What is Customer Due Diligence (CDD) under AML risk management in Banks?

In the realm of risk management and compliance, Customer Due Diligence (CDD) is a pivotal player. The Customer Due Diligence meaning, often abbreviated as CDD, is a process that financial institutions, businesses, and other organisations use to gather information about their customers and clients to identify and mitigate risks such as money laundering, financing terrorism, and other illicit activities. There is no minimum investment threshold or category exemption available for Reporting Entities carrying out Customer Due diligence CDD measures prescribed under the PMLA and PML Rules.

The principal officer of a Reporting Entity is under an obligation to supply information relating to suspicious transactions (in the form of STRs) to the office of the director of the FIU no later than seven working days after being satisfied that the transaction is suspicious. The Financial Intelligence Unit – India (FIU-IND) is the central, national agency responsible for receiving, processing, analyzing, and disseminating information relating to suspect financial transactions to enforcement agencies and foreign FIUs.Reporting Entity shall keep records and inform the Authority about suspicious transactions. The director can call for records and information from the reporting entity. No civil liability on the reporting entity if they report suspicious transactions.

Section 2[(wa) of PMLA Act 2002, states that a  “reporting entity” means a banking company, financial institution, intermediary, or a person carrying on a designated business or profession. The Ministry of Finance vide notification dated May 03, 2023 (‘Notification’) has widened the ambit of the term “Reporting Entity” as defined in Section 2(1)(wa), read with sec. 2 (1)(sa) of the Prevention of Money Laundering Act, 2002 (‘PMLA’). Under the above notification, the practicing corporate professionals (CAs, CSs, CMAs) are considered as reporting entities, if the said corporate professionals are carrying certain “financial transactions” on behalf of their clients. India has not enacted any special legislation for the governance of cryptocurrencies.  However, the PMLA has been amended by Notification (No. S.O. 1072(E) dated March 7, 2023), including intermediaries trading in Virtual Digital Assets (“VDAs”) and further qualifying them as Reporting Entities.  Further, it was clarified that “virtual digital asset” shall have the same meaning assigned to it in clause 47(A) of Section 2 of the Income Tax Act, 1961.

The Reporting Entities are required to conduct ongoing diligence on the client, and closely examine transactions to ensure that they are consistent with their knowledge of the client, the client’s business and risk profile, and, where necessary, the source of funds.  Furthermore, the Reporting Entity shall review the due diligence measures, including verifying again the identity of the client and obtaining information on the purpose and intended nature of the business relationship where there are suspicions of money laundering or financing of activities relating to terrorism, or where there are doubts about the adequacy or veracity of previously obtained client identification data.  Furthermore, the nature and extent of CDD depend on parameters such as the customer’s identity, social/financial status, the nature of the business activity, and information on the customer’s business and their location, etc., to enable the categorisation of customers into low, medium and high risk.

SEBI-registered intermediaries are generally required to apply enhanced CDD for high-risk customers, i.e. those for whom the sources of funds are not clear (clients of special category).  These include Non-resident clients, High net worth clients, Trusts, Charities, NGOs, and organisations receiving donations. CDD applies to Companies having close family shareholdings or beneficial ownership, PEPs of foreign origin, Current/former Heads of State, current or former senior high-profile politicians, and connected persons (immediate family, close advisers, and companies in which such individuals have interest or significant influence), Companies offering foreign exchange offerings, Clients in high-risk countries (where existence/effectiveness of money laundering controls is suspect, where there is unusual banking secrecy, countries active in narcotics production, countries where corruption (as per the Transparency International Corruption Perception Index) is highly prevalent, countries against which government sanctions are applied, countries reputed to be any of the following: havens/sponsors of international terrorism; offshore financial centers; tax havens; and countries where fraud is highly prevalent. Such enhanced requirements include Non-face-to-face clients, Clients with dubious reputations as per public information available, etc.

Such enhanced CDD requirements include, among other things, taking additional steps to verify the client’s identity, examining ownership and financial position, the names of the senior management personnel or partners, and the registered office address and principal place of business, identifying the sources of the client’s funds, and recording the purpose of the transaction and the intended nature of the relationship between the transaction parties.  Clients must update the Reporting Entities with any changes in the information provided.

Reporting entity to maintain records:

Every reporting entity shall maintain a record of all transactions, including information relating to transactions in such manner as to enable it to reconstruct individual transactions and furnish to the Director within such time as may be prescribed, information relating to such transactions, whether attempted or executed, the nature and value of which may be prescribed. The record of documents maintained evidencing the identity of its clients and beneficial owners as well as account files and business correspondence relating to its clients.

The PMLA and PML Rules prescribe the manner and period in which Reported Entities are required to maintain records.  Reporting Entities are mandated to keep the information relating to the transaction for five years from the transaction date between a client and the Reporting Entity.  Records relating to the identity of clients and beneficial owners, as well as account files and business correspondence, must be maintained for five years after the business relationship between the client and Reporting Entity has ended or the account has been closed, whichever is later.

The RBI Master Direction and SEBI AML Guidelines mandate maintenance of “utmost confidentiality” in the filing of STRs with the FIU, and Reporting Entities are mandated to ensure that there is no tipping-off to the customer at any level.

The principal officer must also supply information in respect of cash transactions (individual or connected) of the Prescribed Value, receipts by NPOs of more than the Prescribed Value, counterfeit currency transactions, and cross-border wire transfers of a value of more than INR 500,000 every month to the FIU by the 15th day of the following month.

Related Posts:

Related Post: