🛂 KYC Norms in Banking — RBI KYC Directions, OVD List, Beneficial Owner
RBI KYC Directions 2026, Beneficial Owner criteria (10%/15%/25% threshold), Officially Valid Documents (OVD) list, CDD & EDD procedures, and Customer types.
KYC Directions of RBI
The Know Your Customer (KYC) guidelines are a set of directions issued by the RBI preventing banks from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities.
These directions are applicable to all banks working in India. Crucially, they also apply to branches and majority-owned subsidiaries of Indian banks located abroad. A key rule for international operations is the "Stricter Rule" principle: if there is a variance between local host country regulations and RBI's KYC directions, the bank must adopt the more stringent regulation of the two.
The Purpose of KYC Guidelines
The RBI's KYC guidelines exist to achieve three interlocking objectives: (1) obtain introductions for new customers so that no fictitious or anonymous person enters the banking system, (2) ensure that customers have sufficient funds consistent with their declared profile, and (3) prevent money laundering and terrorist financing while reducing the risk to the financial system. Before the KYC framework existed, banks relied informally on introductions through existing members who personally knew the customer — a practice replaced by the structured CIP we use today.
Pro Content Locked
Upgrade to Pro to access this lesson and all other premium content.
₹99 charged monthly · Cancel anytime
- All Agriculture & Banking Courses
- AI Lesson Questions (100/day)
- AI Doubt Solver (50/day)
- Glows & Grows Feedback (30/day)
- AI Section Quiz (20/day)
- 22-Language Translation (100/day)
- Recall Questions (20/day)
- AI Quiz (15/day)
- AI Quiz Paper Analysis (100/day)
- AI Step-by-Step Explanations (100/day)
- Spaced Repetition Recall (FSRS)
- AI Tutor
- Immersive Text Questions
- Audio Lessons — Hindi & English
- Mock Tests & Previous Year Papers
- Summary & Mind Maps
- XP, Levels, Leaderboard & Badges
- Generate New Classrooms
- Voice AI Teacher (AgriDots Live)
- AI Revision Assistant
- Knowledge Gap Analysis
- Interactive Revision (LangGraph)
🔒 Secure via Razorpay · Cancel anytime · No hidden fees
KYC Directions of RBI
The Know Your Customer (KYC) guidelines are a set of directions issued by the RBI preventing banks from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities.
These directions are applicable to all banks working in India. Crucially, they also apply to branches and majority-owned subsidiaries of Indian banks located abroad. A key rule for international operations is the "Stricter Rule" principle: if there is a variance between local host country regulations and RBI's KYC directions, the bank must adopt the more stringent regulation of the two.
The Purpose of KYC Guidelines
The RBI's KYC guidelines exist to achieve three interlocking objectives: (1) obtain introductions for new customers so that no fictitious or anonymous person enters the banking system, (2) ensure that customers have sufficient funds consistent with their declared profile, and (3) prevent money laundering and terrorist financing while reducing the risk to the financial system. Before the KYC framework existed, banks relied informally on introductions through existing members who personally knew the customer — a practice replaced by the structured CIP we use today.
Primary Sources of ML/TF Risk
When assessing risk, a bank looks at three primary factors: the country of incorporation of the customer (jurisdictions on FATF grey/black lists carry higher risk), the nature of the products/services the customer uses (trade finance, correspondent banking, private banking carry higher risk than a savings account), and the place of the branch where the relationship originates. All three must be combined when categorising a customer as low, medium, or high risk.
Money Mule Accounts
Bank shall strictly adhere to instructions to minimize the operations of 'Money Mules' used by criminals to launder fraud proceeds (e.g., phishing) by illegally accessing deposit accounts via recruiting third parties.
Remittances
Any remittance of funds (like demand draft, NEFT, IMPS) and issue of travellers' cheques for a value of ₹50,000 and above must be effected by debit to the customer's account or against cheques, and not against cash payment.
This rule exists to ensure traceability. By forcing the transaction to be funded from an account or cheque, the bank ensures there is a digital "paper trail" linking the money to a known customer identity. This prevents criminals from converting large amounts of unaccounted "black money" (cash) into legitimate banking instruments anonymously.
Beneficial Owner
A Beneficial Owner (BO) refers to the natural person(s) who ultimately owns or controls a customer — either individually, or through one or more intermediary entities. A BO has controlling ownership interest or exercises control over an entity through other means such as appointing a majority of directors, controlling shareholder/management rights, or entering agreements that confer control. Identifying them is critical to prevent the misuse of corporate vehicles for illicit purposes.
The specific criteria for identifying a Beneficial Owner depend on the type of legal entity:
| Entity Type | Beneficial Ownership Threshold |
|---|---|
| Company | The natural person(s) acting alone or together, engaged in one or more judicial persons, having a controlling ownership interest of more than 10% of the shares, capital, or profits. |
| Partnership Firm | The natural person(s) who has ownership of/entitlement to more than 10% of capital or profits of the partnership. |
| Unincorporated Association / Body of Individuals | The natural person(s) who has ownership of/entitlement to more than 15% of the property, capital, or profits. |
| Trust | Identification shall include the author of the trust, the trustee, the beneficiaries with 10% or more interest, and any other natural person exercising ultimate effective control. |
The 10% vs 15% vs 25% History
The current 10% threshold for companies and partnerships did not always exist. Previously, the controlling-ownership-interest threshold was 15%, but it was reduced to 10% after the 04 September 2023 amendment to the PMLA Rules.[1][2] For context, FATF Recommendation 24 recommends a maximum threshold of 25% for determining controlling ownership — India has deliberately adopted a stricter (lower) 10% standard, ensuring it goes beyond the bare minimum of FATF's guidelines.
