The Reserve Bank of India has issued comprehensive guidelines on Know Your Customer (KYC) norms and Anti-Money Laundering (AML) standards and has advised all NBFCs to ensure that a proper policy framework on KYC and AML measures be formulated and put in place with the approval of the Board. The objective of RBI guidelines is to prevent NBFCs being used, intentionally or unintentionally by criminal elements for money laundering activities. The guidelines also mandate making reasonable efforts to determine the identity and beneficial ownership of accounts, source of funds, the nature of customer’s business, reasonableness of operations in the account in relation to the customer’s
business, etc. which in turn helps the Company to manage its risks prudently. In accordance with RBI guidelines, the main objective of this policy is framed to enable the Company to have positive identification of its customers. Accordingly, in compliance with the guidelines issued by RBI from time to time, the following KYC & AML policy of the Company is approved by the Board of Directors of the
Company. This policy is applicable to all categories of products and services offered by the Company.
SCOPE AND APPLICATION OF THE POLICY
The scope of this policy is:
• To lay down explicit criteria for acceptance of customers.
• To establish procedures to identify of individuals/non-individuals for opening of account.
• To establish processes and procedures to monitor high value transactions and/or transactions of suspicious nature in accounts.
• To develop measures for conducting due diligence in respect of customers and reporting of such transactions.
To fulfil the scope, the following four key elements will be incorporated into our policy:
• Customer Acceptance Policy
• Customer Identification Procedures
• Monitoring of Transactions
• Risk Management
CUSTOMER ACCEPTANCE POLICY
Definition of a Customer
• A person or entity that maintains an account and/or has a business relationship with the Company
• One on whose behalf the account is maintained (i.e. the beneficial owner)
• Any other person or entity connected with a financial transaction which can pose significant reputation or other risks to the Company, say a wire transfer or issue of high value demand draft as a single transaction.
A “Person” shall have the meaning as defined under KYC policy of RBI (and any amendment from time
to time by RBI) which at present is as follows:
‘Person’ shall include:
a. an Individual;
b. a Hindu Undivided Family;
c. a Company;
d. a Trust
e. a Firm;
f. an association of persons or a body of individuals, whether incorporated or not;
g. every artificial juridical person, not falling within any one of the above person (a to e);
h. any agency, office or branch owned or controlled by any one of the above persons (a to f)
GUIDELINES FOR ACCEPTING CUSTOMERS
Following norms and procedures will be followed by the Company in relation to its customers who approach the Company for availing financial facilities. While taking decision to grant any one or more facilities to customers as well as during the continuation of any loan account of the customer, the following norms will be adhered to by the Company:
1. No loan account will be opened, and / or money will be disbursed in a name which is. Anonymous or fictitious or appears to be a name borrowed only for opening the loan account i.e. Benami Account. The Company shall insist on sufficient proof about the identity of the customer to ensure his physical and legal existence at the time of accepting the application form from any customer.
2. Circumstances, in which a customer is permitted to act on behalf of another person /entity, shall be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by intermediary in a fiduciary capacity.
3. The Company shall not open any account or give / sanction any loan or close an existing account where the Company is unable to apply appropriate due diligence measures arising due to any of the following circumstances:
• The Company is unable to verify the identity of the customer
• The customer without any valid or convincing reasons refuses to provide documents to the Company which are needed to determine the risk level in relation to the customer loan applied for by the customer and his paying capacity
• Information furnished by the customer does not originate from the reliable sources or appears to be doubtful due to lack of supporting evidence.
• Identity of the customer, directly or indirectly matches with any individual terrorist or prohibited / unlawful organizations, whether existing within the country or internationally, or if the customer or beneficiary is found, even remotely, to be associated with or affiliated to any illegal, prohibited or unlawful or terrorist organization as notified from time to time either by Govt. of India, State Govt. or any other national or international body / organization.
iv. Subject to the above-mentioned norms and caution, at the same time all the employees of Company will also ensure that the above norms and safeguards do not result in any kind of harassment or inconvenience to bona fide and genuine customers who should not feel discouraged while dealing with the Company.
v. The Loan officer shall, at the time of approving a financial transaction/activity, or executing any transaction, verify the record of identity, signature proof and proof of current address or addresses including permanent address of the customer. The Company shall however maintain a repository of KYC documents of borrowers.
