A proper Due Diligence (DD) is required to reveal misrepresentation and any sort of fraudulent...
The IFSCA or International Financial Services Centres Authority issued IFSCA (Anti Money Laundering, Counter-Terrorist Financing & KYC) Guidelines, 2022, on 28th October 2022. The said circular has mandated that the regulated entity shall, after the outcome of ML or TF risk, determine the degree of customer due diligence (CDD) that needs to be performed. A CDD enables the entity to obtain information from the customer to assess the risk they might face. Further, if any information obtained from CDD diligence alters the risk rating of a customer, then such change shall be reflected in the CDD.
The Customer due diligence shall be undertaken after assigning the risk rating for each customer. The regulated entity, while undertaking CDD, shall undertake the following:
The regulated entity shall undertake Customer Due Diligence at the time of:
Moreover, the regulated entity shall undertake Customer Due Diligence when:
Before verification, the regulated entity must establish a business relationship with the customer subject to following conditions:
However, where the regulated entity is unable to comply within 30 business days, then it shall before the end of 30 days:
Suspension and termination: The regulated entity shall terminate or suspend the relationship with the customer if the verification remains incomplete for 30 days and 120 days after establishing the business relationship.
While undertaking the Customer due diligence, the regulated entity shall undertake the following measures:
The regulated entity shall obtain the following information from the natural person:
The regulated entity shall obtain the following information from a legal person or legal arrangement:
The regulated entity shall verify the customer’s identity through independent and reliable sources, data or up-to-date documents. Where a Customer is a legal person or legal arrangement, the entity shall verify the proof of existence, legal form, constitution and powers. The regulated entity must rely on more accurate documents such as government-issued identity cards, reports from independent company registries, or any published or audited annual reports. The entity shall examine these documents and retain a copy of the same. Further, the regulated entity may obtain the following information at the time of verification:
Natural Person: Photograph of the Customer, name, unique identification number, nationality and date of birth, residential address, utility bill, and bank statements.
Legal Person or Legal Arrangements: Certificate of incorporation, partnership deed and agreement, trust deed, certificate of registration, constitutional documents, board resolution or similar account warranting the opening of an account and appointment of authorised persons.
Foreign national: National Identity card, Voter identification card used by the government of relevant jurisdiction or photograph, name, date of birth, address of foreign residence.
The regulated shall obtain information about the person appointed by the natural or legal person for establishing a business relationship with the regulated entity. Further, the entity verifies the authorisation of such a person by obtaining the following information:
The regulated entity must identify the beneficial owners of a customer if there are more than one and verify the identities while keeping the following things:
Customers that are natural persons: To identify the natural person who ultimately exercises control over the legal persons through ownership.
Customers that are legal arrangements: If the Customer is a trust, then the entity shall verify the identification of the author of the trust, beneficiaries, trustee, with 15% or more interest and any natural person having control over the trust through ownership.
The following parameters shall be used:
Customer is a company: The beneficial owner will be the natural person with a controlling ownership interest in more than 25% of the company’s capital or profits.
Customer is a partnership firm: The beneficial owner will be the natural person who has controlling ownership or entitlement to 15% of capital or profits in a partnership firm.
Customer is an unincorporated association or body of individuals: The beneficial owner will be the natural person who has controlling ownership or entitlement to 15% of capital or profits in an unincorporated association or body of individuals.
Customer is trust: The identification will be the author of the trust, trustee, and beneficiaries with 15 % or more interests or any natural person having control over the trust through ownership.
Exception: If the regulated entity doubts the veracity of the Customer Due Diligence or has suspicion that the customer is involved in ML or TF activities, in that case, the entity is not required to identify & verify the identity of a shareholder or beneficial owner where the client or owner is an:
The regulated entity shall, apart from the Customer Due Diligence measures undertaken, conduct the following CDD measures on the beneficiaries of life insurance and other related insurance policies:
The regulated entity shall, at the time of establishing the business relationship, obtain information on the customer’s purpose and intended nature of the business relations.
The regulated entity must implement an internal risk management system, procedures and policies to identify if any customer or natural person or beneficial owner of the customer appointed is a politically exposed person (PEP). Further, the entity must undertake additional measures if the customer, natural person or beneficial owner is identified as PEP.
Further, the regulated entity undertakes a risk-based approach in determining whether the enhanced CDD is to be performed for:
The enhanced and simplified Customer due diligence depends on the customer’s risk profile.
The regulated entity conducts enhanced customer due diligence when Money laundering or Terrorist Financing risk is high. The measures undertaken under enhanced CDD are:
It is required that the first payment of the customer in furtherance of opening an account with an entity shall take place from a bank account of the customer’s name with the following:
However, it is mandatory that approval from the senior manager or committee of senior managers may be needed for establishing account-based relationships with high-risk customers.
The enhanced customer due diligence is conducted by the regulated entity when Money laundering or Terrorist Financing risk is low. The measures undertaken under simplified CDD are:
The regulated entity must follow a robust and effective process for ongoing monitoring of all business relations. Further, the regulated entity must undertake the following activities:
1. It shall observe the conduct of the customer’s account and scrutinise transactions during business relations.
2. It shall pay attention to unusually large or unusual patterns and complex transactions during busies relations and make further checks on the background and purpose of the transactions. The entity also documents the findings to make them available to regulatory authorities.
3. It shall undertake a periodical review of each customer with respect to ML or TF risks when:
4. It shall ensure that the CDD data, documents and information are up to date so that entity can identify the changes in the risk profile of the customer. Further, the entity shall undertake the following activities:
The regulated entity shall undertake the following activities in case it is unable to conduct or complete Customer Due Diligence:
The regulated entity shall periodically update the Customer Due Diligence in the manner provided below:
Moreover, the regulated entity shall document it as a policy as a part of its internal KYC policy, which the governing body shall further approve of the entity.
The regulated entity shall ensure that:
Customer due diligence protects the regulated entity from exposing itself to any money laundering and terrorist financing risks. The customer needs to further undertake customer due diligence requirements. Further, the entity must undertake customer due diligence for enhanced and simplified CDD based on the high and low-risk rating, respectively. The entity shall further monitor ongoing CDD for business relations and undertake period updation in the manner discussed above.
Read Our Article: Grants under IFSCA (FinTech Incentive) Scheme, 2022