POLICY ON KNOW YOUR CUSTOMER (KYC) GUIDELINES AND ANTI MONEY LAUNDERING (AML) MEASURES
This document details the Know Your Customer (KYC) guidelines and Anti-Money Laundering measures followed by the Shubham Housing Development Finance Company Limited (“SHDFC”) and amended from time to time, including any statutory modification(s) or re-enactment(s) thereof, in accordance with the guidelines issued by National Housing Bank (NHB) or Reserve Bank of India (RBI).
Further, vide circular No. RBI/2019-20/235 DOR.NBFC (HFC).CC.No.111/03.10.136/2019-20 issued by the Reserve Bank of India (RBI) on May 19, 2020, it was decided by the RBI to extend the Master DirectionsKnow your Customer (KYC) Direction, 2016 to all the HFCs and Instructions/ guidelines/ regulations contained in the circulars issued by National Housing Bank stand repealed. In relation to this instruction, SHDFC has implemented its KYC and AML policy as per the provisions mentioned in circular no. RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015- 16 related to “Master Direction - Know Your Customer (KYC) Direction, 2016”.
This policy will be reviewed annually or based on any material change in the regulatory requirements or business operations of the Company.
In these Guidelines, unless the context otherwise requires, the terms herein shall bear the meanings assigned to them below: -
A.) Terms bearing meaning assigned in terms of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005:
Explanation 1: In terms of the Aadhaar Act, every resident shall be eligible to obtain an Aadhaar number.
Explanation 2: Aadhaar will be the document for identity and address.
Explanation-
e. There are few exemptions from identification of BO: The exemption from BO identification is
aligned with that provided in the PML Rules, 2005, such that where the customer or the owner of
the controlling interest is (i) an entity listed on a stock exchange in India, or (ii) is an entity resident
in jurisdictions notified by the Central Government and listed on stock exchanges in such
jurisdictions, or (iii) is a subsidiary of such listed entities; it is not necessary to identify and verify
the identity of any shareholder or beneficial owner of such an entity
Explanation - For the purpose of this clause, the terms "Managing Director" and "Whole- time Director" shall have the meaning assigned to them in the Companies Act, 2013 (as amended from time to time, including any statutory modification(s) or re-enactment(s) thereof, for the time being in force).
Viii. “Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the SHDFC as per the provisions contained in the Act.
iX. “Digital Signature” shall have the same meaning as assigned to it in clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000(as amended from time to time, including any statutory modification(s) or re-enactment(s) thereof, for the time being in force).
X. “Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016 (as amended from time to time, including any statutory modification(s) or reenactment(s) thereof, for the time being in force).
Xi. "KYC identifiers" means unique number or code assigned to a customer by the Central KYC Records Registry
Xii. “Non-profit organizations” (NPO) means any entity or organization that is registered as a trust or a society under the Societies Registration Act, 1860 or any similar State legislation or a company registered under Section 8 of the Companies Act, 2013.
Xiii. "Officially Valid Document" (OVD) means
1.) Passport
Provided that,
a. where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India (UIDAI).
b. where the OVD furnished by the customer does not have updated address, the following documents or the equivalent e-documents there of shall be deemed to be OVDs for the limited purpose of proof of address: -
a. the customer shall submit OVD with current address within a period of three months of submitting the documents specified at ‘b’ above;
where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.
Explanation: For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.
Xiv. “Offline verification” shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016).
Xv. "Person" has the same meaning as defined in the Act and includes:
All other expressions unless defined herein shall have the same meaning as have been assigned to them under the Banking Regulation Act, 1949, the Reserve Bank of India Act, 1935, the Prevention of Money Laundering Act, 2002, the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and regulations made thereunder, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be.
The KYC policy of SHDFC include four key elements:
3.(i) Money Laundering and Terrorist Financing Risk Assessment.
SHDFC will apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. Further, SHDFC shall monitor the implementation of the controls and enhance them if necessary.
3.(ii) Designated Director
Designated Director” means a person designated by the RE to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules and shall be nominated by the Board. SHDFC has designated Director and CEO, as “Designated Director” located at our Corporate Office. Designated Director shall be responsible to ensure overall compliance with obligations imposed under Chapter IV of the Prevention of Money Laundering Act, 2002.
3.(iii) Principal Officer
SHDFC has designated, Head - Credit & Service as ‘Principal Officer' located at our Corporate Office. Principal Officer shall be responsible for ensuring compliance, monitoring transactions, sharing and reporting information as required under the Law/Regulations respectively.
3.(iv) Compliance of KYC Policy
SHDFC shall ensure compliance with KYC policy through:
To ensure compliance with company’s KYC policy, the company will undertaker the following steps:
3 (A) CUSTOMER ACCEPTANCE POLICY (CAP)
Without prejudice to the generality of the aspect that Customer Acceptance Policy may contain, SHDFC shall ensure that
• No account is opened in anonymous or fictitious/benami name.
• No account is opened where the SHDFC is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
• No transaction or account-based relationship is undertaken without following the CDD procedure.
• The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, is specified.
• Optional’/additional information is obtained with the explicit consent of the customer after the account is opened.
• SHDFC shall apply the CDD procedure at the UCIC level. Thus, if an existing KYC compliant customer of a SHDFC desires to open another account with SHDFC, there shall be no need for a fresh CDD exercise.
• CDD Procedure is followed for all the joint account holders, while opening a joint account.
• Circumstances in which, a customer is permitted to act on behalf of another person/entity, is clearly spelt out.
• Suitable system is put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.
• Where Permanent Account Number (PAN) is obtained, the same shall be verified from the verification facility of the issuing authority.
• Where an equivalent e-document is obtained from the customer, SHDFC shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000).
SHDFC shall ensure that the customer acceptance policy shall not result in denial of banking/financial facility to members of the general public, especially those, who are financially or socially disadvantaged.
3 (B) RISK MANAGEMENT
For Risk Management, SHDFC shall have a risk-based approach which includes the following.
i. SHDFC customers shall be categorized as low, medium and high-risk category, based on the assessment and risk perception of the Company.
ii. Risk categorization shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the clients’ business and their location etc. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
Provided that various other information collected from different categories of customers relating to the perceived risk, is non-intrusive and the same is specified in the KYC policy.
Explanation: FATF Public Statement, the reports and guidance notes on KYC/AML issued by the Indian Banks Association (IBA), guidance note circulated to all cooperative banks by the RBI etc., may also be used in risk assessment.
For the purpose of applying the guidelines for identification and underwriting of customers, they will be broadly divided into low, medium and high-risk categories as follows:
a. Low Risk: For the purpose of risk categorization, individuals and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, shall be categorized as low risk. Illustrative examples of low risk customers are:
b. Medium Risk: Individuals or entities whose source of wealth can be established through reference checks and verification and the loan amount is greater than 10 lacs shall be categorised as medium risk. Illustrative examples of medium risk customers are:
c. High Risk: Individuals or entities that pose a higher than average risk to the Company will be categorised as high-risk customers. This will be ascertained at the time of credit underwriting after looking at the customers background, nature of business/employment, predictability of cash flows etc. Illustrative examples of high-risk customers will be
Monitoring Risk Categorisation
A six monthly review will be carried out of all the loans to determine the changes in behavior of any loan vis-à-vis the initial risk categorization. This will be done in the month of April and October each year for all loans disbursed during the preceding twelve months. Accounts will be updated with the revised risk categorization based on a senior management review and approval from the COO/CEO. Whenever there is a change in the risk category of any client, the same will be communicated to him/her in writing/SMS within 30 days of making such a change.
3.(C) CUSTOMER IDENTIFCATION PROCEDURE (CIP)
(i) SHDFC shall undertake identification of customers in the following cases:
(a) Commencement of an account-based relationship with the customer.
(b) When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
(c) Selling third party products as agents, selling their own products, and any other product for more than rupees fifty thousand.
(d) When SHDFC has a reason to believe that a customer (account- based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand.
(e) SHDFC shall ensure that introduction is not to be sought while opening accounts.
