The Dos and Don’ts of Using KYC Records for Reporting Entities

[et_pb_section admin_label=”section”] [et_pb_row admin_label=”row”] [et_pb_column type=”4_4″][et_pb_text admin_label=”Text”]

KYC (Know Your Customer) is a critical component in the financial sector as it helps prevent money laundering and terrorist financing. Reporting entities, such as banking institutions, financial institutions, intermediaries, and others, must follow specific obligations regarding the maintenance of KYC records. However, it’s essential to understand the dos and don’ts of using KYC records to ensure compliance with the law while protecting customer data.

Do: Maintain Records of KYC Documents

Reporting entities must maintain records of documents that identify the customer and beneficial owner, account files, and business correspondence relating to clients. These records must be kept confidential and preserved for five years from the date of the transaction between a client and the reporting entity. This ensures that the KYC information is readily available for auditing or regulatory purposes.

Don’t: Disclose KYC Information to Unauthorized Parties

KYC information is sensitive and should only be disclosed to authorized parties. Under Section 12 of the PMLA (Prevention of Money Laundering Act), every piece of information maintained, furnished, or verified, except for those provided under any law, must be kept confidential. Therefore, reporting entities must ensure that their employees and contractors understand and adhere to the confidentiality of KYC information.

Do: Verify the Beneficial Owner

A beneficial owner is an individual who ultimately owns or controls a client of a reporting entity or the person on whose behalf a transaction is being conducted. Reporting entities must identify the beneficial owner, if any, of their clients as prescribed by the law. KYC records should include documentation evidencing the identity of the beneficial owner, account files, and business correspondence relating to the client.

Don’t: Proceed With Transactions If the Client Fails to Fulfill the Conditions

Reporting entities must perform a certain level of due diligence before indulging in any client transaction. If a client fails to meet the necessary conditions, the reporting entity must not proceed with the transaction. Additionally, if any specified transaction or series of transactions undertaken by a client is considered suspicious or likely to involve proceeds of crime, the reporting entity must increase future monitoring of the business relationship with the client, including greater scrutiny of transactions in such a way as prescribed by the law.

Do: Develop an Internal Mechanism to Provide Prescribed Information

The Finance Act of 2019 allows directors to request any records from reporting entities. To provide such information, every banking company, financial institution, and intermediary may develop an internal mechanism for providing prescribed information in the manner and at the intervals specified by their regulators. This ensures that reporting entities can provide information promptly when required.

Don’t: Neglect to Monitor Clients Regularly

Reporting entities must monitor clients regularly to prevent money laundering and terrorist financing. They should categorize clients based on perceived risk levels and conduct due diligence accordingly. PEPs (Politically Exposed Persons) of foreign origin, customers who are close relatives of PEPs, accounts of which a PEP is the ultimate beneficial owner, non-face-to-face customers, and those with dubious reputations, according to public information, require extra monitoring. Regular monitoring will help reporting entities stay vigilant and identify suspicious transactions or patterns of activity.

Do: Adhere to the Minimum Standards of Client Due Diligence

The Prevention of Money Laundering 2005 rules lays down the minimum standards of client due diligence for reporting entities. They must verify the identity of the clients, obtain information on the purpose and intended nature of the business relationship, determine whether a client is acting on behalf of a beneficial owner, and identify the beneficial owner. They must also take all steps to verify the identity of the beneficial owner.

Don’t: Neglect the KYC Process

The KYC process is critical in preventing money laundering and terrorist financing. Reporting entities must not neglect the KYC process or treat it as a mere formality. They must take a risk-based approach to customer due diligence and continually assess the risk profile of their clients. This includes conducting enhanced due diligence for high-risk clients, monitoring transactions, and filing suspicious transaction reports promptly.

Do: Train Employees on KYC Obligations

Reporting entities must train their employees on the importance of KYC and the relevant laws and regulations. This includes educating employees on the importance of verifying the identity of clients, the purpose and intended nature of the business relationship, and identifying the beneficial owner. Employees must also understand the importance of maintaining the confidentiality of KYC information and the penalties for non-compliance.

Don’t: Rely on Third-Party KYC Checks Alone

Reporting entities should not rely solely on third-party KYC checks to fulfill their obligations. While third-party checks can be helpful, they are not a substitute for the reporting entity’s due diligence. Reporting entities must conduct their own due diligence and ensure that the information provided by third parties is reliable and accurate.

Do: Review and Update KYC Policies and Procedures Regularly

KYC policies and procedures must be reviewed and updated regularly to reflect changes in laws, regulations, and industry best practices. Reporting entities must ensure that their policies and procedures are effective in identifying and preventing money laundering and terrorist financing and that they comply with all applicable laws and regulations.

Don’t: Assume KYC Information is Accurate

Reporting entities must not assume that KYC information provided by clients is accurate. They must verify the information through reliable and independent sources. This includes verifying the identity of clients, obtaining information on the purpose and intended nature of the business relationship, and identifying the beneficial owner. Reporting entities must also take steps to verify the identity of the beneficial owner and ensure that the information provided is reliable and accurate.

In conclusion, reporting entities must maintain records of KYC documents, verify the beneficial owner, develop an internal mechanism to provide prescribed information, adhere to the minimum standards of client due diligence, and train employees on KYC obligations. They must also review and update their KYC policies and procedures regularly, monitor clients regularly, and avoid neglecting the KYC process. Reporting entities must not disclose KYC information to unauthorized parties, proceed with transactions if the client fails to fulfill the conditions, neglect to monitor clients regularly, rely solely on third-party KYC checks, or assume KYC information is accurate. By following these dos and don’ts, reporting entities can ensure compliance with the law while protecting customer data.

---

---

---

Related Articles

---

---

[/et_pb_text][/et_pb_column] [/et_pb_row] [/et_pb_section]