CDD for Entities — Required Documents
When opening an account for a non-individual customer, the bank collects a specific package of documents designed to establish legal existence, authority, and beneficial ownership:
| Entity | Documents Required |
|---|---|
| Company | Certificate of incorporation; Memorandum and Articles of Association; Board resolution; Power of Attorney of managers/officers; OVD of the authorised person |
| Partnership Firm | Registration certificate; Partnership deed; OVD of person holding attorney to transact on behalf |
| Trust | Registration certificate; Trust deed; OVD of person holding attorney to transact on behalf |
| Hindu Undivided Family (HUF) | Proof of identity & address of Karta; Joint Hindu Family letter signed by all adult coparceners; PAN or Form 60 of the HUF. (A separate "Declaration from the Karta" is not a prescribed document.) |
| Unincorporated Association / Body of Individuals | Resolution from managing body; Power of Attorney granted to transact on behalf; Information on legal existence of the association/body |
| Proprietary Concern | OVD of the proprietor; Registration certificate; Municipal trade licence / Shop Act; Income Tax returns / GST certificate; Certificate from Tax authorities; Utility bills |
CDD at UCIC Level (New RBI Mandate)
Customer Due Diligence is now conducted at the Unique Customer Identification Code (UCIC) level, not per-account. This means: if an existing customer is already KYC-compliant, no fresh CDD is required when they open another account or avail any other product or service from the same entity. This streamlined process eliminates duplication of identification effort for existing customers.
Designated Director and Principal Officer
To ensure accountability, banks must appoint key officials responsible for compliance with the Prevention of Money-Laundering (PML) Act:
- Designated Director: This is a person nominated by the Appointing Authority (Board) to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and Rules. Think of them as the board-level strategic overseer.
- Principal Officer: This is the officer at the management level responsible for the operational aspect: furnishing information to authorities, ensuring day-to-day compliance, monitoring transactions, and filing reports as required by law.
Officially Valid Document (OVD)
To prove identity, customers must submit an "Officially Valid Document".
a) The List of 6 OVDs
As per Government notifications, there are exactly six documents classified as OVDs:
- Passport
- Driving Licence
- Proof of possession of Aadhaar number
- Voter's Identity Card (issued by the Election Commission of India)
- NREGA job card (duly signed by an officer of the State Government)
- Letter issued by the National Population Register (containing details of name and address)
b) Proof of Address Exceptions
Sometimes, a customer might have a valid ID that does not reflect their current address (e.g., a migrant worker). In such cases:
- Deemed OVDs: Customers can submit utility bills (electricity, telephone, gas, water) that are not more than two months old or property tax receipts. These are accepted solely as proof of address.
- Time Limit: If such a document is used, the customer must submit a full OVD with the current address within three months.
c) Aadhaar Nuance
Providing an Aadhaar number is not mandatory for general KYC purposes. However, it is mandatory if the customer wishes to receive any benefit or subsidy under Government schemes (Direct Benefit Transfer).
d) Status of the PAN Card
A question students routinely get wrong: PAN is mandatory, but it is no longer classified as an OVD (Officially Valid Document) for proof of identity. Under PMLA guidelines, the Permanent Account Number is not listed in the six OVDs — yet, basis SEBI circular, PAN remains a mandatory document to be provided by an investor for opening a Demat and Trading Account. In addition, the Central KYC Registry (CKYCR) notifications dated January 10, 2020 and July 07, 2020 revised and implemented the KYC template for individuals to align it with extant PMLA requirements.
e) Simplified Measures for Verifying Address Proof
When the standard OVD does not carry the customer's current address, banks may accept additional documents as deemed OVDs purely for address verification:
- Utility bills not more than two months old issued by service providers (electricity, telephone, post-paid mobile, piped gas, or water bills).
- Property or Municipal Tax receipt.
- Bank account or Post Office savings bank account statement.
- Pension or family pension payment orders (PPOs) issued by Government Departments or Public Sector Undertakings, if they contain the address.
- Letter of allotment of accommodation from the employer issued by State/Central Government, Statutory / Regulatory Bodies, PSUs, Scheduled Commercial Banks, Financial Institutions, and listed companies — also lease/licence agreements with such employers allotting official accommodation.
- Documents issued by Government departments of foreign jurisdictions or letters issued by foreign Embassies / Missions in India.
Suspicious Transaction
Transactions that raise red flags must be handled carefully.
a) Definition: A suspicious transaction is one that gives rise to a reasonable ground of suspicion that it may involve proceeds of an offense (money laundering/terrorism financing), regardless of the value involved. Even a small amount can be suspicious if the pattern is irregular.
b) The "Tip-off" Rule: If a bank suspects money laundering or terrorist financing, it must be careful not to alert the criminal. If the bank believes that performing the Customer Due Diligence (CDD) process will tip off the customer, it should stop the CDD process. Instead of confronting the customer, the bank must immediately file a Suspicious Transaction Report (STR) with the FIU-IND (Financial Intelligence Unit - India).
