Notifications

NHB(ND)/DRS/POL-No-13/2006

April 10, 2006

 

 

TO ALL REGISTERED HOUSING FINANCE COMPANIES

Dear Sir,

'KNOW YOUR CUSTOMER' (KYC) GUIDELINES – ANTI MONEY LAUNDERING STANDARDS

 

1. Please refer to the guidelines regarding ‘Know Your Customer' norms issued by the National Housing Bank in terms of our Circulars No. (1) NHB(ND)/DRS/POL-No-02/2004-05 dated August 25, 2004 (2) NHB(ND)/DRS/POL-No-05/2004-05 dated September 23, 2004 and (3) NHB(ND)/DRS/POL-No-08/2004-05 dated March 31, 2005 wherein Housing Finance Companies(HFCs) were advised to follow certain customer identification procedure for opening of accounts and monitoring transactions of suspicious nature for the purpose of reporting it to appropriate authority.

2. The Recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering (AML) standards and on Combating Financing of Terrorism (CFT) standards have become the international benchmark for framing Anti Money Laundering and combating financing of terrorism policies by the regulatory authorities. Compliance with these standards both by the banks/financial institutions, including HFCs, has become necessary for international financial relationships. The Reserve Bank of India(RBI) has issued revised set of comprehensive ‘Know Your Customer' Guidelines to all Non-Banking Financial Companies (NBFCs), Miscellaneous Non-Banking Companies and Residuary Non-Banking Companies in the context of the recommendations made by the Financial Action Task Force(FATF) and Anti Money Laundering (AML) standards and combating financing of terrorism policies by the regulatory authorities and advised all NBFCs to adopt the same with suitable modifications depending on the activity undertaken by them and ensure that a proper policy framework on ‘KYC' and AML measures are formulated and put in place with the approval of their respective Boards. The ‘Know Your Customer' Guidelines issued by the National Housing Bank for HFCs have also been revisited in the above context and revised Guidelines on the subject have been drafted. The same are enclosed for strict compliance of the HFCs.

3. HFCs are advised to ensure that a proper policy framework on ‘Know Your Customer' and Anti-Money Laundering measures is formulated and put in place with the approval of the Board by June 30, 2006 . It may also be ensured that HFCs are fully compliant with the provisions of this circular before September 30, 2006 .

4. While preparing operational guidelines HFCs may keep in mind to treat the information collected from the customer for the purpose of opening of account as confidential and not divulge any details thereof for cross selling or any other purposes. HFCs may, therefore, ensure that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer should be sought separately with his /her consent and after opening the account.

5. HFCs should ensure that the provisions of Foreign Contribution and Regulation Act, 1976, wherever applicable, are adhered to strictly.

6. These guidelines are issued under the National Housing Bank Act and any contravention of or non-compliance with the same may attract penalties under the relevant provisions of the Act.

7. The reporting system in this regard will be finalised shortly and circulated to the HFCs for compliance.

Yours faithfully

(R. Bhalla)
General Manager
Department of Regulation & Supervision

Annexure to Circular- NHB(ND)/DRS/POL-No-13/2006
April 10, 2006

 

REVISED GUIDELINES ON ‘KNOW YOUR CUSTOMER' NORMS AND
ANTI-MONEY LAUNDERING MEASURES

 

'Know Your Customer' Standards

1. The objective of ‘KYC guidelines' is to prevent HFCs from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures also enable HFCs to know/understand their customers and their financial dealings better which in turn help them manage their risks prudently. HFCs should frame their KYC policies incorporating the following four key elements:
 (i) Customer Acceptance Policy;
(ii) Customer Identification Procedures;
(iii) Monitoring of Transactions; and
(iv) Risk management.

2. For the purpose of KYC policy, a ‘Customer' may be defined as:

  • a person or entity that maintains an account and/or has a business relationship with the HFC;
  • one on whose behalf the account is maintained (i.e. the beneficial owner);
  • beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors, etc. as permitted under the law, and
  • any person or entity connected with a financial transaction which can pose significant reputational or other risks to the HFC, say, a wire transfer or issue of a high value demand draft as a single transaction.

Customer Acceptance Policy (CAP)

3. HFCs should develop a clear Customer Acceptance Policy laying down explicit criteria for acceptance of customers.  The Customer Acceptance Policy must ensure that explicit guidelines are in place on the following aspects of customer relationship in the HFC:

 (i) No account is opened in anonymous or fictitious/benami name(s);

(ii) Parameters of risk perception are clearly defined in terms of the location of customer and his clients and mode of payments;

(iii) Volume of turnover, social and financial status, etc. to enable categorization of customers  into low, medium and high risk (HFCs may choose any suitable nomenclature, viz. level I, level II, level III etc.); customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs – as explained in Annex I)  may, if considered necessary, be categorised  even  higher;

(iv) Documentation requirements and other information to be collected  in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of PML Act, 2002 and guidelines issued from time to time;

(v) Not to open an account or close an existing account where the HFC is unable to apply appropriate customer due diligence measures, i.e. HFC is unable to verify the identity and /or obtain documents required as per the risk categorisation due to non co-operation of the customer or non reliability of the data/information furnished to the HFC. It may, however, be necessary to have suitable built-in safeguards to avoid harassment of the customer. For example, decision to close an account may be taken at a reasonably high level after giving due notice to the customer explaining the reasons for such a decision;

(vi) Circumstances, in which a customer is permitted to act on behalf of another person/entity, should be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by an intermediary in a fiduciary capacity, and

(vii) Necessary checks before opening a new account so as to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc.

4. HFCs may prepare a profile for each new customer based on   risk categorisation. The customer profile may contain information relating to the customer's identity, social/financial status, nature of business activity, information about his clients' business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by the HFC. However, while preparing customer profile the HFCs should take care to seek only such information from the customer which is relevant to the risk category and is not intrusive. The customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or any other purposes.

5. For the purpose of risk categorisation, individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, may be categorised as low risk.  Illustrative examples of low risk customers could be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments & Government owned companies, regulators and statutory bodies, etc.  In such cases, the policy may require that only the basic requirements of verifying the identity and location of the customer are to be met.

6. Customers that are likely to pose a higher than average risk to the HFC may be categorized as medium or high risk depending on  customer's background, nature and location of activity, country of origin,  sources of funds and his client profile, etc. HFCs may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence' for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence may include

(a) non-resident customers,
(b) high net worth individuals,
(c) trusts, charities, NGOs and organizations receiving donations,
(d) companies having close family shareholding or beneficial ownership,
(e) firms with 'sleeping partners',
(f) politically exposed persons (PEPs) of foreign origin,
(g) non-face to face customers, and
(h) those with dubious reputation as per public information available, etc.

7. It is important to bear in mind that the adoption of customer acceptance policy and its implementation should not become too restrictive and must not result in denial of housing finance companies' services to general public, especially to those, who are financially or socially disadvantaged.  

Customer Identification Procedure (CIP)

8. The policy approved by the Board of an HFC should clearly spell out the Customer Identification Procedure to be carried out at different stages, i.e. while establishing a relationship; carrying out a financial transaction or when the HFC has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data. Customer identification means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data or information. HFCs need to obtain sufficient information necessary to establish, to their satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship. Being satisfied means that the HFC must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place. Such risk based approach is considered necessary to avoid disproportionate cost to HFCs and a burdensome regime for the customers. Besides risk perception, the nature of information/documents required would also depend on the type of customer (individual, corporate etc). For customers that are natural persons, the HFCs should obtain sufficient identification data to verify the identity of the customer, his address/location, and also his recent photograph. For customers that are legal persons or entities, the HFC should

(i) verify the legal status of the legal person/ entity through proper and relevant documents

(ii) verify that any person purporting to act on behalf of the legal person/entity is so authorized and identify and verify the identity of that person and

(iii) understand the ownership and control structure of the customer and determine who are the natural persons who ultimately control the legal person.

