.svg)
The Reserve Bank of India (RBI) has added new updates to its know your customer (KYC) guidelines, in an effort to ease compliance with anti-money laundering (AML) legislation.
Last week, the RBI published an updated version of its Master Direction on KYC, marking the 14th round of amendments since the guidelines were first published in 2016.
With the publication of the guidelines on the RBI’s official website, the latest amendments come into force with immediate effect.
The RBI’s Master Direction on KYC is designed to help regulated financial institutions (FIs) comply with the Prevention of Money-Laundering Act 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules 2005.
A key aim of the latest amendments to the Master Direction is to streamline and simplify the customer verification process among regulated FIs, including banks and payment service providers (PSPs).
Under the new guidelines, customers who have previously completed KYC are no longer required to undergo the process again when opening new accounts or accessing additional services from the same FI.
The new amendments also provide further details on how regulated FIs are expected to make use of the Central KYC Records Registry (CKYCR).
Under India’s AML legislation, the CKYCR is defined as a government entity that is authorised to “receive, store, safeguard and retrieve KYC records in digital form”.
Since 2016, FIs have been required to make use of the CKYCR in a phased manner, beginning with new account openings for individual customers.
Since January 2017, scheduled commercial banks (SCBs) have been required to upload the KYC data of all new individual accounts to the CKYCR.
The same rules came into effect for other regulated entities from April 2017 onwards, and from April 2021 onwards, the same rules were applied to newly opened accounts for legal entities.
In previous updates to the Master Direction on KYC, the requirement for firms to upload this data to the CKYCR was expanded to all accounts, including existing accounts.
FIs were expected to “incrementally” upload all KYC records, including those of accounts opened prior to the introduction of the new rules.
News rules on periodic updating of KYC
In the latest amendments, the RBI also provides further details on how firms are required to handle the mandatory periodic updating of KYC information, and its uploading to the CKYCR.
The amendments are designed to help firms understand what action is required, based on the lifespan of each customer and their responses to periodic KYC checks.
In previous updates, the RBI introduced a tiered approach to the periodic updating of KYC information, based on customer risk.
For high-risk customers, FIs are now required to conduct KYC checks every two years; for medium-risk customers, every eight years; and for low-risk customers, every ten years.
The latest update makes clear that firms are not required to re-submit KYC information if nothing has changed since the previous check or since the customer opened the account.
Firms should only upload new “records”, “information” or “identification documents” to the database if the customer’s KYC information has changed, or if the validity of their documents has elapsed.
Firms should also upload new information if they notice that the existing KYC record of the customer is either incomplete or does not meet the KYC norms outlined elsewhere in the Master Direction.
Mismatches or incomplete KYC information should be visible to firms when they retrieve the existing data on each customer from the CKYCR, as is required during periodic updating checks.
Finally, firms may upload new information if they consider it necessary to verify the identity or address of the customer, to perform enhanced due diligence or to build an appropriate risk profile of the customer.
