Policy On Know Your Customer (KYC) Guidelines and Anti Money Laundering (AML) Standards
- Need for the Policy
- Appointment of Designated Director
- Appointment of Compliance/Principal Officer
- Know Your Customer / Anti Money Laundering Standard
- Customer Identification Procedures
- Customer Acceptance Policy
- Risk Classification of Customer Profiles
- Monitoring of Transaction and maintenance and Preservation of records
- Generation of Alerts
- Customer Due Diligence Procedure and sharing KYC Information with Central KYC Registry (CKYCR)
- Internal Audit
- Reporting of the transactions to the designated agency
- Responsibility assigned to the personnel
- Education / Training and Information on KYC
- Procedure Manual
- Review of policy
It is being realized world over, that money laundering is a serious threat not only to the financial system of countries, but also to their integrity and sovereignty. To combat this criminal act of money laundering, the Financial Action Task Force on money laundering (FATF) was established by G-7 summit in Paris. FATF Recommendations set out the basic framework for anti money laundering efforts and were designed with universal application in mind. The Basel committee on banking supervision issued its statement on prevention of criminal use of the banking system for the purpose of money laundering.
Successful participation in this process by all in the financial sector is the need of the hour, as also the need to globally co-operate with the Governments and their enforcement agency to prevent misuse of its business activity from being used as vehicle for laundering money.
In India, the Central Government vide its notification no GSR 436(E), dated 1.7.2005 enacted Prevention of Money Laundering Act, 2002 (PMLA) to prevent conversion of illegal money into apparently legal money either directly or indirectly and curb the threat to banks and financial institutions. Thereafter, the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI) and National Housing Bank (NHB) have also issued guidelines (collectively referred to as “guidelines”) and have directed that all entities, to which the PMLA is applicable, to ensure that a proper policy framework is formulated and put in place. The PMLA and the guidelines also cast an obligation on banking companies, financial institutions and intermediaries now identified as reporting entities, to ensure compliance.
2. Need for the Policy
GRUH is committed to contribute in the fight against money laundering and terrorism financing and curb flow of such funds through its business activity. To achieve this objective and to ensure that GRUH is not used as a vehicle for money laundering and terrorism financing, GRUH has undertaken to frame this policy.
The main objective of this policy is:
- To establish and lay down the general framework for identification and acceptance of customers through documentary and other means and to fight against money laundering and terrorism financing and assist law enforcement agencies in this regard;
- To ensure compliance with the PMLA and the guidelines in force from time to time;
- To protect its reputation and goodwill;
- To lay down compliance norms for the employees.
Risk involved in the event of non-compliance of the Act and guidelines:
GRUH is aware that it is exposed to several risks if appropriate anti money laundering measures and/or proper framework is not established:
- Reputation Risk: Risk of loss due to severe impact on GRUH’s reputation. This may be of particular concern given the nature on GRUH’s business activities, which requires maintaining the confidence of depositors, creditors, business associates, stakeholders and general public at large.
- Compliance Risk: Risk of loss due to failure of compliance with key regulations governing GRUH’s operations.
- Operations Risk: Risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
- Legal Risk: Risk of loss due to any of the above risk or combination thereof resulting into the failure to comply with law and having a negative legal impact on GRUH. The specific types of negative legal impacts that could arise could be by way of fines, confiscation of illegal proceeds, criminal liability etc.
- Financial Risk: Risk of loss due to any of the above risks or combination thereof resulting in to negative financial impact on GRUH.
In terms of the KYC norms, the Company (reporting entity) is inter alia required to comply with the obligations detailed as under:
- Maintain record of all transactions, including information relating to attempted transactions, in such manner so as to enable it to reconstruct individual transactions;
- Furnish to the Director – Financial Intelligence Unit – India (FIU-IND), within such time as may be prescribed, information relating to such transactions, whether attempted or executed;
- Verify the identity of all its customers;
- Identify the beneficial owner, if any, of such of its customer; and
- Maintain record of documents evidencing identity of its customers and beneficial owners as well as account files and business correspondence relating to its customers.
- Ensure confidentiality of every information maintained, furnished or verified, save as otherwise provided under any law for the time being in force.
- Maintain records referred to in clause (a) above for a period of five years from the date of transaction between a customer and the Company.
- Maintain records referred to in clause (e) above for a period of five years after the business relationship between a customer and the Company has ended or the account has been closed, whichever is later.
