RBI cautions public against frauds in the name of KYC updation

The Reserve Bank of India today cautioned members of the public against fraud in the name of KYC updation.

The modus operandi of such frauds, the RBI said, usually involves customers receiving unsolicited communications, including phone calls, SMS (short messaging service), and emails, through which victims are manipulated into revealing personal information, account details, or installing unverified apps through links provided in the messages.

The fraudsters generally employ tactics of creating a false urgency and threatening of account freezing/blocking/closure, if the customer fails to comply. When customers share essential personal or login details, fraudsters gain unauthorized access to their accounts and engage in fraudulent activities, said RBI. Members of the public are asked to immediately lodge a complaint on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or through the cybercrime helpline (1930), in case of financial cyber fraud.

RBI provides the following tips to the Public to safeguard themselves.

In the event of receiving any request for KYC updation, directly contact their bank/ financial institution for confirmation/ assistance, it said. The phone numbers of banks or financial institutions shall be obtained from the official website of the bank and not from the SMS or email message. Customers may also enquire with their bank branch to ascertain available modes/ options for updating KYC details.

RBI has also urged individuals to not share account login credentials, card information, PINs, passwords, and OTPs with anyone. Further, the RBI requested individuals to not share KYC documents or copies of KYC documents with unknown or unidentified individuals or organizations. It is also cautioned by the RBI that individuals should not share any sensitive data/ information through unverified/unauthorized websites or applications.

Banks are required to periodically update their customers’ KYC details under Know Your Customer (KYC) Norms /Anti-Money Laundering (AML) Standards/ Combating of Financing of Terrorism (CFT)/Obligation of banks under the Prevention of Money Laundering Act (PMLA), 2002.  As per the latest review and directives of RBI, periodic full KYC exercise will be required to be done for the following categories of customers.

Medium-risk individuals and entities: at least every eight years after the account is opened, a full KYC updating exercise (which includes the customer’s identification data and photograph/s) is required to be done.

High-risk category of individuals and entities:  at least every two years after the account is opened, a full KYC updating exercise (which includes the customer’s identification data and photograph/s) is required to be done.

In addition to the above actions as a part of their ongoing due diligence on customers’ accounts, banks are required to obtain positive confirmation (obtaining KYC-related updates through e-mail/letter/telephonic conversation/forms/interviews/visits, etc.),  at least every two years for medium risk and at least every three years for low-risk individuals and entities.   Fresh photographs are required to be obtained from minor customers upon becoming major.

The parameters of risk low, medium, and high-risk perception are defined in terms of the nature of business activity, location of the customer and his clients, mode of payments, volume of turnover, social and financial status, etc. Banks are at liberty to choose any suitable nomenclature like level I, level II, and level III instead of high-risk, medium-risk, or low-risk categories of customers. The salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government Departments and Government companies, regulators and statutory bodies, etc. whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, are classified as low-risk customers. The NPOs/NGOs promoted by the United Nations or its agencies are also classified as low-risk customers.

Low-risk category of individuals and entities: at least every ten years after the account is opened, a full KYC updating exercise (which includes collecting customer’s identification data and photograph/s) is required to be done.

Related articles:

1. What are CFT and FATF in banking?
2. What are the RBI norms for periodical updating of KYC?
3. What are core components of KYC/AML guidelines?
4. KYC documents for current accounts of all varieties
5. How to open bank accounts under e-KYC process?
6. What are the valid address proof documents for KYC?
7. What is relaxed KYC norm for proprietary concerns?
8. KYC/AML guidelines for opening bank account made simple
9. What is Central KYC Records Registry (CKYCR)?