Know Your Customer (KYC) Guidelines – Secretarial Audit Compliance Management and Due Diligence Important Questions

Question 1.
With reference to the relevant legal enactments, write short notes on:
“Know Your Customer (KYC) Guidelines”.
Answer:
1. KYC is aimed to make it easier for business institutions to know and understand their customers. Implementation of KYC guidelines for every new bank account was made compulsory by RBI in the year 2002.

2. The objectives of KYC is to stop the corporate vehicles to be used intentionally or unintentionally, by criminal elements for illicit purposes such as money laundering activities, Fraud, bribery and corruption, shielding assets from creditors, illicit tax practices, Market fraud, Terrorist Funding, avoiding future risk and the KYC related procedures also enable institution to better understand their customers and their – financial dealings. This helps in managing associated risks prudently.

3. Generally, the KYC policies incorporating the following four key elements:

  • Client Acceptance Policy
  • Client Identification Procedures
  • Client Monitoring Mechanism
  • Risk management

Question 2.
What is the objective of “Know Your Customer (KYC)” Guidelines? When do the KYC guidelines apply?
Answer:
1. Objective of Know Your Customer (KYC) Guidelines: The objectives of KYC is to stop the corporate vehicles to be used intentionally or unintentionally, by criminal elements for illicit purposes such as money laundering activities, Fraud, bribery and corruption, shielding assets from creditors, illicit tax practices, Market fraud, Terrorist Funding, avoiding future risk and the KYC related procedures also enable institution to better understand their customers and their financial dealings. This helps in managing associated risks prudently.

2. KYC Guidelines applies at following stages:

  • Opening of Bank Account.
  • Opening a subsequent account where documents as per current KYC standards not been submitted while opening the initial account.
  • Opening a Locker Facility where these documents are not available with the bank for all the Locker facility holders.
  • KYC also applies to non account holders who approaches bank for high value transactions.

Question 3.
What are the essential elements of KYC Guidelines?
Answer:
1. KYC is aimed to make it easier for business institutions to know and understand their customers. Implementation of KYC guidelines for every new bank account was made compulsory by RBI in the year 2002.

2. Generally, the KYC policies incorporating the following four key elements:

  • Client Acceptance Policy
  • Client Identification Procedures
  • Client Monitoring Mechanism
  • Risk management.

Question 4.
State the obligation of banks on KYC Policy as per guidelines issued by Reserve Bank of India.
Answer:
Obligation of Banks on KYC Policy issued by Reserve Bank of India are as follows:
1. Banks should keep in mind that the information collected from the customer for the purpose of opening of account is to be treated as confidential and details thereof are not to be divulged for cross selling or any other like purposes.

Banks should, therefore, ensure that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer should be sought separately with his/her consent and after opening the account.

2. Banks should ensure that any remittance of funds by way of demand draft, mail/telegraphic transfer or any other mode and issue of travellers cheques for value of Rupees fifty thousand and above is effected by debit to the customer’s account or against cheques and not against cash payment.

3. Banks should ensure that the provisions of Foreign Contribution (Regulation) Act as amended from time to time, wherever applicable are strictly adhered to.

Question 5.
You are appointed as Compliance Officer of the company. One of the foreign investor in the company is hesitating to provide personal data during the KYC saying that KYC is a risky process and data can be misused by someone. Prepare the list of risks involved in the KYC process.
Answer:
The objectives of conducting KYC is to prevent the corporate vehicles from being used intentionally or unintentionally, by criminal elements for illicit purposes such as money laundering activities, fraud, bribery and corruption, shielding assets from creditors, illicit tax practices, market fraud, terrorist funding and avoiding future risk. The KYC related procedures also enable an institution to better understand their customers and their financial dealings. This helps in managing associated risks prudently.

There are different types of risk involved in the proper implementation of KYC :
1. Reputational Risk like entering into fraudulent transaction and later on the public come to know about it, this would create a sense of insecurity among the public.

2. Operational Risk is a risk of loss due to failed internal processes, poor documentation, litigation, disputes and due diligence, people and systems or also from external events.

3. The Risk that arises legally in case where any client gets involved with any illegal activity, it will also attract penalties and adjudications on the professional.

4. Financial Risks If any professional without complying with KYC norms provides its services relating to certification or declarations and the financial institution gives loan to a customer and later the bank fails to identify the customer, then it will be hard for the bank to retrieve its money.