(ii) For the purpose of verifying the identity of customers at the time of commencement of an accountbased relationship, SHDFC shall at their option rely on CDD done by a third party, subject to the following conditions:
(a) Records or the information of the customer due diligence carried out by the third party is obtained within two days from the third party or from the Central KYC Records Registry.
(b) Adequate steps are taken by the Company to satisfy itself that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
(c ) The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due-diligence and record-keeping requirements in line with the requirements and obligations under the Prevention of Money-Laundering Act.
(d) The third party shall not be based in a country or jurisdiction assessed as high risk.
The ultimate responsibility for CDD, including done by a third party and undertaking enhanced duediligence measures as applicable, shall rest with the SHDFC.
Following are the procedure for obtaining identification of customers:
Part 1: Customer Due Diligence (CDD) Procedure in case of Individuals
While undertaking CDD, SHDFC will obtain the following information from an individual while establishing an account based relationship with an 'individual ' or dealing with the individual who is a beneficial owner, authorized signatory or the power of attorney holder related to any legal entity:
a.) the Aadhaar number where
i) Customer is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or
ii) Customer decides to submit his Aadhaar number voluntarily to SHDFC notified under first proviso to sub-section (1) of section 11A of the PML Act; or
(aa) the proof of possession of Aadhaar number where offline verification can be carried out; or
(ab) the proof of possession of Aadhaar number where offline verification cannot be carried out or any OVD or the equivalent e-document thereof containing the details of his identity and address; and
b.) The Permanent Account Number (PAN) or Form No. 60 as defined in Income-tax Rules, 1962, as amended from time to time.
c.) Such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by the company.
Provided that where the customer has submitted,
i) Aadhaar number under clause (a) above to SHDFC notified under first proviso to sub-section (1) of section 11A of the PML Act, company shall carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India. Further, in such a case, if customer wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository, he may give a self-declaration to that effect to the SHDFC.
ii) Proof of possession of Aadhaar under clause (aa) above where offline verification can be carried out, SHDFC shall carry out offline verification.
iii) An equivalent e-document of any OVD, the RE shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issues thereunder and take a live photo as specified under Annex I.
iv) Any OVD or proof of possession of Aadhaar number under clause (ab) above where offline verification cannot be carried out, the company shall carry out verification through digital KYC as specified under Annex I.
Provided that for a period not beyond such date as may be notified by the Government for a class of company, instead of carrying out digital KYC, the company pertaining to such class may obtain a certified copy of the proof of possession of Aadhaar number or the OVD and a recent photograph where an equivalent edocument is not submitted.
Provided further that in case e-KYC authentication cannot be performed for an individual desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 owing to injury, illness or infirmity on account of old age or otherwise, and similar causes, SHDFC shall, apart from obtaining the Aadhaar number, perform identification preferably by carrying out offline verification or alternatively by obtaining the certified copy of any other OVD or the equivalent e-document thereof from the customer.
CDD done in this manner shall invariably be carried out by an official of the SHDFC and such exception handling shall also be a part of the concurrent audit as mandated in Section 8. SHDFC shall ensure to duly record the cases of exception handling in a centralized exception database. The database shall contain the details of grounds of granting exception, customer details, name of the designated official authorizing the exception and additional details, if any. The database shall be subjected to periodic internal audit/inspection by the SHDFC and shall be available for supervisory review.
Explanation 1: SHDFC shall, where its customer submits a proof of possession of Aadhaar Number containing Aadhaar Number, ensure that such customer redacts or blacks out his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required as per proviso (i) above.
Part 2: CDD Measures for Sole Proprietary Firms
For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out.
In addition to the above, any two of the following documents or the equivalent e-documents there of as a proof of business/ activity in the name of the proprietary firm shall also be obtained:
a. Registration certificate.
b. Certificate/license issued by the municipal authorities under Shop and Establishment Act.
c. Sales and income tax returns.
d. CST/VAT/GST certificate (provisional/ final).
e. Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
f. I.E.C (Importer Exporter Code) issued to the proprietary concern by the office of DGFT/License/certificate of Practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
g. Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax authorities. Utility bills such as electricity, water, and landline telephone bills.
In cases where the SHDFC is satisfied that it is not possible to furnish two such documents, SHDFC may at their discretion, accept only one of those documents as proof of business/activity.
