What are deficiencies in regulatory and KYC compliances for which banks pay penalties?

Regulatory compliance aims to ensure the bank operates within regulation, safeguarding its integrity and industry reputation. The function oversees multiple duties: protecting bank data, avoiding government fines, avoiding tax evasion, complying with KYC guidelines, monitoring and reporting anti-money laundering activities, assessing risks, and ensuring zero violation of banking ethics.

Following are the few cases where RBI had imposed heavy penalties on Banks.

1. The penalty has been imposed for non-compliance with regulatory directions on ‘Loans and Advances – Statutory and Other Restrictions’ and ‘Guidelines on Management of Intra-Group Transactions and Exposures’.
2. The penalty has been imposed for non-compliance with regulatory directions and sanctioned a term loan to a Corporation in lieu of or to substitute budgetary resources envisaged for certain projects, without undertaking due diligence on the viability and bankability of the projects to ensure that revenue streams from the projects were sufficient to take care of the debt servicing obligations, and the repayment/servicing of which was made out of budgetary resources.
3. Bank was penalized for contravention of sub-section (1) of Section 20 of the Banking Regulation Act, 1949 (the BR Act) read with directions issued by RBI on ‘Loans and Advances-Statutory and Other restrictions’, sub-section (2) of Section 6 and Section 8 of the BR Act read with directions issued by the RBI on ‘Financial Services provided by the Banks’, and non-compliance with the RBI directions on ‘Frauds classification and reporting by commercial banks and select Fls’ the RBI circular read. According to the apex bank notification the Bank had sanctioned/committed loans to companies in which two of its directors were also directors. The bank had marketed and engaged in the sale of non-financial products and failed to report the fraud to RBI within the prescribed timelines.
4. The Reserve Bank also imposed a monetary penalty on a Bank for non-compliance with RBI Directions on “Managing Risks and Code of Conduct in Outsourcing of Financial Services by Banks”, “Recovery Agents engaged by Banks”, “Customer Service in Banks”, and “‘Loans and Advances – Statutory and Other Restrictions’”. The banking regulator said the bank levied interest from the disbursement due date instead of the actual date of disbursement, contrary to the terms and conditions of sanction, and levied foreclosure charges despite there being no clause in the loan agreement for levy of prepayment penalty on loans recalled/foreclosure initiated by the bank.
5. A Bank has been penalised as the bank failed to obtain an annual declaration in Form B from one of its major shareholders, within one month of the close of the three financial years and furnish certificates to RBI regarding the continuance of the ‘fit and proper’ status of the shareholder.
6. Bank allowed operation in several accounts that were opened using OTP-based e-KYC in a non-face-to-face mode even after the expiry of one year without conducting customer due diligence procedures.
7. The bank opened several savings accounts in the name of customers who were not eligible to maintain savings deposit accounts.
8. RBI found the bank failed to credit the eligible amount to the Depositor Education and Awareness Fund within the period prescribed under the Banking Regulation Act. According to RBI regulations, banks must identify accounts with no customer-initiated transactions for over 10 years and transfer the credit balance in such accounts to the Depositors Education and Awareness Fund (DEAF).
9. According to RBI’s August 2021 circular on ‘Monitoring Availability of Cash at ATMs’, a flat penalty of ₹10,000 per ATM would be imposed on an ATM operator if an ATM is cash-out for more than 10 hours in a month. There was no allowance for non-replenishment of ATMs due to unforeseen circumstances.
10. The Reserve Bank of India (RBI) has, by an order dated June 25, 2019, imposed monetary penalties on four banks for non-compliance with certain provisions of directions issued by RBI on Know Your Customer (KYC) norms / Anti Money Laundering (AML) Standards and Opening of Current Accounts, which includes failure to obtain adequate documents for opening accounts, failure to carry out identification procedures, and failure to examine the control structure of entities.

The process of identification of person/s or natural person/s behind an entity before opening an account   is guided by:

• Know Your Customer (KYC) norms
• Anti-Money Laundering (AML) standards
• combating financial terrorism
• Prevention of Money Laundering Act 2002.