Question 6.
Prepare a checklist of documents required for KYC of Proprietorship & Partnership.
Answer:
In case of Sole Proprietary Firm:
1. Any two of the following documents as proof of business/activity in the name of the proprietary firm:

  • Registration certificate.
  • Certificate/licences issued by the municipal authorities under Shop and Establishment Act.
  • Sales Tax and income tax returns.
  • CST/VAT/GST certificate. (Provisional/Final).
  • Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
  • IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or
  • Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
  • Complete Income Tax Return (not just the acknowledgement) in the name of the sole-proprietor where the firm’s income is reflected, duly authenticated/acknowledged by the Income Tax authorities.

2. In case of Partnership Firms:

  • PAN copy/PAN of the Firm.
  • Registration certificate (Only in case of Registered Partnership firms).
  • Partnership deed.
  • Copy of existence proof confirming name and address of firm.
  • Beneficial Ownership Declaration (with name and address) of all the partners.
  • FATCA (Foreign Account Tax Compliance) Declaration.
  • Latest Colour Photograph of all authorized signatories.
  • Copy of Identity and Address proof of all authorised signatories.

Question 7.
Describe the difference between C-KYC & E-KYC.
Answer:
C-KYC:
1. C- KYC stands for Central KYC which provide the uniform norms and inter-usability.

2. The Central KYC registry across all financial sectors has been set up as a depository for KYC records. This new process, without asking customers to provide multiple KYC undertakings will help banks, mutual funds, brokerage firms and depository participants offer services. After complying with the new C-KYC norms, a unified customer identification code is generated, and which is used whenever KYC is required.

3. This initiative has been started for the purpose of centralising and streamlining KYC process and also to avoid the duplication of KYC and less scope of forgery. After the introduction of one-time centralisation process C-KYC, customers will only have to complete the process once and it can be used for all different processes like opening savings bank accounts, buying life insurance or investing in mutual fund products.

E-KYC:
1. E-KYC stands for electronic KYC. The service of e-KYC can only be used by those who have Aadhaar numbers.

2. A customer by their own consent needs to authorize their Unique Identification Authority of India (UIDAI), to reveal their identity or address information through biometric authentication to their respective bank branches or business correspondent (BC).

3. After this the UIDAI sends the customer’s data comprising of customer name, age, gender, and photograph electronically to the bank.

4. It is a valid process for KYC verification.

5. Also, under Prevention of Money Laundering (PML) Rules information provided under e-KYC process will be considered as a ‘Valid Document’.

Question 8.
Explain the meaning of “Customer” under KYC?
Answer:
For the purpose of KYC, a ‘Customer’ includes a –

  1. a person who is engaged in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting;
  2. director who has been allotted DIN issued by the Ministry of Corporate Affairs;
  3. a person or entity that maintains an account and/or has a business z relationship with the bank;
  4. beneficiaries of transactions conducted by professional intermediaries § such as stockbrokers, Chartered Accountants, Company Secretaries or solicitors, as permitted under the law; or
  5. any person or entity connected with a financial transaction which can pose significant reputational or other risks to the bank, for example, a wire transfer or issue of a high-value demand draft as a single trans-action;
  6. one on whose behalf the account is maintained (i.e., the beneficial owner).

Question 9.
List out various transactions requiring KYC?
Answer:
Various transactions requiring KYC are as follows:

  1. Incorporation of Company.
  2. Obtaining DIN.
  3. Opening of Bank Account/D-mat Account/Wallet.
  4. Deposit/Withdrawal of Cash.
  5. Purchase of Gold/Silver/Property.
  6. Employment, Provident Fund etc.
  7. Opening a subsequent account where documents as per current KYC standards not been submitted while opening the initial account.
  8. Opening a Locker Facility where these documents are not available with the bank for all the Locker facility holders.
  9. When the bank feels it necessary to obtain additional information from existing customers based On conduct of the account.
  10. When there are changes to signatories, mandate holders, beneficial owners etc. KYC will also be carried out in respect of non-account holders approaching the bank for high value one-off transactions.

Question 10.
Write short note on: “C-KYC”.
Answer:

  1. C-KYC stands for Central KYC which provide the uniform norms and inter-usability.
  2. The central KYC registry across all financial sectors has been set up as a depository for KYC records.
  3. This new process, without asking customers to provide multiple KYC undertakings will help banks, mutual funds, brokerage firms and depository participants offer services.
  4. After complying with the new C-KYC norms, a unified customer identification code is generated, and which is used whenever KYC is , required.
  5. This initiative has been started for the purpose of centralising and streamlining KYC process and also to avoid the duplication of KYC and less scope of forgery.
  6. After the introduction of one-time centralisation process C-KYC, customers will only have to complete the process once and it can be used for all different processes like opening savings bank accounts, buying life insurance or investing in mutual fund products.