Provided SHDFC undertake contact point verification and collect such other information and clarification as would be required to establish the existence of such firm, and shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern.
Part 3: CDD Measures for Legal Entities
1.) For opening an account of a company, one certified copy of each of the following documents shall be obtained:
a. Certificate of incorporation
b. Memorandum and Articles of Association
c. PAN of the company
d. A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf
e. One copy of an OVD containing details of identity and address, one recent photograph and PANs of Form 60 of the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf
2.) For opening an account of a partnership firm, one certified copy of each of the following documents shall be obtained:
a. Registration certificate
b. Partnership deed
c. PAN of the partnership firm
d. one copy of an OVD containing details of identity and address, one recent photograph and Permanent Account Numbers of Form 60 of the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf.
3.) For opening an account of a trust, one certified copy of each of the following documents shall be obtained:
a. Registration certificate
b. Trust deed
c. Permanent Account Number or Form No.60 of the trust
d. one copy of an OVD containing details of identity and address, one recent photograph and PANs of Form 60 of the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf.
4.) For opening an account of an unincorporated association or a body of individuals, one certified copy of each of the following documents shall be obtained:
a. Resolution of the managing body of such association or body of individuals
b. PAN or Form No.60 of the unincorporated association or a body of individuals
c. power of attorney granted to transact on its behalf
d. one copy of an OVD containing details of identity and address, one recent photograph and PANs of Form 60 of the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf identification information as mentioned under
e. Such information as may be required by the SHDFC to collectively establish the legal existence of such an association or body of individuals.
Explanation - Unregistered trusts/partnership firms shall be included under the term 'unincorporated association' and the term 'body of individuals, includes societies
5.) For opening accounts of juridical persons not specifically covered in the earlier part, such as Government its Departments, societies, universities and local bodies like village panchayats, one certified copy of the following documents shall be obtained:
a. Document showing name of the person authorized to act on behalf of the entity
b. Aadhaar/PAN/ OVD for proof of identity and address in respect of the person holding an attorney to transact on its behalf and
c. Such documents as may be required by the HFC to establish the legal existence of such an entity/juridical person.
Part-4: CDD Measures for Identification of Beneficial Owner
For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) shall be identified and all reasonable steps in terms of sub-rule 3 of Rule (9) of the Rules to verify his/her identity shall be undertaken keeping in view the following:
a. Where the customer or the owner of the controlling interest is a company listed on a stock exchange, or is a subsidiary of such a company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.
b. In cases of trust/nominee or fiduciary accounts whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary is determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained.
3 D. ON GOING DUE DILIGENCE
Monitoring of Transactions
On-going monitoring is an essential element of effective KYC procedures. Since, the Company is a housing finance company and all our loans are tenure based with a fixed/variable instalment paid through electronic clearing system (ECS/NACH) mandate or post-dated cheques, our monitoring structure will be relevant to our nature of operations. While unusually large cash transactions will be rare given that the maximum loan the company currently offers is Rs 50,00,000/-, the company will still pay special attention to all unusually large cash transactions relevant to its size of loans. Reporting for cash transactions especially for loan closures will be done and reviewed by the Management team periodically for identifying anomalies and to carry out due diligence if required as to source of funds or re-verifying identity of the borrower. Apart from this the Company will also carry out the following activities:
a. Risk categorization as is mentioned in this policy may be updated as and when required by the management.
b. In case of overdue/default accounts where there is scope for meeting or vetting the profile of this customer again, due diligence if found necessary will be carried out.
c. Subsequent to our sanction, during the period of part disbursement till full disbursement if any unusual transaction/development comes to our knowledge relating to money laundering the same will be verified and notified as required.
d. The Company will ensure that a record of transactions in the accounts is preserved and maintained as required in terms of Rule 3 of the PML (maintenance of records) Rules 2005. In terms of the provisions of Rule 8 of PML (maintenance of records) Rules 2005, the Company will ensure that transactions of suspicious nature as defined in Annexure II and/or any other type of transaction notified under section 12 of the PML Act, 2002 and sub-rule (1) of Rule 3 of the said Rules, is reported to the appropriate law enforcement authority (Director FIU-IND) within the prescribed time and such Form, as and when detected by our officials through the Principal Officer. The company however, will not be needing to submit “Nil” reports where there are no cash/suspicious transactions, during a particular period.