- "Act, Rules & Regulations" Act means “The Prevention of Money Laundering Act, 2002 (PMLA) as amended from time to time. The Rules shall mean the Rules framed under the PMLA. The regulations shall mean the regulations framed under the PMLA.
- "Offence of Money Laundering" means “Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with the proceeds of crime including its concealment, possession, acquisition or use and projecting or claiming it as untainted property shall be guilty of offence of money-laundering.”
- "Person" means – (i) an individual, (ii) a Hindu undivided family, (iii) a company, (iv) a firm, (v) an association of persons or a body of individuals, whether incorporated or not, (vi) every artificial juridical person, not falling within any of the preceding sub-clauses, and (vii) any agency, office or branch owned or controlled by any of the above person mentioned in the preceding sub-clauses;
“Customer” with reference to GRUH’s operations means :
- A depositor placing a deposit with GRUH.
- A borrower availing a loan from GRUH.
- Deposit Referral Associates
- GRUH’s Referral Associates.
- "Central KYC Records Registry"(CKYCR) means an entity defined under Rule 2(1)(aa) of the Rules; to receive, store, safeguard and retrieve the KYC records in digital form of a customer
- "KYC Templates" means templates prepared to facilitate collating and reporting the KYC data to the CKYCR, for individuals and legal entities.
- Non face to face Customer means a person purporting to act on behalf of the customer
- "Proceeds of Crime" means any property derived or obtained, directly or indirectly, by any person as a result of criminal activity relating to a scheduled offence or the value of any such property or where such property is taken or held outside the country, then the property equivalent in value held within the country.
- "Property"means any property or assets of every description, whether corporeal or incorporeal, movable or immovable, tangible or intangible and includes deeds and instruments evidencing title to, or interest in such property or assets, wherever located.
- "Transfer" includes sale, purchase, mortgage, pledge, gift, loan or any other form of transfer of right, title, possession or lien.
- "Records" includes the records maintained in the form of books or stored in computer or such other form as may be prescribed.
"Suspicious Transaction"” means a transaction whether or not made in cash which, to a person acting in good faith –
- give rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or
- appears to be made in circumstances of unusual or unjustified complexity; or
- appears to have no economic rational or bonafide purpose. or
- gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
- "Transaction" includes placement of deposit, renewal of deposit, withdrawal of deposit, loan disbursements, repayment/prepayment of loans, payment of fees to GRUH’s referral associates and brokerage to saving agents, whether in cash or by cheque, pay order or other instruments or by electronic or other non-physical means and
- Implementing the policy by drawing up the procedures
- Ensuring procedures formulation in co-ordinations with Corporate service heads (CSHs)
- Co-ordinating with Corporate Service Heads (CSHs) / Regional Mangers (RMs) / Area Mangers (AMs) for monitoring the compliance of the policy on KYC and AML.
- Updating / Modifying the policy with change in laws and regulation with the Boards approval.
- Allocating duties and responsibilities to ensure implementation and compliance of the policy framed.
- Reviewing and approving all products/services offered by GRUH in co-ordination with CSH/RMs to ensure compliance with the policy and procedures on KYC and AML.
- Ensuring that the procedures and practices applied in case of new products and services are in compliance with the policy framed in this regards.
- Training and dissemination of information concerning guidelines and other rules and regulations on KYC and AML and updating staff / customers of the changes taking place from time to time.
- Ensuring that suspicious transactions are reported promptly within the stipulated period from the date of reaching the conclusion of such transaction, to the designated agency.
- Arranging for timely submission of the prescribed reports on cash transactions and suspicious transactions, etc to the designated agency
- Reporting status on the compliance of the KYC norms to the Board
- Customer Identification Procedure
- Customer Acceptance Policy
- Risk Classification of Customer Profile and Reporting to appropriate authority
- Monitoring of Transactions
- Customer Identification Procedure (CIP)
- Verify the status of the customer (legal status of legal customer/ entity) through proper and relevant documents.
- Verify that any person purporting to act on behalf of the customer, legal person/entity is so authorized. Verify the identity of such an authorized person.
- Understand the ownership and control structure of the customer and determine who are the natural persons who ultimately have control over management.
- The document(s) for verifying and establishing the identity of the customer or Referral Associates shall be those as prescribed by the FIU-IND/ Regulator(s), from time to time.
- The document(s) accepted for verifying and establishing the identity of the customer shall be latest
- All document(s) accepted as part of CIP, must be attested by the customer and counter signed by the concerned officer of GRUH with his name/ employee number on such documents.
