1

KYC AML & Compliance

1.1 Introduction

Anti-money laundering (AML) initiatives have been at the core of the fight against organized crime around the world.
Domain knowledge is central to the global fight against money laundering and financing of terrorism. It must be
realised that the challenge of ML/ TF and related crimes is posed by a somewhat organised sector which is just as well
informed or sometimes even better informed than the industry players. The money laundering industry thrives on its
ability to think a step ahead of the financial industry and the perpetrators generally walk away by the time the damage
is discovered. Anti-money laundering (AML) initiatives have been at the core of the fight against organized crime
around the world. Domain knowledge is central to the global fight against money laundering and financing of terrorism.
It must be realised that the challenge of ML/ TF and related crimes is posed by a somewhat organised sector which is
just as well informed or sometimes even better informed than the industry players. The money laundering industry
thrives on its ability to think a step ahead of the financial industry and the perpetrators generally walk away by the time
the damage is discovered.

Anti-money laundering (AML)

* Protect your business from criminals
* Make sure you are complying with laws and regulations
* Know the risk profile of your customer base
* Implement best practices processes and controls

What is Money Laundering & Financing of Terrorism?

Section 3 of PML Act states that- “Whosoever directly or indirectly attempts to indulge or knowingly assists or
knowingly is a party or is involved in any process or activity connected with the proceeds of crime and projecting it as
untainted property shall be guilty of offence of Money-laundering.” Money Laundering can be called a process by
which money or other assets obtained as proceeds of crime are exchanged for "clean money" or “other assets” with no
obvious link to their criminal origins.
Money laundering is a generic term used to describe the process by which criminals disguise the original ownership
and control of the proceeds of criminal conduct by making such proceeds appear to have derived from a legitimate
source.

Money Laundering may be broken down into three distinct stages:

1. Placement: In the placement stage of money laundering, the money launderer introduces illegal profits into the
financial system by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited
directly into a bank account, or by purchasing a series of monetary instruments (cheques, money orders, etc.) that are
then collected and deposited into accounts at another location. Structuring: This is a particular method of placement,
also known as smurfing. It is the practice of executing financial transactions such as making bank deposits in a specific
pattern, calculated to avoid triggering financial institutions to file reports required by law. It can also be described as
the act of breaking a large financial transaction into a series of smaller transactions to avoid scrutiny by regulators and
law enforcement agencies.
2. Layering: After the funds have entered the financial system, the second stage of money laundering comes into play.
The launderer engages in a series of conversions or movements of the funds to distance them from their source. The
funds might be channeled through the purchase and sales of investment instruments, or the launderer might simply
wire the funds through a series of accounts at various banks across the globe often disguising the transfers as
payments for goods or services, thus giving them a legitimate appearance.
3. Integration: it is the final stage of money laundering in which the laundered funds are accumulated and re-
introduced in the legitimate economy. The money launderer might choose to invest the funds into real estate, luxury
assets, or business ventures etc.

Financing of Terrorism?
It involves the solicitation, collection or provision of funds both from legal and illicit sources, with the intention of
supporting terrorist acts or organizations that support terrorism. It is important to note that in the case of money

Sunil SKA
 2

laundering, the funds are always of illicit origin, whereas in the case of terrorist financing funds can originate from both
legal and illicit sources. The primary goal of individuals or entities involved in the financing of terrorism is, therefore, not
necessarily, to conceal the sources of the money but to conceal both the financing and the nature of the financed
activity.

Global Institutions in AML/ CFT landscape

The threat of money laundering, terror financing and other financial crimes, as well as the fight against the financial
crimes is global.

Some of the major global institutions apart from the United Nations, that have contributed significantly to the
development of legal and operational frameworks across the world for fighting money laundering and financing of
terrorism are as under:

* The FATF
* FATF Styled Regional Bodies (FSRBs)
* The Wolfsburg Group
* The Egmont Group

The Financial Action Task Force (FATF)

The Financial Action Task Force (FATF) is an inter-governmental body which was established at the summit of seven
major industrial nations held in Paris in July 1989, to examine the problem of money laundering. The 40
Recommendations, made by the FATF, provide the foundation material for comprehensive legislation to combat the
problem of money laundering and terror financing.

The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and
operational measures for combating money laundering, terrorist financing and other related threats to the integrity of
the international financial system. The FATF is therefore a “policy-making body” which works to generate the
necessary political will to bring about national legislative and regulatory reforms in these areas.

The FATF Standards

The FATF Standards comprises the FATF Recommendations, the international antimoney laundering and combating
the financing of terrorism and proliferation (AML/ CFT) standards, and the FATF Methodology to assess the
effectiveness of AML/ CFT systems.

FATF Recommendations
The FATF has developed a series of 40 recommendations that are recognized as the International Standard for
Combating of Money Laundering and the Financing of Terrorism and Proliferation of Weapons of Mass Destruction.
These recommendations form the basis for a coordinated response to these threats to the integrity of the financial
system and help ensure a level playing field. First issued in 1990, the FATF Recommendations are also revised from
time to time to ensure that they remain up to date and relevant and universal in application.

The FATF Recommendations which are 40 in number, set out a comprehensive and consistent framework of
measures which countries should implement in order to combat money laundering and terrorist financing, as well as
the financing of proliferation of weapons of mass destruction. Countries have diverse legal, administrative, and
operational frameworks and different financial systems, and so cannot all take identical measures to counter these
threats. The FATF Recommendations, therefore, set an international standard, which countries should implement
through measures adapted to their particular circumstances. The FATF Standards comprise of the Recommendations
themselves and their Interpretive Notes.

The FATF monitors the progress of its members in implementing necessary measures, reviews money laundering and
terrorist financing techniques and countermeasures and promotes the adoption and implementation of appropriate
measures globally. In collaboration with other international stakeholders, the FATF works to identify national-level

Sunil SKA
 3

vulnerabilities with the aim of protecting the international financial system from misuse. The FATF's decision making
body, the FATF Plenary, meets three times a year.

GREY AND BLACKLISTS OF FATF

The FATF blacklist is a list of countries that the FATF considers non-cooperative in the global effort to combat money
laundering and the financing of terrorism. By issuing the list, the FATF hopes to encourage countries to improve their
regulatory regimes and establish a global set of AML/CFT standards and norms. Presently there are two High-Risk
Jurisdictions namely North Korea and Iran, which are Subject to a Call for Action under ‘Blacklist’. It is extremely likely
that blacklisted countries will be subject to economic sanctions and other prohibitive measures by FATF member
states and other international organizations.

In addition to its blacklist, the FATF also issues a grey list, officially referred to as Jurisdictions Under Increased
Monitoring. While grey-list classification is not as negative as the blacklist, countries on the list may still face economic
sanctions from institutions like the IMF and the World Bank and experience adverse effects on trade. The current
FATF grey list, last updated on 21 February 2020, includes 18 countries namely Albania, the Bahamas, Barbados,
Botswana, Cambodia, Ghana, Iceland, Jamaica, Mauritius, Mongolia, Myanmar, Nicaragua, Pakistan, Panama, Syria,
Uganda, Yemen and Zimbabwe.

Accordingly, FIs must screen customers against the FATF blacklist and grey list during onboarding and throughout
their business relationship and monitor their transactions on an ongoing basis.

FATF-style regional bodies (FSRBs)

Nine FSRBs have been established for the purpose of disseminating international standards of FATF throughout the
world. The main task of the regional bodies is to devise systems for combating money laundering and terrorist
financing in their respective regions.

The FSRBs conduct evaluations of the AML/ CFT systems of the member states and make recommendations for their
improvement.

The regional bodies are also involved in the study of typologies-the most common schemes used by criminals for
money laundering and terrorist financing. Based on the results of the typological research, the best practices are
disseminated to the private sector, oversight and regulatory bodies, law enforcement and the scientific community.

India is a member of APG (Asia Pacific Group) on Money Laundering and EAG (The Eurasian Group on Combating
Money Laundering and Financing of Terrorism).

Sunil SKA
 4

The Wolfsburg Group

It is an association of thirteen global banks which aims to develop frameworks and guidance for the management of
financial crime risks, particularly with respect to Know Your Customer, Anti-Money Laundering and Counter Terrorist
Financing policies.

The Group came together in 2000, at the Château Wolfsburg in north-eastern Switzerland, to work on drafting anti-
money laundering guidelines for Private Banking.

The Wolfsburg Anti-Money Laundering (AML) Principles for Private Banking were subsequently published in October
2000, revised in May 2002 and again most recently in June 2012. Since the first set of AML Principles was released,
the Group has published a significant number of documents, whether in the form of Principles, Guidance, Frequently
Asked Questions (FAQs) or Statements.

The Egmont Group

It is a united body of 164 Financial Intelligence Units (FIUs). The Egmont Group provides a platform for the secure
exchange of expertise and financial intelligence to combat money laundering and terrorist financing (ML/ TF).

This is especially relevant as FIUs are uniquely positioned to cooperate and support national and international efforts
to counter terrorist financing and are the trusted gateway for sharing financial information domestically and
internationally in accordance with global Anti Money Laundering and Counter Financing of Terrorism (AML/ CFT)
standards.

The Legal Framework for AML CFT in India

The Prevention of Money-laundering Act, 2002 (PMLA-2002), is the principal legislation for creating an Anti-Money
Laundering framework in India.

The UAPA-1967, is an Act to provide for the more effective prevention of certain unlawful activities of individuals and
associations, and for dealing with terrorist activities, and for matters connected therewith. The UAPA criminalizes
terrorist acts and raising of funds for terrorist acts.

In addition, the guidelines issued by RBI for the banking sector, IRDA for the Insurance Sector and SEBI for the
Capital Markets also help the REs to fulfil the obligations under PMLA.

The Prevention of Money-laundering Act, 2002 & PML (Maintenance of Records) Rules-2005
The Prevention of Money Laundering Act, 2002 (PMLA) is an Act of Parliament to prevent money laundering and to
provide for confiscation of property derived from or involved in money laundering and for matters connected therewith
or incidental thereto. PMLA and the Rules notified there under came into force with effect from July 1 2005.

The Prevention of Money Laundering Act, 2002 (PMLA) brought into force with effect from 1st July 2005, is applicable
to all the Reporting Entities (RE). Reporting Entity means a Banking company, a Financial institution, an Intermediary
and a person carrying on, a designated business or profession.

The Act and Rules notified there under impose certain obligations on all Reporting Entities (REs) to verify identity of
clients, maintain records and furnish information in prescribed form to Financial Intelligence Unit - India (FIU-IND).

Bank’s Obligations under PMLA, 2002

Since the Bank is also a Reporting Entity, Section 12 under Chapter IV and the PML (Maintenance of Records) Rules
2005, give rise to certain obligations which the bank must fulfil, which are as follows:
1. Maintain a record of all transactions, including information relating to ‘prescribed transactions’ as stated/ covered
under clause b), in such manner as to enable it to reconstruct individual transactions.

Sunil SKA
 5

2. Furnish to Director within such time as may be prescribed, information relating to such transactions, whether
attempted or executed, the nature and value as may be prescribed.
3. Verify the identity of its clients in such manner and subject to such conditions as maybe prescribed.
4. Identify the beneficial owner, if any, of such of its clients, as may be prescribed.
5. Maintain record of documents evidencing identity of its clients and beneficial owners as well as account files
and business correspondence relating to its clients.

Similarly, the PML (Maintenance of Records) Rules 2005, herein after called as PML Rules, delineate the rules for
maintenance of records of the nature and value of transactions, the procedure and manner of maintaining and time for
furnishing information and verification of records of the identity of the clients of the banking companies, financial
institutions and intermediaries. For instance,

Rule 3 of the PML Rules specifies the transactions, the records of which are to be maintained.

Rule 7 of the PML Rules prescribes the procedure and manner of furnishing information, including an obligation to
evolve an internal mechanism for detecting the prescribed transactions.

Rule 8 of the PML Rules prescribes the time of furnishing such information and

Rule 9 of the said Rules prescribes the procedure and manner of verification of records of identity of client.

Maintenance of Records
Under the PMLA, and as per RBI Master Direction- Know Your Customer (KYC) Direction, 2016, REs interalia, shall –
1. maintain all necessary records of transactions between the RE and the customer, both domestic and international,
for at least five years from the date of transaction.

2. preserve the records pertaining to the identification of the customers and their addresses obtained while opening the
account and during the course of business relationship, for at least five years after the business relationship is ended.

3. make available the identification records and transaction data to the competent authorities upon request.

4. introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money
Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);

5. maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit
reconstruction of individual transaction, including the following:
(a). the nature of the transactions.
(b). the amount of the transaction and the currency in which it was denominated.
(c). the date on which the transaction was conducted; and
(d) the parties to the transaction.
6. evolve a system for proper maintenance and preservation of account information in a manner that allows data to be
retrieved easily and quickly whenever required or when requested by the competent authorities;
7. maintain records of the identity and address of their customer, and records in respect of transactions in hard or soft
format.

The Unlawful Activities (Prevention) Act, 1967

The UAPA is an Act to provide for the more effective prevention of certain unlawful activities of individuals and
associations, and for dealing with terrorist activities, and for matters connected therewith.

The UAPA criminalizes terrorist acts and raising of funds for terrorist acts. It also provides for attachment of and
seizure of properties connected with terrorist activities or organisations. Sections 35 to 40 under Chapter VI of UAPA
deal with Terrorist Organisations enumerating the Offence relating to membership of a terrorist organisation, Offence
relating to support given to a terrorist organisation and Offence of raising fund for a terrorist organisation.

Sunil SKA
 6

The Unlawful Activities (Prevention) Act, 1967 (UAPA) was amended and notified on 31.12.2008, which, inter-alia,
inserted Section 51A to the Act. Section 51A reads as under: "51A. For the prevention of, and for coping with terrorist
activities, the Central Government shall have power to –

1. freeze, seize or attach funds and other financial assets or economic resources held by, on behalf of or at the
direction of the individuals or entities Listed in the Schedule to the Order, or any other person engaged in or suspected
to be engaged in terrorism;

2. prohibit any individual or entity from making any funds, financial assets or economic resources or related
services available for the benefit of the individuals or entities Listed in the Schedule to the Order or any other person
engaged in or suspected to be engaged in terrorism;

3. prevent the entry into or the transit through India of individuals Listed in the Schedule to the Order or any
other person engaged in or suspected to be engaged in terrorism". The Act has been amended from time to time, to
make it more effective in preventing unlawful activities and meet the FATF standards.

Directorate of Enforcement (DOE)

It is a specialized financial investigation agency under the Department of Revenue, Ministry of Finance, GOI, which
enforces the following laws:

Foreign Exchange Management Act, 1999 (FEMA)- A Civil Law, with officers empowered to conduct investigations
into suspected contraventions of the Foreign Exchange Laws and regulations, adjudicate contraventions and impose
penalties on those adjudged to have contravened the law.
PMLA, 2002- A criminal law, with the officers empowered to conduct investigations to trace assets derived out of the
proceeds of crime, to provisionally attach/ confiscate the same and to arrest and prosecute the offenders found to be
involved in Money Laundering. The DOE with its headquarters at New Delhi is headed by the Director Enforcement.

FIU-IND

The Financial Intelligence Unit-India was set up by the Government of India in 2004 as the central national agency
responsible for receiving, processing, analysing and disseminating information relating to suspect financial
transactions.

The FIU-IND is also responsible for coordinating and strengthening efforts of national and international intelligence,
investigation and enforcement agencies in pursuing the global efforts against money laundering and related crimes.

It may be noted that FIU-IND is not a regulatory authority. Its prime responsibility is to gather and share financial
intelligence in close cooperation with the regulatory authorities including RBI, SEBI and IRDA.

The FIU-IND reports to the Economic Intelligence Council (EIC) headed by the finance minister.

Functions of FIU-IND
* Collection of Information- Act as the central reception point for receiving Cash Transaction reports (CTRs), Cross
Border Wire Transfer Reports (CBWTRs), Reports on Purchase or sale of Immovable Property (IPRs) and Suspicious
Transaction Reports (STRs) from various REs.

* Analysis of Information- Analyse received information in order to uncover patterns of transactions suggesting
suspicion of money laundering and related crimes.

* Sharing of Information- Share information with national intelligence/ law enforcement agencies, national regulatory
authorities and foreign financial Intelligence Units.

* Act as Central Repository- Establish and maintain national data base on cash transactions and suspicious
transactions on the basis of reports received from reporting entities.

Sunil SKA
 7

* Coordination- coordinate and strengthen collection and sharing financial intelligence through an effective national,
regional and global network to combat money laundering and related crimes.

* Research and Analysis - Monitor and identity strategic key areas on money laundering trends, typologies and
developments.

AML CFT Infrastructure in the Bank

Every financial entity should have a strong AML-CFT framework to prevent the entity from being used, intentionally or
unintentionally, for money laundering and terror financing purposes.

The objective of an effective AML-CFT Framework must be to protect the institution itself as well as the financial
systems of the country and the world-wide broader economy from the threats of money laundering and financing of
terrorism, thereby strengthening financial sector integrity and contributing to safety and security of the financial system.

It must be realised that the challenges of ML/ TF and related crimes are posed by a somewhat organised sector which
is just as well informed or sometimes even better informed than the industry players.

Our bank’s KYC/ AML/ CFT policy is operationalized through a well-established AML/ CFT organizational structure
created in accordance with the size, types of businesses, the volume & nature of transactions handled by the bank.

Designated Director of the Bank The MD (R,C & SARG) has been appointed by the Board as the Designated
Director of the bank to ensure overall compliance with the obligations imposed under Chapter IV of the PMLA and to
keep the Board informed of the AML/ CFT issues.

Principal Officer of the Bank The General Manager (AML/ CFT) is the Principal Officer of the bank for AML/ CFT
matters for the purpose of Section 12 of PMLA, 2002. The Principal Officer may delegate the function of filing STRs/

Sunil SKA
 8

CTRs/ CCRs/ NTRs/ CBWTRs to FIU-IND to one or more Alternate Principal Officers who shall not be below the grade
of Deputy General Manager.

Money Laundering Reporting Officers (MLROs) While the Principal Officer has the overall responsibility for
maintaining oversight and coordinating with various functionaries in the implementation of KYC/ AML/ CFT policy, the
primary responsibility of ensuring implementation of KYC/ AML/ CFT Policy and related guidelines are vested with the
respective Business Groups/ Circles/ SBUs.
For this purpose, each Business Group/ Circle/ SBU will designate an official as Money Laundering Reporting Officer
(MLRO) who would ensure proper implementation and reporting, as per provisions of this Policy, to the Principal
Officer.
The primary role of MLRO is to be aware of any suspicious activity in the operating unit that might be linked to money
laundering or terrorist financing, and to report it to the Principal Officer of the Bank. These officials will also meet the
reporting requirement to the Principal Officer of the Bank, wherever such occasion/ demand arises.

MLRO Structure in the Circles/ Business Verticals The MLROs/ Dy. MLROs/ Assistant MLROs in the bank act as
an extended arm of the Principal Officer for effectively implementing the obligations of the bank under PMLA, 2002 in
letter & spirit.

Money Laundering Reporting Officers (MLRO) are nominated at Circles/ verticals are as under:

DGM & CFO/ CCFO has been assigned the role of MLRO in Circles for branches in R&DB.

Official not below the rank of DGM nominated as MLRO by the respective Head of the Department for SAMG/
CCG/ Other departments at CC.

To facilitate proper monitoring of transactions by MLROs, reporting structure has been put in place for Circles as
under:

The DGM & CFO of the Circle has been assigned the role of MLRO for the Circle and the Dy. General Manager
(Business & Operations) for AOs & direct branches has been assigned the role of Dy. MLRO. AGM (RBOs)/ Branch
Head / Head of CPCs shall assume the responsibility of Assistant MLROs.

The AGM (S&I) is the crucial link in the reporting channel of Bank related to ML/ TF on account of working closely with
the CFO who is the designated MLRO for the Circle. The AGM (S&I) will be lending support to the respective MLRO
for proper discharge of duties related to AML/ CFT and will be responsible for compliance of KYC/ AML/ CFT
measures at Circle level.

CM (Compliance & Risk). The Bank has posted CM (Compliance & Risk) in every region of respective LHOs. Apart
from accomplishing the defined role as CM (Compliance & Risk) the official will support the AGM (S&I) and the MLRO
in fulfilling their respective roles and provide the required data/ inputs/ supports to them. Being associated more closely
with the branches, the CM (Compliance & Risk) can play a significant role in operationalising the AML/ CFT policies
and guidelines at the grass root level.