Question 11.
Write Short note on: “e-KYC”.
Answer:

  1. e-KYC stands for electronic KYC. The service of e-KYC can only be used by those who have Aadhaar number.
  2. A customer by their own consent needs to authorize their Unique Identification Authority of India (UIDAI), to reveal their identity or address information through biometric authentication to their respective bank branches or business correspondent (BC).
  3. After this the UIDAI sends the customers data comprising of customer name, age, gender, and photograph electronically to the bank.
  4. It is a valid process for KYC verification.
  5. Also, under Prevention of Money Laundering (PML) Rules information provided under e-KYC process will be considered as a ‘Valid Document’.

Question 12.
What are the important points needed to be noted in respect of DIR-3 KYC?
Answer:
Important points needed to be noted in respect of DIR-3 KYC:

  • DIR-3 KYC is required to be filed by every Director who has been allotted DIN on or before 31st March, of a Financial Year and whose DIN status is ‘Approved’.
  • Due date of filing of DIR-3KYC is on or before 30th June of immediate next financial year.

Prerequisite Mandatory Information DIR-3:

  • Unique Personal Mobile Number.
  • Personal Email ID.
  • Email ID and Mobile Number for receiving OTP.

Certification of DIR-3 KYC:

  • First by the affixing Registered Digital Signature of respective person/Director.
  • Certification by practicing professional by affixing Digital Signa-ture (CS/CA/CMA).

Filing of DIR-3 KYC would be mandatory for Disqualified Directors as well.

  • If director fails to file DIR-3 KYC the MCA21 system will mark all approved DINs (allotted on or before 31st March, 2018) against which DIR-3 KYC form has not been filed as ‘Deactivated’ with reason as ‘Non-filing of DIR-3 KYC’.

MCA has notified ‘Nil Fee’ and late Fee’ of ? 5,000 (Applicable after the due date) for Filing e-Form DIR-3 KYC under rule 12A of the Compa-nies (Appointment and Qualification of Directors) Rules, 2014.

MCA has also notified format of e-form DIR-3 KYC under new Rule 12A (Directors KYC) along with procedure for restoration of deacti¬vated DINs of Directors, applicable.

Question 13.
Write Short Note on: “KYC of Companies”.
Answer:
1. Rule 25A of the Companies (Incorporation) Rules, 2014 provides that every company incorporated on or before the 31st December, 2017 shall file the particulars of the company and its registered office, in j e-Form ACTIVE (Active Company Tagging Identities and Verification) j on or before 15th June, 2019.

2. In case a company does not intimate the said particulars, such Companies are marked as “ACTIVE-non-compliant” on or after 16th June, 2019.

3. No request for recording the following event based information or $ changes shall be accepted by the Registrar from such companies marked as “ACTIVE-non-compliant”, unless “e-Form ACTIVE” is filed:

  • SH-07 (Change in Authorized Capital)
  • PAS-03 (Change in Paid-up Capital)
  • DIR-12 (Changes in Director except cessation)
  • INC-22 (Change in Registered Office)
  • INC-28 (Amalgamation, de-merger).

4. Where a company files “e-Form ACTIVE”, on or after 16th June, 2019, the company shall be marked as “ACTIVE Compliant”, on payment of ; fee of ten thousand rupees.

5. Non-Applicability: The companies which have been struck off or are under process of striking off or under liquidation or amalgamated or dissolved, as recorded in the register, are not required to file e-Form

Question 14.
Write Short Note on: “ICSI guidelines on Know Your Members”.
Answer:
1. Introduction of “Know Your Member” (KYM) proforma for ICSI members w.e.f. FY 2016-17.

2. Members of the Institute are presumably aware about the Regulation 3 of The Company Secretaries Regulations, 1982, wherein every member is required to communicate to the Institute any change of professional address within one month of such change.

3. Updation of members KYC the ICSI has provided a “Know Your Member” (KYM) proforma which to be submitted by all the members of the Institute w.e.f. payment of annual membership fee for the year 2016-17.

4. The KYM proforma has to be submitted by the members once in three years starting with payment of annual membership fee for the year 2016-17 and thereafter every time there is a change in job/profession/ professional address. The fee shall be accepted only on receipt of the proforma duly filled in and signed.

5. The members should submit two documents along with the KYM proforma duly filled and signed – one document which serves as Proof of Identity (Pol)) and another document which serves as Proof of Address (PoA).

Question 15.
What are different types of risk involved in the proper implementation of KYC?
Answer:
There are different types of risk involved in the proper implementation of KYC:
Reputational Risk : Some instances like if a company entered into fraudulent transaction and later on if the public will come to know about it then this would create a sense of insecurity among the public and this would harm the reputation and it would be hard for the professional to attract client in future. Hence, it is advisable to must keep proper KYC of Client.