Periodic Updation
Periodic KYC updation shall be carried out at least once in every two years for high risk customers, once in every eight years for medium risk customers and once in every ten years for low risk customers as per the following procedure:
SHDFC shall carry out:
a.) PAN verification from the verification facility available with the issuing authority and
b.) Authentication, of Aadhaar Number already available with the SHDFC with the explicit consent of the customer in applicable cases.
c.) In case identification information available with Aadhaar does not contain current address an OVD containing current address may be obtained.
d.) Certified copy of OVD containing identity and address shall be obtained at the time of periodic updation from individuals except those who are categorized as 'low risk'. In case of low risk customers when there is no change in status with respect to their identities and addresses, a self certification to that effect shall be obtained.
In case of Legal entities, SHDFC shall review the documents sought at the time of opening of account and obtain fresh certified copies.
a.) SHDFC shall not insist on the physical presence of the customer for the purpose of furnishing OVD or furnishing consent for Aadhaar authentication unless there are sufficient reasons that physical presence of the account holder/holders is required to establish their bona-fides. Normally, OVD / Consent forwarded by the customer through mail/ post, etc., shall be acceptable.
b.) SHDFC shall ensure to provide acknowledgment with date of having performed KYC updation.
c.) The time limits prescribed above would apply from the date of opening of the account/ last verification of KYC.
Provided further that if a customer having an existing account-based relationship with SHDFC and gives in writing to the SHDFC that he does not want to submit his Permanent Account Number or equivalent e-document thereof or Form No.60, SHDFC shall close the account and all obligations due in relation to the account shall be appropriately settled after establishing the identity of the customer by obtaining the identification documents as applicable to the customer.
Explanation – For the purpose of this Section, “temporary ceasing of operations” in relation an account shall mean the temporary suspension of all transactions or activities in relation to that account by the SHDFC till such time the customer complies with the provisions of this Section.
4. ENHANCED AND SIMPLIFIED DUE DILIGENCE
Accounts of politically exposed person (PEPs)
SHDFC will ensure that:
a.) Sufficient information including information about the sources of funds, accounts of family members and close relatives is gathered on the PEP
b.) The identity of the person shall have been verified before accepting the PEP as a customer
c.) The decision to open an account for a PEP is taken at a senior level in accordance with the Customer Acceptance Policy
d.) All such accounts are subject to enhanced monitoring on an on-going basis
e.) In the event of in the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, senior management’s approval is obtained to continue the business relationship
f.) The CDD measures as applicable to PEPs including enhanced monitoring on an on-going basis are applicable.
These instructions shall also be applicable to accounts where PEP is the beneficial owner.
5. RECORD MANAGEMENT
The following steps shall be taken regarding maintenance, preservation, and reporting of customer account information, with reference to provisions of the Act and Rules. SHDFC shall,
a.) Maintain all necessary records of transactions between the SDFC and the customer, both domestic and international, for at least five years from the date of transaction
b.) Preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended
c.) Make available the identification records and transaction data to the competent authorities upon request
d.) Introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
e.) Maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
f. Evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities
g. Maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in hard or soft format.
6. Reporting Requirements to Financial Intelligence Unit - India
SHDFC shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), the information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof.
Explanation: In terms of Third Amendment Rules notified September 22, 2015, regarding amendment to sub-rule 3 and 4 of rule 7, Director, FIU-IND shall have powers to issue guidelines to the SHDFC for detecting transactions referred to in various clauses of sub-rule (1) of rule 3, to direct them about the form of furnishing information and to specify the procedure and the manner of furnishing information.
The reporting formats and comprehensive reporting format guide prescribed/released by FIU- IND and Report Generation Utility and Report Validation Utility developed to assist reporting entities in the preparation of prescribed reports shall be taken note of. The editable electronic utilities to file electronic Cash Transaction Reports (CTR) / Suspicious Transaction Reports (STR) which FIU-IND has placed on its website shall be made use of by SHDFC which are yet to install/adopt suitable technological tools for extracting CTR/STR from their live transaction data.
The Principal Officers of company, whose all branches are not fully computerized, shall have suitable arrangement to cull out the transaction details from branches which are not yet computerized and to feed the data into an electronic file with the help of the editable electronic utilities of CTR/STR as have been made available by FIU-IND on its website http://fiuindia.gov.in
While furnishing information to the Director, FIU-IND, a delay of each day in not reporting a transaction or delay of each day in rectifying a mis-represented transaction beyond the time limit as specified in the Rule shall be constituted as a separate violation. SHDFC shall not put any restriction on operations in the accounts where an STR has been filed. SHDFC shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.
SHDFC shall use robust software (currently accounting software) to generate automated reports which are scanned manually by a defined resource to check for any STR alerts.
7. REQUIREMENTS/OBLIGATIONS UNDER INTERNATIONAL AGREEMENTS - COMMUNICATIONS FROM INTERNATIONAL AGENCIES -
SHDFC shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967 and amendments thereto, they do not have any account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC).
The details of the two lists are as under:
i) The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of individuals and entities associated with the Al-Qaida. The updated ISIL &AlQaida Sanctions List is available at
ii) The “1988 Sanctions List”, consisting of individuals (Section A of the consolidated list) and entities (Section B) associated with the Taliban which is available at
Details of accounts resembling any of the individuals/entities in the lists shall be reported to FIUIND apart from advising Ministry of Home Affairs as required under UAPA notification dated March 14, 2019.
In addition to the above, other UNSCRs circulated by the Reserve Bank in respect of any other jurisdictions/ entities from time to time shall also be taken note of.
Freezing of Assets under Section 51A of Unlawful Activities (Prevention) Act, 1967
The procedure laid down in the UAPA Order dated March 14, 2019 shall be strictly followed and meticulous compliance with the Order issued by the Government shall be ensured.
Jurisdictions that do not or insufficiently apply the FATF Recommendations
a. FATF Statements circulated by Reserve Bank of India from time to time, and publicly available information, for identifying countries, which do not or insufficiently apply the FATF Recommendations, shall be considered. Risks arising from the deficiencies in the AML/CFT regime of the jurisdictions included in the FATF Statement shall be taken into account.
b. Special attention shall be given to business relationships and transactions with persons (including legal persons and other financial institutions) from or in countries that do not or insufficiently apply the FATF Recommendations and jurisdictions included in FATF Statements.
Explanation: The process referred to in the above Sections a & b do not preclude SHDFC from having legitimate trade and business transactions with the countries and jurisdictions mentioned in the FATF statement.
The background and purpose of transactions with persons (including legal persons and other financial institutions) from jurisdictions included in FATF Statements and countries that do not or insufficiently apply the FATF Recommendations shall be examined, and written findings together with all documents shall be retained and shall be made available to Reserve Bank/other relevant authorities, on request.
8. Other Measures
Secrecy Obligations and Sharing of Information:
a. SHDFC shall maintain secrecy regarding the customer information which arises out of the contractual relationship between the lender and customer.
b. Information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.
c. While considering the requests for data/information from Government and other agencies, SHDFC shall satisfy themselves that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in transactions.
d. The exceptions to the said rule shall be as under:
9. CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR)
a. Government of India has authorized the Central Registry of Securitization Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.
b. In terms of provision of Rule 9(1A) of PML Rules, the Company shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer.
c. Operational Guidelines for uploading the KYC data have been released by CERSAI.
d. SHDFC shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as per the KYC templates prepared for ‘Individuals’ and ‘Legal Entities’ (LEs), as the case may be. The templates may be revised from time to time, as may be required and released by CERSAI.
e. The ‘live run’ of the CKYCR started from July 15, 2016 in phased manner beginning with new ‘individual accounts’. Accordingly, Scheduled Commercial Banks (SCBs) are required to invariably upload the KYC data pertaining to all new individual accounts opened on or after January 1, 2017. The Company other than SCBs were required to start uploading the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017, with CKYCR in terms of the provisions of the Rules ibid.