Analysis of monthly reports i.e., CTR, CCR, NTR & CBWTR & Suggested action for the Circle, Module, Region
& Branch.
1. The Branch on monthly basis will ensure scrutiny of CTR/ NTR/ CBWTR provided at AML/ CFT website for taking
suitable action wherever required. The Branch Manager will report any anomaly observed to Chief Manager
(Compliance & Risk) and AGM (S&I) (designated Dy. MLROs for non NBG/ RBG Branch) for subsequent reporting to
AML/ CFT Cell Jaipur at [email protected].
2. The Chief Manager Compliance & Risk at RBO Level will ensure that each Branch under his/ her region is carrying
out the monthly scrutiny of above referred reports and will compile the report received from Branch to send it to
designated Dy. MLRO (DGM of Module).

Sunil SKA
 9

3. The Dy. MLRO, i.e., Dy. General Manager Module will ensure that each Branch of his/ her module including directly
controlled Branches carry out monthly scrutiny of these reports and will submit a monthly consolidated report to MLRO
of the Circle (CFO).
4. The MLRO will take effective action to plug in any gap thus reported by the Branch and shall arrange to send any
anomaly thus reported to AML/ CFT Cell Jaipur, via mail at [email protected]

Internal Audit Department

Bank’s Internal Audit provide an independent evaluation of the AML/ CFT measures adopted by the Bank and
specifically point out the shortcomings that are likely to expose the bank to ML/ FT risks.

Concurrent/ Internal Auditors specifically check and verify the application of KYC/ AML procedures at the branches
and comment on the lapses observed in this regard.

AML/ CFT Cell Jaipur

A centralized facility for transaction monitoring as required under PMLA, 2002 has been created by the bank at Jaipur
since 24.06.2014. The AML/ CFT Cell, Jaipur is headed by a General Manager who is also designated as the Principal
Officer of the bank under PMLA, 2002. Transactions undertaken at all the domestic branches / offices and alternate
Channels through CBS are transferred to a standalone AMLOCK Software for screening of suspicious transaction. On
the basis of Red flags, based on various business logics, alerts in respects of suspicious transaction are generated for
analysis / scrutiny / pattern building at AML/ CFT Department. The suspicious transaction find eligible for reporting
after scrutiny are submitted to FIU-IND through STR. In addition to it, reporting of CCR, CTR, NTR & CBWTR, is a part
of mandatory account-based reporting.

Main functions of the AML-CFT Department are as under

1. The monitoring of all the transactions taking place across all the domestic branches in the country in Indian Rupees,
i.e. Transactions taking place at the branches in 17 Circles and the branches in Commercial Clients Group (CCG I &
II), Corporate Accounts Group(CAG) and Stressed Asset Resolution Group (SARG).
2. The monitoring of transactions is done by critically analyzing the alerts fired (when any parameter benchmark is
surpassed/violated) by taking into account the risk profile of the customer in which these transactions take place for
arriving at a conclusion that a particular transaction(s) is/are of suspicious in nature or not.
3. On the basis of scrutiny, a report on Suspicious Transaction (STR) is escalated. STRs are also filed even for
attempted transactions / near miss events in respect of (a) Predicate offence occurred as fraud etc in the Bank (b) RBI
queries / Public complaints (c) Enquiries by Cyber Crime Cells and (d) adverse media reports etc.

Sunil SKA
 10

4. Monitoring of Cash Transactions of more than Rs. 10 lac (including those which are integrally connected) and
generating reports thereon along with BGL accounts also.
5. Monitoring of Cross Border Wire Transfers of the value of more than Rupees 5 lac or its equivalent in foreign
currency and generating reports thereon.
6. Monitoring of Cash Transactions involving receipts by Non-Profit Organizations of value more than rupees ten lac or
its equivalent in foreign currency and generating reports thereon.
7. Name scanning against various watch lists of e. g. RBI OFAC and UN SCR Consolidate List and generating alerts/
report in case of positive match at the time of on-boarding of the customer.
8. Enquiries from FIU India /RBI/ other investigating agencies received under PML Act are replied / disposed of by
obtaining necessary information from Branches/Circle/Verticals.
9. Half yearly review of customers Risk Categorisation as on 31st March and 30th September.

The AML/ CFT Architecture: Three Lines of Defence

A large financial institution, like ours, must work collaboratively to create a robust AML/ CFT architecture and manage
the wide range of risks that it faces from Money Launderers and Terrorist Financing. The “Three Lines of Defence” is a
widely used approach for the creation of a strong and efficient AML/ CFT infrastructure and works as under:

The First Line of Defence

As the First Line of defence, operational managers own and manage risks. They are also responsible for implementing
corrective actions to address process and control deficiencies. The Operational Management through managerial and
supervisory controls, ensures the implementation of internal policies and conduct of business activities in accordance
with the approved systems & procedures. The control breakdowns whenever they occur, are managed through laid
down procedures and reported to the management.

Some of the principal functions of the operational units which make it a first line of defence from the AML/ CFT
perspective are as under:
1. To conduct due diligence at the time of Customer on-boarding as prescribed in the bank’s policy including:
a. Following the Customer Due Diligence procedure impeccably.
b. Ensuring that the identity of the customer does not match with any person or entity, whose name appears in the
sanctions’ lists circulated by the regulators.
c. Understanding the customer’s source of funds, the line of activity, projected transactions in the account and creating
an accurate customer profile.
d. Identifying beneficial ownership in the applicable cases and conducting due diligence on the beneficial owners as
required.
2. Assign an appropriate risk category to the customer based on the approved parameters.
3. Verify the reasonability of transactions against the customer profile / business activity of company.
4. Ascertain reasons for sudden high value credits (by cash/ by transfer) followed by immediate transfer, without
arousing customer suspicion.
5. Examining Balance Sheets for major variances with the turnovers in accounts.
6. Identify the symptoms of a Shell Company in an account and conduct due diligence to confirm whether the account
belongs to a shell company.
7. Identify suspicious customer behaviour, track adverse media reports report and file Subjective STR with AML/ CFT
department as prescribed.

The Second Line of Defence

The AML/ CFT Department acting on behalf of the Principal Officer is the Second Line of Defence in the AML/ CFT
architecture of the bank. It establishes various AML/ CFT risk management and compliance functions to help build and
monitor the first line of defence controls.

The Third Line of Defence

Internal Audit is the Third Line of Defence. Internal Auditors provide the Board and Senior Management with
comprehensive assurance based on the highest level of independence and objectivity within the bank. This is achieved

Sunil SKA
 11

through an assessment of effectiveness of governance, risk management, and internal controls, including the way the
first and second lines of defence achieve risk management and control objectives.

The Supervisory Review

Regulators, governing bodies and external auditors further strengthen the AML/ CFT controls of an organisation by
way of an independent and objective assessment of the first, second and third lines of defence.
In the Indian context, RBI as the regulator conducts annual supervisory review of the bank under RBS. The FIU-IND
regularly interacts with the Reporting Entities to ensure that the required AML/ CFT standards are met.

Reporting to FIU-IND

Financial Intelligence Unit – India was set by the Government of India in November 2004 as the central national
agency responsible for receiving, processing, analysing and disseminating information relating to suspect financial
transactions. FIU-IND is an independent body reporting directly to the Economic Intelligence Council (EIC) headed by
the Finance Minister.

Reporting Requirements to Financial Intelligence Unit – India

Summary of Reports to be Submitted to FIU-IND

All REs shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), information referred to in Rule 3 of the
PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof.

Bank as a Reporting Entity (RE), is required to submit the following reports to the FIU-IND-
S. Name of the report Nature of transaction Periodicity Due Periodicity Due date
No date Due date
1 Cash Transactions 1.All cash transactions of the value Monthly 15th day of the succeeding
Reports (CTRs) more than ten lakhs or its equivalent month
foreign currency.
2. All series of cash transactions
integrally connected to each other
where such series of transactions have
taken place within a month. For
determining “integrally connected
transactions” all accounts of the same
customer should be considered.
2 Counterfeit Currency All cash transaction where forged or Monthly 15th day of the succeeding
Reports (CCRs) counterfeit currency notes have taken month
place facilitating the transactions
3 Non-Profit All transactions involving receipts by Monthly 15th day of the succeeding
Organizations NPOs of value more than ten lakhs or month
Transactions Reports its equivalent in foreign currency.
(NTRs)
4 Cross Border Wire All cross-border wire transfers of the Monthly 15th day of the succeeding
Transfer Report value of more than five lakh rupees or month
(CBWTRs) its equivalent in foreign currency
5 Suspicious Any suspicious transactions whether or As and when Within 7 working days on
Transactions Reports not made in cash. detected being satisfied that the
(STRs) transaction is suspicious.

Delay in submission of reports to FIU-IND

In terms of Rule 8 of the PML Amendment Rules 2013, while furnishing of information to the Director FIU-IND, delay of
each day in not reporting a transaction or delay of each day in rectifying a misrepresented transaction beyond the time
limit as specified in this rule shall constitute a separate violation.

Sunil SKA
 12

REs shall not put any restriction on operations in the accounts where an STR has been filed. REs shall keep the fact of
furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.

Robust software, throwing alerts when the transactions are inconsistent with risk categorization and updated profile of
the customers shall be put in to use as a part of effective identification and reporting of suspicious transactions.

All reports to FIU-IND should, therefore, be filed as per the prescribed periodicity. As per provisions of PML Act, any
deficiency in filing the mandatory reports by reporting entities will attract minimum penalty of Rs. 10,000/- which may
go to Rs.1,00,000/- per instance per day.

Monitoring of Transactions & Offline Red Flag Indicators

The bank’s obligations under PMLA, 2002 and the PML Rules there under requires the bank to put in place an
effective mechanism to enable it to monitor all the transactions occurring across its various channels.

What is Transaction Monitoring:

Analysing the transactions conducted by a customer/ non-customer, with a view to ensuring that the value, nature and
pattern of transaction is consistent with the customer profile and/ or to determine whether the transaction under
consideration has an economic rationale, may be termed as transaction monitoring. The transaction monitoring may be
conducted by the bank at two stages:

1. Pre-Transaction Stage: The usual enquiries with the customers/ noncustomers, or the application of standard
Check Lists/ DOs and DON’Ts by the front-line staff before the transaction takes place, is called the PreTransaction
Stage of Transaction Monitoring.

2. Post-Transaction Stage: The scrutiny of a transaction which may include verification of the amount, the transaction
channel, the customer profile, previous transactions and patterns if any, and the economic rationale behind the
transaction, constitutes Post-Transaction monitoring. The transaction monitoring at AML/ CFT Cell Jaipur, is done at
PostTransaction Stage on T+1 basis, through an IT Platform (AMLOCK).

The Scope of Transaction Monitoring: The monitoring of all the transactions taking place across all the domestic
branches in the country in Indian Rupees, i.e. Transactions taking place at the branches in 17 Circles and the
branches in Commercial Clients Group (CCG-I & II), Corporate Accounts Group(CAG) and Stressed Asset Resolution
Group (SARG).

Alert Generation
Alert generation is a process by which the preliminary details of suspicious/ unusual transactions are generated to
enable the Principal Officer to analyse and review the details and arrive at a conclusion whether a transaction is
suspicious.

For this purpose, bank follows the FATF recommended risk-based approach for transaction monitoring such that the
measures to prevent or mitigate money laundering and terrorist financing are commensurate to the risks identified.

What are STRs (Suspicious Transaction Reports)

The Prevention of Money laundering Act, 2002 and the Rules thereunder require every banking company to furnish
details of suspicious transactions whether or not made in cash in the form of a suspicious transaction report.

Suspicious transaction
Suspicious transaction means a transaction whether or not made in cash which, to a person acting in good faith
1. gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime or
2. appears to be made in circumstances of unusual or unjustified complexity; or
3. appears to have no economic rationale or bonafide purpose; or

Sunil SKA
 13

4. gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.

Explanation: Transaction involving financing of the activities relating to terrorism includes transaction involving funds
suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organization or
those who finance or are attempting to finance terrorism.

Types of STRs STRs can be classified into two broad categories based on the source of alert which resulted in
escalating such STRs namely System Generated STRs and Subjective STRs.

(A) System generated STRs

These are STRs escalated based on alerts triggered by AML software system. System generated alerts are
critically analysed by the centralized AML/ CFT Department, Jaipur and STRs filed with FIU-IND if necessary.

Transactions undertaken at all the domestic branches / offices and alternate Channels through CBS are transferred to
a standalone AMLOCK Software for screening of suspicious transaction.

On the basis of Red flags, based on various business logics, alerts in respects of suspicious transaction are generated
for analysis / scrutiny / pattern building at AML/ CFT Department.

The suspicious transactions found eligible for reporting after scrutiny are submitted to FIU-IND through STR.

In addition to it, reporting of CCR, CTR, NTR & CBWTR, is a part of mandatory account-based reporting by AML-CFT
Department.

The identification of suspicious transactions using alert generation software is more likely to be related to
following sources:

Watch List (WL): The customer details matched with watch lists (e.g., UN list, Interpol list etc.)

Typology (TY): Common typologies of money laundering, financing of terrorism or other crimes (e.g., structuring of
cash deposits etc.)

Transaction Monitoring (TM): Transaction monitoring alert (e.g., unusually large transaction, increase in transaction
volumes etc.)

Risk Management System (RM): Risk Management system-based alert (e.g., high-risk customer, country, location,
source of funds, transaction type etc.)

The first two characters in the alert indicator code denote the source of alert as mentioned above.

Bank is empowered to select appropriate number and value thresholds before implementing the alert indicators using
alert generation software. Bank is also encouraged to apply additional alert indicators to address specific risks faced
by it.

The Suspicious Transaction Report (STR) should be furnished within 7 days of arriving at a conclusion that any
transaction, is of suspicious nature.

(B) Subjective STRs

These are STRs escalated based on alerts or information received from Branches/staff/ media reports/ law
enforcement agencies etc.

Subjective STRs may further be of two types –

1. On customer
2. On non- customer

Sunil SKA
 14

Report of the IBA Working Group on Parameters for Risk based Transaction Monitoring circulated by the Indian Banks’
Association has brought out certain types of transactions which can be identified at the branch/ operations
departments themselves.

The identification of suspicious transaction at Branches/ Departments is more likely to be related with the following
sources:

Customer Verification (CV): Detected during customer acceptance, identification or verification (excluding reasons
mentioned on other codes e.g.use of forged ID, wrong address etc.).

Law Enforcement Agency Query (LQ): Query or letter received from Law Enforcement Agency (LEA) or Intelligence
Agency (blocking order received, transaction details sought etc.).

Media Reports (MR): Adverse Media Reports about customer (e.g. newspaper reports).

Employee Initiated (EI): Employee raised alert (e.g., behavioural indicators such as customer had no information
about transaction, attempted transaction etc.).

Public Complaint (PC): Complaint received from public (e.g., abuse of account for committing fraud etc.).

Business Associates (BA): Information received from other institutions, subsidiaries or business associates (e.g.,
cross-border referral, alert raised by agent etc.).

Further, in case of transactions carried out by a non-account-based customer, that is a walk-in-customer, where the
amount of transaction is equal to or exceeds rupees fifty thousand, whether conducted as a single transaction or
several transactions that appear to be connected, the customer’s identity and address should be verified.

If there is sufficient reason to believe that a customer is intentionally structuring a transaction into a series of
transactions below the threshold of Rs. 50,000/-, the branch should verify identity and address of the customer and
consider filing a suspicious transaction report in this regard.

Offline Red Flag Indicators and Indicative Scenarios

An alert is the first step in identification of a suspicious transaction and is a red flag which is generated/ arising out of a
transaction. Once the alert is generated, it must be analysed to confirm whether the transaction is ultimately suspicious
or not, based on the above definition.

The transaction monitoring for identification of Suspicious Transactions, is done by analysing the alerts generated on
the basis of Red Flag Indicators (RFIs)prescribed by FIU-IND/RBI/IBA etc.

Now FIU-IND has revisited all these RFIs and issued a single list of 80 RFIs in the nature of ‘Offline Scenarios’ which
are proposed to be implemented by way of Customer Due Diligence, Transaction Due Diligence, Document Check
Lists etc. at operating level.

The RFIs to be implemented by Branches/ Departments are more likely to be related with the following sources:

Customer Verification (CV): Detected during customer acceptance, identification or verification (excluding reasons
mentioned on other codes e.g. use of forged ID, wrong address etc.).

Law Enforcement Agency Query (LQ): Query or letter received from Law Enforcement Agency (LEA) or Intelligence
Agency (blocking order received, transaction details sought etc.).

Media Reports (MR): Adverse Media Reports about customer (e.g. newspaper reports).

Sunil SKA
 15

Employee Initiated (EI): Employee raised alert (e.g., behavioural indicators such as customer had no information
about transaction, attempted transaction etc.).

Public Complaint (PC): Complaint received from public (e.g., abuse of account for committing fraud etc.).

Business Associates (BA): Information received from other institutions, subsidiaries or business associates (e.g.,
cross-border referral, alert raised by agent etc.).

The Role of Branches in Transaction Monitoring:

As one of the initiators of transactions, the branches play a key role in transaction monitoring in the pre-transaction
stage. Also, since the branches interact closely with the customers and act as the first contact point for the potential
customers, they may come across suspicious customer behaviour or adverse media reports on some of the
customers. Such instances need to be reported to AML/ CFT department for filing of STRs with FIU-IND.

For timely reporting of suspicious transactions, a portal has been created which can be accessed through CBS. The
path is bancslink/Apps/SI/Check in (Below Service Integration)/Suspicious Transaction Report. The Branch
head with capability level of 9 is required to report all suspicious transactions through the above-mentioned link for
branch customer and non SBI customer. The operating unit can report such suspicious transaction pertain to non-
home branch customer through simplified one pager format attached as annexure to [email protected].

Transaction Monitoring DO’s & DON’Ts for branches:

The branch staff should follow the instructions and Check Lists and DOs/ DONT’s circulated by bank in respect of
conducting customer transactions. A list of such DO’s and Don’ts was again circulated vide Cir No. AML-
CFT/AMLCFTMEASURES/10/2020 – 21 dated the Mon 21 Dec 2020.

DO’s & DON’Ts for branches

(A) DO’S IN CASE OF COMMUNICATION RECEIVED FROM AML-CFT DEPTT.JAIPUR (DIRECTLY OR
THROUGH AGM (SI) OF THE CIRCLE) REQUIRINGINFORMATION ON CUSTOMER / TRANSACTIONS IN ANY
ACCOUNT
(A).1. Regular checking of Branch e-mail
1.1. Check your Branch e-mail on a regular basis for detecting any e-mail communication from any functionary from
AML-CFT Deptt, Jaipur with sender’s e-mail styled as ‘[email protected] (XXX denotes official position viz GM,
DGM, AGM1, AGM2 ... so on).

1.2. Check your Branch e-mail on a regular basis for detecting any e-mail communication from AGM (SI) of your Circle
about information sought by AML-CFT Department.

(A).2. Prompt & accurate furnishing of Information sought

2.1. Furnish desired information through mail viz. scanned copy of one-page STR format (escalated through online
facility made available in CBS), occupation & income detail of customer, OVD details etc promptly and not beyond T+2
days.

2.2 Revert the mail with reply / desired information / attachments by referring to the trailing mail to reconcile the
responses promptly (scanned copy of only verified photocopy of documents / papers should be attached).

2.3 Always write “Private & confidential” on top of each communication with AML-CFT Department.

2.4 Update the CBS fields simultaneously to update customer profile, wherever necessary.

2.5 Always furnish specific “Occupation” of customer instead of using generic word viz. Others /Traders etc.

2.6 Be specific on your replies to information sought.

Sunil SKA
 16

2.7 Wherever necessary, customer may be contacted in pretext of business mobilization, KYC updating etc. to collect
information sought through e-mail without “Tipping off”.

2.8 Scanned copy of communication from LEAs in respect of account under information must be attached with reply
mail.

2.9 Always use Registered post or Bank’s approved courier services for sending physical copies of, whenever required
specifically, A/C opening forms/ OVDs to AML-CFT Department.

(B) DO’S FOR COMMUNICATION RECEIVED FROM LEAS / CYBER-POLICE /LOCAL POLICE ETC REQUIRING
INFORMATION ON CUSTOMER /TRANSACTIONS IN ANY ACCOUNT OR DIRECTING TO FREEZE THE
ACCOUNTPARTIALLY OR FULLY
(B).1. MAINTAINING RECORDS
1.1 Ensure to maintain record of such communications (received through e-mail or in physical letter) from Police / Law
Enforcing Agencies (LEAs) etc as theses communications are of legal importance and may be required to be produced
before Court of Law, if such STOP/ HOLD is protested by any customer.

1.2 The communication received from Police / Law Enforcing Agencies (LEAs) etc. for removal of STOP/HOLD should
also be filed along with the original communication received.