Who does the Bank treat as their customers?

The following types of persons/entities/beneficiaries are treated as customers of a Bank under KYC guidelines.

1.  A person or an entity maintaining an account and or having business with any branches of the bank or

2. On whose behalf of the account is maintained (Beneficial Owner) at any branches of the bank  or

3. The beneficiaries’ transactions conducted by professional intermediaries like stock brokers, Charted Accountants, and official

4. liquidators, Solicitors, etc., as permitted by the law. or

5. Any person or entity connected with a financial transaction, which can pose significant reputation or other risks to the bank like the issue of high-value demand draft as a single transaction.

The KYC guidelines have two core components:

• Identity
• Address of the customers                                                                                             

In terms of KYC/AML guidelines, the bank should always hold officially valid documents (OVDs) like an Aadhar card, Voter ID, PAN card, Driving License, Passport, and NREGA Job card.  If official valid documents (OVDs) are submitted by the customer which contain both proofs of identity and proof of address then that single document itself is sufficient for proof of identity and proof of address. In case a customer categorised as low risk is unable to submit the KYC documents due to genuine reasons, she/he may submit the documents to the bank within a period of six months from the date of the opening account. In the case of a customer, categorised as ‘low risk’ by the banks, who does not have any of the ‘officially valid documents’ mentioned above, banks may still open his/her account by obtaining any one of the following documents:

(a.)  identity card with applicant’s photograph issued by Central/State Government Departments, Statutory/Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, and Public Financial Institutions;

(b.) The letter issued by a gazetted officer, with a duly attested photograph of the person.

(c) KYC verification of all the members of Self Help Groups (SHGs) is not required while opening the savings bank account of the SHG and KYC verification of only the officials of the SHGs would suffice. No separate KYC verification is needed at the time of credit linking the SHG.

(d) Foreign students have been allowed a time of one month for furnishing the proof of local address.

Periodical updating:

In addition to examining the OVDs of the new customers, banks have to carry out the ongoing due diligence of existing clients. This is to ensure that the transactions are consistent with the bank’s knowledge of the client, his business, the source of funds, and the risk profile. While identity/legal name remains the same, the principal place of business, mailing address, telephone, fax nos. e-mail address, etc. may change. For this purpose of carrying out client due- diligence by the banks, it is obligatory on the part of existing customers of the bank to submit KYC documents to the bank at an interval of two/eight/ten years correspondingly in respect of high/medium/low-risk clients. The risk profile (high/medium/low) assignment is done by the bank at the time of opening of account based on rules specified under KYC/AML guidelines.

What happens if the existing customer does not revive the account?

As per extant regulations, if a customer is not submitting KYC documents to the bank at an interval of two/eight/ten years as the case may be despite repeated reminders from the bank, banks are free to impose ‘partial freezing’ of the account. Banks freeze the account in a phased manner, that is after giving due notice of three months initially to the customers to comply with KYC requirements and followed by a reminder for a further period of three months. In the meantime, the account holders can revive accounts by submitting the KYC documents as per instructions in force. Thereafter, banks may impose ‘partial freezing’ by allowing all credits and disallowing all the debit entries with the freedom to close the accounts. If the accounts are still KYC non-compliant after six months of imposing initial ‘partial freezing’ banks may disallow all debits and credits from/to the accounts, rendering them inoperative. Further, it would always be open to the bank to close the accounts of such customers.

As per RBI notification, the physical presence of the clients may, however, not be insisted upon at the time of such periodic.

Original post on July 19, 2014, updated on 13.10.2023

Related article:

1. What are CFT and FATF in banking?

2. What are the RBI norms for periodical updating of KYC?

3. What are core components of KYC/AML guidelines?

4. KYC documents for current accounts of all varieties

5. How to open bank accounts under e-KYC process?

6. What are the valid address proof documents for KYC?

7. What is relaxed KYC norm for proprietary concerns?

8. KYC/AML guidelines for opening bank account made simple

9. What is Central KYC Records Registry (CKYCR)?