RISK LEVEL CATEGORIZATION
i. The Company shall categorize its customers based on the risk perceived by the Company. The levels of categorization would be Low Risk, Medium Risk and High Risk. The risk categorization would be
a function of the industry the borrower operates in, the geography in which the borrower operates, the shareholding pattern of the entity etc.
ii. The profile of new customers will be prepared on risk categorization basis. Such profile will contain the following information about the new customers:
• Customer’s Identity
• Social/Legal and financial status of the customer
• Nature of the business activity
• Information about the business of the customer’s clients and their locations
iii. There will be level-wise categorization of customers i.e. Low Risk - Level-I, Medium, Risk –-Level-II and High Risk Level-III. Such levels will be decided based on risk element involved in each case which will be determined by considering the following information submitted by the customer:
• Nature of business of the Customer
• Work place of Customers
• Source of funds
• Social/Legal and financial status
• Quantum and tenure of facility applied for and proposed schedule for repayment of loan
iv. Information to be collected from the customers will vary according to categorization of customer from the point of view of risk perceived. However, while preparing customer profile the Company shall seek only such information from the customer which is relevant to the risk category and is not intrusive to the customer. Any other information from the customer should be sought separately with his/her consent and after opening the account.
v. For risk categorization, individual (other than High Net Worth) and enitities whose sources of wealth can be easily identified and transactions in whose accounts by and large confirm to the known profile, may be categorized as low risk or Level-I category. Normally Level-I customers would be
• Well governed corporates
• Salaried employees having definite and well-defined salary structure,
• Employees of Government Departments or Government owned companies,
• Statutory bodies,
• Self-employed individuals, however with regular income and good credit behavior
vi. Cases where the Company is likely to incur higher than average risk will be categorized as medium or high-risk customers and will be placed in medium or high risk category i.e. Level-II or Level-III category. While placing the customers in the above categories, the Company will give due consideration to the following aspects:
• Customer’s background,
• Nature and location of his business activities,
• Sources of funds and profile of customer’s clients etc.
In such cases, the Company will apply higher due diligence measures keeping in view the risk level.
vii. Special care and diligence will be taken and exercised in respect of those customers who happen to be high profile and/or Politically Exposed Persons (“PEP”) within or outside country. Such persons will include:
• Senior Politicians,
• Senior Judicial Officers,
• Senior Military Officers,
• Senior Executives of State Owned Corporations and
• Officials of important and leading political parties (as explained in “Annexure2”).
About the accounts of PEPs, in the event of an existing customer or the beneficial owner of an existing account subsequently becoming PEP, the Company shall obtain Credit Committee / Top Management approval in such cases to continue the business relationship with such person, and undertake enhanced monitoring.
viii. The extent of due diligence requirement will vary from case to case as the same will depend upon risk perceived by the Company while granting credit facilities to customers. For the purpose of preparing customer profile only such relevant information from the customers will be sought based on which the Company can easily decide about the risk category in which the customers are to be placed. Ordinarily, the customer profile maintained by the Company will be kept confidential except for cases where the customer himself allows and/or gives consent for the use of the information given in customer profile / application form for offering other products / services of other companies / entities belonging to the Company’s group or any other legal entity with whom the Company is having any business tie-ups. However, while taking any such permission or consent of the customer for using his above referred information provided to the Company, it will be ensured that such permission / consent of the customer is unambiguous and explicit.
ix. Cases in which the risk level is higher will require intensive due diligence exercise. Such cases will include those where the sources of funds to be used for business operations or sources to repay the loan to the Company are not clearly disclosed or cannot be ascertained from the financial statements submitted by the customer to the Company. Besides above, some of such customers in whose cases the Company will require higher due diligence measures, especially those for whom
the source of funds is not clear, are mentioned below:
• Trusts (except trusts appropriately set up under a specific regulation)
• Charitable Institutions
• NGOs and other organizations receiving donations from within or outside the country
• Partnership firms with sleeping partners
• Family owned companies
• Persons with dubious or notorious reputation as per the information available from different sources like media, newspapers etc
• Companies having close family shareholding or beneficial ownership
• High net worth individuals
• Non-face to face customers
DUE DILIGENCE OF BUSINESS PARTNERS
The following due diligence must also be performed on prospective Business Partners.
