Know Your Customer (KYC) is a core regulatory requirement in banking. It refers to the process by which banks identify, verify, and understand their customers before and during the banking relationship. The main objective of KYC is to prevent misuse of the banking system for money laundering, terrorist financing, fraud, and other financial crimes.
Legal and Regulatory Framework of KYC in India
KYC in banks is governed by:
- Prevention of Money Laundering Act (PMLA), 2002
- Prevention of Money Laundering Rules, 2005
- RBI Master Direction – Know Your Customer (KYC) Directions
- FATF recommendations
Banks are classified as Reporting Entities and must strictly comply with KYC norms.
Objectives of KYC Policy
The KYC policy aims to:
- Establish the true identity of customers
- Understand the nature of customer’s business
- Assess risk associated with the customer
- Prevent money laundering and terrorist financing
- Protect banks from fraud and reputational risk
Key Components of KYC Policy
Customer Identification Program (CIP)
Customer Identification involves collecting and verifying Officially Valid Documents (OVDs) such as Aadhaar, Passport, PAN, Voter ID, or Driving Licence. Banks must ensure that the customer is who they claim to be.
Customer Due Diligence (CDD)
CDD means verifying the customer’s identity, address, and beneficial ownership. It also involves understanding the purpose of the account and expected transaction pattern.
CDD is conducted:
- At the time of account opening
- While carrying out certain transactions
- Periodically during the account relationship
Enhanced Due Diligence (EDD)
EDD is applied for high-risk customers, such as:
- Politically Exposed Persons (PEPs)
- Non-resident customers
- Trusts and complex ownership structures
- High-value or unusual transactions
EDD requires closer scrutiny and more frequent monitoring.
Risk-Based Approach Under KYC
Banks classify customers into:
- Low risk
- Medium risk
- High risk
Based on risk level, the intensity of monitoring and due diligence is decided. This risk-based approach is central to RBI’s KYC guidelines and is often tested in exams.
KYC Norms for Different Types of Customers
Banks must follow different KYC requirements for:
- Individuals
- Sole proprietors
- Partnership firms
- Companies
- Trusts and societies
- Non-resident customers
Each category requires identification of beneficial owners and authorised signatories.
Ongoing Monitoring and Periodic Updation
KYC is not a one-time exercise. Banks must:
- Monitor transactions continuously
- Update KYC records periodically
- Review customer risk profiles
- Identify unusual or suspicious transactions
Failure to update KYC can lead to restrictions on account operations.
Reporting Obligations Linked to KYC
If banks detect suspicious activity during KYC or monitoring, they must file:
- Suspicious Transaction Reports (STRs)
- Cash Transaction Reports (CTRs)
These reports are submitted to FIU-IND.
Customer Rights and KYC
While implementing KYC, banks must ensure:
- Customer convenience
- Data confidentiality
- No harassment or unnecessary documentation
- Clear communication of requirements
KYC should be non-discriminatory and transparent.
Penalties for KYC Non-Compliance
Non-compliance with KYC norms can result in:
- Monetary penalties imposed by RBI
- Regulatory action
- Reputational damage
- Legal consequences under PMLA