- In case of a customer who intends to place a deposit, the relationship is established at the time of receipt of a completed application form from the prospective depositor.
- In case of a customer who intends to avail a loan, at the time the duly completed application form along with the processing fees is received from the prospective borrower.
- In case of a customer who intends to become a Deposit Referral Associate (DRA) and/or a GRUH Referral Associate (GRA) of GRUH, at the time a duly completed application form is received for enrollment.
- In case of a deposit customer, the financial transaction is said to have been carried out at the time the duly completed application form is acknowledged for acceptance/renewal of a deposit or a
duly completed application is received from a depositor for Loan Against Deposit (LAD) or request for a premature withdrawal of deposit is acknowledged.
- In case of a borrower, a financial transaction is said to have been carried out at the time of disbursing the first disbursement.
- Customer Acceptance Policy (CAP)
- Risk Classification of Customer Profiles
- Resident individuals.
- Public Limited Companies.
- Partnership firms with all resident partners
- Partnership Firms with NRI partners
- Private Limited Companies
- Politically exposed Persons (PEP) or family members and close relatives of PEPs.
- Monitoring of Transactions and maintenance and preservation of records
- all cash transactions of the value of more than rupees ten lac or its equivalent in foreign currency;
- all series of cash transactions integrally connected to each other which have been individually valued below rupees ten lac or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds an amount of ten lac rupees or its equivalent in foreign currency;
GRUH does not deal in cash for any of its business transactions except in recoveries of difficult borrower accounts. Therefore GRUH does not foresee any situation where any business transaction shall be carried out in cash in excess of Rs.10 lac, or more.
- all cross border wire transfers of the value of more than five lac rupees or its equivalent in foreign currency whether either the origin or destination of fund in India;
- all transactions involving receipts by non-profit organizations of rupees ten lac or its equivalent in foreign currency;
- all cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security or document has taken place facilitating the transaction;
- all suspicious transactions whether or not made in cash.
- Generation of Alerts
- Customer Due Diligence Procedure and sharing KYC information with Central KYC Records Registry (CKYCR).
- Internal Audit
- Reporting of the transactions to the designated agency :
- Responsibilities assigned to the personnel
- Education, Training and Information:
- Procedures Manual:
- Review of policy:
In case there is any difference in definitions, the definitions as provided in the PMLA, Rules as amended from time to time, shall prevail.
The Executive Director of GRUH has been appointed as the Designated Director in compliance of Rule 2(ba) of the Maintenance of Record Rules of the PMLA. The Designated Director shall be responsible to ensure overall compliance with the obligations imposed under Chapter 4 of the Act and the Rule/ Regulations thereunder. The Designated Director will ensure implementation and compliance of the policy framed from time to time.
The Company Secretary of GRUH has been appointed as the Principal Officer in compliance of Rule 2(f) of the Maintenance of Record Rules of the PMLA. The Principal Officer under the supervision and guidance of the Designated Director shall be responsible to ensure overall compliance with the obligations imposed under the Act and the Rule/ Regulations thereunder.
The Designated Director and Principal Officer will, inter-alia be responsible for :
The objective of KYC and AML policy of GRUH is to prevent GRUH from being used intentionally, or unintentionally, by criminal elements for money laundering activities or terrorism financing. KYC and AML procedures will also enable GRUH to know/understand GRUH’s customers and their financial dealing better, which in turn will help GRUH to manage the risks prudently.
The process of KYC and prevention of Money Laundering will be implemented through the following procedures:
The PMLA and its Rules thereunder inter alia requires HFC to identify its clients, verify their identity and obtain information on the purpose and intended nature of the business relationship. It also provides that HFCs shall identify the beneficial owner and take all reasonable steps to verify his identity.
The objective of establishing the identification of the customers is to:
The following factors shall take into account whilst framing norms relating to CIP.
The Customer Identification Procedure shall be carried out by verifying Identity of customer and Residence Proof of customer. The Designated Director /Principal Officer shall draw up the list of documents to be verified and collected for this purpose at the time of establishing a relationship with customer or while carrying out a financial transaction which are not in regular nature of business.
The Customer Identification Procedure is to be carried out at the following three stages i.e.