A) Verify Identity:
i. Obtain and file legible copies of corporate formation and registration documents or public company prospectuses and government filings.
ii. PAN card of the Directors etc.
iii. Wherever possible (in the case of privately owned entities), arrange for recommendation from legal counsel to the company.
iv. Wherever possible (in the case of privately owned entities), obtain from appropriate government entity confirmation of due incorporation and existence of the corporation.
B) Verify Source of Income:
i. Research for the Company details in available news or business databases and obtain all corporate earnings information available.
The Company shall maintain files on each Business Partner with copies of all data obtained and memorialize in writing all the verification efforts. These files may be maintained electronically and should be accessible quickly when needed.
DUE DILIGENCE ON EMPLOYEES
The Company shall perform the following Due Diligence on Prospective Employees prior to their date of joining
A) Verify Identity:
i. Obtain originals of and file legible copies of identification documents that contain photographs of the individual. Acceptable examples include:
Passports (obtain all nationalities an individual may have)
UID or Physical Aadhaar card/letter or e-Aadhaar letter
B) Verify Domicile of Residence:
i. Example: Obtain copies of utility bill receipts or other form of objective verification of Residence, UID or Physical Aadhaar card/letter or e-Aadhaar letter (if the address provided by the customer is the same on the document submitted for identity proof)
C) Verify the previous year’s Employment Record:
i. Obtain and call the previous employer to check the credentials of the prospective employee
ii. Check and verify the address of employee
D) Check References:
i. Obtain 2 or more professional employment references from the prospective employee.
ii. The prospective manager of the employee, or, the Human Resources department, must personally converse with the prospect’s references The Company shall maintain files for each employee hired together with copies of all data obtained. These files may be maintained in electronic or physical form and should be accessible quickly when needed. Further these files will be classified as confidential data and details contained therein shall not be divulged for cross selling or any other purpose.
The purpose of adopting the above measures and norms while taking decisions on the issue of customer acceptance is twofold. Firstly, the Company should not suffer financially at later stage due to lack of proper due diligence exercise and lack of information which is the exclusive possession of the customers.
Secondly, to curb and prevent any such practice by the customers which is aimed to achieve unlawful objectives or any other practice by which the financial institutions can be used to perpetuate any criminal or unlawful activities. However, at the same time, this policy does not aim or intend to deny the benefit of financial services to those who genuinely need such services / facilities due to real lack of their own sufficient financial resources
CUSTOMER IDENTIFICATION PROCEDURE (CIP)
Customer identification means identifying the customer and verifying his / her identity by using reliable, independent source documents, data or information. The Company needs to obtain sufficient information necessary to establish, to their satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship. Being risk perception, the nature of information / documents required would also depend on the type of the customer (individual, corporate etc.)
NEED FOR PHOTOGRAPHS
• In case of change in the authorized signatories, photograph of the new signatory should be obtained duly countersigned by the competent authorities of the concerned institution /organization;
PROOF OF CUSTOMERS’ ADDRESS
A detailed list of the features to be verified and documents that may be obtained from the Customers as mentioned hereunder:
Address proof: (ration card, telephone bill, rental agreement, passport copy, driving license, bank passbook or statement, or electricity bill). The company will accept the address proof in the name of the joint applicant by declaration that the relationship with the co-applicant is established on the ID documents of the primary applicant
In case of need, the Company Manager can depute an official to visit the account holder / loan applicant at the given address to satisfy about the genuineness of the address.
I. For effective implementation of KYC policy there will be a proper co-ordination, communication and understanding amongst all the departments of the Company. The Board of Directors shall ensure that an effective KYC program is put in place by establishing proper procedures and ensuring their effective implementation. Heads of all the Departments will ensure that the respective responsibilities in relation to KYC policy are properly understood, given proper attention and appreciated and discharged with utmost care and attention by all the employees of the Company.
II. The Risk department of the Company will carry out quarterly checks to find out as to whether all features of KYC policy are being followed and adhered to by all the Departments concerned. The Risk Department shall sign off on the KYC documents for corporate entities, before every disbursement. The Company shall also mandatorily include KYC adherence in its internal audit scope every quarter. For co-lending partners, the Company shall carry out sample quarterly KYC sample audit by independent audit firms to assess adherence with the KYC norms.
III. Company will take steps to ensure that its internal auditors are made well versed with this policy that will carry out regular checks about the compliance of KYC procedures by all the branches of the Company. Any lapse or short coming observed by the internal auditors will be brought to the notice of Department Heads concerned. There will be quarterly assessment to check the compliance level by a committee to be constituted by the Board.
IV. The Company will conduct at regular intervals training programs to impart training to its staff members regarding KYC procedures to ensure consistent and highest degree of compliance level.
V. The inadequacy or absence of KYC standards can subject the Company to serious risks especially reputational, operational, and legal and concentration risks.
a. Reputational risk is defined as the risk of loss of confidence in the integrity of the institution, that adverse publicity regarding the Company's business practices and associations, whether accurate or not causes.
b. Operational risk can be defined as the risk of direct and indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.
c. Legal risk is the possibility that law suits, adverse judgments or contracts that turn out to be unenforceable can disrupt or adversely affect the operations or condition of the Company.
d. Concentration risk although mostly applicable on the assets side of the balance sheet, may affect the liability as it is also closely associated with funding risk, particularly the risk of early and sudden withdrawal of funds by large depositors, with potentially damaging consequences for the liquidity of the Company. All these risks are interrelated. Any one of them can result in significant financial cost to the Company and diverts considerable management time and energy to resolving problems that arise.
POLICY IMPLEMENTATION GUIDELINES
For implementing KYC policy, the Company shall have to seek personal and financial information from the new and intended customers at the time they apply for availing the loan facilities. It is likely that any such information, if asked from the intended customer, may be objected to or questioned by the customers. To meet such situation, it is necessary that the customers are educated and appraised about the sanctity and objectives of KYC procedures so that the customers do not feel hesitant or have any reservation while passing on the information to the Company. For this purpose, all the staff members with whom the customers will have their first interaction / dealing will be provided special training to answer any query or questions of the customers and satisfy them while seeking certain information in furtherance of KYC Policy. To educate the customers and win their confidence in this regard, Company may arrange printed materials containing all relevant information regarding KYC Policy and anti-money laundering measures. Such printed materials will be circulated amongst the customers and in case of any question from any customer, the Company staff will attend the same promptly and provide and explain reason for seeking any specific information and satisfy the customer in that regard.
Introduction of new technologies
As part of the KYC and AML Policy, special attention should be paid to any money laundering threats that may arise from new or developing technologies including on-line transactions that might favour anonymity and adequate measures, if needed, should be taken to prevent their use in money laundering schemes. The Principal Officer should ensure to submit CTR for every month to FIU-IND within the prescribed time schedule.
Applicability to branches and subsidiaries outside India
The KYC and AML Policy will also apply to the branches and majority owned subsidiaries of the Company located abroad, if any. When local applicable laws and regulations prohibit implementation of these guidelines, the same will be brought into the notice of RBI.
KYC policy for existing customers
Although this KYC Policy will apply and govern all the new and prospective customers; some of the KYC procedures laid down in this policy particularly which deal with Customer Identification, Monitoring of Transactions and Risk Management can be effectively applied to the existing customers and their loan accounts. While applying such KYC procedures to the existing loan accounts if any unusual pattern is noticed, the same should be brought to the notice of the Department Heads concerned and the Principal Officer appointed by the Company as per RBI directives. In case any existing customer does not co-operate in providing the information required as per KYC policy or conducts himself in such manner which gives rise to suspicion about his identity or credentials, such matters will be brought to the notice of Principal Officer who in turn will make necessary inquiries and if required shall forward the name of such customers to the authorities concerned for appropriate action. Besides above, in such situation the Company, for reasons to be recorded, may recall the loan granted to such customers and take recourse to legal remedy against the customers as well as security furnished by such customers.
APPOINTMENT OF PRINCIPAL OFFICER
To ensure effective implementation of this KYC Policy and a proper co-ordination and communication between the Company and RBI and other enforcement agencies, the Company shall designate a senior official Principal Officer who will operate from the corporate office of the Company. The job of the Principal Officer will be to maintain an effective communication and liaison with RBI and other enforcement agencies which are involved in the fight against money laundering and combating financing of terrorism, and to take appropriate steps in all such matters which are brought to the notice of the Principal Officer by any department of the Company regard to any suspicious acts or omissions or acts of noncompliance on the part of any customers. The name of the Principal Officer so designated, his designation and address including changes from time to time, may please be advised to the Director, FUI-IND. Principal Officer shall be located at the Head / Corporate office of the Company.