Social Welfare

NGO-Voluntary Sector 

RBI Master Direction on Know Your Customer (KYC)

Social-Welfare

<p>RBI Master Direction on Know Your Customer (KYC) 2016 is the Reserve Bank of India's comprehensive guideline for all regulated entities (REs) on Know Your Customer (KYC), Anti-Money Laundering (AML), and Countering Financing of Terrorism (CFT). It consolidates and updates all previous circulars and directions on these topics.</p> 
<h3>Key points of RBI Master Direction on KYC</h3> 
<h4>Purpose and Applicability</h4> 
<ul> 
 <li>Aims to prevent banks and financial institutions from being used for money laundering (ML) and terrorist financing (TF).</li> 
 <li>Applies to all entities regulated by the RBI, including banks, NBFCs, payment system providers, and their branches/subsidiaries in India and abroad (unless local laws conflict).</li> 
</ul> 
<h4>KYC Policy Requirements</h4> 
<p>Every RE must have a Board-approved KYC policy covering:</p> 
<ul> 
 <li>Customer Acceptance Policy</li> 
 <li>Risk Management</li> 
 <li>Customer Identification Procedures (CIP)</li> 
 <li>Monitoring of Transactions</li> 
</ul> 
<h4>Customer Acceptance and Identification</h4> 
<ul> 
 <li>No accounts to be opened in anonymous or fictitious names.</li> 
 <li>CDD (Customer Due Diligence) is mandatory for all account openings and certain transactions (e.g., above INR 50,000, international transfers).</li> 
 <li>CDD includes verifying identity, beneficial ownership, and understanding the nature of the business relationship.</li> 
 <li>Reliance on third-party CDD is allowed under strict conditions.</li> 
</ul> 
<h4>Risk Management</h4> 
<ul> 
 <li>Customers must be categorized as low, medium, or high risk based on various parameters (identity, business, geography, transaction type, etc.).</li> 
 <li>Enhanced due diligence (EDD) is required for high-risk customers, non-face-to-face onboarding, and politically exposed persons (PEPs).</li> 
 <li>Ongoing due diligence and periodic review of risk categorization are mandatory.</li> 
</ul> 
<h4>Customer Due Diligence (CDD) Procedures</h4> 
<ul> 
 <li>Specific CDD requirements for individuals, sole proprietorships, legal entities, trusts, and unincorporated associations.</li> 
 <li>Use of Aadhaar, PAN, and other Officially Valid Documents (OVDs) for identification.</li> 
 <li>Digital KYC and Video-based Customer Identification Process (V-CIP) are permitted with strict controls.</li> 
 <li>Small accounts and simplified procedures are allowed for certain disadvantaged groups, with transaction and balance limits.</li> 
</ul> 
<h4>Record Management</h4> 
<ul> 
 <li>Transaction records must be kept for at least 5 years from the date of transaction.</li> 
 <li>Customer identification records must be preserved for at least 5 years after the end of the business relationship.</li> 
 <li>Records must be made available swiftly to competent authorities upon request.</li> 
</ul> 
<h4>Reporting Requirements</h4> 
<ul> 
 <li>REs must report suspicious transactions (STRs), cash transactions (CTRs), and other prescribed information to the Financial Intelligence Unit-India (FIU-IND).</li> 
 <li>Delays in reporting are treated as separate violations.</li> 
 <li>Confidentiality of reporting and record-keeping is emphasized.</li> 
</ul> 
<h4>International Obligations and Sanctions Compliance</h4> 
<ul> 
 <li>REs must comply with <a title="External website that opens in new window" href="https://main.un.org/securitycouncil/en/content/un-sc-consolidated-list" target="_blank" rel="noopener">UN Security Council sanctions lists</a> and Indian government notifications under The Unlawful Activities (Prevention) Act (UAPA) and Weapons of Mass Destruction and Their Delivery System (WMD) Acts.</li> 
 <li>Daily screening of customer lists against designated persons/entities is required.</li> 
 <li>Procedures for freezing/unfreezing assets and reporting matches are detailed.</li> 
</ul> 
<h4>Use of Technology and Innovation</h4> 
<ul> 
 <li>Encourages use of AI/ML for transaction monitoring and name screening.</li> 
 <li>Mandates robust IT and cybersecurity for digital KYC and V-CIP.</li> 
</ul> 
<h4>Employee Training and Internal Controls</h4> 
<ul> 
 <li>REs must have ongoing employee training on KYC/AML/CFT.</li> 
 <li>Adequate screening of employees and independent audit of compliance functions are required.</li> 
</ul> 
<h3>Other Notable Provisions</h3> 
<ul> 
 <li>Prohibits opening/continuing relationships with shell banks.</li> 
 <li>Special procedures for correspondent banking, wire transfers, and third-party product sales.</li> 
 <li>Unique Customer Identification Code (UCIC) to be allotted to all customers.</li> 
 <li>KYC information to be uploaded to the Central KYC Records Registry (CKYCR).</li> 
 <li>Provisions for compliance with FATCA/CRS and Foreign Contribution Regulation Act (FCRA).</li> 
</ul> 
<p><strong>Example Implementation:</strong></p> 
<p>A bank must verify a new customer's identity using Aadhaar (with consent), PAN, or other OVDs, conduct risk assessment, and monitor transactions for suspicious activity. If the customer is a PEP, enhanced due diligence and senior management approval are required. All records must be preserved for at least 5 years, and any suspicious activity must be reported to FIU-IND.</p> 
<p><strong>Source : <a title="External website that opens in new window" href="https://www.rbi.org.in/commonman/English/scripts/notification.aspx?id=2607" target="_blank" rel="noopener">RBI</a></strong></p>

/social-welfare/ngo-voluntary-sector-1/rbi-master-direction-on-know-your-customer-(kyc)