(B).2. ESTABLISHING GENUINNESS OF COMMUNICATION

2.1 Please do verify the genuineness of communications (from all possible means)received from LEAs directing to
freeze/ De-freeze any account or to furnish other information in respect of any account under investigation for
suspicious activities.

2.2 Peruse carefully the logo used on the face of / seal affixed on the letter to detect any suspicious clues regarding
genuineness & authority of communicator.

2.3 Multiple errors in syntax / grammar / spellings used in letter / communication might be sensed to be preliminary
alarm and verification of genuineness of communication needs to be intensified.

2.4 In case of communication received through e-mail, it has to be checked that it has been initiated using
“Government domain” viz. .... gov.in, ….nic.in etc.

2.5 A communication (through e-mail / letter) should be sent to sending authorities / their Controlling offices attaching
scanned copy of communications so received to have positive confirmation regarding genuineness of the
communications and its authority.

2.6 Such action may be initiated prior to or subsequent to your compliance action depending upon the intensity of
matter for safeguarding the Bank’s interest incase communication is originated from miscreants.

2.7 Beware of fake e-mails / letter received from unauthorized senders / private agencies who use their name, logo &
letter head resembling with that of Government agencies to mislead the addressees.

(B).3. REPORTING TO AML-CFT DEPTT. THROUGH ONLINE FUNCTIONALITYIN CBS

3.1 Wherever communication has been received from LEAs / Cyber Police e.g. FIR, e-mail, letter etc and STOP /
HOLD has been created in any account incompliance thereof, ensure “Online reporting” of suspicious incidents
/transactions under communication through functionality available in CBS which can be accessed through navigation
path >>Bancslink >> Apps >>SI (SHCIL) >>SERVICE INTEGRATION >> CHECK IN >> SUSPICIOUS
TRANSACTION REPORTING>> SBI CUSTOMER REPORTING or NONSBI CUSTOMER REPORTING as the case
may be.

3.2 While filing online one pager STR format on the basis of LEA query about the account, the details of LEA reference
e.g. letter no, date & issuing authority /office must be mentioned in the space made available in online STR page.

Sunil SKA
 17

3.3 Simultaneously, a mail attached with brief detail about online one pager STR format filed along with copy of LEAs
communications / FIR etc to be sent [email protected] (communication received from LEAs do not include orders
from Court related with money suits etc or attachment orders issued by Income Tax / EPFO etc authorities not
involving predicate offences).

3.4 Always select only correct option from drop down in CBS, while freezing the account under direction from LEAs.

3.5 Reporting must contain exact information about occupation / annual income/ turnover etc of customer.

(C) DO’s IN CASE OF COMMUNICATION RECEIVED FROM CUSTOMERS OROTHER RELIABLE SOURCES FOR
FREEZING ANY ACCOUNTS ALLEGED TO HAVE BEEN MISUSED IN MONEY LAUNDERING / COLLECTING
PROCEEDS OFCRIME

(C).1. OBTAINING WRITTEN REQUEST AND MAINTAINING RECORDS

1.1 Wherever, you decide to act in such cases, please ensure to obtain complaint in writing from customers /
complainants (duly signed), copy of FIR lodged(where applicable) / complaint made to Police etc (refer to e-Circular
No.: AML-CFT/AML-CFTMEASURES/3/2020-21 Date: Tue 21 July 2020).

1.2 Interrogate tactfully with complainant to ensure that complaint is not being done with malicious intention.

1.3 Insist complainant to lodge the FIR with Local Police / Cyber Crime Police /Complaint made to Police and furnish
copy.

1.4 Maintain record of such communications as these are of legal importance and may be required to be produced
before Court of Law, if such STOP / HOLD is protested by any customer.

(C).2. SELECTING CORRECT OPTION FOR STOP/HOLD IN A/C OFMISCREANTS FOR ALLEGED MISUSE IN
CYBER CRIME ETC

2.1 Ensure to select correct option representing reason for STOP/HOLD from dropdown in CBS so that only accounts
put under STOP / HOLD due to suspicious /ML / TF/ Cyber Crime reasons are escalated to Corporate Centre through
automatic e-mail generated by GITC Belapur.

(C).3. REPORTING TO AML-CFT DEPTT. THROUGH ONLINE FUNCTIONALITYIN CBS

3.1 Ensure “Online reporting” of suspicious incidents / transactions under complaint through functionality available in
CBS and can be accessed through navigation path >>Bancslink>> Apps >>SI (SHCIL) >> SERVICE
INTEGRATION>> CHECK IN >> SUSPICIOUS TRANSACTION REPORTING >> SBI CUSTOMERREPORTING or
NONSBI CUSTOMER REPORTING as the case may be. (e-Cir No. AML-CFT/AML-CFT Measures/4/2019-20 dated
04.10.2019).

3.2 Subsequent to this, scanned copy of communication from customer along-with FIR, if any, enclosing one pager
STR format (filed online) / detailing brief particulars of suspicious transactions reported online must be sent
[email protected] immediately.

3.3 Reporting must contain exact information about occupation / annual income /turnover etc of customer.

(D) DO’s IN CASE OF TEMPORARY STOP / HOLD IN A/C OF CUSTOMERS ONTHEIR REQUEST TO PREVENT
MISUSE OF THEIR A/C BY CYBER CRIMINALSETC.

(D).1. OBTAINING WRITTEN REQUEST AND MAINTAINING RECORDS

Sunil SKA
 18

1.1 Wherever, you decide to act in such cases, please ensure to obtain request from customer with reasons of such
request in writing (duly signed), copy of FIR lodged or complaint made to Police etc, wherever applicable.

1.2 Maintain record of such communications as these are of legal importance and may be required to be produced
before Court of Law in case of need.

1.3 Ensure to select correct option from drop down in CBS in A/C of complainant carefully as complainant is likely to
be victim of Cyber Crime / online cheating etc but not a culpritand you have decided to freeze his A/C on his request
temporarily for reasons other than for involvement in Cyber Crime / Cheating etc.

(A) DON’Ts IN CASE OF COMMUNICATION RECEIVED FROM AML-CFTDEPTT. JAIPUR (DIRECTLY OR

THROUGH AGM (SI) OF THE CIRCLE)REQUIRING INFORMATION ON CUSTOMER / TRANSACTIONS IN
ANYACCOUNT

1. No Tipping off

1.1 While collecting desired information “No tipping off to the related customers or his representatives” regarding such
communications from AML-CFT or AGM SI, has to be ensured.

1.2 Do not make statement which cautions the customer.

2. No delay in response to communications from AML-CFTDepartment / AGM (SI)

2.1 Don’t delay in replying to communications from AML-CFT Department /AGM (SI) regarding AML-CFT issues.

3. Non-furnishing of un-verified information

3.1 Scanned copy of only verified photocopy of documents / papers shouldbe attached while replying to
communication from AML-CFT Department.

(B) DON’TS FOR COMMUNICATION RECEIVED FROM LEAS / CYBER-POLICE /LOCAL POLICE ETC
REQUIRING INFORMATION ON CUSTOMER /TRANSACTIONS IN ANY ACCOUNT OR DIRECTING TO FREEZE
THE ACCOUNTPARTIALLY OR FULLY

1. SENDING COPY OF NECESSARY COMMUNICATION @[email protected]

1.1 “Never forget to attach scanned copy of such communication with brief particulars of suspicious case reported
online while sending e-mail at [email protected]”

1.2 Do not furnish generic information regarding customer’s occupation viz. others / traders etc.

(C) DON’Ts IN CASE OF COMMUNICATION RECEIVED FROM CUSTOMERSOR OTHER RELIABLE SOURCES
FOR FREEZING ANY ACCOUNTS ALLEGED TOHAVE BEEN MISUSED IN MONEY LAUNDERING /
COLLECTING PROCEEDSOF CRIME

1. WORKING PRUDENTLY

1.1 Never act on hearsay basis.

(D) DON’Ts IN CASE OF TEMPORARY STOP / HOLD IN A/C OF CUSTOMERSON THEIR REQUEST TO
PREVENT MISUSE OF THEIR A/C BY CYBERCRIMINALS ETC.

1. COMPLIANCE OF BANK’S INSTRUCTION

Sunil SKA
 19

1.1 While accepting request from customers for temporary STOP/HOLD inA/C of his own, ensure that Bank’s extant
instructions in this regard are not violated.

Near Miss Events:

Near Miss can be taken as an event that signals future significant adverse effects. Despite their lack of fiscal impact,
NMEs provide insight into potential major adverse conditions and business disruptions and act as an important tool for
risk management purposes, in-particular for promptly detecting failures/errors in processes or internal control systems.
Therefore, timely and proper addressing of‘ Near-Miss’ events would reduce the probability of similar/ related business
disruptions and not crystallizing into OR losses.
It is likely that in some cases transactions are abandoned/ aborted by customers on being asked to give some details
or to provide documents. In such cases branches should report all such attempted transactions in STRs, even if not
completed by customers, irrespective of the amount of transaction.

OTMS Alerts
Branches are advised to report Suspicious Transaction Report on eligible OTMS alerts. Auto functionality for the same
has been developed in OTMS application for the purpose. Functionality also includes that once the branch submits the
STR in OTMS, the auto generated STR along with an auto generated email is sent to AML/ CFT at email id
[email protected].

Filing of Subjective STRs - Operating Guidelines for Branches:

When a suspicious transaction or event as described above is observed by the dealing official at the branch, the
following procedure should be followed:
1. The dealing officer at the branch reports the suspicious transaction/customer behaviour/ event/ media report
etc. to the Manager of Division (MOD)/ Branch Manager (BM) as applicable. Branch officials handling the
transactions should exercise reasonable judgment in determining the suspiciousness of the transaction based
on proper monitoring.
2. The Branch Head on being satisfied of the suspicious activity/ nature of the transaction/ activity logs in the
details of the suspicion identified/ attempted transactions in a one-page format and mails
[email protected], as an advance copy of the STRs to the AML/ CFTCell Jaipur.
3. The Branches/ offices/ Departments forward details of such transactions by means of report (hard copy)
to the Money Laundering Reporting Officer (MLRO)- CFO or CCFO in the case of Circles -through their
controllers.
4. The MLRO escalates the same to the General Manager & Principal Officer AML/ CFT, Jaipur, for
eventually filing it with the FIU-IND.

No Tipping Off
The act of letting the money launderers know that they are under suspicion is generally referred to as tipping off. Once
an internal or external suspicion report has been made, it is a criminal offence for anyone to release information which
is likely to prejudice an investigation.

Reporting Entitles should not put any restriction on operations in the accounts where an STR has been filed. It is very
important that the customers are neither told nor given any room for doubts in their mind that while seeking additional
information, bank is looking at their transactions/ activity with suspicion. Such disclosure/ indication is against the
provisions of relevant Act/guidelines. In effect, “Tipping off” must be avoided.

Fictitious Offer of Funds (FOF) – Reporting and Review from AML/KYC Perspective

“Fictitious Offer of Funds” (FOF) cases are defined as those illegal activities whereby one individual / group / entity
deceives or misleads another individual or entity by making false promises to give some benefits against payment of
money in specified accounts of the fraudsters. The money subsequently gets withdrawn from these accounts by the
fraudster.

Instances of cheating through fictitious offer of funds has been increasing in recent past and RBI from time to time has
issued advisory, for the Banks as well as for the public not to fall prey to such offers. RBI has been expressing serious

Sunil SKA
 20

concern over the issue and has instructed the Bank for putting in place suitable measures to control such illegal
activities. As SBI holds the biggest share of the accounts, it’s quite natural that in some cases, flow of such funds is
routed through SBI and miscreants engaged in such activities have collected such proceeds through the accounts
maintained with us. Bank’s instructions in this regard have been circulated along with detailed SOP vide Cir No. AML-
CFT/AML-CFTMEASURES/4/2020 – 21 dated 21st of July, 2020.

Trade Based Money Laundering & other Common ML Techniques

Money laundering may be conducted through virtually every type of entity, vehicle or institution, including offshore
entities, trusts, Hawala operators, securities dealers, car dealers, correspondent accounts, or wherever the criminal
proceeds find the point of least resistance.

However, financial institutions are particularly important vehicles for criminals for the disposal and movement of
criminal proceeds. Some common money laundering methods are –
Money laundering through TBML;
Money laundering through Shell Companies;
Money laundering through Money Mules;
Money laundering through early repayment of long-term Loans;
Money laundering through accounts of NGOs/NPOs;

Trade Based Money Laundering: TBML is one of the main methods by which criminal organizations and terrorist
financiers move money for disguising its origins and integrating it back in to the formal economy.

According to Financial Action Task Force (FATF) “TBML is the process of disguising the proceeds of crime and moving
value using trade transactions to legitimize their illicit origins.” Moreover, TBML is one of the main methods by which
criminal organizations and terrorist financiers move money for disguising its origins and integrating it back in to the
formal economy.

Why Money Laundering is preferred through Trade Based routes

1. The enormous volume of trade flows, which obscures individual transactions and provides abundant opportunity for
criminal organizations to transfer value across borders.
2. The complexity associated with foreign exchange transactions (often multiple) and recourse to diverse financing
arrangements.
3. The complexity of practice of commingling illicit funds with the cash flows of legitimate businesses.
4. The limited recourse to verification procedures or programs to exchange customs data between countries and
detect illegal trade transactions.
5. Multiple transhipment points, third parties, supply chain participants enable criminals to distance themselves from
TBML activity.
6. Weak regulatory financial oversight in several countries, corrupt governments/ agencies.
7. Challenges in physically verifying goods at checkpoints.

Some commonly used techniques of Money Laundering through Trade

* Over-invoicing (Short-shipping) - Misrepresentation of the price of the good or service by increasing it above the
'fair market' price through which exporter is able to receive additional value from the importer and also gains significant
export tax credit rebate benefit.

* Under-invoicing (Over-shipping) – Misrepresentation of the price of the good or service by lowering it below the
'fair market' price through which exporter is able to transfer additional value to the importer and also gains significant
tax benefit.

* Multiple invoicing / financing – Sending multiple payments to multiple bank accounts using the same
documentation.

Sunil SKA
 21

* Phantom or Ghost Shipment – Creating document for nonexistent shipment i.e. where goods were never exported
or imported.

* Variable Pricing/Transfer Pricing – By adjusting pricing in documentation than change physical volume/weight.

* Mis-declaration of goods – Misrepresenting the quality or type of thegood, vague or technical description of goods.

* Carousel Fraud – A circular transaction or round tripping by Importing goods from non-VAT country, selling it in
importing country by adding VAT and not paying VAT to the government.

* Capital Flight – Entities with liquid assets or “proceeds of corruption and crime” move asset value to offshore
locations.

* Fake Trade Finance Instruments – LC utilization to move illicit or restricted goods and commodities, shipment to
high risk countries/of high-risk goods, circulation of fake LC.

* Transfer Pricing through Trade – Resorted to with aim to reduce tax liabilities by businesses through structured
trade transactions. Businesses transfer surplus revenue to overseas subsidiary, many a times in tax heaven countries
by constant movement of components and inputs between related party businesses.

* Fraudulent alteration of the Bill of Lading – to get payment for non-existent cargo.

* Smuggling / shipment of counterfeits goods in guise of actual goods.

Preventing TBML by CDD and CIP procedures in Banks

Banks can check TBML by following good practices of Customer Due Diligence (CDD) and Customer
Identification Program (CIP). The more a Branch understands its customers and understands their businesses, less
likely of its association with a TBML transaction because criminals avoid their Bankers from becoming familiar with
their operations, management, credit history or transaction records.
Branches/ operating units should follow following basic principles under CDD requirement:

* Details of Beneficial Owner (BO)

* Trade related transaction details as per Record Retention Policies for easy retrieval
* Matching trade activities with client profile and business objectives
* Becoming familiar with the client's current / proposed activities.

Under Customer Identification Program (CIP) branches should comply with recordkeeping, identification, reporting
suspicious transaction and risk analysis requirements.

Offline Red Flag Indicators for TBML

FIU-IND /IBA/ RBI issue various guidelines / Red Flag Indicators (RFIs) regarding monitoring of Trade Based Money
Laundering (TBML). While some of these data driven RFIs can be implemented at the system level, other RFIs are of
qualitative nature and must be monitored manually at the operating level.

AML-CFT has now reviewed all the guidelines issued in the recent times by FIU-IND/ RBI/ IBA and compiled a list of
RFIs implemented/ proposed to be implemented by way of Customer Due Diligence (CDD), Transactional Due
Diligence (TDD) and Document Check List at the operating level.

The operating units are instructed to meticulously follow the instructions for conducting manual due diligence on the
customers to prevent / detect and report Trade Based Money Laundering and also to report suspicious transactions, if
any observed under these RFIs, to AML-CFT department in the form of subjective STR.

Money Laundering through Shell Companies

Sunil SKA
 22

Shell companies normally have no physical presence, have hidden owners, and sometimes project the image of being
a real, normal business entity dealing in funds that are legitimate. Mostly these companies exist only on paper. Shell
companies usually conduct no business themselves.

Shell companies are used as popular vehicles to access the international financial system. It is also common for
criminals to operate through layers of various shell companies, which makes it more difficult to trace the funds or
assets back to the real owner/ beneficial owner. Shell companies, for these reasons, have become anon-separable
part of various financial crimes. It can be said that a sophisticated money laundering, fraud or corruption operation
invariably involves at least one shell company at some point of the process. Unfortunately, there are certain nations
and jurisdictions, known as “secrecy havens”, that do not follow ‘Financial Action Task Force’ guidelines on money
laundering/ terror financing and are hence popular among unscrupulous persons and are extensively used to form
shell companies as well as Shelf-companies.

Normally shell companies are floated worldwide by persons broadly for undernoted activities / objectives:
1. Rotation, misappropriation and siphoning off funds.
2. Creation of equity in their name.
3. Holding real estate properties / trading in Capital Market / market manipulation
4. Converting unaccounted money through placement, layering and round tripping
5. Tax evasion

Generally, there would be multiple companies located at a single address, sharing a common registered address.
Such a company is incorporated for serving as a conduit for fictitious business transactions, leaving no trace about the
actual beneficiary. Further, shell companies have certain common features and attributes:

* Nominal paid up capital vis-a-vis authorized capital.

* Huge balances in share premium A/c - premium charged is shorn of commercial reality. and/ or share application
money account.
* No / nominal statutory payments like VAT, Service Tax, Income Tax, GST.
* Stock in trade is minimum or zero.
* Low operating earnings or expenses.
* No / Minimum Fixed Assets which remains the same year after year
* Huge investments in shares/ unsecured loans in (i) Private Limited Companies (ii) Unlisted Public Limited Companies
(High debtors and creditors without any immovable assets).
* High Cash in hand/ Cash at Bank.
* Number of Companies registered at same address.
* Frequent change in Directors.
* Common Directors
* Generally Trading Companies with one of the objects being investment in securities
* Change in Company name/ Registered Office
* Shareholding pattern- majority shareholders are Private Ltd Co./ Unlisted Public Ltd. Co.

The operating staff must take due care to identify the shell companies in the bank’s books based on the above
attributes.

Money Laundering through Money Mules

“Money mules” are the persons who allow their accounts to be used for money laundering purposes.

“Money Mules” can be used to launder the proceeds of fraud schemes (e.g., phishing and identity theft) by criminals
who gain illegal access to deposit accounts by recruiting third parties to act as “money mules.”

In some cases, these third parties may be innocent while in others they may behaving complicity with the criminals.

In a money mule transaction, an individual with a bank account is recruited to receive cheque deposits or wire
transfers and then transfer these funds to accounts held on behalf of another person or to other individuals, minus a

Sunil SKA
 23

certain commission payment. Money mules may be recruited by a variety of methods, including spam e-mails,
advertisements on genuine recruitment web sites, social networking sites, instant messaging and advertisements in
newspapers.

When caught, these money mules often have their bank accounts suspended, causing inconvenience and potential
financial loss, apart from facing likely legal action for being part of a fraud. Many a times the address and contact
details of such mules are found to be fake or not up to date, making it difficult for enforcement agencies to locate the
account holder.

The operations of such mule accounts can be minimised by following the guidelines on opening of accounts and
monitoring of transactions. It is, therefore, advised to strictly adhere to the guidelines on KYC/ AML/ CFT issued from
time to time and to those relating to periodical updating of customer identification data after the account is opened and
also to monitoring of transactions in order to protect the bank and the bank’s customers from misuse by such
fraudsters.

Money laundering through early repayment of long-term Loans

Loans can also be used as a cover for laundering proceeds of crime. While assets are created by obtaining long term
loans to hoodwink Income Tax authorities or other LEAs regarding source of funds, the loans are repaid well ahead of
the actual stipulated repayment schedules by using proceeds of crime. There payments may come in cash or through
transfers from the accounts of unconnected third parties. Third parties, working as money mules, may provide
cheques/ wire-transfers against the value received by them from the money launderers in cash or in the form of other
valuable assets.