A. While establishing a relationship
B. While carrying out a financial transaction
C. Ongoing Monitoring of Customer Identification
The identification of the existing customers will be carried out by GRUH as under:
|Depositors||At the time of making the payment to Nominee or legal heirs|
|Borrowers||At the time of large prepayments made by 3rd party, change of bank account for repayment, at the time of loan closure within 6 months of disbursement or when a high value prepayment is effected by borrowers exceeding 10 lac.|
A. GRUH would verify the identity of the customer with proper adherence to Customer Identification procedure before accepting a duly completed application form for placement of deposit, issuing a sanction letter to a loan borrower, appointment letter to a Deposit Referral Associates (DRA) or GRUH Referral Associate (GRA). GRUH would accept customers only after verifying his/ her/ their identity with valid documents as prescribed by the FIU-IND/ Regulator(s), from time to time.
B. GRUH shall endeavor that no account is opened in anonymous or fictitious / benami name(s). GRUH shall also endeavor that no account is opened of a customer who has a criminal record or whose names is in the list of banned entities or list of terrorist individual/ organizations under UNSCR. The Designated Director / Principal Officer shall issue necessary guidelines to the retail offices in this regard so as to ensure that the relevant documents are taken to prevent that so as to satisfy that no account is opened in anonymous or fictitious / benami name(s).
C. Further, as per the PLMA guidelines, if in case, the customer does not provide full information as required for Customer Identification and Customer acceptance within 45 days of opening of the account, then GRUH would retain the right to close the account.
GRUH shall carry out risk assessment to identify, assess and take effective measures to mitigate its money laundering and terrorism financing risk for clients, countries or geographic areas, and products, services, transactions or delivery channels that is consistent with any national risk assessment conducted by a body or authority duly notified by the Central Government.
The information available from the customers to prove their identity and residence will determine the risk perception. However, for proper risk assessment of business relationship with customers, the customers are broadly classified as Low risk, Medium Risk and High Risk, based on the risk perceived. Low risk customers shall be those whose identity and source of wealth can be easily identified, while high risk will be those who will have to be subjected to additional due diligence.
Identification of class of Customers under various risk categories:
1. Low Risk:
Accounts of the following customers are categorized as Low Risk Profile Customers:
2. Medium Risk:
Accounts of the following customers is categorised as Medium Risk Profile Customers:
3. High Risk:
Accounts of the following customers is categorised as High Risk Profile Customers:
Every Heavy Cash Transactions and Suspicious Transaction Reports submitted to FIU-IND, required to be marked as ‘Medium Risk’ or ‘High Risk’.
The risk assessment mentioned in above, shall
(a) be documented;
(b) consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied;
(c) be kept up to date; and
(d) be available to competent authorities and self-regulating bodies.
Politically Exposed Persons (PEP)
As per the guidelines, GRUH shall exercise extra caution while dealing with Politically Exposed Persons. A Politically Exposed Persons (PEP) as explained by NHB in its circular dated April 10, 2006 and dated October 11, 2010 to HFCs means individuals who are or have been entrusted with prominent public functions in a foreign country, e.g. Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political officials, etc. The Designated Director / Principal Officer shall formulate necessary guidelines for dealing with Politically Exposed Persons since the risk associated in dealing with PEP is considered high as per the advice of NHB.
GRUH shall monitor and also maintain a record of a transaction of the deposit and loan accounts where there has been a receipt or payment in cash exceeding 10 lac per transaction; and also monitor and maintain record of deposits and loan accounts where there has been a series of cash transactions from the same customer during a month exceeding 10 lac.
GRUH shall maintain proper record of transactions as prescribed under Rule 3, of the Prevention of Money-Laundering (Maintenance of records of the nature and value of transactions, the procedure and manner of maintaining and time for furnishing information and verification and maintenance of records of the identity of the clients of the (Banking Companies, Financial Institutions and Intermediaries) Rules, 2005).
GRUH shall also maintain the record of all transactions including, the records of :
The Designated Director / Principal Officer shall formulate a procedure to ensure that monitoring of the required transactions take place at GRUH.
The retail offices are required to promptly submit the report on transactions as mentioned in (5) above to the Principal Officer within three days of the transaction.
As per Guidance note on effective process of STRs detection and reporting for Housing Finance sector issued by NHB on December 30, 2015, the Company will endeavour to enable IT platform/ Software in place for identification of the suspicious transactions. Based on the identified risk parameters the IT platform/ Software may generate automatic alerts which shall form basis for further investigation. This has led to divergent approaches in the process for generation of alerts and consequential reporting of suspicious transactions.
