What are the RBI norms for periodical updating of KYC?

Banks are required to periodically update their customers’ KYC details under Know Your Customer (KYC) Norms /Anti-Money Laundering (AML) Standards/ Combating of Financing of Terrorism (CFT)/Obligation of banks under Prevention of Money Laundering Act (PMLA), 2002.  As per latest review and directives of RBI, periodic full KYC exercise will be required to be done for the following categories of customers

Low risk category of individuals and entities: at least every ten years after the account is opened, full KYC updating exercise (which includes collecting customer’s identification data and photograph/s) required to be done.

Medium risk individuals and entities: at least every eight years after the account is opened, full KYC updating exercise (which includes customer’s identification data and photograph/s) required to be done.

High risk category of individuals and entities:  at least every two years after the account is opened, full KYC updating exercise (which include customer’s identification data and photograph/s) required to be done.

In addition to the above actions as a part of their ongoing due diligence on customers’ accounts, banks are required to obtain positive confirmation (obtaining KYC related updates through e-mail/letter/telephonic conversation/forms/interviews/visits, etc.),  at least every two years for medium risk and at least every three years for low risk individuals and entities.   Fresh photographs required to be obtained from minor customer on becoming major.

The parameters of risk low, medium and high risk perception are  defined in terms of the nature of business activity, location of customer and his clients, mode of payments, volume of turnover, social and financial status etc. Banks are at liberty to choose any suitable nomenclature like level I, level II and level III instead of high risk, medium risk or low risk categories of customers. The salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government Departments and Government owned companies, regulators and statutory bodies etc. whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, are classified as low risk customers. The NPOs/NGOs promoted by United Nations or its agencies are also classified as low risk customers.

Customers who may  likely to pose a higher than average risk to the bank are categorised as medium or high risk depending on customer’s background, nature and location of activity, country of origin, sources of funds and  customer’s client profile, etc. For example, accounts of bullion dealers (including sub-dealers) & jewelers are categorized as high risk customers in view of the risks involved in their cash intensive businesses. Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher parameter.

Other examples of customers requiring higher due diligence are;

(a) Non­resident customers;

(b)High net worth individuals;

(c) trusts, charities, NGOs and organizations receiving donations;

(d) Companies having close family shareholding or beneficial ownership;

(e)  Firms with ‘sleeping partners’;

(f) Politically exposed persons (PEPs) of foreign origin, customers who are close relatives of PEPs and accounts of which PEP is the ultimate beneficial owner;

 (g) Non-face to face customers and

(h) Those with dubious reputation as per public information available etc.

The above types of customers are categorized as medium or high risk customers based on the risk assessment of the bank, especially those for whom the sources of funds are not clear.

Related articles:

What are CFT and FATF in banking?

What is Money Laundering?
What are core components of KYC/AML guidelines?

KYC documents for current accounts of all varieties
How to open bank accounts under e-KYC process?
What are the valid address proof documents for KYC?
What is relaxed KYC norm for proprietary concerns?
KYC/AML guidelines for opening bank account made simple

What is Central KYC Records Registry (CKYCR)?