Operational Risk : This can be considered as a risk of loss due to failed internal processes, poor documentation, litigation, disputes and due diligence, people and systems or also from external events.

The Risk that arises legally : If case, any client would get involved with any illegal activity it will also attract penalties and adjudications on professional. If a body does not follow KYC norm it would be subject to penalty.

Financial Risks : If any professional without complying with KYC Norms, provides its services relating to certification, declarations and the financial institution gives loan to a customer and later the bank fails to identify the customer then it will be hard for the bank to retrieve its money, which will result into a financial loss.

Question 16.
What is Enhanced Due Diligence (EDD) In KYC? Discuss the Characteristics of EDD in brief.
Answer:
1. EDD has not been internationally defined. As a result financial institu-tions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment.

2. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti Money Laundering Specialists) suggests the following: “A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customers identity; understand and test the customers profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and/or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”

3. Characteristics of EDD:
(i) Rigorous and robust: This means consistent, thorough and accurate. The process must be documented and available for inspection by regulators. The process must be SMART (Specific, Measurable, Achievable, Relevant and Time bound), scalable and proportionate to the risk and resources.

(ii) Reasonable assurance: Reasonableness depends upon factors including jurisdiction, risk and resources. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof ie. on the balance of probability.

(iii) Relevant adverse information: Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.

Question 17.
Write Short Note on: “Customer Due Diligence In KYC”.
Answer:

  1. Customer Due Diligence (CDD) means identifying and verifying the customer and the beneficial owner.
  2. CDD refers to the monitoring of clients and their activities to see if the client does not change its status over time.
  3. This contains the possibility that an individual (or more often an organization) that has passed KYC is still the same as was the earlier and doing the same what they have declared that what they would do when they underwent KYC checks.
  4. For example: changes in the signatory of the account, changes in the partners, changes in the object, changes in the source of income, revenue etc.
  5. Thus, without CDD the services provider would not know that there are changes.

Question 18.
List the major frauds which took place with the help of incomplete KYC.
Answer:
Major frauds which took place with the help of incomplete KYC

  1. To evade taxes, an individual routes savings transactions through multiple bank accounts.
  2. An individual illegally obtains personal information/documents of another person and takes a loan in the name of that person.
  3. He/she provides false information about his/her financial status, such as salary/IT return and other assets, and takes a loan for an amount that exceeds his/her eligible limits with the motive of non-repayment.
  4. A person takes a loan using a fictitious name and there is a lack of a strong framework pertaining to spot verifications of address, due dili-gence of directors/promoters, pre-sanction surveys and identification of faulty/incomplete applications and negative/criminal records in client history.
  5. Fake documentation is used to grant excess overdraft facility and withdraw money.
  6. A person may forge export documents such as airway bills, bills of lading, and Export Credit Guarantee
  7. Cover and customs purged numbers/ orders issued by the customs authority.
  8. Frauds related to the advances portfolio accounts for the largest share of the total amount involved in frauds in the Indian banking sector.
  9. Deficient appraisal system, poor post disbursement supervision and inadequate follow up.
  10. Siphoning of funds wherein the borrowed funds from banks are utilised for purposes unrelated to the operations of the borrower.
  11. Borrowers concealing obligations such as mortgage loans on other properties or newly acquired credit card debts in order to reduce the amount of monthly debt declared on the loan application.
  12. Deliberately overstating or understating the property’s appraised value.
  13. Multiple loans for the same property being obtained simultaneously for a total amount greatly in excess of the actual value of the property.

Question 19.
Write Short Note on: “Online Fraud through Incomplete KYC”.
Answer:
1. Business and technology innovations that the banking sector is adopting in their quest for growth are in turn presenting heightened levels of cyber risks. These innovations have probably introduced new vulnerabilities and complexities into the system.

2. Few ways of Online frauds through Incomplete KYC includes:

  • Hacking : Hackers/fraudsters obtain unauthorized access to the card management system of the respective bank. Counterfeit cards are then issued for the purpose of money laundering.
  • Phishing : A technique used to obtain your card and personal details through a fake email.
  • Pharming : A similar technique where a fraudster installs malicious code on a personal computer or server. This code then redirects clicks you make on a Website to another fraudulent Website without your consent or knowledge.
  • Vishing : Fraudsters also use the phone to solicit your personal information.
  • Debit card skimming : A machine or camera is installed at an ATM which picks up card related information and PIN numbers when customers use their cards.
  • Computer viruses : With every click on the internet, a company’s systems are open to the risk of being infected with nefarious software that is set up to harvest information from the company servers.

Secretarial Audit Compliance Management and Due Diligence ICSI Study Material