and focus on your core business. Get in touch with us today and take a step towards streamlined compliance processes.
What are the key changes in the recent amendments to the RBI’s KYC Master Direction?
The amendments focus on AML screening, video-based customer identification, non-face-to-face KYC, CKYC, KYB, periodic updation of KYC data, wire transfers, and risk categorization.
Why were these amendments introduced?
The amendments were introduced to combat money laundering, terrorist financing, and related risks while aligning with FATF recommendations and adapting to the industry’s shift toward digitization.
What are the requirements for AML screening under the revised guidelines?
Regulated entities must screen users against UNSC and UAPA Sanction Lists, politically exposed persons (PEPs), and utilize technological tools for effective name screening against individuals with terrorist links. They are also required to conduct “daily verification” of their customer databases against various sanction lists specified in the directions