The Company can efficiently control and reduce their risk to a significant extent only if they have an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity attached with the client. The Company will endeavor to pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The Company may prescribe threshold limits for a particular category of clients and will endeavor to pay particular attention to the transactions which exceed these limits. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer would particularly attract the attention of the Company. Further the Company shall examine the background and purpose of transactions.
Alert generation is a process by which certain transactions are flagged on the basis of a set of pre-determined rules or scenarios to enable the KYC Committee to analyse and review the alerts and conclude whether a transaction is suspicious or not.
The process of generation of behaviour alerts and indicative alerts are part of KYC Procedural guidelines.
GRUH will endeavour to capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as the case may be. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide NHB(ND)/DRS/Policy Circular No.76/2016-17 dated November 1, 2016. The ‘live run’ of the CKYCR would start with effect from July 15, 2016 in phased manner beginning with new ‘individual accounts’. GRUH shall take the steps to prepare its systems for uploading the KYC data in respect of new individual accounts.
Storage & Retrieval of documents/ data:
GRUH would maintain for at least five years from the date of transaction between GRUH and the customer, all necessary records of the transactions, both domestic or international, which will permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.
GRUH would also ensure that records pertaining to the identification of the customer or beneficial owner and his address obtained while opening the account and during the course of business relationship are properly preserved for at least five years after the business relationship is ended or the account has been closed. The identification records and transaction data will be made available to the competent authorities upon request.
An independent evaluation of the controls of identifying high value transaction / suspicious transaction will be carried out on a regular basis by the internal auditor of GRUH.
Internal auditors will be assigned the responsibility to specifically scrutinize compliance of KYC norms and AML standards and comment on the effectiveness of the measures taken by branches in adoption of KYC norms and report lapses observed in this regard. Such compliance report will be placed before the Audit Committee of the Board of Directors of GRUH at quarterly intervals.
The Principal Officer shall report the cash transactions / suspicious transactions / counterfeit transactions to:
Financial Intelligence Unit- India,
6th Floor, Hotel Samrat,
New Delhi – 110021.
Reporting of transactions under KYC norms to FIU-IND
A. The report on the following transactions would be made by the 15TH of the succeeding month:
1. all cash transactions of the value of more than rupees ten lac or its equivalent in foreign currency;
2. all series of cash transactions integrally connected to each other which have been valued below rupees ten lac or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lac;
3. all cross border wire transfers of the value of more than five lac rupees or its equivalent in foreign currency whether either the origin or destination of fund is in India;
4. all transactions involving receipts by non-profit organizations of rupees ten lac or its equivalent in foreign currency.
Based on the information available with the Company and furnished to the Principal Officer, he shall ensure to submit a report every month to FIU-IND. NIL reports need not be submitted.
B. Report on the following transactions would be made within 7 days of reaching conclusion, that the transaction is of suspicious nature :
1. all cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security or document has taken place facilitating the transactions;
2. all suspicious transactions would be further scrutinised by the respective TMs / RMs / Head Office and if they are not satisfied, of the genuineness would be reported to the Principal Officer/KYC Committee. If they are also not satisfied as to the genuineness of the transaction, the Principal Officer would be asked to report the same to FIU-IND.
Principal Officer on behalf of GRUH will provide all the necessary help, to the authorities, such as NHB, Director FIU-IND for any further inquiries and clarifications or for any other purpose for which specific requisitions are made.
With a view to implement the KYC policies and procedures effectively and also to fix accountability for lapses and intentional circumvention of the prescribed procedures and guidelines, the responsibilities are delegated across the organization.
GRUH has issued pamphlets / literature on the KYC norms to educate the customers on the need to collect such information. GRUH has also printed literatures/pamphlets explaining the KYC norms, the procedures involved and the details to be collected from different category of customers to be used for educating the customers on the KYC norms. The literatures/pamphlets are updated to incorporate the changes in the KYC guidelines from time to time.
To sensitize staff towards the importance of KYC & AML procedure, GRUH has designed its training programme for new recruiters and existing staff in its training programme. GRUH maintain records of personnel deputed for such training internally or externally if need be. In addition, GRUH shall also endeavor to nominate few staff members for external training programme also.
GRUH has formulated procedure manuals for compliance of this policy.
GRUH’s Board will review the policy adopted for KYC and AML as and when required and recommend incorporation of suitable modifications / changes. Modifications in the policies as a result of the change in the NHB guidelines will be incorporated as required under the statute. All such changes /modifications will be reported to the Board for approval.