Key Definitions
- Customer: In the context of KYC, a customer is not just the account holder. It includes any person engaged in a financial transaction with the bank and, importantly, the person on whose behalf the transaction is being carried out (the beneficial owner).
- Walk-in Customer: A person who performs a transaction (like a cash deposit or draft issuance) but does not have an account-based relationship with the bank.
- Shell Bank: A bank that has no physical presence in the country where it is incorporated and is not affiliated with a regulated financial group. These are considered high-risk and are generally prohibited from establishing correspondent banking relationships.
Know Your Customer (KYC) Policy
Every bank must have a KYC policy approved by the Board of Directors. This policy must encompass four key pillars:
- Customer Acceptance Policy (CAP): Criteria for who the bank will (and will not) accept as a customer.
- Customer Identification Procedures (CIP): The actual process of verifying identity using documents and data.
- Monitoring of Transactions: Ongoing surveillance to detect anomalies.
- Risk Management: Procedures for identifying and managing the ML/TF risks associated with customers.
Customer Acceptance Policy (CAP) — What Must Be Included
The CAP defines the bank's "red lines" at onboarding. A sound CAP must include:
- No anonymous accounts: Accounts must not be opened in anonymous, fictitious, or benami names.
- Risk perception criteria: Risk parameters must be clearly defined, considering factors such as nature of business activity, customer location, client base, payment modes, volume of turnover, and the customer's social and financial status.
- Document collection policy: Different categories of customers require specific documents and information based on perceived risk — calibrated to PML Act, PML Rules, and RBI guidelines.
- Due diligence rule: Accounts should not be opened if the bank is unable to apply appropriate CDD measures.
- Acting on behalf of another: The circumstances under which a customer is permitted to act on behalf of another person must be clearly defined in line with established banking laws.
- Sanction Lists Check: The identity of every customer must be checked against any individual or entity listed in sanction lists circulated by the RBI (see UN Sanctions Lists section below).
- Not overly restrictive: The CAP must not deny banking facilities to members of the general public — especially those who are financially or socially disadvantaged (e.g., minorities, the illiterate, or economically weaker sections). Financial inclusion is a parallel duty.
Risk Assessment & Categorization
Banks cannot treat all customers equally; they must adopt a Risk-Based Approach (RBA).
- Risk Categorization: Customers must be categorized into Low, Medium, and High risk buckets based on the bank's assessment of their location, nature of business, and profile.
- Periodic Review: This risk assessment is not a one-time event. The Board must review the risk assessment strategy at least annually.
Customer Due Diligence (CDD)
CDD is the process of identifying and verifying the customer and the beneficial owner.
When CIP Must Be Carried Out
Customer Identification Procedure is not a one-time event at account opening. It must be performed:
- While establishing a banking relationship or during financial transactions.
- When there is doubt about the authenticity or adequacy of existing customer data.
- When selling third-party products as agents.
- When selling the bank's own products or making payments for credit cards, prepaid cards, or travel cards — and for any product over the non-account-based threshold for walk-in (non-account-holder) customers of ₹50,000 or more.
- When there is suspicion that a customer is intentionally structuring transactions below the ₹50,000 threshold.
Mandatory CIP Thresholds
While banks know their account holders, they must also perform full Customer Identification Procedures (CIP) for certain specific situations involving amounts of ₹50,000 or more:
- Third-Party Products: When selling third-party products (like insurance or mutual funds) for over ₹50,000.
- Walk-in Customers: any transaction (single or connected) by a non-account holder exceeding ₹50,000.
- Structuring: This is a critical anti-avoidance rule. If a customer intentionally breaks down a large transaction into smaller ones (e.g., four deposits of ₹40,000) to stay below the ₹50,000 threshold, this is called "structuring" and must be detected and reported.
E-KYC & Simplified Measures for Low-Risk Customers
For individuals, the bank must obtain one certified copy of an OVD containing details of the customer's identity and address, collect one recent photograph, and any additional documents relating to the customer's business and financial status. The e-KYC service of UIDAI can be accepted as a valid process for KYC verification under the PML Rules. For low-risk category customers, simplified measures may be applied and it is sufficient to obtain a certified copy of any one document deemed as an OVD for proof of identity.
Digital KYC Modes
In the digital age, physical documents aren't always necessary.
1. Aadhaar OTP Based e-KYC (Non-Face-to-Face)
This allow account opening via an OTP sent to the Aadhaar-linked mobile number. Since it is non-face-to-face, it carries higher risk and thus comes with strict limitations:
| Feature | Limit / Requirement |
|---|---|
| Aggregate Balance | Shall not exceed ₹1 Lakh at any point. |
| Total Credits | Total money credited shall not exceed ₹2 Lakh in a Financial Year. |
| Term Loans | Only allowed up to ₹60,000 in a year. |
| Validity | This is a temporary measure. The account is valid for only one year. |
| Requirement | Full CDD (biometric or physical) must be completed within 1 year, or the account must be closed. |
2. Video-Based Customer Identification Process (V-CIP)
This is a full-fledged equivalent to face-to-face KYC — a process conducted by an official of the Regulated Entity (RE) whereby the customer's live photo is captured and identification information is obtained. The RE must record the video as necessary documentation of the CIP process.
V-CIP must satisfy every one of the following requirements:
- PAN Verification: The PAN details must be verified against the issuing authority's database.
- Live Geo-tagging: The customer's live location (GPS coordinates) must be captured during the video to confirm they are physically present in India.
- Photo & Details Match: The customer's photograph in the Aadhaar/PAN must match the person undertaking the V-CIP, and the identification details in Aadhaar/PAN must match the details provided by the customer.
- Offline Aadhaar Verification: If using offline Aadhaar verification with an XML file or QR code, the generation date must not be older than 3 days from the date of carrying out V-CIP.
- Concurrent Audit: All accounts opened via V-CIP must undergo a concurrent audit to ensure the process integrity — accounts are made operational only after being subject to this audit.
3. Digital KYC
Digital KYC involves capturing a live photo of the customer along with an officially valid document and recording the latitude and longitude of the location where the photo is taken, by an authorised officer of the RE.
4. Equivalent e-Document
An equivalent e-document means an electronic document issued by an issuing authority with a valid digital signature, including documents issued to the customer's informed consent digital locker (such as DigiLocker).
Third-Party Verification Records
If a bank conducts customer due diligence through a third-party agency, it should obtain the records of the due diligence carried out by that third party within a period of 2 days from the third party or from the Central KYC Records Registry.
Features of Small Account
If an individual desires to open a bank account but does not possess any of the 6 OVDs (or applicable documents for the simplified procedure), the bank can open a 'Small Account' for them. This is a measure for financial inclusion, but it comes with strict limitations to prevent money laundering risks:
- Credit Limit: The total money credited to the account in a financial year must not exceed ₹1 Lakh.
- Withdrawal Limit: The total withdrawals and transfers in a month must not exceed ₹10,000.
- Balance Cap: The balance in the account at any point in time must not exceed ₹50,000.
- Opening Process: A Small Account can be opened using a self-attested photograph and a signature or thumbprint. The designated officer of the bank certifies that the signature/thumbprint was affixed in their presence.
- Validity: The account is initially valid for 12 months. It can be extended for another 12 months only if the account holder provides proof of applying for a valid OVD within the first 12 months. After 24 months, the bank formally reviews whether to continue the relaxation.
Operational Restrictions on Small Accounts
Small Accounts are heavily ring-fenced to prevent misuse:
- CBS-linked branches only: Small accounts can be opened only at Core Banking Solution (CBS) linked branches or at branches where foreign remittances can be monitored.
- Suspicion trigger: If there is any suspicion of money laundering or terrorism financing, the customer's identity must be verified with OVDs immediately.
- Foreign remittances blocked: Foreign remittances cannot be credited to a small account until the customer's identity is fully established through OVDs.
Special Case for Prisoners: If a prisoner in jail wishes to open an account, they can do so by affixing their signature or thumb mark in the presence of the officer-in-charge of the jail, who must certify the signature/thumb mark and provide proof of identity and an attested copy of address. These three conditions — signature/thumb mark affixed before the officer, certification by the officer, and officer-issued address proof — are all required. To keep the account operational, the bank requires continued proof of address from that officer.
Risk Management & KYC Updation
KYC is not a one-time process; it requires On-going Due Diligence. Banks must align their monitoring intensity with the customer's risk profile.
Periodic Review
The bank must have a system to review the risk categorization of accounts at least once every six months. A customer who was "Low Risk" initially might become "High Risk" based on transaction patterns.
Periodic Updation (Re-KYC)
Banks are required to update KYC documents and information based on the risk category:
- High-Risk Customers: At least once every two years.
- Medium-Risk Customers: At least once every eight years.
- Low-Risk Customers: At least once every 10 years.
Address Updates: If a low-risk customer only needs to change their address, they can submit a self-declaration through registered channels (like net banking). The bank must then verify this declarations via positive confirmation within two months (e.g., sending a letter to the new address).
Intimations & Reminders: Banks cannot just freeze accounts without warning. They must follow a strict timeline:
- Advance Intimation: Give at least 3 advance notices before the due date (one must be by letter).
- Post-Due Reminders: If the customer fails to comply, send at least 3 reminders after the due date (one must be by letter).
Low-Risk Re-KYC: For low-risk customers, no fresh identity and address proofs are required during periodic updates, provided there are no changes — a self-certification from the customer is sufficient. Fresh photographs must be obtained from minor customers when they reach the age of majority.
Freezing & Closure of Non-Compliant Accounts
If a customer fails to comply with Re-KYC despite repeated reminders, the bank follows a graded penalty process — it cannot simply close the account on day one:
| Step | Action |
|---|---|
| 1. Partial Freezing | Impose partial freezing on the account in phases. |
| 2. Process | A three-month notice is given to the customer to comply, followed by a reminder for an additional three months. |
| 3. During Partial Freeze | Credits are allowed but debits are disallowed — the account can still be closed by the customer. |
| 4. Six-Month Deadline | If non-compliance persists after six months of partial freezing, the bank will disallow both debits and credits, rendering the account inoperative. |
| 5. Account Closure | After the above steps, the bank may close the account of the non-compliant customer, with the decision being made at a senior level. |
| 6. STR Filing | If the bank is no longer satisfied with the customer's identity, it must file a Suspicious Transaction Report (STR). |
Simplified Norms for Self-Help Groups (SHGs)
- KYC for members not required: For opening a savings bank account of an SHG, KYC verification of all the members of the SHG is not required; verifying the identity of the office bearers alone is sufficient.
- Credit linking: No separate KYC of the SHG members or office bearers is required when the SHG is credit-linked.
- Document requirements: The RBI has simplified this process, and no other documents need be obtained except what is specified.
Accounts of Foreign Students
Foreign students studying in India can open Non-Resident Ordinary (NRO) accounts — not NRE, NRNR, or SNRR — using their passport (with visa/immigration endorsement), proof of identity, and a university admission letter from the educational institution in India.
However, since they might not have a local address immediately:
- 30-Day Window: They must provide a local address declaration within 30 days of opening the account, after which the bank verifies it.
- Restrictions: Until the local address is verified, the account has strict limits:
- Foreign remittances credited cannot exceed USD 1,000 (or equivalent).
- Monthly withdrawals are capped at ₹50,000 pending address verification.
- Upgrade After Verification: Once the address is verified, the account is converted into a normal NRO account and operates under the Reserve Bank of India's instructions on Non-Resident Ordinary Rupee (NRO) accounts, plus the provisions of Schedule 3 of FEMA Notification 5/2000 RB (May 3, 2000).
Students from Pakistan and Bangladesh
Foreign students who are nationals of Pakistan and Bangladesh must obtain prior approval from the Reserve Bank of India before an NRO account is opened for them.
Politically Exposed Persons (PEPs)
RBI has made an amendment to the Master Direction on Know Your Customer (KYC) guidelines to include a clearer definition of Politically Exposed Persons (PEPs), giving Regulated Entities better parameters for identifying them and conducting CDD accordingly.
The RBI / PMLA Definition
The revised definition of PEPs in the Master Direction, under Section 41, now states that PEPs are individuals entrusted with prominent public functions by a foreign country, including:
- Heads of States and/or Governments
- Senior politicians
- Senior government, judicial, or military officers
- Senior executives of state-owned corporations
- Important political party officials
- Individuals with prominent public functions by a foreign land (generic catch-all)
Additionally, close family members and close associates of PEPs are typically treated with the same scrutiny.
Why PEPs Matter — FATF Recommendation 12
FATF Recommendation 12 defines PEPs as individuals entrusted with prominent public functions domestically or abroad, including heads of state, senior politicians, and individuals with significant government oversight roles. The PEP list also encompasses close business associates and family members of these influential individuals. Because of their potential influence over government contracts and oversight functions, PEPs require special attention — and enhanced due diligence measures are typically applied to mitigate the risk of corruption and financial crime.
Obligations When Dealing With PEPs
When a Regulated Entity establishes — or is asked to establish — a relationship with a PEP (whether as a customer or as a beneficial owner), it must:
| Obligation | What It Requires |
|---|---|
| Establishing the Relationship | REs have the option to establish relationships with PEPs (whether as customers or beneficial owners). |
| Regular Customer Due Diligence | REs must perform regular customer due diligence on PEPs — verifying the identity of the PEP, understanding their business, and assessing risks associated with the relationship. |
| Additional Conditions | REs must adhere to additional conditions prescribed by RBI to transact with PEPs, including establishing an appropriate risk management system to determine whether the customer or beneficial owner is a PEP. |
| Source of Funds / Wealth | REs are obligated to take reasonable measures to establish the source of funds and wealth involved in transactions with PEPs — ensuring legitimate origins, not linked to illicit activities. |
| Senior Management Approval | Prior approval from senior management is required for opening an account or establishing a relationship with a PEP — ensuring oversight and accountability when dealing with high-risk individuals. |
Customer Categories — Special Cases
Minors
- Operation of account: A minor cannot act as a nominee for someone else's account, but a minor can nominate, can draw a cheque, can endorse a cheque (the odd one out is "nominee").
- No PAN: When opening an account for a minor and PAN is not available, a Form 60 signed by the Parent/Guardian is obtained (along with documents for the Parent/Guardian themselves).
- Guardian: Either a natural guardian or a court-appointed guardian may operate the account.
Illiterate Customers
- ATM Card: An ATM card cannot be issued to an illiterate customer.
- Cheque Book: A cheque book cannot be issued for making cash payments.
- Nomination: They can nominate a nominee.
- Operation: They must visit the branch in person; the thumb impression is witnessed by the bank officer.
Pardanashin Women
- A pardanashin woman is one who ordinarily lives in seclusion and does not freely interact with outsiders in ordinary business dealings.
- There is no legal bar to opening or operating a bank account for her; in practice, banks should also obtain her photograph as part of account-opening safeguards.
- Where she signs or thumb-marks important banking documents such as mandates, guarantees, loans, or mortgages, the bank must take extra care to ensure that the document is read over and explained to her in a language she understands and that she acts voluntarily, without undue influence.
- For exam purposes, remember the protective rule: if a transaction with a pardanashin woman is later challenged, the burden usually lies on the person relying on that document to show that she understood its nature and effect.
Person in Jail (Recap)
For opening and maintaining a bank account of a person in jail, all three of these conditions must be satisfied together:
- The signature or thumb mark must be affixed in the presence of the officer-in-charge of the jail.
- The account shall remain operational on annual submission of a certificate of proof of address issued by the officer-in-charge of the jail.
- (The officer certifies the act — not the person.)
Deceased Estate Management
A person named by a deceased to manage his estate in his Will is known as an Executor. This is distinct from the nominee (who merely holds funds in trust until they reach the legal heirs).
Payment of Cheques After Customer's Death
Banks can make payment on a cheque signed by a person before his death but presented for payment after his death — provided the bank had no notice of the death. Banks cannot pay a cheque signed by the director of a company after the date of his death (the company's mandate stands, but personal cheques do not).
Relationship Clarifications
- The relationship between the payee of a Demand Draft and the Bank is that of Beneficiary and Trustee — not debtor-creditor, not principal-agent.
Disclosing Customer Information
Banks are required to disclose any information relating to the affairs of customers only under specific statutes — including Section 5 of the Banking Companies (Acquisition and Transfer of Undertakings) Act and other laws permitting disclosure. Otherwise, customer information must remain strictly confidential and must not be used for purposes like cross-selling without consent. Further, banks must ensure that the spirit of RBI instructions is followed to prevent undue hardships to low-risk customers.
UN Sanctions Lists — The Prohibited Names
Every bank must screen every customer identity against sanction lists circulated by the Reserve Bank of India. The two sanction lists that the United Nations Security Council (UNSC) circulates — and that Indian REs are required to comply with — are:
| List | Covers |
|---|---|
| Al-Qaida Sanctions List | Individuals and entities associated with Al-Qaida. |
| 1988 Sanctions List | Individuals and entities associated with the Taliban (Section A lists individuals, Section B lists entities). |
Legal basis: Per Section 51A of the Unlawful Activities (Prevention) Act (UAPA), 1967, Regulated Entities must ensure that they do not have any accounts in the names of individuals or entities appearing in these UNSC sanction lists.
Monitoring of Transactions & Risk Indicators
Ongoing monitoring is the bank's early-warning system. The bank must watch for transactions that are inconsistent with the customer's declared profile. Typical red flags that trigger enhanced scrutiny include:
- Risk-Based Monitoring: The intensity of monitoring is matched to the risk category of the customer — high-risk accounts get closer scrutiny, especially those originating from high-risk countries.
- Complex, unusual, or large transactions with no apparent economic or lawful purpose.
- Structuring: Multiple sub-threshold transactions designed to avoid reporting.
- Large cash deposits inconsistent with the customer's income profile.
- Frequent transfers in and out of the account with no apparent business rationale.
- Transactions involving jurisdictions flagged by FATF.
Non-Resident Indian (NRI) and Person of Indian Origin (PIO) Accounts
When opening accounts for NRIs and PIOs, the original certified copy of the OVD may be certified (attested) by any one of the following — but not a notary public in India:
- Authorised officials of overseas branches of Scheduled Commercial Banks registered in India.
- Notary Public abroad (i.e., a notary public in the foreign country where the customer resides).
- Indian Embassy / Consulate General in the country where the non-resident customer resides.
A notary public in India is not an acceptable certifier for overseas OVD attestation — students routinely get this wrong.
Non-Profit Organizations (NPOs)
NPOs can be vulnerable to misuse for terror financing. Therefore, banks must ensure all NPO customers are registered on the DARPAN Portal of NITI Aayog.
- If they aren't registered, the bank must do it for them.
- The bank must maintain these registration records for five years after the relationship ends.
Central KYC Records Registry (CKYCR)
The CKYCR is a centralized repository that stores, safeguards, and retrieves the KYC records of customers in digital form. Its goal is to allow customers to perform KYC only once, making it easier for them to interact with various financial entities.
- Function: Stores, safeguards, and retrieves KYC records in digital form.
- Purpose: Perform KYC once and reuse it across financial entities — no repeated document submission.
- Management: CKYCR is managed by CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest of India), authorised by the Government of India.
- Objective: To reduce the burden of submitting and verifying KYC documents each time a customer interacts with a financial entity.
- KYC Identification Number (KIN): A 14-digit KIN is allotted by CKYCR, which must be mentioned whenever CKYCR details are required to be accessed by any intermediary. It helps avoid duplication of reporting.
- Access to Data: Any financial institution that is a reporting entity to CKYCR can access the customer data stored in the central registry.
- Uniform KYC Templates: CKYCR uses standardized templates for serious institutions across the financial market (banks, mutual funds, NBFCs) to submit and report KYC data.
- Compliance with FATCA and CRS: The KYC templates also fulfil the reporting requirements under the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS).
Upload Timelines
- New Accounts: Banks must upload the customer's KYC data to CKYCR within 10 days of opening the account.
- Updates: If a customer updates their information, the bank must push this update to CKYCR within seven days.
Money Laundering - Obligations of Banks
Money laundering (ML) is a criminal process used to conceal the origins of illegally obtained money. Criminals use this mechanism to make funds generated from illegal activities—such as drug trafficking, gun smuggling, or corruption—appear to have come from legitimate sources. Essentially, it is the process of "washing" dirty money to make it look clean.
The money laundering cycle typically consists of three distinct stages:
1. Placement
This is the initial entry of illicit funds into the financial system. Criminals introduce their "dirty" cash into the legitimate financial flow, often by depositing it into multiple bank accounts to avoid detection (a technique known as 'smurfing').
2. Layering
Once the money is in the system, the goal is to hide its trail. Layering involves moving funds through numerous complex financial transactions. This creates layers of transfers—such as wire transfers between different accounts, buying and selling assets, or moving money across borders—to distance the funds from their illegal origin and obscure the audit trail.
3. Integration
The final stage involves re-entering the funds into the legitimate economy. The "cleaned" money is consolidated and used to invest in legitimate business activities, real estate, or luxury assets. At this point, the illicit wealth appears completely legal.
