Know Your Customers (KYC) – CS Professional Study Material

April 17, 2023 / CS Professional / By

Chapter 5 Know Your Customers (KYC) – Secretarial Audit Compliance Management and Due Diligence ICSI Study Material is designed strictly as per the latest syllabus and exam pattern.

Know Your Customers (KYC) – Secretarial Audit, Compliance Management and Due Diligence Study Material

Question 1.
Describe the difference between C-KYC & E-KYC. (Dec 2019, 5 marks)
Answer:
C- KYC stands for Central KYC which provide the uniform norms and inter-usability. The central KYC registry across all financial sectors has been set up as a depository for KYC records. This new process, without asking customers to provide multiple KYC undertakings will help banks, mutual funds, brokerage firms and depository participants offer services. After complying with the new CKYC norms, a unified customer identification code is generated, and which is used whenever KYC is required. This initiative has been started for the purpose of centralising and streamlining KYC process and also to avoid the duplication of KYC and less scope of forgery. The government has authorised the Central Registry of Securitization Asset Reconstruction and Security Interest of India (CERSAI) for performing the functions of Central KYC Records Registry (CKYCR), also the duty of receiving the details and safely storing them and retrieving the KYC records in the digital form of a ‘client’.

Earlier customers have to provide KYC documents separately to every financial institution but after the introduction of one-time centralisation process CKYC, customers will only have to complete the process once and it can be used for all different processes like opening savings bank accounts, buying life insurance or investing in mutual fund products.

E-KYC stands for electronic KYC. The service of e-KYC can only be used by those who have Aadhar numbers. Customers by their own consent needs to authorize their Unique Identification Authority of India (UIDAI), to reveal their identity or address information through biometric authentication to their respective bank branches or business correspondent (BC). After this the UIDAI sends the customer’s data comprising of customer name, age, gender, and photograph electronically to the bank. It is a valid process for KYC verification and under Prevention of Money Laundering (PML) Rules, information provided under e-KYC process will be considered as a ‘Valid Document’.

Know Your Customers (KYC) - CS Professional Study Material

Question 2.
What are the essential elements of KYC guidelines? (Dec 2014, 3 marks)
Answer:
The RBI made the Know Your Customer (KYC) Norms/Anti-Money Laundering (AML) Measures/Combating of Financing of Terrorism (CFT) guidelines to:

  • Prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities, or for routing of funds gained from legal means into illegal activities.
  • Enable banks to know/understand their customers and their usual financial needs and patterns of dealings better, which in turn help the banks to better manage their risks.

Key elements of KYC

  • Customer Acceptance Policy;
  • Customer Identification Procedures;
  • Monitoring of Transactions; and
  • Risk Management.

All information collected by banks from the customer for the purpose of KYC is to be treated as confidential and details thereof are not to be disclosed for any other purposes.

Question 3.
State the obligation of banks on KYC policy as per guidelines issued by Reserve Bank of India. (June 2017, 5 marks)
Answer:

  • The Know Your Customer (KYC) guidelines prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering or for funding of terrorist activities.
  • They also empower banks by helping them understand their customers and their financial dealings better, which in turn helps them in managing their own risks prudently and timely.
    Under these guidelines the obligations of banks are as under:
  • Banks are to keep the KYC information confidential and are strictly barred from cross selling or any similar actions. Banks are also to ensure that the information they seek is relevant according to the risk profile of the customer and is not intrusive.
  • Banks should ensure that any remittance of funds by any mode and issue of travellers’ cheques for value of Rupees fifty thousand and above is done by way of a direct debit to the customer’s account or against cheques and in no case against cash payment(s).
  • Banks should strictly follow the provisions.

Question 4.
How does Enhanced Due Diligence (EDD) in KYC differ from Customer Due Diligence (CDD) in KYC ? (June 2019, 5 marks)
Answer:
Customer Due Diligence (CDD) refer to identifying and verifying the customer and the beneficial owner, CDD refers to the monitoring of clients and their activities to see if the client does not change its status over time. For example changes in the signatory of the account, changes in the partners, changes in the object, changes in the source of income, revenue etc. hence without CDD the services provider would not know that there is changes in the ownership.

Whereas the Enhanced Due Diligence (EDD) refers to a rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customers identity; understand and test the customers profile, business and account activity identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational .risk and ensure regulatory compliance.

Know Your Customers (KYC) - CS Professional Study Material

Question 5.
You are appointed as Compliance Officer of the company. One of the foreign investor in the company is hesitating to provide personal data during the KYC saying that KYC is a risky process and data can be misused by someone. Prepare the list of risks involved in the KYC process. (June 2019, 5 marks)
Answer:
The objectives of conducting KYC is to prevent the corporate vehicles from being used intentionally or unintentionally, by criminal elements for illicit purposes such as money laundering activities, fraud, bribery and corruption, shielding assets from creditors, illicit tax practices, market fraud, terrorist funding and avoiding future risk. The KYC related procedures also enable an institution to better understand their customers and their financial dealings. This helps in managing associated risks prudently.
There are different types of risk involved in the proper implementation of KYC:

  1. Reputational Risk like entering into fraudulent transaction and later on the public come to know about it, this would create a serise of insecurity among the public.
  2. Operational Risk is a risk of loss due to failed internal processes, poor documentation, litigation, disputes and due diligence, people and systems or also from external events.
  3. The Risk that arises legally in case where any client gets involved with any illegal activity, it will also attract penalties and adjudications on the professional.
  4. Financial Risks If any professional without complying with KYC norms, provides its services relating to certification or declarations and the financial institution gives loan to a customer and later the bank fails to identify the customer, then it will be hard for the bank to retrieve its money.

Question 6.
Prepare a checklist of documents required for KYC of Proprietorship & Partnership. (Dec 2019, 5 marks)
Answer:
Sole Proprietary Firm:
1. For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out.
2. Any two of the following documents or the equivalent e-documents there of as proof of business/activity in the name of the proprietary firm.
(a) Registration certificate
(b) Certificate/licences issued by the municipal authorities under Shop and Establishment Act
(c) Sales Tax and income tax returns
(d) CSTA/AT/GST certificate (provisional/final)
(e) Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities
(f) IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT Or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute
(g) Complete Income Tax Return (not just the acknowledgment) in the . name of the sole proprietor where the firm’s income is reflected, duly authenticated/acknowledged by the Income Tax authorities.
(i) Utility bills such as electricity, water, and landline telephone bills.
(ii) If the bank is satisfied that it is not possible to furnish two such documents, at its discretion, accept only one of those documents as proof of business/activity subject to field verification of the authenticity of address and business activity.
Provided REs undertake contact point verification and collect such other information and clarification as would be required to establish the existence of such firm, ana shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern.

Account of a Partnership firm
Certified copies or the equivalent e-documents thereof of
(a) Registration certificate;
(b) Partnership deed;
(c) Permanent Account Number of the partnership firm;
Documents, as specified in Section 16 of the Master Directions, relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney to transact on its behalf.

Know Your Customers (KYC) - CS Professional Study Material

Question 7.
The continued adoption of web, mobile, cloud and social media technologies by the companies has increased opportunities for attackers for online frauds. Explain various types of online frauds. (Dec 2020, 5 marks)
Answer:
Types of Online Frauds:

  • Hacking
  • Phishing
  • Pharming
  • Vishing
  • Smishing
  • Debit card skimming
  • Computer viruses
  • Counterfeit instruments

Question 8.
State the procedure of KYC of directors in Form DIR-3 and mention the consequence of non-compliance in this regard. (KYC stands for ‘Know Your Customer’ or ‘Know Your Client’). (Dec 2020, 5 marks)
Answer:
Directors KYC [Section 12A of Companies (Appointments and Qualifications of Directors) Rules, 2014:
Every individual who holds a Director Identification Number (DIN) as on 31s1 March of a financial year as per these rules, shall, submit e-form DIR-3 KYC for said financial year to the Central Government on or before 30th, September of immediate next financial year.
Provided that every individual who has already been allotted a Director | Identification Number (DIN) as at 31st March, 2018, shall submit e-form DIR-3 KYC on or before 5th October, 2018.
Provided further that where an individual who has already submitted e-form DIR-3 KYC in relation to any previous financial year, submits web-form DIR-3 KYC-WEB through the web service in relation to any subsequent financial year it shall be deemed to be compliance of the provisions of this rule for the said financial year:

Provided also that in case an individual desires to update his personal mobile number or the e-mail address, as the case may be, he shall update the same by submitting e-form DIR-3 KYC only.
Provided also that fees for filing e-form DIR-3 KYC or web-form DIR-3 ; KYC-WEB through the web service, as the case may be, shall be payable as provided in Companies (Registration Offices and Fees) Rules, 2014.
Note: For the financial year ending on 31st March 2019, the individual shall submit e-form DIR-3 KYC or web form DIR-3 KYC-WEB, as the case may be, on or before the 14th October, 2019.

The consequences of Non-Compliances are as under:
(a) If director fails to file DIR-3 KYC, the MCA21 system will mark all approved DINs (allotted on or before 31st March, 2018) against which DIR-3 KYC form has not been filed as ‘Deactivated’ with reason as ‘Non¬filing of DIR-3 KYC.
(b) MCA has notified ‘Nil Fee’ and ‘late Fee of ₹ 5,000 (Applicable after the due date) for Filing e-Form DIR-3 KYC under rule 12A of the Companies (Appointment and Qualification of Directors) Rules, 2014.

Question 9.
A to Z & Co. of qualified Company Secretaries is a recently set up professional firm. Tej, the Managing Partner wants to understand the criteria to be adopted by a professional as per KYC norms. Outline the key elements for incorporating KYC Policies. Also, explain any six important points in proper implementation of KYC. (Aug 2021, 5 marks)
Answer:
Suggested criteria to be adopted by Professional as KYC Norms Generally, the KYC policies incorporating the following four key elements:

  • Client Acceptance Policy;
  • Client Identification Procedures;
  • Client Monitoring Mechanism; and
  • Risk management.

These are suggested measures, to be adopted by the professional while dealing with client and undertaken any assignment from a client/ prospective client. As a Code for good practice every professional should ensure that no fraud has been take place due to adoption of the poor KYC norms. It is the duty of the professional proper checking of documents will be done in order to complete the requirement of KYC Norms.

Though, there is no settled manner for doing KYC by the professional, However the ICSI has prepared a policy on KYM, KYC norms, However, variation in the procedure for KYC of one time assignment and or for the regular client may be there.
The Professionals should take extra care with the foreign client, to ensure that all the rules and regulations are followed, according to the specified procedures for dealing with the foreign clients.

Proper implementation of KYC policies includes the following:

  1. Collation of Client information: information about the identify and business structure of the client helps in ensuring that the professional can freely exercise and deliver their professional services in the best suited way.
  2. Due Diligence of the Client: This helps in mitigation of various professional and legal risks associated with service provided to the client.
  3. Regularity of the KYC exercise: The effectiveness of the KYC policy relies on its regularity as it can ensure that the data earlier collated about the client remains updated.
  4. Identification of Regularity Risks: The KYC policy should be designed and updated regularly so as keep it aligned with the legal provisions applicable if any so as to avoid legal risks.
  5. Additional factors applicable for clients belonging to other countries: in case of clients belonging to other countries, the information to be collated might be in a different format as may be required in that country. The KYC policy shall be flexible enough to deal with such variations in input data.
  6. Confidentiality of Client Data: As part of KYC exercise the information provided by the clients may include sensitive data of the client which the client will be sharing in good faith. The policy shall contain appropriate measure to protect the client information thereby safeguarding the client as well as the firm (Against any possible action for unauthorized disclosure of client data.

Know Your Customers (KYC) - CS Professional Study Material

Question 10.
List out at least five common practices of Diversion of Funds adopted by the companies. (Dec 2021, 5 marks)
Answer:
Common practices of diversion of funds are:
(a) Using of short-term working capital funds for long-term commitments not in conformity with the terms of sanction.
(b) Using borrowed funds for creation of assets other than those for which the loan was sanctioned.
(c) Transferring funds to group companies.
(d) Investment in other companies by way of acquiring equities / debt instruments without approval of lenders.
(e) Shortage in the usage of funds as compared to the amounts disbursed/ drawn, with the difference not being accounted for.
(f) Over-valuation or absence of requisite collaterals.

Question 11.
(a) Who is a registered owner of shares of a company? Is registered owner different from beneficial owner?
What are the declarations to be filed by the registered owner/beneficial owner to the company?
Is the company required to take any action, if such a declaration is received? (June 2022, 5 marks)

Question 12.
What is a cyber fraud? What is the difference between Phishing and Vishing? (June 2022, 5 marks)

Question 13.
Who is a Customer under Know Your Customer (KYC)? (June 2022, 5 marks)

Question 14.
Illustrate the list of KYC documents to be submitted in respect of a Hindu Undivided Family (HUF). (June 2022, 5 marks)

Question 15.
What are the important points needs to be noted in respect of DIR-3 KYC?
Answer:
Some important points to be noted in respect of DIR-3 KYC

  • Every individual who holds a Director Identification Number (DIN) as on 31st March of a financial year as per these rules shall, submit e-form DIR-3-KYC for the said financial year to the Central Government on or before 30th, September of immediate next financial year.
  • Provided that every individual who has already been allotted a Director Identification Number (DIN) as at 31st March, 2018, shall submit e-form DIR-3 KYC on or before 5th October, 2018.
  • Provided further that where an individual who has already submitted e-form DIR-3 KYC in relation to any previous.financial year, submits web-form DIR-3 KYC-WEB through the web service in relation to any subsequent financial year it shall be deemed to be compliance of the provisions of this rule for the said financial year:
  • Provided also that in case an individual desires to update his personal mobile number or the e-mail address, as the case may be, he shall update the same by submitting e-form DIR-3 KYC only:
  • Provided also that fee for filing e-form DIR-3 KYC or web-form DIR-3 KYC-WEB through the web service, as the case may be, shall be payable as provided in Companies (Registration Offices and Fees) Rules, 2014.

Question 16.
Explain the major frauds which took place with the help of incomplete KYC.
Answer:
Major frauds which took place with the help of incomplete KYC

  • To evade taxes, an individual routes savings transactions through multiple bank accounts.
  • An individual illegally obtains personal information/ documents of another person and takes a loan in the name of that person.
  • He/she provides false information about his/her financial status, such as salary / IT return and other assets, and takes a loan for an amount that exceeds his / her eligible limits with the motive of non repayment.
  • A person takes a loan using a fictitious name and there is a lack of a strong framework pertaining to spot verifications of address, due diligence of directors/promoters, pre-sanction surveys and identification of faulty/incomplete applications and negative/criminal records in client history.
  • Fake documentation is used to grant excess overdraft facility and withdraw money.

Know Your Customers (KYC) - CS Professional Study Material

Know Your Customers (KYC) Notes

Objectives of KYC:
The objectives of KYC is to stop the corporate vehicles to be used intentionally or unintentionally, by criminal elements for illicit purposes such as money laundering activities, Fraud, bribery and corruption, shielding assets from creditors, illicit tax practices, Market fraud, Terrorist Funding, avoiding future risk and the KYC related procedures also enable institution to better understand their customers and their financial dealings. This helps to managing associated risks prudently.

Meaning of Customer under KYC:
For the purpose of KYC, a ‘Customer’ includes-a

  • a person who is engaged in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting;
  • director who has been allotted DIN issued by the Ministry of Corporate Affairs;
  • a person or entity that maintains an account and/or has a business relationship with the bank;
  • beneficiaries of transactions conducted by professional intermediaries such as stockbrokers, Chartered Accountants, Company Secretaries or Solicitors, as permitted under the law; or
  • any person or entity connected with a financial transaction which can pose significant reputational or other risks to the bank, for example, a wire transfer or issue of a high-value demand draft as a single, transaction;
  • one on whose behalf the account is maintained (i.e. the beneficial owner).

KYC Requirement in various transaction:

  • Incorporation of Company
  • Obtaining DIN
  • Openirig of Bank Account / D-mat Account/ Wallet
  • Deposit /Withdrawal of Cash
  • Purchase of Gold/ Silver/Property
  • Employment, Provident Fund etc.
  • Opening a subsequent account where documents as per current KYC standards not been submitted while opening the initial account
  • Opening a Locker Facility where these documents are not available with the bank for all the Locker facility holders
  • When the bank feels it necessary to obtain additional information from existing customers based on conduct of the account
  • When there are changes to signatories, mandate holders, beneficial owners etc. KYC will also be carried out in respect of non-account holders approaching the bank for high value one-off transactions.

C-KYC:
C- KYC stands for Central KYC which provide the uniform norms and inter-usability. The Central KYC registry across all financial sectors has been set up as a depository for KYC records. This new process, without asking customers to provide multiple KYC undertakings will help banks, mutual funds, brokerage firms and depository participants offer services. After complying with the new CKYC norms, a unified customer identification code is generated, and which is used whenever KYC is required. This initiative has been started for the purpose of centralising and streamlining KYC process and also to avoid the duplication of KYC and less scope of forgery. The government has authorised the Central Registry of Securitization Asset Reconstruction and Security Interest of India(CERSAI) for performing the functions of Central KYC Records Registry(CKYCR), also the duty of receiving the details and safely storing them and retrieving the KYC records in the digital form of a ‘client’.

e-KYC:
e-KYC stands for electronic KYC. The service of e-KYC can only be used by those who have Aadhar numbers. Customers by their own consent needs to authorize their Unique Identification Authority of India (UIDAI), to reveai their identity or address information through biometric authentication
to their respective bank branches or business correspondent (BC). After this the UIDAI sends the customers data comprising of customer name, age, gender, and photograph electronically to the bank. It is a valid process for KYC verification and under Prevention of Money Laundering (PML) Rules, information provided under e-KYC process will be considered as a ‘Valid Document’.

Know Your Customers (KYC) - CS Professional Study Material

KYC Policies incorporating the following four key elements:

  • Client Acceptance Policy;
  • Client Identification Procedures;
  • Client Monitoring Mechanism; and
  • Risk management.

Reputational Risk:
Some instances like if a company entered into fraudulent transaction and later on if the public will come to know about it then this would create a sense of insecurity among the public and this would harm the reputation and it would be hard for the professional to attract client in future. Hence, it is advisable to must keep proper KYC of Client.

Operational Risk:
This can be considered as a risk of loss due to failed internal processes, poor documentation, litigation, disputes and due diligence, people and systems or also from external events.

Financial Risks:
If any professional without complying with KYC Norms, provides its services relating to certification, declarations and the financial institution gives loan to a customer and later the bank fails to identify the customer then it will be hard for the bank to retrieve its money, which will result into a financial loss.

Enhanced Due Diligence (EDD) in KYC:
EDD has not been internationally defined. As a result financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti Money Laundering Specialists) suggests the following:

“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customers identity; understand and test the customers profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and/ or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.

Characteristics of EDD:

  • Rigorous and robust
  • Reasonable assurance
  • Relevant adverse information

Customer Due Diligence (CDD):
Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner, CDD refers to the monitoring of clients and their activities to see if the client does not change its status over time. In effect this contains the possibility that an individual (or more often an organization) that has passed KYC is still the same as was the earlier and doing the same what they have declared that what they would do when they underwent KYC checks.

Smishing:
It uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.

Debit card skimming:
A machine or. camera is installed at an ATM which picks up card related information and PIN numbers when customers use their cards.

Phishing:
A technique used to obtain your card and personal details through a fake email

Know Your Customers (KYC) - CS Professional Study Material

Vishing:
Fraudsters also use the phone to solicit your personal information.

Possible frauds with Mobile Wallets:

  • Increased risk of money laundering
  • Fake merchants

Leave a Comment

Your email address will not be published. Required fields are marked *