The KYC directions from the RBI clearly state that the KYC process should follow risk categorization of customers into high, medium and low risk. The directions also state that the KYC updation of low risk customers should be done only once every 10 years if there is no change in the identity or address.
Ever since the government announced demonetization on 08th November, banks have been busy asking customers to bring fresh documents for the purpose of KYC. Even those customers with regular banking operations were asked to submit fresh documents for the for the purpose of KYC. But the KYC directions issued by the Reserve Bank of India (RBI) this year clearly mention that the periodic updation for low risk customers should be done once in every 10 years.
What is KYC?
KYC means ‘Know Your Customer’. It is a process by which banks obtain information about the identity and address of the customers. This process helps to ensure that banks’ services are not misused. The KYC procedure is to be completed by the banks while opening accounts. Banks are also required to periodically update their customers’ KYC details.
To open a bank account, one needs to submit a ‘proof of identity and proof of address’ together with a recent photograph. The Government of India has notified six documents as ‘Officially Valid Documents’ (OVDs) for the purpose of producing proof of identity. These six documents are Passport, Driving Licence, Voters’ Identity Card, PAN Card, Aadhaar Card issued by UIDAI and NREGA Job Card. You need to submit any one of these documents as proof of identity. If these documents also contain your address details, then it would also be accepted as ‘proof of address’. If the document submitted by you for proof of identity does not contain address details, then you will have to submit another officially valid document which contains address details.
KYC Policy of Banks should have four key elements
The RBI directions on KYC mention that the KYC policy of every bank should have the following four key elements
- Customer Acceptance Policy
- Risk Management
- Customer Identification Procedures (CIP)
- Monitoring of Transactions
Accounts to be categorized into 3 different risk types
For Risk Management, RBI directions state that banks should have a risk based approach which includes categorizing customers as low, medium and high risk category, based on the assessment and risk perception. This is called the Anti Money Laundering Standards (AML) risk assessment. It has to be noted that banks do not inform customers about their risk categorization.
Risk categorization should be undertaken based on parameters such as
- Customer’s identity
- Social/financial status
- Nature of business activity
- Information about the clients’ business and their location etc.
The directions also state that while considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in like in the case of identifiable documents like PAN, Aadhaar etc.
The directions also mention that the information collected from different categories of customers relating to the perceived risk, is non-intrusive and the same should be specified in the KYC policy.
Periodic review of Risk Categorization
The RBI directions also state that Banks will undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, customers’ business and risk profile; and the source of funds.
For eg., the following activities should be monitored by the banks.
- Large and complex transactions including RTGS transactions, and those with unusual patterns, inconsistent with the normal and expected activity of the customer, which have no apparent economic rationale or legitimate purpose.
- Transactions which exceed the thresholds prescribed for specific categories of accounts.
- High account turnover inconsistent with the size of the balance maintained.
- Deposit of third party cheques, drafts, etc. in the existing and newly opened accounts followed by cash withdrawals for large amounts.
The extent of such monitoring should be aligned with the risk category of the customer which means that high risk accounts have to be subjected to more intensified monitoring. A periodic review of risk categorization is also stated in the RBI directions (at least once in six months). The RBI directions specifically state the example of transactions of marketing firms, especially accounts of Multi-level Marketing (MLM) companies where a large number of cheque books are sought by the company and/or multiple small deposits (generally in cash) across the country in one bank account and/or where a large number of cheques are issued bearing similar amounts/dates.
Periodic Updation of KYC based on Risk Categorization
The RBI directions on KYC clearly mention that the periodicity of KYC updation should be based on the risk profile of the customer. Periodic updation of KYC should be carried out
- At least once in every two years for high risk customers
- Once in every eight years for medium risk customers
- Once in every ten years for low risk customers
The periodic updation is also subject to the following conditions.
- Fresh proofs of identity and address shall not be sought at the time of periodic updation, from customers who are categorised as ‘low risk’, when there is no change in status with respect to their identities and addresses and a self-certification to that effect is obtained.
- A certified copy of the proof of address forwarded by ‘low risk’ customers through mail/post, etc., in case of change of address shall be acceptable.
- Physical presence of low risk customer at the time of periodic updation shall not be insisted.
If your bank is frequently asking you for fresh KYC documents, check with them if you are being treated as a high-risk customer.