Is it really that difficult to establish foolproof RBI KYC compliance process within Banks in India?

Reserve Bank of India (RBI) concluded its first round of investigation by announcing on June 10, 2013, financial penalties on the big 3 private sector banks. Penalties of INR 100 million+ imposed on all the 3 banks put together may not seem much. For these banks, what would remain unaccounted and expensive is the extent of their senior management’s bandwidth that would have got consumed during the last few months, since the first round of Cobrapost’s exposé in middle of March 2013.

RBI observed that though there wasn’t any case of actual money laundering which emerged, but there was all round flouting of Know Your Customer/Know Your Client (KYC) norms. Leaving aside the money laundering part, RBI essentially identified 4 different KYC gap areas, which Indian banks and financial institutions are advised to find solutions for. These areas of focus and possible solutions to plug these gaping holes in KYC compliance process are the matter of discussion in the post below:

sanctions-screening-solution

Gap # 1: Non-adherence to Know Your Customer/Know Your Client (KYC) norms for walk-in customers for bank’s own and third-party products

This is clearly a Customer Onboarding compliance issue that the headquartered compliance department of a bank or a financial institution may be crystal clear on. But it does get hazy by the time it reaches branch operations level, due to lack of disciplined and automated KYC compliance processes. To begin with, you may like to explore the specific answers to Customer Onboarding issues.

Collecting and just keeping away the ID and Address Proofs in files, by the banks or financial institutions is as bad as not collecting these at all. Further, not being able to identify their customers and without proper verifications, banks and financial institutions run the risks of dealing with money launderers, crime syndicates and terrorist networks. Additionally, foreign and domestic Politically Exposed Persons (PEPs), among the new and existing customers, need to be clearly identified. Finally, each of the ID and Address Proofs such as PAN, Aadhar Cards etc. collected, needs to be independently verified, ideally from their issuing authorities.
Banks and Financial Institutions would have to go beyond their transaction monitoring Anti-Money Laundering (AML) applications, to establish robust and automated Know Your Customer/Know Your Client (KYC) processes, which extend all the way to the remotest of their branch operations. To be able to undertake the above tasks, cost effective integrated tools similar to the following, which if made available to users across the entire branch network, would possibly fill the gaps that RBI has identified:

Gap # 2: Lack of following Customer Identification Program (CIP) of proper collection, capture and verification of ID proofs such as PAN Cards

Screening Against Sanctions, Watchlists & Embargo Lists
Politically Exposed Person (PEP) Search
Identity and Address Verification

Gap # 3: Inability to risk categorize customers and periodic review of risk profiling of account holders

Incidentally, implementing Risk Based Approach (RBA) by the banks and financial institutions also happens to be the # 1 recommendation, among the FATF’s 40 revised recommendations, published in February, 2012.

In my opinion, rough categorization of customers into high, medium and low money laundering and terrorism financing risk categories is open to human error and too cumbersome to periodically review, in order to ascertain updated risk profile of every customer. Between such periodic reviews, if some of the customers have moved into higher risk categories involving international dimensions, bank or a financial institution is likely get itself saddled with the burden of associated high risks, until the next periodic review.

Know Your Customer/Know Your Client (KYC), Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF) compliance risks that your bank or financial institution faces from your own customers is therefore worth monitoring on an ongoing basis. To be able to do that, you may like to explore Risk Assessment tool.

Gap # 4: Inadequate profiling of high-risk accounts including Non-Resident Accounts (NRO)

And finally, RBI had observed that in case of high-risk customers such as non-residents, banks have failed to designate their associated accounts as NRO. Enhanced due diligence (EDD) is required to be undertaken for high-risk customers and their associated accounts, to establish sources of funds and wealth. In case of legal entities, trusts and special purpose vehicles with complex ownerships, beneficial owners are required to be determined. Many of such relationships would require senior management approvals.
To manage such an array of complex tasks, workflows, permissions and approvals extending to the very top of a bank or a financial institution, and do it in a disciplined manner every time, technology tools such as Customer Due Diligence & Enhanced Due Diligence tool tend to become an absolute necessity.

As the RBI investigation casts a wider net across other private, public-sector banks and financial institutions, many more KYC compliance gaps are likely to be identified. Instead of waiting until the regulator knocks the door, proactive banks and financial institutions in India ought to quickly plug the holes sighted above. While on this exercise, they may like to use the opportunity to build a competitive advantage by establishing smoother business processes funneling their customers’ big data.