Maintenance of Records
Under the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, rules, banks are legally obligated to maintain specific records to assist law enforcement.
1) Nature and Value of Transactions
Regulated entities must maintain records for the following specific types of transactions:
- (A) Large Cash Transactions: All cash transactions exceeding ₹10 Lakh (or its equivalent in foreign currency).
- (B) Integratively Linked Transactions: A series of cash transactions effectively connected to each other, which may individually be below ₹10 Lakh, but meant to "structure" the transaction such that the monthly aggregate exceeds ₹10 Lakh.
- (C) Non-Profit Transactions: All transactions involving receipts by Non-Profit Organizations (NPOs) exceeding ₹10 Lakh (or foreign equivalent).
- (D) Suspicious Transactions: All suspicious transactions, whether made in cash or otherwise (e.g., digital transfers), must be recorded regardless of value.
- (E) Cross-Border Wire Transfers: All transfers exceeding ₹5 Lakh where either the origin or destination of the fund is in India.
- (F) Immovable Property: All purchase and sale transactions of immovable property valued at ₹50 Lakh or more registered by the reporting entity.
2) Reports to Financial Intelligence Unit – India (FIU-IND)
Banks serve as the primary source of intelligence for the FIU-IND. They must submit the following reports:
A) Monthly Reports (Deadline: 15th of the following month)
- Cash Transaction Report (CTR): Reports all cash transactions exceeding ₹10 Lakh. Note: Individual transactions below ₹50,000 need not be reported in this aggregate.
- Counterfeit Currency Report (CCR): Reports all instances where counterfeit currency has been detected.
- Cross-Border Wire Transfer Report: For all wire transfers of ₹5 Lakh and above.
- Non-Profit Organizations Transaction Report (NTR): Reports all receipts in foreign exchange by NPOs (Trusts, Societies, Clubs) exceeding ₹10 Lakh.
B) Suspicious Transaction Report (STR) Unlike monthly reports, this is event-based. If a bank has reason to suspect a transaction, an STR must be submitted within 7 working days of the bank arriving at the conclusion that the transaction is suspicious.
3) Preservation of Records
To ensure data is available for future investigations:
- Transaction Records: Must be maintained (in hard or soft form) for at least 5 years from the date of the transaction.
- KYC Documents: Records of identity and address proofs must be kept for at least 5 years from the date of termination of the relationship (i.e., after the account is closed).
4) Central KYC Records Registry (CKYCR) Filing
Banks must upload customer data to the centralized CKYCR database within strict timelines:
- New Accounts: Data must be uploaded within 10 days of opening the account.
- Updates: Any additional or updated information from a client must be updated within 7 days.
Fines and Punishments
Non-compliance carries severe penalties:
- Monetary Penalty: The Director of FIU-IND may impose a penalty on the reporting entity ranging from ₹10,000 to ₹1,00,000 for each failure to comply with reporting obligations.
- Criminal Punishment: For individuals convicted of money laundering offences, the punishment includes imprisonment for 3 to 7 years along with a fine of up to ₹5 Lakh.
References
2 sources • [1] [2]
References
Used for: Partnership firm BO threshold reduced from 15% to 10% via PMLA Second Amendment Rules, 04 Sept 2023
Used for: Legal analysis of the Sept 2023 PMLA amendment — reduction of BO threshold and expanded definition of control for partnership firms
Summary Cheat Sheet
| Concept / Topic | Key Details / Explanation |
|---|---|
| Jurisdiction | Applicable to all banks in India + Foreign Branches/Subsidiaries. Follow the "Stricter Rule" if local laws differ. |
| Directives | Money Mules: Prevent criminal use of deposit accounts. . Remittances: ₹50,000+ must be debited from account/cheque (no cash). |
| Beneficial Owner (BO) | Company: > 10% share/profit. Partnership: > 10% capital/profit. Unincorporated: > 15% property/capital/profit. Trust: Author, Trustee, Beneficiaries (10%+). Threshold reduced from 15% to 10% on 04 Sept 2023 PMLA amendment. FATF recommends 25% — India adopted stricter 10%. |
| CDD at UCIC | Existing KYC-compliant customer → no fresh CDD for new account/product in the same entity. |
| PEPs | Individuals entrusted with prominent public functions by a foreign country (Sec 41). Includes heads of state, senior politicians, judicial/military officers, state-owned executives, party officials. Senior management approval mandatory. FATF Recommendation 12 is the source. |
| PAN Status | Mandatory but NOT an OVD. Still mandatory for Demat/Trading a/c via SEBI circular. CKYCR revised per notifications 10 Jan 2020 & 7 Jul 2020. |
| CDD for Entities | Company: Cert of incorp + MoA/AoA + Board resolution + PoA + OVD of auth person. Partnership/Trust: Registration cert + Deed + OVD. HUF: PAN/Form 60 + Joint Family Letter (all adult coparceners) + Karta OVD. |
| UN Sanctions Lists | Al-Qaida List + 1988 List (Taliban) — circulated by UNSC. Screened under Section 51A, UAPA 1967. |
| NRI/PIO OVD Attestation | By overseas branch officials of SCBs, notary public abroad, or Indian Embassy/Consulate. Not by notary public in India. |
| Freezing & Closure | Partial freeze → 3-month notice + 3-month reminder → credits only, debits disallowed → at 6 months, both disallowed → account closure at senior-level decision → file STR if identity doubt. |
| CKYCR | Managed by CERSAI. 14-digit KIN issued. Standardized templates also cover FATCA & CRS reporting. |
| Customer Acceptance Policy | No anonymous/benami; risk perception defined; sanction list screening; must not be overly restrictive to disadvantaged sections. |
| Minors | Cannot be nominee. Can nominate, draw cheque, endorse cheque. No PAN → Form 60 via Parent/Guardian. |
| Illiterate Customer | No ATM card, no cheque book for cash, can nominate, thumb impression witnessed. |
| Pardanashin Woman | Woman living in seclusion. No bar to banking, but bank should obtain photograph and ensure important documents are explained and voluntarily executed; if disputed, the relying party must show she understood the document. |
| Small Account | CBS-linked branches only. Foreign remittance credit blocked until full OVD identity. Suspicion of ML/TF → verify with OVD immediately. |
| Executor | Person named in a deceased's Will to manage his estate. |
| V-CIP Extras | PAN verification against issuing DB + Aadhaar XML/QR not older than 3 days + live geo-tagging India + concurrent audit. |
| Key Officers | Designated Director: Board-nominated, ensures overall compliance. Principal Officer: Mgmt-level, responsible for STR reporting and operations. |
| Officially Valid Documents (OVD) | 6 Types: Passport, DL, Aadhaar, Voter ID, NREGA, NPR Letter. If OVD lacks current address: Utility bill (< 2 months old) allowed as proof of address (must submit full OVD within 3 months). |
| Small Account | For those with No OVD. Max Credit/Yr: ₹1L | Max Bal: ₹50k | Max Withdrawal/Mo: ₹10k. Valid: 12 Months (extendable by 12m if OVD applied). |
| Aadhaar Rules | Not mandatory for general KYC, but mandatory for Direct Benefit Transfers (DBT) or subsidies. |
| Suspicious Transaction | Any transaction causing reasonable ground of suspicion, regardless of value. Anti-Tipping Off: If CDD will alert the criminal, stop CDD and file STR with FIU-IND. |
| Shell Bank | Bank with no physical presence in incorporation country and no regulated affiliation. Prohibited. |
| KYC Policy Pillars | 1. Customer Acceptance 2. Risk Management (Categorize Low/Med/High) 3. CIP (Identification) 4. Monitoring Transactions |
| Re-KYC Timeline | High Risk: 2 Years Medium Risk: 8 Years Low Risk: 10 Years Risk Categorization Review: At least Every 6 Months. |
| Mandatory CIP Thresholds | ₹50,000+: For Third-party product sales, Walk-in customers, or connected transactions. Structuring: Breaking transactions into smaller parts (e.g., < ₹50k) to avoid detection is prohibited. |
| Digital KYC Modes | Aadhaar OTP: Non-face-to-face. Limit ₹1L Bal, ₹60k Loans. Valid 1 Year. V-CIP: Video KYC. Equivalent to face-to-face. Requires Live Geo-tagging + Concurrent Audit. |
| Special Rules | Foreign Students: NRO Account. 30 days for local address. Max $1000 remittance/ ₹50k withdrawal until verified. NPOs: Must register on DARPAN Portal (Keep records 5 years). SHGs: CDD of Office Bearers only. |
| Money Laundering (ML) | Process of concealing illicit funds. 3 Stages: 1. Placement (Entry into system) 2. Layering (Obscuring trail) 3. Integration (Re-entry as clean money). |
| Maintenance of Records | Cash Transactions (CTR): > ₹10 Lakh. Cross-Border Wire Transfers: > ₹5 Lakh. Immovable Property: ₹50 Lakh+. Preservation: 5 Years from transaction date (or relationship termination for docs). |
| FIU-IND Reporting | Monthly (by 15th): CTR (>₹10L), CCR (Counterfeit), NTR (NPO >₹10L), Wire Transfers (>₹5L). STR (Suspicious): Within 7 Working Days of suspicion. |
| CKYCR Filing | New Accounts: Within 10 Days. Updates: Within 7 Days. |
| Penalties | Reporting Failure: ₹10k - ₹1L per failure. ML Offence: 3-7 Years imprisonment + Fine up to ₹5 Lakh. |
Frequently Asked Questions
What is KYC in banking?
KYC (Know Your Customer) is a set of RBI directions requiring banks to verify customer identity and address before opening accounts or conducting transactions. KYC prevents money laundering and terrorist financing. Current regulation: RBI Master Direction on KYC 2016 (amended 2024).
What are the Officially Valid Documents (OVD) for KYC?
RBI-approved OVDs for KYC: Aadhaar card, PAN card, Passport, Voter ID card, Driving License, and NREGA Job Card. For address proof: same documents plus utility bills (not older than 2 months). Aadhaar is accepted for both identity and address verification.
What is beneficial owner in KYC?
Beneficial owner is the natural person who ultimately owns or controls a customer account. Thresholds: 25% or more shareholding/voting rights for companies, 15% or more for partnerships, 10% or more for trusts. Banks must identify and verify beneficial owners as part of CDD.
What is the difference between CDD and EDD in KYC?
CDD (Customer Due Diligence) is standard KYC verification for regular customers. EDD (Enhanced Due Diligence) applies to high-risk customers — PEPs (Politically Exposed Persons), NRIs, high-value transactions, and non-face-to-face customers. EDD requires additional documents and senior management approval.
Lesson Doubts
Ask questions, get expert answers