Money laundering through accounts of NGOs/NPOs

NPO (Non-profit organisation) means any entity or organisation that is registered as a trust or a society under the
Societies Registration Act, 1860 or any similar State legislation or a company registered (erstwhile Section 25 of
Companies Act,1956) under Section 8 of the Companies Act, 2013.

Accounts of NGOs/ NPOs are considered more vulnerable and prone to money laundering and terror financing in
comparison to accounts of other entities/individuals. It is due to the receipt of funds in the form of subscription,
donation or gifts by these entities from various open sources/ persons. The possibility of intermingling of genuine funds
with proceeds of crime are not very remote in such NPOs/NGOs. Accounts of NPOs and NGOs (other than promoted
by UN or it’s agencies) are classified in high-risk category by Regulated Entities. In case of remittances favouring
NGOs/ NPOs the extant FCRA provisions, bank's instructions and SOPs must be adhered to, before affording credits.

All transactions involving receipts by NPOs of value more than ten lakhs or its equivalent in foreign currency are
mandatorily reported by REs to FIU-IND as NTR(Non-profit Organizations’ transaction report).

A soft copy of the NTRs is placed on the AML/ CFT website in SBITIMES. Circles/controlling offices/ Branches may
download their respective NTR reports for further analysis & taking necessary action, if any required.

NPO customers operating/ transacting majorly in high-risk areas/locations may require further Transaction Due
Diligence (TDD) to check whether transactions in the account are in tune with the declared activity/ business of the
customer.

If any suspicious transactions patterns from AML/ CFT angle are observed, the branch should advise the controllers
and the AML/ CFT cell Jaipur through one-page subjective STR.

Money laundering through misuse of Wire-Transfer facility

Banks use wire transfers as an expeditious method for transferring funds between bank accounts. Wire transfers
include transactions occurring within the national boundaries of a country or from one country to another. As wire
transfers, do not involve actual movement of currency, they are considered as a rapid and secure method for
transferring value from one location to another.

Sunil SKA
 24

Wire transfer is an instantaneous and most preferred route for transfer of funds across the globe and hence, there is a
need for preventing terrorists and other criminals from having unfettered access to wire transfers for moving their funds
and for detecting any misuse when it occurs.

This can be achieved if basic information on the originator of wire transfers is immediately available to appropriate law
enforcement and/or prosecutorial authorities in order to assist them in detecting, investigating, prosecuting terrorists or
other criminals and tracing their assets. The information can be used by Financial Intelligence Unit- India (FIU-IND) for
analysing suspicious or unusual activity and disseminating it as necessary.

The originator information can also be put to use by the beneficiary bank to facilitate identification and reporting of
suspicious transactions to FIU-IND. Owing to the potential terrorist financing threat posed by small wire transfers, the
objective is to be in a position to trace all wire transfers with minimum threshold limits.

Accordingly, branches must ensure that all wire transfers are accompanied by the following information:

In Cross-Border Wire Transfers

1. All cross-border wire transfers must be accompanied by accurate and meaningful originator information.
2. Information accompanying cross-border wire transfers must contain the name and address of the originator and
where an account exists, the number of that account. In the absence of an account, a unique reference number, as
prevalent in the country concerned, must be included.
3. Where several individual transfers from a single originator are bundled in a batch file for transmission to
beneficiaries in another country, they may be exempted from including full originator information, provided they include
the originator’s account number or unique reference number.

In Domestic Wire Transfers

1. Information accompanying all domestic wire transfers of Rs. 50,000/-(Rupees Fifty Thousand) and above must
include complete originator information i.e. name, address and account number etc., unless full originator information
can be made available to the beneficiary bank by other means.
2. If a bank has reason to believe that a customer is intentionally structuring wire transfers to below Rs. 50,000/-
(Rupees Fifty Thousand) to several beneficiaries in order to avoid reporting or monitoring, the bank must insist on
complete customer identification before effecting the transfer. In case of non-cooperation from the customer, efforts
should be made to establish his identity and Suspicious Transaction Report (STR) should be submitted to FIU-IND.
3. When a credit or debit card is used to effect money transfer, necessary information as required should be included
in the message.

Exemptions: Inter-bank transfers and settlements, where both the originator and beneficiary are banks or financial
institutions, would be exempted from the above requirements.

To conclude the module, it can be said that a well-designed KYC Policy may complement the AML/CFT systems
deployed in a bank in three fundamental ways:

* It prevents on-boarding of persons who carry a dubious background

* It helps in better understanding of customers and analyzing the risk that they pose to the Bank and society at large
* It provides the AML/CFT cell with an accurate profile of the customers enabling a meaningful monitoring of
transaction patterns and better decision-making regarding reporting of a suspicious transaction via STR.

Hence a robust Know Your Customer Policy and framework, is the backbone of an effective and responsive AML/CFT
system.

Sunil SKA
 25

Module 1 - Assessment
Which of the following is NOT a category of source of system generated STR (Suspicious Transaction Report) ? C
a. Risk Management System (RM) related: Risk management system-based alert - high risk customer, country,
location, source of funds etc.
b. Watch List (WL) related: Matching the customer details by system, with the specifi ed negative lists such as UN
list, OFAC etc.
c. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
d. Transaction Monitoring (TM) related: Transaction monitoring system- generated alerts such as unusually large
number of cash deposits, many to one transaction etc.
A Branch received queries from state police regarding Mr X, who is a customer of the branch. It was evident from A
the query that the customer was under investigation in regards to various criminal offences. Should the branch file
a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) in this case ?
a. Branch need not report such matters of routine, further merely receiving queries from a legal enforcement
agency does not mean that the customer is a declared culprit.
b. Yes branch should report it as a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) but the
reporting to FIU-IND will be through the Principal officer i.e. GM (AML-CFT) only.
c. Yes branch should report it as a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) directly
to FIU-IND.
d. Yes branch should report it as a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) to its
controller, who will file it with FIUIND on consolidated basis for the entire region.
Mr S is a student studying in AMU and having an account with your branch. One fine day you received a letter B
from nearby branch of another nationalised bank, regarding unusual pattern of transactions noticed in the account
of Mr S, held with them. Some of the transactions had originated through your branch. When you verified the
transactions in the account with your branch, you also found transactions, which were inconsistent with the profile
of the account holder. You immediately decided to report these transactions as Suspicious Transactions through a
Suspicious Transaction Report. What is the category of source of such an STR?
a. Watch List (WL) related-Frequent locker operations
b. Customer Verification (CV)-Detected during customer acceptance, identification or verification
c. Employee Initiated (EI)-Employee raised alert- Frequent locker operations
d. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
A Branch received queries from state police regarding Mr X, who is a customer of the branch. It was evident from B
the query that the customer was under investigation related to money laundering offence. The branch decided to
report this incident through a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR). What is the
category of source of such an offline Red Flag Indicator (RFI)/ alert ?
a. Employee Initiated (EI)-Employee raised alert
b. Law Enforcement Agency Query (LQ)- Query or letter received from Law Enforcement Agency (LEA)
c. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
d. Customer Verification (CV)-Detected during customer acceptance, identification or verification
On one fine day a customer approached the frontline staff of a bank branch and asked if he could deposit Rs 25 B
lac in cash in his account on five different dates within a month and whether the branch will report these
transactions in Cash Transaction Report. When replied in affirmation he tried to convince the staff to avoid
reporting as each transaction is below the threshold level. He deposited Rs 5 lac in cash and asked the way outs,
to avoid reporting further cash transactions in his account. One of the associates reported this suspicious
behaviour of the customer to the branch head. The branch head decided to report it as a Suspicious Transaction
/Suspicious Activity through a Suspicious Transaction Report/Suspicious Activity Report. What is the category of
source of such an offline Red Flag Indicator (RFI)/ alert?
a. Media Reports (MR)-Adverse Media Reports about customer, being investigated for criminal offences
b. Employee Initiated (EI)-Employee raised alert- Customer wants to avoid reporting
c. Customer Verification (CV)-Detected during customer acceptance, identification or verification
d. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
As per Prevention of Money Laundering (Maintenance of Records) Rules-2005 what does a “Suspicious D
Transaction” mean ?
a. A transaction which gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime
b. A transaction which appears to be made in circumstances of unusual or unjustified complexity
Sunil SKA
 26

c. A transaction which gives rise to a reasonable ground of suspicion that it may involve financing of the activities
relating to terrorism.
d. All of the Above
At what stages Transaction monitoring is conducted? A
a. The transaction monitoring may be conducted at Pre-Transaction Stage & Post-Transaction Stage
b. The transaction monitoring may be conducted at Maker level & At Checker Level
c. The Transaction monitoring is a continuous process without any stage.
d. The transaction monitoring may be conducted at the pre-sanction level and post sanction level
Is there any Penalty for any deficiency in filing the mandatory reports by reporting entities to FIU-IND? B
a. Any deficiency in filing the mandatory reports by reporting entities will attract maximum penalty of Rs. 10,000/-
per instance per day.
b. Any deficiency in filing the mandatory reports by reporting entities will attract minimum penalty of Rs. 10,000/-
which may go to Rs.1,00,000/- per instance per day.
c. The FIU_IND can not impose penalty on Reporting Entities.
d. Any deficiency in filing the mandatory reports by reporting entities will attract minimum penalty of Rs. 1,00,000/-
per instance per day with cap of Rs 10,00,000/-.
AGM Regions/Branch Heads / Heads of the CPCs- are responsible for reporting of suspicious transactions B
passing through their units. What is the designated role of AGM Regions/Branch Heads / Heads of the CPCs as
per the 'AML/CFT STRUCTURE in our BANK'?
a. Dy. MLROs
b. Assistant MLROs
c. Designated Directors for their respective offices.
d. MLROs) Money Laundry Reporting Officers)
Why account of a shell company should not be opened/maintained by a Bank? A
a. Shell Companies may be used by criminals for laundering ill-gotten money, evading taxes and perpetuating
fraud.
b. Shell companies do not apply for loans and advances, hence are not viable option for interest and other income
for Banks.
c. Shell companies do not have any director on their board, hence it is risky proposition to open an account of a
shell company.
d. Banks do not get substantial business from Shell companies.
A customer entered the main branch of a bank in Agra city. The behaviour of the customer made the service
manager suspicious when the customer due diligence. Customer had vague knowledge about amount of money
involved in the transaction. Customer wa transactions and answering queries of branch officials. His behavioural
pattern put the branch officials on alert, and it was/Suspicious Activity through a Suspicious Transaction
Report/Suspicious Activity Report. What is the category of source of such an offline Red Fla
a. Media Reports (MR)-Adverse Media Reports about customer, being investigated for criminal offences
b. Law Enforcement Agency Query (LQ)- Query or letter received from Law Enforcement Agency (LEA)
c. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
Which of the following is NOT a category of source of Subjective STR (Suspicious Transaction Report)/ SAR B
(Suspicious Activity Report)?
a. Customer Verification (CV)-Detected during customer acceptance, identification or verification
b. Typology (TY) system detected alerts- Routing of funds through multiple accounts -transactions greater than
INR 10 lacs between more than 3 accounts aggregating to more than INR 30 lacs on the same day.
c. Law Enforcement Agency Query (LQ)- Query or letter received from Law Enforcement Agency (LEA)
d. Employee Initiated (EI)-Employee raised alert- transaction has no economic rationale
A customer, owning a small tea shop near your branch, entered the branch to deposit a cheque of large amount in b
his account. The cheque had been purportedly drawn by Coal India Ltd. Customer is not able to provide sufficient
clarification to the queries of the front-line staff. The lady associate refers the case to service manager. The
customer frequently changes his statements, when more detailed information is requested by the service manager.
It is evident to the branch officials that the information that the customer has been providing is minimal and
possibly false or inconsistent. The branch head has decided to report it as a Suspicious Transaction /Suspicious
Activity through a Suspicious Transaction Report/Suspicious Activity Report. What is the category of source of
such an offline Red Flag Indicator (RFI)/ alert?
Sunil SKA
 27

a. Law Enforcement Agency Query (LQ)- Query or letter received from Law Enforcement Agency (LEA)
b. Employee Initiated (EI)-Employee raised alert- Customer provides inconsistent information
c. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
d. Media Reports (MR)-Adverse Media Reports about customer, being investigated for criminal offences
Who is designated as PRINCIPAL OFFICER as per the 'AML/CFT STRUCTURE in our BANK' for the purpose of D
Section 12 of PMLA, 2002?
a. G.M. Network
b. C.G.M
c. M.D.(SARC)
d. G.M. (AML-CFT)
Through which set up Suspicious Transaction Reports are sent to Financial Intelligence Unit-India (FIU- IND)? A
a. STRs are to be reported through Principal Officer, AML-CFT cell, to FIU-IND.
b. Subjective STR can be sent immediately by Branch directly to FIU-IND under information to the controller of
branch.
c. STRs can be sent by RBO on consolidated basis for the respective region, to FIU-IND.
d. STRs can be sent by LHO on consolidated basis for the circle, to FIU-IND.
How many types of STRs are there? C
a. Fresh STRs and Stale STRs
b. Genuine STRs & False STRs
c. System Generated STRs and Subjective STRs
d. Confirmed STRs and Un-confirmed STRs
Mr X opened an account but the letter of thanks as well as customised cheque book got returned with the remark B
"Customer not staying at the provided address'. The branch officials also confirmed the fact by visiting in person
and decided to report this through a Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR). What
is the category of source of such an offline Red Flag Indicator (RFI)/ alert ?
a. Employee Initiated (EI)-Employee raised alert
b. Customer Verification (CV)-Detected during customer acceptance, identification or verification
c. Media Reports (MR)-Adverse Media Reports about customer
d. Public Complaint (PC)-Complaint received from public
A customer of a branch in Hyderabad, was not able to answer the queries made by the service manager, B
regarding the drawer of the cheque, which had been drawn for a large amount. Customer was nervous and over
cautious in explaining genuineness of the transaction and frequently changing his statements. This made the
official as well as the branch head suspicious and they decided to report the incidence as a Suspicious Activity
through Suspicious Activity Report/ STR. Under which category the source of the offline Red Flag Indicator (RFI)/
alert will fall?
a. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
b. Employee Initiated (EI)-Employee raised alert- customer is nervous or over cautious
c. Media Reports (MR)-Adverse Media Reports about customer, being investigated for TF offences
d. Customer Verification (CV)-Detected during customer acceptance, identification or verification
Mr S did not open account after being informed about KYC requirements, the dealing officer has sufficient reasons B
to believe that this activity should be reported as a suspected transaction and a Suspicious Transaction Report
(STR)/ Suspicious Activity Report (SAR) must be raised. The source of such an offline Red Flag Indicator/ alert
falls under______category?
a. Media Reports (MR)-Adverse Media Reports about customer
b. Customer Verification (CV)-Detected during customer acceptance, identification or verification
c. Public Complaint (PC)-Complaint received from public
d. Employee Initiated (EI)-Employee raised alert
One customer approached a bank branch to open an account and deposit a cheque of large amount in the newly C
opened account. The customer seemed to be in hurry and was not able to explain why he had travelled
unexplained distances from his own place to open an account and conduct transactions in a far off situated
branch. This made the branch officials suspicious and the branch decided to report this incident through a
Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) as a CDD measure. What is the category
of source of such an offline Red Flag Indicator (RFI)/ alert?
a. Media Reports (MR)-Adverse Media Reports about customer,
Sunil SKA
 28

b. Law Enforcement Agency Query (LQ)- Query or letter received from Law Enforcement Agency (LEA)
c. Employee Initiated (EI)-Employee raised alert -Customer avoiding nearer branches
d. Business Associates (BA)- Information received from other institutions, subsidiaries or business associates
Which of the following is NOT a category of source of Subjective STR (Suspicious Transaction Report)/ SAR D
(Suspicious Activity Report)?
a. Employee Initiated (EI)-Employee raised alert- Customer could not explain source of funds
b. Customer Verification (CV)-Detected during customer acceptance, identification or verification
c. Media Reports (MR)-Adverse Media Reports about customer, being investigated for criminal offences
d. Watch List (WL) related: Matching the customer details by system, with the specified negative lists such as UN
list, OFAC etc.
What is the periodicity of undertaking exercise of Customer Risk categorization (CRC) by AML-CFT Department? A
a. CRC by AML-CFT Department is done at half yearly intervals typically as on 31st March and 30th September
every year or in between if the need arises.
b. CRC by AML-CFT Department is done at quarterly intervals or in between if the need arises.
c. CRC by AML-CFT Department is done annually typically as on 31st March every year or in between if the need
arises.
d. CRC by AML-CFT Department is done at monthly intervals typically on the last working day of the month or in
between if the need arises.
Each Business Group/Circle/SBU designates an official to ensures proper implementation of KYC/AML/CFT Policy B
in the Group/Circle/SBU and to report to the Principal Officer (AML-CFT). What is the designation of such
designated official?
a. Money Laundering Officer (MLO)
b. Money Laundering Reporting Officer (MLRO)
c. Dy. Money Laundering Officer (DyMLO)
d. Officer for Money Laundering (OML)
Suspicious Transactions Reports (STRs) can be classified into two following broad categories that B
is_______________, based on the source of the alert which resulted in escalating such STRs
a. Internal STRs & External STRs
b. System Generated STRs & Subjective STRs
c. Employee Initiated STRs & Customer initiated STRs
d. Customer related STRs & Non-customer related STRs
Mr X provided false identification/address documents that appeared to be counterfeited, altered, and inaccurate at D
the time of onboarding, the dealing officer and branch head decided to raise a Suspicious Transaction Report
(STR)/ Suspicious Activity Report (SAR). The source of such an offline Red Flag Indicator (RFI) / alert falls
under______category?
a. Employee Initiated (EI)-Employee raised alert
b. Public Complaint (PC)-Complaint received from public
c. Media Reports (MR)-Adverse Media Reports about customer
d. Customer Verification (CV)-Detected during customer acceptance, identification or verification
The service manager of a branch has brought to the notice of the branch head that Sh Blacky has been visiting A
branch quite often with frequent requests to access his locker. He has already operated the locker for 18 times
during past 30 days. When contacted he could not provide satisfactory reply and rather abused the staff for not
cooperating. As a branch head, you decided to report this incident as Suspicious Transactions / Suspicious Activity
through a Suspicious Transaction Report/Suspicious Activity Report. What is the category of source of such an
STR/SAR?
a. Watch List (WL) related-Frequent locker operations
b. Customer Verification (CV)-Detected during customer acceptance, identification or verification
c. Employee Initiated (EI)-Employee raised alert- Frequent locker operations
d. Risk Management System (RM)
What is True about 'System generated STRs'? D
a. System Generated Alerts along with STRs are generated by Core Banking System during End of Day activities.
b. Subjective STRs are escalated based on alerts or information received from Branches/staff/media reports etc.
c. System Generated Alerts are generated by staff through Core Banking System.
d. System Generated STRs are escalated based on alerts triggered by AML software system.
Sunil SKA
 29

You being the Beneficiary Bank, have received a wire-transfer from Ordering Bank in favour of Al Faraz & Co. The C
detailed information on the fund remitter is missing with the message. Despite repeated requests the ordering bank
has failed to furnish information on the remitter, Being a beneficiary Bank what will be your action and view
regarding the ordering Bank?
a. The Beneficiary Bank should appreciate the problem of ordering bank and credit the account of beneficiary
under information to ordering bank.
b. The Beneficiary Bank should credit the account of beneficiary on the risk and responsibility of the ordering bank
c. The Beneficiary Bank should hold the credit on the risk and responsibility of the ordering bank
d. The Beneficiary Bank should consider restricting or even terminating its business relationship with the ordering
bank.
What is meant by 'Layering' process in Money Laundering Process? B
a. Layering of different criminal activities for Money Laundering
b. Separation of illicit proceeds from their original sources and beyond the grasp of local law enforcement agencies
by layering of financial transactions with the intention to conceal the origin of the proceeds.
c. Integrated efforts and activities of Money Launderers for depositing of proceeds of crime into financial system.
d. Creating layers of Cash for easily counting the money by Money Launderers.
What is Trade Based Money Laundering or TBML? B
a. TBML is the legitimate process/ business of money laundering.
b. TBML is the process of disguising the proceeds of crime and moving value using trade transactions to legitimize
their illicit origins.
c. TBML is the process of soliciting, collecting or providing the funds for activities related to terrorism.
d. TBML is the process of money laundering through Identity theft.

Sunil SKA
 30

Welcome to Module 2 – Know Your Customer Policy- Customer on-boarding.

There is a Relationship between KYC Procedures and AML/ CFT Measures. A well-designed KYC Policy
complements the AML/ CFT systems deployed in a bank in three fundamental ways:
1. It prevents on-boarding of persons who carry a dubious background and who may be a potential threat to
the institution from the perspective of money laundering and financing of terrorism.
2. It helps in better understanding of customers and analysing the risk that they pose to the banks and society
at large.
3. It provides the AML/ CFT cell with an accurate profile of the customers enabling a meaningful monitoring of
transaction patterns and better decision-making regarding reporting of a suspicious transaction.

Bank’s KYC/AML/ CFT Policy

Reserve Bank of India has specified Know Your Customer (KYC) standards to be followed by banks and measures to
be taken in regard to Anti Money Laundering(AML) and Combating Financing of Terrorism (CFT).

The Master Directions incorporate:

* Obligations cast on banks under the Prevention of Money Laundering Act (PMLA), 2002 and subsequent
amendments thereof.
* Recommendations made by the Financial Action Task Force (FATF) on AML standards and CFT.
* Customer Due Diligence (CDD) for banks as stipulated by the Basel Committee on Banking Supervision.

The objective of KYC/AML/CFT guidelines is to prevent banks/FIs from being used, intentionally or unintentionally, by
criminal elements for money laundering or terrorist financing activities. RBI has mandated the banks for having a
board-approved KYC policy.

The bank has a board approved comprehensive Policy & Procedural Guidelines on KYC/ AML/ CFT issued by KYC
Department incorporating Bank’s approach to KYC, AML and CFT issues. As per the policy, bank shall take steps to
implement provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering
(Maintenance of Records) Rules, 2005, as amended from time to time.

The KYC policy shall include following four key elements:

Customer Acceptance Policy
Risk Management
Customer Identification Procedures (CIP)
Monitoring of Transactions.

Some of the key features of the KYC/ AML/ CFT Policy and certain customer segments which need closer monitoring
from the AML/ CFT risk perspective are also outlined in this chapter.

1.1 Customer Acceptance Policy

The Customer Acceptance Policy section of the Bank’s Policy & Procedure Guidelines on KYC/ AML/ CFT Measures
lays down the criteria for acceptance of a person as customer of the bank and, inter-alia states as under:

* No account is opened in anonymous or fictitious/ benami name.

* No account is opened where the Branch/ Business unit is unable to apply appropriate CDD measures, either
due to non-cooperation of the customer or non-reliability of the documents/information furnished by the
customer. It should be ensured that identity of customer does not match with any person or entity whose name
appears in the sanction’s lists circulated by Reserve Bank of India.

* No transaction or opening of account is undertaken without following the CDD procedure.

Sunil SKA
 31

* Mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, as
specified by RBI to be obtained.

* Optional/ additional information is obtained with the explicit consent of the customer after the account is opened.

* Branches/ Offices shall apply the CDD procedure at the CIF level. Thus, if an existing KYC compliant customer of our
Bank desires to open another account with another Branch, there shall be no need for a fresh CDD exercise.

* CDD Procedure is followed for all the joint account holders, while opening a joint account and also for
Guarantors in case of loan accounts.

* Circumstances in which, a customer is permitted to act on behalf of another person/ entity, is clearly spelt out.

* Accounts of persons having relationships with banned entities such as individual terrorists or terrorist organizations
etc. are not to be opened. While information relating to them will be shared from time to time, branches will also have
to be guided by the information available in public domain for the purpose.

* Virtual Currencies (VC): As per RBI Guidelines, Bank shall not deal in Virtual Currencies (VC) or provide services for
facilitating any person or entity in dealing with or settling VCs.

It is important to bear in mind that the adoption of Customer Acceptance Policy and its implementation should not
become too restrictive and must not result in denial of banking services to general public, especially to those who are
financially or socially disadvantaged.

Risk Management

PML Rules regarding Risk Assessment

Rule 9 (13) of the PML (Maintenance of Records) Rules, 2005 states as under:
1. Every reporting entity shall carry out risk assessment to identify, assess and take effective measures to mitigate its
money laundering and terrorist financing risk for clients, countries or geographic areas, and products, services,
transactions, or delivery channels that is consistent with any national risk assessment conducted by a body or authority
duly notified by the Central Government.

2. The risk assessment mentioned in clause (i) shall—

a) be documented.
b) consider all the relevant risk factors before determining the level of overall risk and the appropriate level and
type of mitigation to be applied.
c) be kept up to date; and
d) be available to competent authorities and self-regulating bodies.

For Risk Management, bank shall have a risk-based approach which includes the following:

RBI Guidelines on Customer Risk Categorization

The Risk Management chapter of Master Direction - Know Your Customer (KYC) Direction, 2016, states as under:

For Risk Management, REs shall have a risk-based approach which includes the following:

(a) Customers shall be categorised as low, medium and high-risk category, based on the assessment and risk
perception of the RE.

(b) Risk categorisation shall be undertaken based on parameters such as customer’s identity, social/financial
status, nature of business activity, and information about the clients’ business and their location etc.

Sunil SKA
 32

While considering customer’s identity, the ability to confirm identity documents through online or other services offered
by issuing authorities may also be factored in.

Provided that various other information collected from different categories of customers relating to the perceived risk, is
non-intrusive and the same is specified in the KYC policy.

Explanation: FATF Public Statement, the reports and guidance notes on KYC/AML issued by the Indian Banks
Association (IBA), guidance note circulated to all cooperative banks by the RBI etc., may also be used in risk
assessment

Bank’s Guidelines on Customer Risk Categorization (CRC):

Customers shall be categorised as low, medium, and high-risk category, based on the assessment and risk perception
of the RE.

Risk categorisation shall be undertaken based on parameters such as customer’s identity, social/financial status,
nature of business activity, and information about the clients’ business and their location etc. While considering
customer’s identity, the ability to confirm identity documents through online or other services offered by issuing
authorities may also be factored in.

Manual or Automated
The risk associated with all factors/parameters which are suggested by RBI cannot be assessed and captured
exclusively by an automated system of risk calculation and assignment. Hence Risk categorization of customers in the
Bank is done by combining both manual and automated classification methods to fulfil the transaction monitoring
requirements as per the RBI guidelines.

Further, review of risk categorization once in six months, as mandated by RBI, may be possible through an automated
process only considering the large customer base of the bank.

Customer Risk Categorization Exercise in the Bank:

Risk Categorization is to be assigned at the time of on-boarding or whenever there is a change in the profile of the
customer. The AML/ CFT transaction monitoring software may subsequently re-categorize the customers based on
other parameters as applicable.

The bank needs to have a multi-dimensional and dynamic CRC model which considers both static and dynamic factors
to arrive at the customer’s risk classification.

RBI Master Direction on KYC/ AML/ CFT stipulates that Banks/ FIs should put in place a system of periodical review of
risk categorization of accounts and the need for applying enhanced due diligence measures. Such review of risk
categorization of customers should be carried out at a periodicity of not less than once in six months.

The customer risk may be integrated with transaction monitoring by adequately adopting differential rules/ thresholds
for different risk profiles.
Based on the above broad guidelines the bank has devised a comprehensive process for classifying its customers into
Low, Medium, and High-Risk categories for a risk-based transaction monitoring from the perspective of anti-money
laundering and combating financing of terrorism.

CRC Exercise at Branch: Operating Guidelines:

The Account Opening Form (AOF) filled up by the customer is verified thoroughly and the documents as required
under the bank’s KYC/ AML/ CFT policy and other extant guidelines, are obtained.

The Customer Profile is created as accurately as possible, as it determines the risk category of the customer. The
customer should be advised that correct profiling is in the customer’s interest to be compliant with various directives
from the bank, RBI and the relevant laws/ enactments issued from time to time by the Government.

Sunil SKA
 33

However, Risk Categorisation must not be discussed with the customer as it is an internal process of the bank, to be
performed as per the regulatory guidelines.

Periodicity of CRC
As per the RBI guidelines, review of risk categorization of customers should be carried out at a periodicity of not less
than once in six months. The CRC by AML/CFT Department is done at two levels:
1. Daily for the incremental accounts/customers, and
2. At half yearly intervals typically as on 31st March and 30th September every year or in between if the need arises.

Customer Identification Procedures (CIP):

General Principle:
Customer identification means undertaking client due diligence measures while commencing an account-based
relationship including identifying and verifying the customer and the beneficial owner.

Customer identification requires identifying the customer and verifying his/ her identity by using reliable, independent
source documents, data, or information. The first requirement of Customer Identification Procedures (CIP) to be
satisfied is that a prospective customer is who he/ she claims to be.

Mandatory’ information required for KYC purposes, which the customer is obliged to give, shall be obtained at the time
of opening an account or during periodic updation. The information {both ‘mandatory’ (obtained before opening the
account) and ‘optional’ (after opening the account with the explicit consent of the customer)} collected from the
customer is to be treated as confidential and details thereof are not to be divulged for cross-selling or any other
purpose, without the express permission of the customer.

Extra care should be taken while opening accounts of various firms and companies belonging to the same group
especially in the light of beneficial owners/ real beneficiaries of such group accounts and under no circumstances,
accounts of shell companies/ firms should be opened in Bank’s books. While considering a customer’s identity, the
ability to confirm identity documents through online or other services offered by issuing authorities needs to be factored
in.

Branches / offices shall undertake Customer Identification in the following cases:

* While establishing an account-based relationship.

* Carrying out any international money transfer operations for a person who is not an account holder.

* When the Branch/ Office has a doubt about the authenticity or adequacy of the customer identification data it has
obtained.

* Selling of third-party products as agents, selling our own products, payment of dues of credit cards/ sale and
reloading of prepaid/ travel cards and any other product for more than Rs. 50,000/-.

* Carrying out transactions for a non-account-based customer, that is a walk-in customer, where the amount involved
is equal to or exceeds rupees fifty thousand, whether conducted as a single transaction or several transactions that
appear to be connected.

* When the Bank has reason to believe that a customer (account based or walk-in) is intentionally structuring a
transaction into a series of transactions below the threshold of rupees fifty thousand.

Customer Profile

To monitor individual transactions in accounts, “Customer Profile” of individual account holders should be compiled in
the account opening forms, covering information like Occupation/ activity, Source of Funds, Monthly Income, Annual

Sunil SKA
 34

turnover (in the case of a business), Date of Birth, Educational qualification, Details of existing credit facilities, if any,
Assets (approximate value), etc.

Customer profiles are to be prepared for all accounts. Customer profiles must be reviewed whenever the branch has
doubt about the authenticity/ veracity or the adequacy of the previously obtained customer identification data.

* Additional Information to be collected for Risk Categorisation.

* purpose/ reason for opening the account or establishing the relationship.

* anticipated level and nature of the activity that is to be undertaken.

* expected source of funds.

* details of occupation/ employment and sources of wealth or income.

Customer due diligence and various customer identification procedures in respect of different type of customers will be
discussed in this chapter at appropriate places.

Transaction Monitoring:
Transaction Monitoring is fourth important element of KYC policy. The bank’s obligations under PMLA, 2002 and the
PML Rules there under requires the bank to put in place an effective mechanism to enable it to monitor all the
transactions occurring across its various channels.

Analysing the transactions conducted by a customer/ non-customer, with a view to ensuring that the value, nature, and
pattern of transaction is consistent with the customer profile and/ or to determine whether the transaction under
consideration has an economic rationale, may be termed as transaction monitoring.

Transaction monitoring in detail has been discussed in Module 1 of this Lesson.

Compliance of KYC Policy:

The compliance of KYC Policy of the bank shall be ensured through the following means:

1. It is the responsibility of each vertical head/ head of the Business Unit to ensure KYC compliance under
their area of operations.

2. The responsibility to be allocated for effective implementation of policies and procedures.

3. The compliance functions of bank’s policies and procedures, including legal and regulatory requirements must be
independently evaluated.

4. Concurrent/internal audit system to verify the compliance with KYC/AML policies and procedures.

5. Submission of quarterly audit notes and compliance to the Audit Committee.

* Bank shall ensure that decision making functions of determining compliance with KYC norms are not outsourced.

* All Officers/Employees of the Bank shall abide by the KYC Policy/Instructions issued there under and implement
them in letter &spirit.

* Non-compliance with KYC/AML/CFT standards can lead to misuse of the different channels of the Bank for
Money Laundering/ financing terrorism.

AUTHORITY STRUCTURE FOR KYC COMPLIANCE

Sunil SKA
 35

* It is responsibility of each vertical head/head of the Business Unit to ensure KYC compliance under their area of
operation.

* The officer-in-charge vested with the authority to open the account, should ensure compliance with the KYC
guidelines. The officer, who has interviewed the customer should subscribe his signature, in the space provided in the
account opening form, for having interviewed the prospective customer and should ensure that all aspects of KYC
guidelines are complied with.

* Business Correspondents (BCs) & Business Facilitators (BFs) will facilitate filling up of account opening forms,
procurement of KYC documents, photograph etc. and put up to the home Branch where the account will reside.

* While functionaries of BC channels will facilitate completion of KYC formalities in respect of accounts opened through
them, primary responsibility of ensuring KYC compliance in respect of all accounts maintained with it including review
of KYC, risk categorization, monitoring of transactions etc. will rest with the home branch.

KYC ON TRANSFER OF ACCOUNTS:

KYC verification once done by one branch/office of the Bank shall be valid for transfer of the account to any other
branch/business unit, provided full KYC verification has already been done for the concerned account and the same is
not due for periodic updation.

UNIQUE CUSTOMER IDENTIFICATION CODE (UCIC)

1. While entering into a new relationship with individual customers and the existing customers in our Bank, Customer
Identification File (CIF) shall be allotted. All the accounts of the same customer are tagged to the CIF. ACIF is the
Unique Identification Code and a customer should not be allotted more than one CIF.

2. It is not necessary to create CIF for all walk-in/occasional customers such as buyers of drafts / pre-paid
instruments/purchasers of third party products, provided the Bank shall ensure that there is adequate mechanism to
identify such walk-in customers who have frequent transactions and ensure that they are allotted CIF.

KYC NON-COMPLIANT/ KYC DISCREPANT ACCOUNTS

* While the Bank onboards customer only after complying with the KYC requirements, there may be instances where
the accounts are rendered KYC Non-Compliant subsequently, or becomes KYC discrepant due to non-availability of
documents/information from the customer. Examples of such cases are as under:

1. Accounts opened with Deemed OVD but updated OVD is not provided within 3 months.

2. Small accounts where OVD is not provided within a period of 24months, subject to relaxations provided by RBI/
Govt. of India.

3. Accounts where KYC Updation is overdue.

4. Legacy Accounts found KYC non-compliant on re-examination/audit/ inspection.

5. Accounts where customer does not co-operate to provide CDD or additional information, including Beneficial
Ownership information.

* Bank shall take steps to make such accounts KYC Compliant first. However, if the customer is not forthcoming to
provide the necessary documents and/or information, Bank will take the steps towards phased imposition of partial /
full freeze and eventual closure of the account. Partial Freeze means restricting debits in the account through all
channels, but allowing credits.

* Bank may choose to close the account where full freeze has been imposed, after issuing due notice to the customer
explaining the reasons for taking such a decision. Such decisions, however, shall be taken at a reasonably senior
level. The competent authority to permit closure of such accounts shall be the Branch Head, not below the rank of

Sunil SKA
 36

Chief Manager in Senior Management Grade. In all other cases, any Chief Manager of the R.B.O shall be the
competent authority to permit closure of such accounts.

REVIEW OF THE POLICY:

The KYC policy, last updated up to 31.03.2021 and duly approved by the Central Board, has been circulated by Bank,
st
vide Circular No. 204/2021-22, bearing S. No. R&DB/OPS-KYC/KYC/7/2021-22, dated the 1 of Jun, 2021. The Policy
will be reviewed once in two years. However, it can be reviewed more frequently as and when considered necessary
by the Board.

AUTHORITY TO ADVISE CHANGES IN THE INTERIM PERIOD:

Any other instructions under the policy, required to be issued urgently, before there view, may be issued with due
approval from MD (R&DB).

Any changes brought about by GOI/RBI Directives or other regulators will be disseminated by way of e-circulars, under
the signature of CGM (R&DB Operations). Such changes would be suitably incorporated at the time of review.

AUTHORITY TO ISSUE CLARIFICATIONS:

Authority to issue clarifications in all KYC related matters under this policy is General Manager (KYC). Similarly,
authority to issue clarifications in all AMLCFT

Customer on-boarding – Customer DueDiligence & Customer Identification Procedure

Customer Due Diligence (CDD):

As per RBI Master Directions on KYC, 2016 updated up to 10.05.2021-
“Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner.” {Sec 3(b)
(iv)} & “Customer identification” means undertaking the process of CDD. {Sec 3(b) (v)}

Financial institutions are required to undertake customer due diligence (CDD) measures when:
* Establishing business relationship.

* Carrying out occasional transactions above the applicable designated threshold for the account.

* The transaction is carried out in a single operation or in several operations that appear to be linked.

* Carrying out occasional transactions that are wire transfers on any other mode like RTGS, NEFT, SWIFT etc.

* There is a suspicion of money laundering or financing of terrorism, regardless of any exemptions or thresholds that
are referred to elsewhere.

* The branch has doubts about the veracity or adequacy of previously obtained customer identification data.

As per Rule 9 (1) of PML Rules-2005, for CDD, Every reporting entity shall-
(a) at the time of commencement of an account-based relationship-

1. identify its clients, verify their identity, obtain information on the purpose and intended nature of the business
relationship; and

2. determine whether a client is acting on behalf of a beneficial owner, and identify the beneficial owner and take all
steps to verify the identity of the beneficial owner.

(b) in all other cases, verify identity while carrying out:

1. transaction of an amount equal to or exceeding rupees fifty thousand, whether conducted as a single transaction or
several transactions that appear to be connected, or

Sunil SKA
 37

2. any international money transfer operations.

Enhanced Due Diligence (EDD):

* Additional documents to satisfy the identity of the customer and intensive monitoring is required to be exercised in
respect of:

* Accounts of Non-Face-to-face customers.

* Politically Exposed Persons (PEPs), their family members and close relatives. Client accounts opened by
Professional Intermediaries.

* All customers categorized as high risk and medium risk.

* EDD FOR ACCOUNTS OF NON-FACE-TO-FACE CUSTOMERS (OTHERTHAN AADHAAR OTP BASED ON-
BOARDING):

Branch/Business Units shall ensure that the first payment is to be effected through the customer's KYC-complied
account with another Bank Branch, for enhanced due diligence of non-face-to-face customers. Explanation: Accounts
opened on the basis of V-CIP of Video KYC are to be treated as face to face and above restriction does not apply.

EDD FOR ACCOUNTS OF POLITICALLY EXPOSED PERSONS (PEP)

* Branches should gather sufficient information on any person/customer of this category intending to establish a
relationship and check all the information available on the person in the public domain.

* Branches should verify the identity of the person and seek sufficient information about the sources of funds,
accounts of family members and close relatives, before accepting the PEP as a customer.

* Branches should open such accounts with the approval of controllers in respect of branches / BPR outfits
headed by officials of Junior Management/Middle Management. In respect of branches / BPR outfits headed by
officers of Senior Management and above, such approval should be accorded by the branch/operating unit
head in person.

* Such accounts should be subjected to enhanced monitoring on an ongoing basis.

* In the event of an existing customer or the beneficial owner of an existing account, subsequently becoming a PEP,
Branches should obtain necessary approval to continue the business relationship and subject the account to the
Enhanced Customer Due Diligence (EDD) measures as applicable to the customers of PEP category including
enhanced monitoring on an ongoing basis.

* These instructions are also applicable to accounts where a PEP is the ultimate beneficial owner.

* Some of the Customer categories may carry more than ordinary risk of money laundering and terrorist financing and
therefore warrant a better understanding and closer scrutiny by the operating staff at all levels. Indicative but not
exhaustive examples are given below:

* Beneficial Owner.
* Walk-in Customers.
* Politically Exposed Persons (PEPs).
* Multi-Level Marketing (‘MLM’) Companies.
* Accounts of Non- Face-To-Face Customers.

Customer Due Diligence (CDD) Procedure in case of Individuals:

Sunil SKA
 38

Branches/Business Units shall obtain the following from an individual while establishing an account-based relationship
or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder
related to any legal entity:

1. The Permanent Account Number (PAN) or the equivalent e-document there of or Form No. 60 as defined in
Income-tax Rules, 1962 and

2. Recent Photograph; and

3. The Aadhaar number (two conditions only) where,

* he is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the
Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services)Act, 2016 (18 of 2016); or

* he decides to submit his Aadhaar number voluntarily for identification purposes and consents to undergo
authentication OR proof of possession of Aadhaar number or any Officially Valid Document (OVD) or the
equivalent e-document there of containing the details of his identity and address

Explanation – In these two cases, Bank/RE shall carry out authentication of the customer’s Aadhaar number using e-
KYC online authentication facility provided by the Unique Identification Authority of India. Biometric based e-KYC
authentication can be done by bank official/business correspondents/business facilitators.

Further, in such a case, if customer wants to provide a current address, different from the address as per the identity
information available in the Central Identities Data Repository, he may give a self-declaration to that effect to the RE.

4. any such other documents including in respect of the nature of business and financial status of the customer,
or the equivalent e-documents thereof as may be required the branches/Business Units, to create customer profile for
the purpose of risk categorization and transaction monitoring.

Explanation- Proof of Possession of Aadhaar (without sharing Aadhaar number/ core biometrics)- (In such
cases two options are there)

(aa) RE shall carry out offline verification of Aadhaar - if offline verification can be carried out, OR

(ab) if offline verification cannot be carried out in such case RE shall carryout DIGITAL KYC

(Provided that for a period not beyond such date as may be notified by the Government for a class of REs, instead of
carrying out digital KYC, the RE pertaining to such class may obtain a certified copy of the proof of possession of
Aadhaar number or the OVD and a recent photograph where an equivalent e-document is not submitted.)

Explanation - Equivalent e-document:

Equivalent e-documents can very well be provided by a person instead of certified copies of OVDs. Equivalent e-
document means an electronic equivalent of a document, issued by the issuing authority of such document with its
valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the
Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker
Facilities) Rules, 2016.

EXCEPTION HANDLING
In such a case, where e-KYC authentication cannot be performed for an individual desirous of receiving any benefit or
subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other
subsidies, Benefits and Services) Act, 2016 owing to injury, illness or infirmity on account of old age or otherwise, and
similar causes, REs shall –

1. Apart from obtaining the Aadhaar number,

Sunil SKA
 39

2. Perform identification preferably by carrying out offline verification or

alternatively by obtaining the certified copy of any other OVD or the equivalent e-document thereof from the customer.

CDD done in this manner-

1. shall invariably be carried out by an official of the RE and such exception handling shall be a part of the
concurrent audit.

2. REs shall ensure to duly record the cases of exception handling in a centralised exception database.

3. The database shall contain the details of grounds of granting exception, customer details, name of the designated
official authorising the exception and additional details, if any.

4. The database shall be subjected to periodic internal audit/inspection bythe RE and shall be available for supervisory
review.

Accounts opened using OTP based e-KYC

Accounts opened using OTP based e-KYC, in non-face-to-face mode, are subject to the following conditions:
1. There must be a specific consent from the customer for authentication through OTP.

2. the aggregate balance of all the deposit accounts of the customer shall not exceed rupees one lakh. In case, the
balance exceeds the threshold, the account shall cease to be operational, till CDD as mentioned at (v) below is
complete.

3. the aggregate of all credits in a financial year, in all the deposit accounts taken together, shall not exceed rupees
two lakh.

4. As regards borrowal accounts, only term loans shall be sanctioned. The aggregate amount of term loans sanctioned
shall not exceed rupees sixty thousand in a year.

5. Accounts, both deposit and borrowal, opened using OTP based e-KYC shall not be allowed for more than one
year, unless prescribed CDD is undertaken for the customer. RBI has also allowed to use Video based Customer
Identification Procedure (V-CIP) for such accounts opened using OTP based e-KYC to complete the CDD.

6. If the CDD procedure as mentioned above is not completed within a year, in respect of deposit accounts, the same
shall be closed immediately. In respect of borrowal accounts no further debits shall be allowed.

7. A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be
opened using OTP based KYC in non face-to-face mode with any other RE. Further, while uploading KYC information
to CKYCR, REs shall clearly indicate that such accounts are opened using OTP based e-KYC and other REs shall not
open accounts based on the KYC information of accounts opened with OTP based e-KYC procedure in non-face-to-
face mode.

8. REs shall have strict monitoring procedures including systems to generate alerts in case of any non-
compliance/violation, to ensure compliance with the above-mentioned conditions.

Officially valid Documents

“Officially Valid Document” (OVD) means-
1. The Passport,

2. The Driving Licence,

3. Proof of possession of Aadhaar number,

4. The Voter's Identity Card issued by the Election Commission of India,

Sunil SKA
 40

5. Job card issued by NREGA duly signed by an officer of the State Government and

6. Letter issued by the National Population Register containing details ofname and address.

No other document shall be accepted for establishing identity/ address of an individual customer.

Deemed OVDs in case OVD furnished by the customer does not have updated address
Where the OVD furnished by the customer does not have updated address, the following documents or the equivalent
e-documents thereof shall be deemed to be OVDs for the limited purpose of proof of address: -

1. Utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile
phone, piped gas, water bill).

2. Property or Municipal tax receipt.

3. Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or
Public Sector Undertakings, if they contain the address.

4. Letter of allotment of accommodation from employer issued by State Government or Central Government
Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial
institutions and listed companies and leave and licence agreements with such employers allotting official
accommodation.

The deemed OVD should be in the name of the customer.

The customer shall submit OVD amended with current address within aperiod of three months of submitting
the Deemed OVDs.

CDD Measures for Sole Proprietary firms

For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out.
1. In addition to the above, any two of the following documents or the equivalent documents thereof as a proof of
business/ activity in the name of the proprietary firm shall also be obtained:

2. Registration certificate

3. Certificate/ licence issued by the municipal authorities under Shop and Establishment Act.

4. Sales and income tax returns.

5. CST/VAT/ GST certificate (provisional/final).

6. Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.

7. IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of
practice issued in the name of the proprietary concern by any professional body incorporated under a statute.

8. Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's
income is reflected, duly authenticated/acknowledged by the Income Tax authorities.

9. Utility bills such as electricity, water, landline telephone bills, etc.

In cases where the branches are satisfied that it is not possible to furnish two such documents , they may, at their
discretion, accept only one of those documents as proof of business/activity

Sunil SKA
 41

subject to ‘Contact Point Verification’.

Branches will undertake 'contact point verification' and collect such other information and clarification
as would be required to establish the existence of such firm and shall confirm and satisfy itself that the business
activity has been verified from the address of the proprietary concern.

CDD Measures for Legal Entities

For opening an account of a company

Certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained

* Certificate of incorporation
* Memorandum and Articles of Association
* Permanent Account Number of the company
* A resolution from the Board of Directors and power of attorney granted to its managers, officers, or employees to
transact on its behalf
* Documents relating to beneficial owner, the managers, officers or employees, as the case may be, holding an
attorney to transact on the company’s behalf.

For opening an account of a partnership firm-

The certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
(a) Registration certificate
(b) Partnership deed
(c) Permanent Account Number of the partnership firm
(d) Documents relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney
to transact on its behalf.

For opening an account of a trust

Certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
(a) Registration certificate
(b) Trust deed
(c) Permanent Account Number or Form No.60 of the trust
(d) Documents relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney
to transact on its behalf.

For opening an account of an unincorporated association or a body of individuals-

Certified copies of each of the following documents or the equivalent documents there of shall be obtained:
(a) Resolution of the managing body of such association or body of individuals
(b) Permanent Account Number or Form No. 60 of the unincorporated association or a body of individuals
(c) Power of attorney granted to transact on its behalf
(d) Documents, as specified in Section 16, relating to beneficial owner, managers, officers or employees, as the case
may be, holding an attorney to transact on its behalf.
(e) Such information as may be required by the RE to collectively establish the legal existence of such an association
or body of individuals.

Explanation: Unregistered trusts/partnership firms shall be included under the term ‘unincorporated association’.
Explanation: Term ‘body of individuals’ includes societies.

For opening accounts of juridical persons

For opening accounts of juridical persons not specifically covered in the earlier part, such as societies, universities and
local bodies like village panchayats, certified copies of the following documents or the equivalent e-documents thereof
shall be obtained:
(a) Document showing name of the person authorised to act on behalf of the entity.
(b) Documents of the person holding an attorney to transact on its behalf.

Sunil SKA
 42

(c) Such documents as may be required by the RE to establish the legal existence of such an entity/juridical person.

OPENING OF ACCOUNTS OF FOREIGN STUDENTS

1. Only Non- Resident Ordinary (NRO) bank account
of foreign students may be opened based on his/her passport (with appropriate visa &immigration endorsement)
bearing the proof of identity and address in the home country along with a photograph and a letter offering admission
from the educational institution in India.

2. A declaration should be obtained about the local address within a period of 30 days of opening the account
and the said local address shall be verified.

3. Pending verification of address, during the 30 days period, the account may be operated with a condition of
allowing foreign remittances not exceeding USD 1,000 or equivalent into the account and cap of Rupees fifty thousand
on aggregate in the same.

4. The account would be treated as a normal NRO account and will be operated in terms of instructions contained
in RBI’s instructions on Non-Resident Ordinary Rupee (NRO) Account and the provisions of FEMA,1999.

5. Students with Pakistani nationality will need prior approval of Reserve Bank of India for opening the account.

Opening of Individual NRE Accounts

Accounts to be opened and CDD to be undertaken as applicable for an individual.
Further, the following documents to be obtained:
* Passport and Visa Copies, duly attested by
(i) authorised officials of overseas branches of Scheduled Commercial Banks registered in India,
(ii) branches of overseas banks with whom Indian banks have relationships,
(iii) Notary Public abroad,
(iv) Court Magistrate,
(v) Judge,
(vi) Indian Embassy/Consulate General in the country where then on-resident customer resides

NRI customers who want to open accounts without visiting the branch willbe treated as “non-Face-to-Face”
customers and necessary due diligence, as applicable to “Non-Face-to-Face” customers, needs to bedone.

ACCOUNTS OF MINORS
* Minors, who can adhere to uniform signature and are not less than ten years old, can open accounts in their
single name. In such cases, KYC procedure for identification /address verification as in case of any other individual
would apply.

* For minors below the age of 10 years or whose accounts are operated by Parents/Guardian, proof of Date of Birth
of Minor, Photograph of guardian and KYC of guardian shall be obtained.

* Wherever PAN of minor is not available, Form 60 is to be obtained, which shall be signed by Parent/Guardian only.

* Minors on attaining majority shall submit their Fresh Photographs, Copy of PAN card or Form 60 along with the
appropriate KYC documents.

Small Accounts
Small Account means a savings account which is opened in terms of sub-rule (5) of the PML Rules, 2005. Small
Accounts entails following limitations:
1. the aggregate of all credits in a financial year does not exceed Rupees one lakh;
2. the aggregate of all withdrawals and transfers in a month does not exceed Rupees ten thousand; and

Sunil SKA
 43

3. the balance at any point of time does not exceed Rupees fifty thousand. [Provided, that this limit on balance shall
not be considered while making deposits through Government grants, welfare benefits and payment against
procurements.

In case an individual customer who does not have any OVD and PAN
and desires to open a bank account, a “Small Account” may be opened subject to following conditions:

1. Branches/Business Units while opening ‘Small’ accounts will obtain a self-attested photograph from the customer.

2. The authorised officer under his signature will certify that the person opening the account has affixed his signature
or thumb impression in his presence. Provided that where the individual is a prisoner in a jail, the signature or thumb
print shall be affixed in presence of the officer in-charge of the jail and the said officer shall certify the same under his
signature and the account shall remain operational on annual submission of certificate of proof of address issued by
the officer in-charge of the jail.

3. The stipulated monthly and annual limits on aggregate of transactions and balance requirements in such accounts
are not breached before a transaction is allowed to take place.

4. The account shall remain operational initially for a period of twelve months which can be extended for a further
period of twelve months, provided the account holder applies and furnishes evidence of having applied for any of
the OVDs during the first twelve months of the opening of the said account.

5. The entire relaxation provisions shall be reviewed after twenty-four months.

6. Notwithstanding anything contained in clauses (5) and (6)above, the small account shall remain operational
between such periods as may be notified by the Central Government. In the recent past, such relaxation was provided
during the period of 01.04.2020 to 30.09.2020 due to widespread pandemic and lockdown conditions.

7. The account shall be monitored and when there is suspicion of money laundering or financing of terrorism activities
or other high-risk scenarios, the identity of the customer shall be established as per CDD applicable for an individual.

8. Foreign remittance shall not be allowed to be credited into the account unless the identity of the customer is fully
established as per as per CDD applicable for an individual.

Name screening requirements/obligations under International Agreements Communications from International

Agencies
As per Section 51 of RBI Master Directions on KYC, 2016 updated up to10.05.2021, REs shall ensure that in terms of
Section 51A of the Unlawful Activities(Prevention) (UAPA) Act, 1967 and amendments thereto, they do not have any
account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist
links, which are approved by and periodically circulated by the United Nations Security Council (UNSC). The details of
the two lists are as under:

a. The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of individuals and entities associated with the
Al-Qaida. The updated ISIL &Al-Qaida Sanctions List is available at
https://scsanctions.un.org/fop/fop?xml=htdocs/resources/xml/en/consolidated.xml&xslt=htdocs/resources/xsl/en/al-
qaida-r.xsl

b. The “1988 Sanctions List”, consisting of individuals (Section A of the consolidated list) and entities (Section B)
associated with the Taliban which is available at
https://scsanctions.un.org/fop/fop?xml=htdocs/resources/xml/en/consolidated.xml&xslt=htdocs/resources/xsl/en/taliban
-r.xsl

In addition to the above, other UNSCRs circulated by the Reserve Bank in respect of any other jurisdictions/ entities
from time to time shall also be taken note of

Sunil SKA
 44

Section 52 of aforesaid Master Directions further states that details of accounts resembling any of the
individuals/entities in the lists shall be reported to FIU-IND apart from advising Ministry of Home Affairs as required
under UAPA notification dated February 2, 2021.

As per Rule 7(3) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 for Banks, it is
imperative that the bank has a system in place, which will ensure that the account of the person of any dubious
background is not opened or any suspicious transaction if routed through the branch will be identified.

This is ensured at the time of on boarding through Name screening process.

Name Screening:
Name Screening is an essential part of Customer Acceptance Policy of a Financial Institution. Name-Screening is a
process by which a given Name of a person or entity is screened against various lists circulated by National and
International Organizations, Regulators, Agencies, and the Institution itself. The necessity of creating a process of
Name Screening at the time of customer on-boarding and at periodic intervals, arises from regulations/ guidelines by
RBI and FIU-IND and bank’ own KYC/AML/ CFT policy

The purpose of name screening is-

1. to ensure that the Financial Institution does not on-board any person or entity whose identity matches with any
person or entity in the Negative Lists, and
2. to weed out those persons or entities already on board, and whosename subsequently figures in any of the Negative
Lists.

Through Name Screening, a Financial Institution reduces the risk of misuse of its channels and facilities by
unscrupulous elements for Money Laundering and/ or Terrorist Financing, by filtering out persons of criminal and
dubious background at the on-boarding stage itself.

It is important to note that whenever a business vertical creates a new channel of customer on boarding or modifies an
existing channel, it must ensure that a process for Name Screening has been put in place. All queries in this regard
maybe addressed to [email protected].

Name screening process- Guidelines for branches

The guidelines in this regard have been reiterated by bank vide Cir AML-CFT/AML-CFTMEASURES/5/2020 - 21
st
Dated the 31 of Jul, 2020 –

Step-1 of Name screening process

When a name match alert is displayed in CBS at the time of creating a new CIF or renewal of an existing CIF, the
name and ID details of the applicant / customer is matched with those of the corresponding name against which the
match has occurred in a negative list(s).

(The links to the negative lists is available in the e-circulars issued by the AML/CFT Department for this purpose and
also on the AML/CFT website on SBITIMES. The path is SBITIMES/ Departments1/ AML/CFT/ Downloads/ Banned
Entities.)

The different scenarios and courses of action are as under:

Scenario A:
The name and ID details (ID type and number) of the applicant/customer match with those of the person in the
negative list: This is considered a Positive match. Other available details such as Father’s Name, Date of Birth,
address etc. may also be verified before arriving at a conclusion. If it is established beyond doubt that the person
under consideration is the same as the person in the negative list, Step 2 is followed.

Sunil SKA
 45

Scenario B:
The ID of the applicant/customer is different from the ID of the corresponding person in the negative lists (for e.g. the
customer has produced PAN card, but the available Id of the corresponding person in the negative list is Passport). In
this case, the name and other identifiers of the applicant/customer(date of birth, father's name, address, mobile no.)
are matched with those of the corresponding person given in the negative lists.

In case the name and at least two other identifiers match, it is considered a positive match. (For e.g. if the name and
date of birth match but father's name/address do not match, it cannot be taken as positive match).

Apart from the above steps, since the branch is face to face with the applicant/customer it may elicit other meaningful
information to confirm whether the person’s identity matches with the person in negative list. If it is established beyond
doubt that the applicant is the same as the person in the negative list, Step 2 is followed.

Scenario C:
The name, ID details and other identifiers of the applicant/customer do not match with those of the person in the
negative list. This is a negative match and the branch may proceed with opening of account/amending the CIF by an
Officer not below the rank of MMGS-III / Branch head (in case of lower incumbency branches).

Step-2 of Name screening process

(a) Process to be followed in case of Positive Match with “ISIL (Da’esh) &Al-Qaida Sanctions List” which
includes names of individuals and entities associated with the Al-Qaida and “1988 Sanctions List”, consisting of
individuals (Section A of the consolidated list) and entities (Section B) associated with the Taliban:

* No customer whose details match beyond doubt with entities in the above two lists, shall be allowed to open
any account, under advice to the controllers and AML/CFT Department.

* In case, the particulars of any of their customers match beyond doubt with the particulars of designated
individuals/entities, the branch through its controllers, under advice to AML-CFT Department, shall
immediately, not later than 24 hours from the time of finding out such customer, inform full particulars of the
funds, financial assets or economic resources or related services held in the forms of bank accounts, held by
such customer on their books to the Joint Secretary(CTCR), Ministry of Home Affairs, at Fax No.011 –
23092569 and also convey over telephone on 011 – 23092736. The particulars apart from being sent by post
should necessarily be conveyed on e-mail id: [email protected].

* The branch through its controllers, under advice to AML-CFT Department, shall also send by post a copy of
the communication mentioned above to the UAPA nodal officer of RBI, as well as through email at
[email protected].

* The branch through its controllers, under advice to AML-CFT Department, shall also send a copy of the
communication mentioned above to the UAPA nodal officer of the state/UT where the account is held, as
well as to FIU-India.

* In case, the match of any of the customers with the particulars of designated individuals/entities is beyond
doubt, the branch, under advice to the controllers, would prevent designated persons from conducting
financial transactions, under intimation to Joint Secretary (CTCR), Ministry of Home Affairs through email,
phone and post in the same manner as stated above.

* The branch shall advise the full details of the person to the AML-CFT Department which in turn shall file a
Suspicious Transaction Report(STR) with FIU-IND covering all transactions in the accounts carried through or
attempted for in the prescribed format.

(b) Process to be followed in case of Positive Match with OTHER LISTS

Sunil SKA
 46

In case, the match of any of the customers with the particulars of individuals/entities is beyond doubt, the Branch
Manager, under intimation to the controllers, would prevent designated persons from opening account and conducting
financial transactions.

Step-3 of Name screening process

The list of persons/entities whose accounts were opened or not opened after due diligence, in case of 100% matching
of name only, with the sanction lists, shall be reported by the branches to the RBO on monthly basis.

The designated officer(s) in-charge of Compliance function shall peruse and cross-examine the list and any corrections
shall be advised to branches.

CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR):
1. Bank shall upload the KYC data pertaining to accounts of individuals opened prior to January 01, 2017, at the
time of periodic updation, or earlier when the updated KYC information is obtained/ received from the customer in
certain cases. It shall be ensured that during periodic updation, the customers’ KYC details are migrated to
current CDD standard.

2. Bank shall upload the KYC data pertaining to accounts of Legal Entities (LEs) opened on or after April 1, 2021,
on to CKYCR in terms of Rule 9 (1A) of the PML Rules. It shall also be ensured that incase of accounts of LEs
opened prior to April 1, 2021, the KYC records are uploaded on to CKYCR during the process of periodic updation,
or earlier when the updated KYC information is obtained/received from the customer in certain cases.

3. Bank shall ensure that during periodic updation, the customers’ KYCdetails are migrated to current Customer Due
Diligence (CDD)standards.

Periodic Updation of KYC:

Bank shall adopt a risk-based approach for periodic updation of KYC. However, periodic updation shall be carried out
at least once in every two years for high-risk customers, once in every eight years for medium risk customers and
once in every ten years for low-risk customers from the date of opening of the account /last KYC updation.

Periodic Updation of KYC of Individual Customers:

No change in KYC information:
In case of no change in the KYC information, a self-declaration from the customer in this regard shall be obtained
through customer’s email-id registered with the Bank, customer’s mobile number registered with the Bank, ATMs,
digital channels(such as online banking / internet banking, mobile application of Bank), letter etc.

Change in address:
In case of a change only in the address details of the customer, a self-declaration of the new address shall be obtained
from the customer through customer’s email-id registered with the Bank, customer’s mobile number registered with the
Bank, ATMs, digital channels (such as online banking / internet banking, mobile application of Bank), letter etc., and
the declared address shall be verified through positive confirmation within two months, by means such as address
verification letter, contact point verification, deliverables etc.

Further, Bank, at their option, may obtain a copy of OVD or deemed OVD or the equivalent e-documents thereof, for
the purpose of proof of address, declared by the customer at the time of periodic updation. Such requirement,
however, shall be clearly specified by the Bank in their internal KYC policy duly approved by the Board of Directors of
Bank or any committee of the Board to which power has been delegated.

Accounts of customers, who were minor at the time of opening account, on their becoming major:
In case of customers for whom account was opened when they were minor,
Fresh photographs shall be obtained on their becoming a major and at that time it shall be ensured that CDD
documents as per the current CDD standards are available with the Bank.

Sunil SKA
 47

Wherever required, Bank may carry out fresh KYC of such customers i.e. customers for whom account was opened
when they were minor, on their becoming a major.

Periodic Updation of KYC of Customers other than individuals:

No change in KYC information: In case of no change in the KYC information of the Legal Entity (LE) customer, a
self-declaration in this regard shall be obtained from the LE customer through its email id registered with the Bank,
ATMs, digital channels (such as online banking /internet banking, mobile application of Bank), letter from an official
authorized by the Bank in this regard, board resolution etc.

Further, Bank shall ensure during this process that Beneficial Ownership (BO)information available with them is
accurate and shall update the same, if required, to keep it as up to date as possible.

Change in KYC information: In case of change in KYC information, Bank shall undertake the KYC process
equivalent to that applicable for onboarding a new LE customer.

Additional measures: In addition to the above, Bank shall ensure that,

The KYC documents of the customer as per the current CDD standards
are available with them. This is applicable even - if there is no change in customer information but the documents
available with the Bank are not as per the current CDD standards.

Further, in case the validity of the CDD documents available with the Bank has expired at the time of periodic
updation of KYC, Bank shall undertake the KYC process equivalent to that applicable for on boarding a new
customer.

Customer’s PAN details, if available with the Bank, is verified from the database of the issuing authority at the time of
periodic updation of KYC.

Acknowledgment is to be provided to the customer mentioning the date of receipt of the relevant document(s),
including self-declaration from the customer, for carrying out periodic updation. Further, it shall be ensured that the
information / documents obtained from the customers at the time of periodic updation of KYC are promptly updated in
the records/ database of the Bank and an intimation, mentioning the date of updation of KYC details, is provided to the
customer.

Bank shall ensure that their internal KYC policy and processes on updation / periodic updation of KYC are
transparent and adverse actions against the customers should be avoided, unless warranted by specific regulatory
requirements.

Requirements/Obligations under International Agreements:

1. Bank shall ensure that in terms of Section 51A of the Unlawful Activities(Prevention) (UAPA) Act, 1967 and
amendments thereto, they do not have any account in the name of individuals/entities appearing in the lists of
individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the
United Nations Security Council (UNSC).

2. The procedure laid down in the UAPA Order dated 02.02.2021 (Annex II of Master Direction on KYC updated as on
23.03.2021) or as updated from time to time shall be strictly followed and meticulous compliance with the Order issued
by the Government shall be ensured.

3. In case, the particulars of any of their customers match with the particulars of designated individuals/entities, the
bank, shall immediately inform full particulars of the funds, financial assets or economic resources or related services
held in the form of bank accounts, stocks or Insurance policies etc., held by such customer on their books to the
Central[designated] Nodal Officer for the UAPA

4. The list of Nodal Officers for UAPA is available on the website of Ministry of Home Affairs.

Sunil SKA
 48

2.3 New Initiatives- Offline Paperless KYC, Digital KYC & Video KYC

Aadhaar Paperless Offline e-KYC/ Offline verification of Aadhar

Aadhaar Paperless Offline e-KYC is a secure and shareable document which canbe used by any Aadhaar holder for
offline verification of identification, without sharing Aadhar number or core biometrics.

UIDAI has launched Aadhaar Paperless Offline e-KYC Verification to allow Aadhaar number holders to voluntarily use
it for establishing their identity in various applications in paperless and electronic fashion, while still maintaining
privacy, security and inclusion.

When, the mechanism to verify identity of an Aadhaar number holder through an online e- KYC service is already
available which definitely provides an authenticated instant verification of identity, then why OFFLINE e-KYC has been
introduced?

The reason being that, this method of online e-KYC may not be available to all agencies, for the reason that-

1. Online e-KYC requires reliable connectivity throughout the process

2. The Bank/agency needs to have technical infrastructure to call online e-KYC service by deploying necessary
devices

On the other hand, it may also not be found suitable by some Aadhar number holders, due to salient reasons like-

1. The resident has to provide biometrics and he may not be able or interested to provide the same,

2. UIDAI maintains a record of all the online-KYC requests for its audit purposes and few holders of Aadhaar number
may find it as an encroachment on their privacy.

Aadhaar Paperless Offline e-KYC is the alternative available with its various advantages to resolve these issues.

Aadhaar paperless offline KYC/ Offline verification of Aadhaar is to be carried out in the following cases-

1. In case an individual customer decides not to reveal Aadhar number and opts to submit ‘Proof of possession of
Aadhaar number’ as an OVD.

2. In such a case, where e-KYC authentication cannot be performed for an individual desirous of receiving any benefit
or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other
subsidies, Benefits and Services) Act, 2016 owing to injury, illness or infirmity on account of old age or otherwise, and
similar causes.

HOW DOES IT WORK- AADHAAR PAPERLESS OFFLINE E-KYC

Aadhaar Paperless Offline e-KYC eliminates the need for the resident to provide a photocopy of Aadhaar letter and
instead, a resident can download the KYC XML and provide the same to agencies wanted to have his/her KYC. The
agency can verify the KYC details shared by the resident in a manner explained in the below sections. The KYC
details are in machine-readable XML which is digitally signed by UIDAI allowing the agency to verify its authenticity
and detect any tampering. The agency can also authenticate the user through their OTP/Face authentication
mechanisms.

Process flow to obtain Aadhaar Paperless Offline e-KYC Data.

Aadhaar number holders can obtain Aadhaar Paperless Offline e-KYC data by downloading Aadhaar Paperless Offline
e-KYC from resident portal (https://resident.uidai.gov.in). The process flow is as under-

Sunil SKA
 49

* Go to URL → https://resident.uidai.gov..in/offlineaadhar
* Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’
* Enter the OTP received and click on ‘Submit’ button
* In next step, after successful validation, create the desired ‘Share Code’ for the ZIP file in the provided field and enter
the ‘Security Code’ and press ‘Download’ button to download the zip file.
* The Zip file containing the digitally signed XML will be downloaded to the device, which can be extracted using the
password and saved at desired location.
* This file containing ‘Aadhaar Paperless Offline e-KYC data’ will have to be provided to the Bank/ other verifying
agency by the Aadhaar number holder in digital or physical (printed QR) format along with share code for verification.
* Regd. mobile number and e-mail address will also be shared with the agency.

What data is available?

The Zip file gets downloaded, which is to be extracted using the password created by the holder during download. The
file can be saved as XML file at desired location on the device. The following details are available in the file –

* Offline Paperless KYC reference ID- (This is a composition of last 4 digits of Aadhaar number followed by time stamp
in ‘YYYYMMDDHHMMSSmmm’ format.
* Name (Present as plain text)
* Gender (Present as plain text denoting ‘M’ or ‘F’ or ‘T’)
* Date of Birth/ Year of Birth (Present as plain text in DDMMYYYY or YYYY format)
* Address (Present as plain text in various tags e.g. Country/State/District/Street etc.)
* Photograph (present in encoded format)
* Mobile Number (Represented as a hash with hash logic)
* Email Address (represented as a hash with hash logic)
* UIDAI Signature: – (a 344 character long digital signature)

Process flow for Offline Aadhaar Data Verification by Service Provider

Step 1: Once the service provider receives the ZIP file in the XML format, it will extract the file using the share code as
provided by the Aadhaar Cardholder.

Step 2: All the demographic details are mentioned in the XML file such as Name, DOB, Gender, and Address. The
photograph will also be available in the base 64encoded format which can be rendered directly using any utility or plain
HTML page. However, the email address and the registered mobile number are one way hashed. Entire XML is
digitally signed and Service Provider validates the XML file using the signature and ‘public key’ available on the UIDAI
website.

Step 3: Once all the details are verified, the service provider needs to collect thee mail address and mobile number
from the Aadhaar Cardholders and validate the hash by using the given hash logic.

This way the service provider can verify and certify the authenticity of the provided data and rely upon the data for
official use.

How this Aadhaar Offline Paperless eKYC document is different from the other identification documents
produced offline by residents?

Identity verification can simply be accomplished by providing an identity document like PAN card, Passport etc to the
service provider. However, all these documents, may or may not be verified in offline mode instantaneously, and
hence later on may prove to be forged and fake.

The service providers may not have technological means to instantaneously verify the authenticity of these documents
or the information that they contain, and are left with no other option, than merely to trust the document provider.

Whereas, the XML file generated by the Aadhaar number holder, using ‘Offline Aadhaar Data Verification Service’ is
an authentic, digitally signed document carrying UIDAI digital signatures.

Sunil SKA
 50

Thus, the service provider can verify the demographic contents of the file successfully, and certify it to be authentic
through carrying out offline verification of file.

Offline Paperless eKYC document cannot be shared with other entities

Service providers can not publish or display either Share Code or XML file or its contents with anyone else.

Any non-compliance of these actions shall invite actions under Sections 17 and25 of The Aadhaar (Authentication)
Regulation, 2016; Sections 4 and 6 of The Aadhaar (Sharing of Information) Regulation, 2016 and Sections 29(2), 29
(3) and37 of The Aadhaar Act, 2016.

Digital KYC
“Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of
Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location
where such live photo is being taken by an authorised officer of the RE.

Digital KYC is to be carried out by REs, where offline verification of Aadhar number/ proof of possession of Aadhar
cannot be carried out.

However, for a period not beyond such date as may be notified by the Government for a class of REs, instead of
carrying out digital KYC, the Res pertaining to such class may obtain a certified copy of the proof of possession of
Aadhaar number or the OVD and a recent photograph where an equivalent e-document is not submitted.

Digital KYC Process

1. The RE shall develop an application for digital KYC process which shall be made available at customer touch points
for undertaking KYC of their customers and the KYC process shall be undertaken only through this authenticated
application of the REs.

2. The access of the Application shall be controlled by the REs and it should be ensured that the same is not used by
unauthorized persons. The Application shall be accessed only through login-id and password or Live OTP or Time
OTP controlled mechanism given by REs to its authorized officials.

3. The customer, for the purpose of KYC, shall visit the location of the authorized official of the RE or vice-versa. The
original OVD shall be in possession of the customer.

4. The RE must ensure that the Live photograph of the customer is taken by the authorized officer and the same
photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the RE shall put
a watermark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee
Code(assigned by REs) and Date (DD:MM:YYYY) and time stamp(HH:MM:SS) on the captured live photograph of the
customer.

5. The Application of the RE shall have the feature that only live photograph of the customer is captured and no printed
or video-graphed photograph of the customer is captured. The background behind the customer while capturing live
photograph should be of white color and no other person shall come into the frame while capturing the live photograph
of the customer.

6. Similarly, the live photograph of the original OVD or proof of possession of Aadhaar where offline verification cannot
be carried out(placed horizontally), shall be captured vertically from above and water-marking in readable form as
mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph
of the original documents.

7. The live photograph of the customer and his original documents shall be captured in proper light so that they are
clearly readable and identifiable.

Sunil SKA
 51

8. There after, all the entries in the CAF shall be filled as per the documents and information furnished by the
customer. In those documents where Quick Response (QR) code is available, such details can be auto-populated by
scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e-Aadhaar
downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be
auto-populated by scanning the QR available on Aadhaar/e-Aadhaar.

9. Once the above-mentioned process is completed, a One Time Password (OTP) message containing the text that
‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number. Upon
successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not
have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this
purpose and be clearly mentioned in CAF. In any case, the mobile number of the authorized officer registered with the
RE shall not be used for customer signature. The RE must check that the mobile number used in customer signature
shall not be the mobile number of the authorized officer.

10. The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the
original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will
be sent to his mobile number registered with the RE. Upon successful OTP validation, it shall be treated as authorized
officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this
authorized officer’s declaration.

11. Subsequent to all these activities, the Application shall give information about the completion of the process and
submission of activation request to activation officer of the RE, and also generate the transaction-id/reference-id
number of the process. The authorized officer shall intimate the details regarding transaction-id/reference-id number to
customer for future reference.

12. The authorized officer of the RE shall check and verify that: - (a) information available in the picture of document is
matching with the information entered by authorized officer in CAF. (b) live photograph of the customer matches with
the photo available in the document.; and (c) all of the necessary details in CAF including mandatory field are filled
properly.;

13. On Successful verification, the CAF shall be digitally signed by authorized officer of the RE who will take a print of
CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system.
Original hard copy may be returned to the customer.

Banks may use the services of Business Correspondent (BC) for this process.

Video Based Customer Identification Procedure (V-CIP/ Video KYC)

“Video based Customer Identification Process (V-CIP)”: is an alternate method of customer identification with facial
recognition and customer due diligence by an authorised official of the RE by undertaking seamless, secure, live,
informed-consent based audio-visual interaction with the customer to obtain identification information required for CDD
purpose, and to ascertain the veracity of the information furnished by the customer through independent verification
and maintaining audit trail of the process. Such processes complying with prescribed standards and procedures is to
be treated on par with face-to-face CIP.

Reserve Bank of India has allowed to use the V-CIP functionality in following areas-
1. CDD in case of new customer on-boarding for-
a. Individual customers,
b. Proprietor in case of proprietorship firm,
c. Authorized signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.
Provided that in case of CDD of a proprietorship firm, Bank shall also obtain the equivalent e-document of the activity
proofs with respect to the proprietorship firm, apart from undertaking CDD of the proprietor.

Sunil SKA
 52

(As we know that as per extant instructions in respect of the CDD of a proprietorship firm, in addition to the CDD of the
individual proprietor, any two documents in the name of the proprietary firm, from the given list of prescribed
documents, are also be obtained, as a proof of business/ activity.)

2. Conversion of existing accounts opened in non-face to face mode

using Aadhaar OTP based e-KYC authentication.

3. Updation/Periodic updation of KYC for eligible customers.

V-CIP (Video-CIP) PROCEDURE:

Procedure to be followed while undertaking V-CIP is as under:
1. The V-CIP process shall be operated only by officials of the Bank specially trained for this purpose. The official
should be capable to carry out liveliness check and detect any other fraudulent manipulation or suspicious conduct of
the customer and act upon it.

2. If there is a disruption in the V-CIP procedure, the same should be aborted and a fresh session initiated.

3. The sequence and/or type of questions, including those indicating the liveness of the interaction, during video
interactions shall be varied in order to establish that the interactions are real-time and not pre-recorded.

4. Any prompting, observed at end of customer shall lead to rejection of the account opening process.

5. The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the
name appearing in some negative list should be factored in at appropriate stage of workflow.

6. The authorized official of the Bank performing the V-CIP shall record audio-video as well as capture photograph of
the customer present for identification and obtain the identification information using any one of the following:
* OTP based Aadhaar e-KYC authentication
* Offline Verification of Aadhaar for identification
* KYC records downloaded from CKYCR using the KYC identifier provided by the customer.
* Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through Digi
locker.

Bank shall ensure to redact or blackout the Aadhaar number. In case of offline verification of Aadhaar using XML file or
Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 days
from the date of carrying out V-CIP.

Further, in line with the prescribed period of three days for usage of Aadhaar XML file / Aadhaar QR code, Bank shall
ensure that the video process of the V-CIP is undertaken within three days of downloading / obtaining the identification
information through CKYCR / Aadhaar authentication / equivalent e-document, if in the rare cases, the entire process
cannot be completed at one go or seamlessly. However, REs shall ensure that no incremental risk is added due to
this.

7. If the address of the customer is different from that indicated in the OVD, suitable records of the current address
shall be captured, as per the existing requirement. It shall be ensured that the economic and financial
profile/information submitted by the customer is also confirmed from the customer undertaking the V-CIP in a suitable
manner.

8. Bank shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases
where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority
including through Digi locker.

9. Use of printed copy of equivalent e-document including e-PAN is not valid for the V-CIP.

Sunil SKA
 53

10. The authorized official of the Bank shall ensure that photograph of the customer in the Aadhaar/OVD and PAN/e-
PAN matches with the customer undertaking the V-CIP and the identification details in Aadhaar/OVD and PAN/e-PAN
shall match with the details provided by the customer.

11. Assisted V-CIP shall be permissible when banks take help of Banking Correspondents (BCs) facilitating the
process only at the customer end. Banks shall maintain the details of the BC assisting the customer, where services of
BCs are utilized. The ultimate responsibility for customer due diligence will be with the bank.

12. All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to
ensure the integrity of process and its acceptability of the outcome.

13. All matters not specified under the paragraph but required under other statutes such as the Information Technology
(IT) Act shall be appropriately complied with by the Bank.

Salient advantages of the Video based KYC are as under-

Onboarding of new customers can be a lightning-fast real time event, coupled with Artificial Intelligence (AI) and
other technologies. All recorded interactions can be securely stored for future record.

It creates a win-win situation for the customer as well as the institution. On one hand, the onboarding costs for the
RE comes down by around90% making it extremely cost effective for Regulated Entities, on the other hand, due to
reduced turnaround time (TAT), it adds to customer delight.

Video- customer identification procedure (V-CIP) coupled with facial recognition/ matching software, automated data
extraction processes, along with state-of-the-art Machine Learning techniques is a more reliable and secured
onboarding technique.

The process for video KYC can be done from the comfort of the home of the customer. All that the customer needs
for onboarding, is a laptop or a smart phone, or a tablet with an active internet connection.

The process of Video-CIP shall be treated as face-to-face process, it means that the customer need not visit the
branch to complete any step of the process and customer will not be categorised or treated as ‘Non-Face to Face
customer’.

Reserve Bank of India has also extended the use of V-CIP functionality for updation/ Periodic updation of KYC of
eligible customers.

Sunil SKA
 54

2.4 Identification of Beneficial Owner

means an individual who ultimately owns or controls a client of a reporting entity or the person on whose behalf a
transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person.

The Bank should determine whether a clients is acting an behalf of a beneficial owner, and identify the beneficial
owner and take all reasonable steps to verify the identity of the beneficial owner.

For opening an account of a Legal Person who is not a natural person, the beneficial owner (s) is to be identified &
all reasonable steps to verify his/her identity is to be undertaken.

Identification of Beneficial owner is a regulatory as well as legal requirement.

As per section 3{(b)(iv)} of RBI Master Directions (KYC), 2016 amended up to10.05.2021, Customer Due Diligence
(CDD)” means identifying and verifying the customer and the beneficial owner.

As per section 34 of RBI Master Directions (KYC), 2016 “For opening an account of a Legal Person who is not a
natural person, the beneficial owner(s) shall be identified and all reasonable steps in terms of sub-rule (3) of Rule 9 of
the Rules to verify his/her identity shall be undertaken.”

As per Rule 9 (1) of PML Rules-2005, for CDD, Every reporting entity shall-
(a) at the time of commencement of an account-based relationship-

1. identify its clients, verify their identity, obtain information on the purpose and intended nature of the business
relationship; and

2. determine whether a client is acting on behalf of a beneficial owner and identify the beneficial owner and
take all steps to verify the identity of the beneficial owner.

Section 12 of PML act 2002, also inter-alia, casts obligation upon Bank/ other Reporting Entities to “identify the
beneficial owner, if any, of such of its clients, asmay be prescribed.”

Hence, identification of Beneficial owner is a legal as well as regulatory requirement.

Beneficial Owner
According to Chapter I, Section 2 (fa) of PMLA, 2002, Beneficial Owner means an individual who ultimately owns or
controls a client of a reporting entity or the person on whose behalf a transaction is being conducted and includes a
person who exercises ultimate effective control over a juridical person.

The Bank shall, according to Rule 9 (1) (a) (ii) of the PML (Maintenance of Records) Rules 2005, determine whether a
client is acting on behalf of a beneficial owner, and identify the beneficial owner and take all reasonable steps to verify
the identity of the beneficial owner.