f. The Company shall upload KYC records pertaining to accounts of LEs opened on or after April 1, 2021, with CKYCR in terms of the provisions of the Rules ibid. The KYC records have to be uploaded as per the LE Template released by CERSAI.
g. Once KYC Identifier is generated by CKYCR, the company shall ensure that the same is communicated to the individual/LE as the case may be.
h. In order to ensure that all KYC records are incrementally uploaded on to CKYCR, the Company shall upload/update the KYC data pertaining to accounts of individual customers and LEs opened prior to the above mentioned dates as per (e) and (f) respectively at the time of periodic updation as specified in Section 38 of this Master Direction, or earlier, when the updated KYC information is obtained/received from the customer.
i. Company shall ensure that during periodic updation, the customers are migrated to the current CDD standard.
j. Where a customer, for the purposes of establishing an account based relationship, submits a KYC Identifier to a Company, with an explicit consent to download records from CKYCR, then such company shall retrieve the KYC records online from the CKYCR using the KYC Identifier and the customer shall not be required to submit the same KYC records or information or any other additional identification documents or details, unless –
A Unique Customer Identification Code (UCIC) shall be allotted while entering into new relationships with individual customers as also the existing customers by the company.
10 REPORTING REQUIREMENT UNDER FOREIGN ACCOUNT TAX COMPLIANCE ACT (FATCA) AND COMMON REPORTING STANDARDS (CRS)
Under FATCA and CRS, SHDFC will adhere to the provisions of Income Tax Rules 114F, 114G and 114H and determine whether they are a Reporting Financial Institution as defined in Income Tax Rule 114F and if so, shall take following steps for complying with the reporting requirements:
a. Register on the related e-filling portal of Income Tax Department as Reporting Financial Institutions at the link https://incometaxindiaefiling.gov.in/ post login --> My Account --> Register as Reporting Financial Institution.
b. Submit online reports by using the digital signature of the 'Designated Director' by either uploading the Form 61B or 'NIL' report, for which, the schema prepared by Central Board of Direct Taxes (CBDT) shall be referred to.
Explanation – Company will refer to the spot reference rates published by Foreign Exchange Dealers' Association of India (FEDAI) on their website at http://www.fedai.org.in/RevaluationRates.aspx for carrying out the due diligence procedure for the purposes of identifying reportable accounts in terms of Rule 114H of Income Tax Rules.
c. Develop Information Technology (IT) framework for carrying out due diligence procedure and for recording and maintaining the same, as provided in Rule 114H of Income Tax Rules.
d. Develop a system of audit for the IT framework and compliance with Rules 114F, 114G and 114H of Income Tax Rules.
e. Constitute a "High Level Monitoring Committee" under the Designated Director or any other equivalent functionary to ensure compliance.
f. Ensure compliance with updated instructions/ rules/ guidance notes/ Press releases/ issued on the subject by Central Board of Direct Taxes (CBDT) from time to time and available on the website http://www.incometaxindia.gov.in/Pages/default.aspx and may take note of the following:
The above guidelines will be followed if these would be applicable to SHDFC.
11. Hiring of Employees and Employee training
(a) SHDFC shall ensure adequate screening mechanism as an integral part of their personnel recruitment/hiring process.
(b) On-going employee training programme shall be put in place so that the members of staff are adequately trained in AML/CFT policy. The focus of the training shall be different for frontline staff, compliance staff and staff dealing with new customers. The front desk staff shall be specially trained to handle issues arising from lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in AML/CFT policies of the SHDFC, regulation and related issues shall be ensured.
12. Adherence to Know Your Customer (KYC) guidelines by the company and persons authorised by the Company including brokers/agents etc.
(a) Persons authorized by the company and their brokers/agents or the like, shall be fully compliant with the KYC guidelines applicable to the Company
(b) All information shall be made available to the Reserve Bank of India to verify the compliance with the KYC guidelines and accept full consequences of any violation by the persons authorized by the Company including brokers/agents etc. who are operating on their behalf.
19. The specific activities and reporting responsibilities there of has been given in the table below: