The RBI has amended the Master Directions on Know Your Customer (‘KYC’) (‘MD-KYC’) by way of Notification dated April 28, 2023 (‘Amendment’) bringing about several important changes to the KYC norms. The key changes brought about by the Amendment are set out below:
i. To align the MD-KYC with the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the Amendment provides for the following: (a) the threshold of ‘controlling ownership interest’ for the purpose of determination of ‘beneficial owner’ has been revised to 10 percent for companies and trusts; (b) where the customer or owner of the controlling interest is a listed entity (in India or in any other jurisdiction notified by the Central Government) or the subsidiary of such listed entity, the shareholder/ beneficial owner of such entities is not required to be identified or verified;
ii. Additional documents/ information is required to be submitted by companies, partnership firms and trusts as part of their customer due diligence process;
iii. Regulated entities (‘RE’) are allowed to utilise Aadhar one-time password (‘OTP’) based e-KYC for periodic updation of KYC;
iv. Additional obligations have been placed on REs in connection with identifying accounts of individuals and entities which are suspected to be involved in financing terrorism or any activity involving weapons of mass destruction. The Amendment also sets out the procedure for reporting and freezing of such accounts held with the REs;
v. Enhanced due diligence measures for non-face to face onboarding of customers have been prescribed which mandate verification of current address through positive confirmation and obtaining and verification of PAN details of the customer. Such customers are required to be categorized as high-risk and are to be subjected to enhanced monitoring until verification through face-to-face or video-customer identification process is done by the REs;
vi. Where accounts have been opened in non-face to face mode by Aadhar OTP based e-KYC, REs are mandated to send transaction related alerts only on the phone number of the customer registered with Aadhar, as a risk-mitigating measure; and
vii. The applicability of the requirement to allot a Unique Customer Identification Code while entering into new relationships with individual customers, which was earlier limited to banks and non-banking financial companies has now been extended to all RE.
The Amendment states that compliance with the instructions at paragraphs (i) and (ii) above for legacy accounts is to be done by the RE in a time bound manner.