9. Customer identification requirements in respect of a few typical cases, especially, legal persons requiring an extra element of caution are given in Annex-I for guidance of HFCs. HFCs may, however, frame their own internal guidelines based on their experience of dealing with such persons/entities, normal prudence and the  legal requirements as per established practices.  If the HFC decides to accept such accounts in terms of the Customer Acceptance Policy, the HFC should take reasonable measures to identify the beneficial owner(s) and verify his/her/their identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are. An indicative list of the nature and type of documents/information that may be relied upon for customer identification is given in the Annex-II.   

Monitoring of Transactions

10. Ongoing monitoring is an essential element of effective KYC procedures.  HFCs can effectively control and reduce their risk only if they have an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity.  However, the extent of monitoring will depend on the risk sensitivity of the account.  HFCs should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The HFC may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should particularly attract the attention of the HFC. Very high account turnover inconsistent with the size of the balance maintained may indicate that funds are being 'washed' through the account. High-risk accounts have to be subjected to intensified monitoring. Every HFC should set key indicators for such accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors.  HFCs should put in place a system of periodical review of risk categorization of accounts   and the need for applying enhanced due diligence measures.  HFCs should ensure that a record of transactions in the accounts is preserved and maintained as required in terms of section 12  of the PML Act, 2002. It may also be ensured that transactions of suspicious nature and/or  any other type of  transaction notified under section 12 of the PML Act, 2002, is reported to the appropriate law enforcement authority. 

11. HFCs should ensure that their branches continue to maintain proper record of all cash transactions (deposits and withdrawals) of Rs.10 lakh and above. The internal monitoring system should have an inbuilt procedure for reporting of such transactions and those of suspicious nature to controlling/head office on a fortnightly basis. 

  Risk Management

12. The Board of Directors of the HFC should ensure that an effective KYC programme is put in place by establishing appropriate procedures and ensuring their effective implementation.  It should cover proper management oversight, systems and controls, segregation of duties, training and other related matters.  Responsibility should be explicitly allocated within the HFC for ensuring that the housing finance companies' policies and procedures are implemented effectively. HFCs may, in consultation with their Boards, devise procedures for creating Risk Profiles of their existing and new customers and apply various Anti Money Laundering measures keeping in view the risks involved in a transaction, account or business relationship.

13. HFCs' internal audit and compliance functions have an important role in evaluating and ensuring adherence to the KYC policies and procedures.  As a general rule, the compliance function should provide an independent evaluation of the HFC's own policies and procedures, including legal and regulatory requirements. HFCs should ensure that their audit machinery is staffed adequately with individuals who are well-versed in such policies and procedures.  Concurrent/ Internal Auditors should specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard. The compliance in this regard may be put up before the Audit Committee of the Board at quarterly intervals.

14. HFCs must have an ongoing employee training programme so that the members of the staff are adequately trained in KYC procedures. Training requirements should have different focuses for frontline staff, compliance staff and staff dealing with new customers. It is crucial that all those concerned fully understand the rationale behind the KYC policies and implement them consistently.

Customer Education

15.  Implementation of KYC procedures requires HFCs to demand certain information from customers which may be of personal nature or which has hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information. There is, therefore, a need for HFCs to prepare specific literature/ pamphlets, etc. so as to educate the customer on the objectives of the KYC programme. The front desk staff needs to be specially trained to handle such situations while dealing with customers.

 Introduction of New Technologies

16.   HFCs should pay special attention to any money laundering threats that may arise from new or developing technologies including on-line transactions that might favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes.

KYC for the Existing Accounts

17.  HFCs were advised, vide our circular NHB(ND)/DRS/Pol-No.02/2004-05 dated August 25, 2004 to apply the KYC norms to all the  existing customers in a time bound manner. While the revised guidelines will apply to all new customers, HFCs should apply the same to the existing customers on the basis of materiality and risk.  However, transactions in existing accounts should be continuously monitored and any unusual pattern in the operation of the account should trigger a review. It may, however, be ensured that all the existing accounts of companies, firms, trusts, charities, religious organizations and other institutions are subjected to minimum KYC standards which would establish the identity of the natural/legal person and those of the 'beneficial owners'. HFCs may also ensure that term/recurring deposit accounts or accounts of similar nature are treated as new accounts at the time of renewal and subjected to revised KYC procedures.

18. Where  the HFC is unable to apply appropriate KYC measures due to non-furnishing of information and /or non-cooperation by the customer,  the HFC may consider closing the account or terminating the business relationship after issuing due notice to the customer explaining the reasons for taking such a decision. Such decisions need to be taken at a reasonably senior level.

Applicability to branches and subsidiaries outside India

19. The above guidelines shall also apply to the branches and majority owned subsidiaries located abroad, especially, in countries which do not or insufficiently apply the FATF Recommendations, to the extent local laws permit. When local applicable laws and regulations prohibit implementation of these guidelines, the same should be brought to the notice of National Housing Bank and RBI.

Appointment of Principal Officer

20. HFCs may appoint a senior management officer to be designated as ‘Principal Officer'. Principal Officer shall be located at the head/corporate office of the HFC and shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. He will maintain close liaison with enforcement agencies, HFCs and any other institution which are involved in the fight against money laundering and combating financing of terrorism. It should also be ensured that there is proper system of fixing accountability for serious lapses and intentional circumvention of prescribed procedures and guidelines.

Maintenance of records of transactions

21. HFCs should introduce a system of maintaining proper record of transactions prescribed under Rule 3, of the Prevention of Money-Laundering and value of transactions, the procedure and manner of maintaining and verification and maintenance of records of the identity of the clients of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005, as mentioned below:

•  all cash transactions of the value of more than rupees ten lakh or its equivalent in foreign currency;

•  all series of cash transactions integrally connected to each other which have been valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakh;

•  all cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place;

•  all suspicious transactions whether or not made in cash and by way of as mentioned in the Rules.

Information to be preserved

22. HFCs are required to maintain the following information in respect of transactions referred to in Rule 3:

•  the nature of the transactions;

•  the amount of the transaction and the currency in which it was denominated;

•  the date on which the transaction was conducted; and

•  the parties to the transaction.

Maintenance and Preservation of records

23. HFCs should take appropriate steps to evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities. Further, HFCs should maintain for at least ten years from the date of cessation of transaction between the bank and the client, all necessary records of transactions, both domestic or international, which will permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.

HFCs should ensure that records pertaining to the identification of the customer and his address (e.g. copies of documents like passports, identity cards, driving licenses, PAN, utility bills etc.) obtained while opening the account and during the course of business relationship, are properly preserved for at least ten years after the business relationship is ended. The identification records and transaction data should be made available to the competent authorities upon request.

Reporting to Financial Intelligence Unit-India

24. It is advised that in terms of the PMLA rules, HFCs are required to report information (formats will be sent to HFCs shortly) relating to cash and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:

Director, FIU-IND,
Financial Intelligence Unit-India,
6 th Floor, Hotel Samrat,
Chanakyapuri,
New Delhi-110021

Annex-I

CUSTOMER IDENTIFICATION REQUIREMENTS
INDICATIVE GUIDELINES

Trust/Nominee or Fiduciary Accounts

1. There exists the possibility that trust/nominee or fiduciary accounts can be used to circumvent the customer identification procedures. HFCs should determine whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary.  If so, HFCs may insist on receipt of satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also obtain details of the nature of the trust or other arrangements in place.  While opening an account for a trust, HFCs should take reasonable precautions to verify the identity of the trustees and the settlors of trust (including any person settling assets into the trust), grantors, protectors, beneficiaries and signatories.  Beneficiaries should be identified when they are defined.  In the case of a 'foundation', steps should be taken to verify the founder managers/directors and the beneficiaries, if defined. 

Accounts of companies and firms

2. HFCs need to be vigilant against business entities being used by individuals as a ‘front' for maintaining accounts with HFCs. HFCs should examine the control structure of the entity, determine the source of funds and identify the natural persons who have a controlling interest and who comprise the management. These requirements may be moderated according to the risk perception, e.g. in the case of a public company it will not be necessary to identify all the shareholders.

Client accounts opened by professional intermediaries

3. When the HFC has knowledge or reason to believe that the client account opened by a professional intermediary is on behalf of a single client, that client must be identified. HFCs may hold 'pooled' accounts managed by professional intermediaries on behalf of entities like mutual funds, pension funds or other types of funds.  Where the HFCs rely on the 'customer due diligence' (CDD) done by an intermediary, they should satisfy themselves that the intermediary is regulated and supervised and has adequate systems in place to comply with the KYC requirements. It should be understood that the ultimate responsibility for knowing the customer lies with the HFC.

Accounts of Politically Exposed Persons (PEPs) resident outside India  

4. Politically exposed persons are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g. Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.  HFCs should gather sufficient information on any person/customer of this category intending to establish a relationship and check all the information available on the person in the public domain. HFCs should verify the identity of the person and seek information about the sources of funds before accepting the PEP as a customer. The decision to open an account for PEP should be taken at a senior level which should be clearly spelt out in Customer Acceptance Policy. HFCs should also subject such accounts to enhanced monitoring on an ongoing basis. The above norms may also be applied to the accounts of the family members or close relatives of PEPs.  

Accounts of non-face-to-face customers

5. In the case of non-face-to-face customers, apart from applying the usual customer identification procedures, there must be specific and adequate procedures to mitigate the higher risk involved. Certification of all the documents presented may be insisted upon and, if necessary, additional documents may be called for. In the case of cross-border customers, there is the additional difficulty of matching the customer with the documentation and the HFC may have to rely on third party certification/introduction. In such cases, it must be ensured that the third party is a regulated and supervised entity and has adequate KYC systems in place.

Annex-II

CUSTOMER IDENTIFICATION PROCEDURE
FEATURES TO BE VERIFIED AND DOCUMENTS THAT MAY BE OBTAINED FROM CUSTOMERS

Features
Documents

Individuals

- Legal name and any other names used 

(i) Passport  (ii) PAN card (iii) Voter's Identity Card (iv) Driving license

(v) Identity card (subject to the HFC's satisfaction) (vi) Letter from a recognized public authority or public servant verifying the identity and residence of the customer to the satisfaction of HFC

- Correct permanent address

(i) Telephone bill (ii) Account statement (iii) Letter from any recognized public authority

(iv) Electricity bill (v) Ration card

(vi) Letter from employer (subject to satisfaction of the HFC)

( any one document which provides customer information to the satisfaction of the HFC will suffice )   

Companies

- Name of the company
- Principal place of business
- Mailing address of the company
- Telephone/Fax Number

(i) Certificate of incorporation and Memorandum & Articles of Association (ii) Resolution of the Board of Directors to open an account and identification of those who have authority to operate the account (iii) Power of Attorney granted to its managers, officers or employees to transact business on its behalf (iv) Copy of PAN allotment letter (v) Copy of the telephone bill

Partnership Firms

- Legal name
- Address
- Names of all partners and their addresses
- Telephone numbers of the firm and partners

(i) Registration certificate, if registered (ii) Partnership deed (iii) Power of Attorney granted to a partner or an employee of the firm to transact business on its behalf (iv) Any officially valid document identifying the partners and the persons holding the Power of Attorney and their addresses (v) Telephone bill in the name of firm/partners

Trusts & F oundations

- Names of trustees, settlers, beneficiaries and signatories
- Names and addresses of the founder, the managers/directors and the beneficiaries
- Telephone/fax numbers

(i) Certificate of registration, if registered (ii) Power of Attorney granted to transact business on its behalf (iii) Any officially valid document to identify the trustees, settlers, beneficiaries and those holding Power of Attorney, founders/managers/ directors and their addresses (iv) Resolution of the managing body of the foundation/association (v) Telephone bill