For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) is to be identified and all
reasonable steps to verify his/her identity is to be undertaken keeping in view the following:

1. Where the customer or the owner of the controlling interest is a company listed on a stock exchange, or is a
subsidiary of such a company, it is not necessary to identify and verify the identity of any shareholder or beneficial
owner of such companies.

2. In cases of trust/nominee or fiduciary accounts whether the customer is acting on behalf of another person as
trustee/nominee, or any other intermediary is determined. In such cases, satisfactory evidence of the identity of the
intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other
arrangements in place shall be obtained.

Sunil SKA
 55

1. Where the customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or
together, or through one or more juridical persons, has/have a controlling ownership interest or who exercise control
through other means.

Explanation- For the purpose of this sub-clause

“Controlling ownership interest” means ownership of/entitlement to more than 25 per cent of the shares or
capital or profits of the company.

“Control” shall include the right to appoint majority of the directors or to control the management or policy
decisions including by virtue of their shareholding or management rights or shareholders agreements or voting
agreements.

2. Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting
alone or together, or through one or more juridical person, has/ have ownership of/ entitlement to more than 15
percent of capital or profits of the partnership.

3. Where the customer is an unincorporated association or body of individuals, the beneficial owner is the
natural person (s), who, whether acting alone or together, or through one or more juridical person, has/ have
ownership of/ entitlement to more than 15 per cent of the property or capital or profits of the unincorporated association
or body of individuals.

Explanation: Term ‘body of individuals’ includes societies. Where no natural person is identified under (i), (ii) or (iii)
above, the beneficial owner is the relevant natural person who holds the position of senior managing official.

4. Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of
the trust, the trustee, the beneficiaries with 15% or more interest in the trust and any other natural person exercising
ultimate effective control over the trust through a chain of control or ownership.

CDD of Beneficial owners has to be carried out at the time of on boarding and information should be collected in
Columns prescribed in CA AOF and fed in CBS.

Standard Operating Procedure (SOP) for Beneficial Owners

New Accounts: The Branches at the time of opening of accounts of entities are required to follow the SOP mentioned
below as per Cir R&DB/OPSKYC/13/2017-18 dt 21.02.2018-

Step 1 - Branches should obtain the Annexure I format along with the Account Opening Form (AOF) from the entities
and advise the entities to fill up the same in all the fields. Annexure I format contains the list of all the Beneficial
Owners of the entities as defined above.

Step 2 - Branches to verify and examine that the names of the Beneficial Owners as provided in Annexure I format
and their shares of capital or profit are as per the declaration made in the following documents:
Type of Entities Documents to be examined/verified
Company Memorandum and Article of Association.
Partnership Firm Partnership Deed.
Unincorporated association or a body Resolution of the managing body of such association
of Individuals
Trust Trust Deed

Step 3 - Once it is established that all the names of the Beneficial Owners along with their stake are made available,
the Branch should advise the entity to provide details of each such Beneficial Owner on Annexure II format (which is a
part as Annexure II of AOF for Non-Individuals) separately with Photograph and KYC documents for all of them as
required in case of an Individual.

Sunil SKA
 56

Step 4 - Branch will examine that all the columns in Annexure II format are duly filled in, photograph pasted and KYC
documents attached. KYC documents provided as such are required to be verified with the originals thereof.

Step 5 - Consequent upon creation of CIF for entity, the Branch will create Individual CIFs for all the Beneficial Owners
separately based on the details of Annexure II format and KYC documents submitted to the Branch for each Beneficial
Owner.

Step 6 - Subsequent to creation of CIF for entity and Individual for Beneficial Owner, for opening the account of the
entity, the linking of the CIF of the entity and all the CIFs of Beneficial Owners should be done as it is done in case of a
joint account of Individuals.

Step 7 - After following up all the steps up to Step 6, opening of the account of the entity will be complete and then
only transactions to be allowed.

Step 8 - Each CIF, i.e. CIF of entity and CIFs of Beneficial Owners will have the separate distinct CKYCR number.

Existing Accounts : For existing accounts of entities, the proposed process is asunder:

Step 1 -IT Department (BID/IDSPM) to extract Circle/Network/Module/Region/Branch wise data of all types of entities
accounts, i.e. the accounts of companies, partnership, Trust, etc. where (a) names and percentage share of Beneficial
Owners are available and (b) names and percentage share of Beneficial Owners are not available.

Step 2 - After extraction of data as mentioned in Step 1, the same will be placed on the dashboard on SBITIMES
under Centralised Project Ganga: BOD initiatives.

Step 3 - The Circles/Branches will obtain data/details of names and percentage share of Beneficial Owners on
Annexure I and Annexure II from all the entities and follow the procedure as mentioned above for creation of CIFs of
the Beneficial Owners and the same will be linked with the concerned accounts of the entities.

Exemptions: The following categories of accounts are exempted from obtention of details of Beneficial Owners:
Company listed on a stock exchange, or a subsidiary of such a company,
Office accounts,
State Govt./Central Govt. accounts,
Accounts of Banks
Public Sector Undertakings (State/Central Govt.)

Sunil SKA
 57

Module 2 - Assessment
Which one of the following is not an Officially Valid Document” (OVD)? B
a. Proof of possession of Aadhaar number
b. Aadhaar number/ card
c. Passport
d. Driving Licence
A well-designed KYC Policy complements the AML/ CFT systems deployed in a bank. Which one of the of the C
following is not true/ correct?
a. It helps in better understanding of customers and analysing the risk that they pose to the Bank and society at
large.
b. It provides the AML/ CFT cell with an accurate profile of the customers enabling a meaningful monitoring of
transaction patterns and better decision-making regarding reporting of a suspicious transaction.
c. It prevents the bank from lending to the persons with poor financials and saves the precious capital of bank.
d. It prevents on-boarding of persons who carry a dubious background. and who may be a potential threat to the
institution from the perspective of money laundering and financing of terrorism.
Which statement is NOT correct in respect of obtention of Aadhar number for CDD of an Individual? C
a. Banks can obtain the Aadhaar number from a customer where he is desirous of receiving any benefit or subsidy
in his account (DBT).
b. Banks can obtain the Aadhaar number from a customer where he decides to submit his Aadhaar number
voluntarily to a bank.
c. Banks must obtain the Aadhaar number/card from a customer whenever he is desirous of opening an account
with a Bank.
d. All the above statements are correct.
Some of the Customer categories may carry more than the ordinary risk of money laundering and terrorist D
financing and therefore warrant a be of the list given below, which Customer category does not fall under this
category?
a. Politically Exposed Persons (PEPs).
b. Multi-Level Marketing (‘MLM’) Companies.
c. Relatives of Politically Exposed Persons.
d. Account of NGOs promoted by UNO or its agencies.
Which one of the following is not an Officially Valid Document” (OVD)? A
a. Landline Telephone Bill
b. The Voter's Identity Card issued by the Election Commission of India,
c. Job card issued by NREGA duly signed by an officer of the State Government.
d. Letter issued by the National Population Register containing details of name and address.
Which of the following statements is correct regarding the requirement of the undertaking of customer due D
diligence (CDD) by the financial institutions?
a. Branches/ offices will undertake CDD while establishing business relationship.
b. Branches/ offices will undertake CDD while carrying out occasional transactions above the applicable
designated threshold for the account.
c. Branches/ offices will undertake CDD while there is a suspicion of money laundering or financing of terrorism,
regardless of any exemptions or thresholds.
d. All the statements are correct
What is the periodicity of Customer Risk Categorisation (CRC) for low risk individuals and entities? A
a. Every 10 Years
b. Every 8 Years
c. Every 5 years
d. Every 2 Years
An account becomes KYC Non-Compliant/ KYC discrepant, and the bank takes steps to make such accounts KYC C
Compliant. However, if the customer is not forthcoming to provide the necessary documents and/or information.
What steps bank will take?
a. Bank will immediately close the account.
b. Bank will convert the account to Small Account.
Sunil SKA
 58

c. Bank will take the steps towards phased imposition of partial / full freeze and eventual closure of the account.
d. Bank will impose and recover a penalty on the customer till the account become KYC compliant
Which of the following statement is correct regarding identification of beneficial owner based on Controlling D
ownership interest in case of a company?
a. Controlling ownership interest means ownership of/entitlement to more than 51 per cent of the shares or capital
or profits of the company.
b. Controlling ownership interest means ownership of/entitlement to 25 per cent or more of the shares or capital or
profits of the company.
c. Controlling ownership interest means ownership of/entitlement to 51 per cent or more of the shares or capital or
profits of the company.
d. Controlling ownership interest means ownership of/ entitlement to more than 25 per cent of the shares or capital
or profits of the company.
Which of the following statements regarding Customer Identification Procedures (CIP) is correct? D
a. Carrying out transactions for a non-account-based customer, that is a walk-in customer, where the amount
involved is equal to or exceeds rupees twenty thousand, whether conducted as a single transaction or several
transactions that appear to be connected.
b. Branches shall undertake Customer Identification while carrying out transactions for a non-account-based
customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees one lakh, whether
conducted as a single transaction or several transactions that appear to be connected.
c. Branches shall undertake Customer Identification while carrying out transactions for a non-account-based
customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees two lakh, whether
conducted as a single transaction or several transactions that appear to be connected.
d. Branches shall undertake Customer Identification while carrying out transactions for a non-account-based
customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees fifty thousand,
whether conducted as a single transaction or several transactions that appear to be connected.
Which of the following statements regarding Customer Identification Procedures (CIP) is correct? D
a. Customer identification requires identifying the customer and verifying his/ her identity by using reliable,
independent source documents, data, or information.
b. The first requirement of Customer Identification Procedures (CIP) to be satisfied is that a prospective customer
is who he/ she claims to be.
c. Customer identification means undertaking client due diligence measures while commencing an account-based
relationship including identifying and verifying the customer and the beneficial owner.
d. All statements are correct.
What is the periodicity of Customer Risk Categorisation (CRC) for Medium risk individuals and entities? A
a. Every 8 Years
b. Every 5 years
c. Every 10 Years
d. Every 2 Years
Who is a “Non face to face” customer for bank? B
a. When a customer is a legal person.
b. A customer with whom the Branch or any branch official has no direct interaction at the time of opening of
account.
c. A customer who executes all his transactions through Net-Banking and rarely visits his home branch.
d. A customer entering branch premises with face covered with mask.
Which of the following statements regarding Customer Identification Procedures (CIP) is NOT correct? A
a. Branches shall undertake Customer Identification while selling of third-party products as agents, selling our own
products, payment of dues of credit cards/ sale and reloading of prepaid/ travel cards and any other product for
more than Rs. 500,000/-
b. Branches shall undertake Customer Identification while carrying out transactions for a non-account-based
customer, that is a walk-in customer, where the amount involved is equal to or exceeds Rs 50000/-, whether
conducted as a single transaction or several transactions that appear to be connected.
c. Branches shall undertake Customer Identification while selling of third-party products as agents, selling our own
products, payment of dues of credit cards/ sale and reloading of prepaid/ travel cards and any other product for
more than Rs. 50,000/-
Sunil SKA
 59

b. Branches shall undertake Customer Identification while when the Bank has reason to believe that a customer
(account based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold
of Rs 50000/-.
In which of the following circumstances an account becomes KYC Non-Compliant/ KYC discrepant? D
a. Legacy Accounts found KYC non-compliant on re-examination/audit/ inspection.
b. Accounts opened with Deemed OVD but updated OVD is not provided within 3 months.
c. Accounts where customer does not co-operate to provide CDD or additional information, including Beneficial
Ownership information.
d. All of the above
What is Aadhaar Paperless Offline e-KYC/ Offline verification of Aadhaar? C
a. Aadhaar Paperless Offline e-KYC is an unsecure and non shareable document which can be used by specific
Aadhaar holders for offline verification of identification, by sharing Aadhar number or core biometrics.
b. Aadhaar Paperless Offline e-KYC is a secure and shareable document which can be used by any Aadhaar
holder for online verification of identification, without sharing Aadhar number or core biometrics.
c. Aadhaar Paperless Offline e-KYC is a secure and shareable document which can be used by any Aadhaar
holder for offline verification of identification, without sharing Aadhar number or core biometrics.
d. Aadhaar Paperless Offline e-KYC is a unsecure and shareable document which can be used by any Aadhaar
holder for offline verification of identification or through or core biometrics.
Which of the following statement is correct regarding the identification of a beneficial owner, where the customer is C
a trust?
a. Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of
the trust, the trustee, the beneficiaries with more than 25% interest in the trust and any other natural person
exercising ultimate effective control over the trust through a chain of control or ownership.
b. Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of
the trust, the trustee, the beneficiaries with 25% or more interest in the trust and any other natural person
exercising ultimate effective control over the trust through a chain of control or ownership.
c. Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of
the trust, the trustee, the beneficiaries with 15% or more interest in the trust and any other natural person
exercising ultimate effective control over the trust through a chain of control or ownership.
In which of the following situations Customer Identification Procedure (CIP) is not required to be carried out, by the B
Branches/offices?
a. Carrying out any international money transfer operations for a person who is not an account holder.
b. While effecting remittance for a non-customer who has approached for remitting INR 20000 through NEFT in
cash.
c. When the Branch/ Office doubts the authenticity or adequacy of the customer identification data it has obtained.
d. While establishing an account-based relationship
In which of the following instances, Customer Due Diligence (CDD) Procedure in the case of an Individuals is D
required?
a. While establishing account-based relationship with an individual.
b. While establishing account-based relationship with a beneficial owner/ authorized signatory or the power of
attorney holder related to any
c. While establishing account-based relationship with an authorized signatory or the power of attorney holder
related to any legal entity.
d. All the statements are correct.
If, during Name Screening process, the ID of the applicant/customer is different from the ID of the corresponding A
person in the negative lists, then the name and other identifiers of the applicant/ customer are matched with those
of the corresponding person given in the negative lists. In case the name and at least ____________ other
identifiers match, it is considered a positive match.
a. two
b. three
c. one
d. four
An account which has been opened using Deemed OVD, for the limited purpose of current address, within what A
period the customer will provide the OVD updated with current address?
Sunil SKA
 60

a. The customer shall submit OVD updated with current address within a period of three months of submitting the
deemed OVD.
b. The customer shall submit OVD updated with current address within a period of six months of submitting the
deemed OVD.
c. The customer shall submit OVD updated with current address within a period of nine months of submitting the
deemed OVD.
d. The customer shall submit OVD updated with current address within a period of twelve months of submitting the
deemed OVD.
Bank shall take steps to make KYC non-compliant accounts KYC Compliant first. However, if the customer is not D
forthcoming to provide the necessary documents and/or information, Bank will take the steps towards phased
imposition of partial / full freeze and eventual closure of the account. Who is the authority to permit closure of such
accounts?
a. The competent authority to permit closure of such accounts shall be the Branch Head of any scale.
b. The competent authority to permit closure of such accounts shall be the General Manager (Network), to permit
closure of such accounts.
c. The competent authority to permit closure of such accounts shall be the Branch Head, not below the rank of
Assistant General Manager. In all other cases, Regional Manager of the R.B.O shall be the competent authority to
permit closure of such accounts.
d. The competent authority to permit closure of such accounts shall be the Branch Head, not below the rank of
Chief Manager in Senior Management Grade. In all other cases, any Chief Manager of the R.B.O shall be the
competent authority to permit closure of such accounts.
“Where no natural person is identified in case the client is a Company / Partnership firm / Unincorporated A
Association or Body of Individuals, Who will be treated as ‘Beneficial Owner’ as per PML Amendment Rules 2013
?
a. The relevant natural person who holds the position of senior managing official.
b. Any one of the signatories to the account.
c. All of the signatories to the account.
d. None of the Above.
An account becomes KYC Non-Compliant/ KYC discrepant accounts in certain circumstances? Which of the B
following statement is NOT correct in this regard?
a. Accounts where KYC Updation is overdue.
b. Small accounts where OVD is not provided within a period of 12 months, subject to relaxations provided by RBI/
Govt. of India.
c. Accounts opened with Deemed OVD but updated OVD is not provided within 3 months.
d. Small accounts where OVD is not provided within a period of 24 months, subject to relaxations provided by RBI/
Govt. of India.
Which of the following is not true regarding the Video-based Customer Identification Process (V-CIP)? A
a. The official of the Bank performing the V-CIP shall record video as well as capture photograph of the customer
present for identification.
b. Video CIP is an alternate method of customer identification with facial recognition and customer due diligence
by an authorised official of the Reporting Entity.
c. Video based CIP will be treated as Non face-to-face CIP.
d. Video CIP is done by undertaking seamless, secure, live, informed consent based audio-visual interaction with
the customer to obtain identification information required for CDD purpose,
Which of the following documents are not required by the bank for opening an account of a Trust? C
a. Permanent Account Number or Form No.60 of the trust
b. Registration certificate and Trust deed
c. Memorandum and Articles of Association
d. Documents relating to beneficial owner managers officers or employees as the case may be holding an attorney
to transact on its behalf
If a customer, who has submitted Aadhar number voluntarily, wants to provide current address different from the C
address contained in Aadhaar records, which of the document required?
a. Identity card issued by the employer which is a listed company.
b. Letter from employer confirming his current address.
Sunil SKA
 61

c. Simply a self-declaration regarding current address may be obtained.

d. Rent deed/ agreement duly executed with the landlord.
In our Bank which number is used as UCIC? C
a. Customer Information File (CIF)
b. Unique Aadhar number of customer
c. Unique Customer Identification Code
d. Unique Account number of customer
The Customer Acceptance Policy (CAP) section of the Bank’s KYC Policy, lays down the criteria for acceptance of B
a person as a customer of the bank. Which of the following statement is not correct in respect of CAP?
a. No account is opened in anonymous or fictitious/ benami name.
b. An account may be opened in anonymous or fictitious/ benami name but it must be ensured that identity of
customer does not match with any person or entity whose name appears in the sanction’s lists circulated by RBI.
c. It should be ensured that identity of customer does not match with any person or entity whose name appears in
the sanction’s lists circulated by Reserve Bank of India.
d. No account is opened where the Branch/ Business unit is unable to apply appropriate CDD measures, either
due to non-cooperation of the customer or non-reliability of the documents/ information furnished by the customer.
Who should ensure compliance with the KYC guidelines at the time of on-boarding of a customer? C
a. The Branch manager should ensure that all aspects of KYC guidelines are complied with.
b. The Service manager should ensure that all aspects of KYC guidelines are complied with.
c. The officer-in-charge vested with the authority to open the account, should ensure compliance with the KYC
guidelines.
d. Business Correspondents (BCs) & Business Facilitators (BFs) who open the account, should ensure compliance
with the KYC guidelines

Sunil SKA
 62

3.1 Impact on Regulatory Compliance

Information and data are the most strategic assets of an organization. It is critical to maintain correct business data for
effectual decision-making.

Erroneous data entered into CBS leads to data impurities which translates into Non-Compliance of Regulatory
guidelines. Bank is receiving heavy criticism from RBI on account of such avoidable errors caused due to lack of
awareness among the operating functionaries. Bank has released an advisory analysing the impact from regulatory
compliance perspective due to feeding of erroneous data in CBS fields at the time of onboarding of customer or
feeding additional data.

What is Erroneous Data?

Erroneous Data refers to information that can be erroneous, misleading, and without general formatting. While, as a
matter of fact, no industry, or organization is immune to it, still, If not acknowledged and fixed at an early stage,
erroneous/ bad data can cause serious coercions.

How does the erroneous data occur –

Missing Data: Fields that should contain data are lying blank.

Wrong or inaccurate data: The information that has not been entered correctly or maintained.

Inappropriate data: Data which has been entered in the wrong field.

Non-conforming data: Data which has not been normalized as per the system of records.

Duplicate data: A single Account, Contact, etc. that occupies more than one record in the database.

Poor data entry: Misspellings, typo errors, transpositions, and variations in spelling, naming or formatting.

Though avoiding erroneous data completely from a system is very difficult, it should be the endeavor of every
institution and its employees to strive for most accurate data in the system.

Impact on Regulatory Compliance

As global regulations proliferate, and as the expectations of various stake holders increase, financial institutions are
exposed to a greater degree of compliance risk than ever before.

Compliance risk is the threat that is posed to an organization’s financial, organizational, and reputational standing
resulting from non-compliances of laws, regulations, codes of conduct, or internal systems and procedures. An
organization, for understanding it’s risk exposure, may need to improve its risk assessment processes to fully
incorporate compliance risk exposure.

The KYC guidelines or compliances related to KYC primarily emanate from the provisions of Prevention of Money-
Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, as amended
from time to time by the Government of India. The regulators such as the Reserve Bank of India (RBI), the Securities
and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority (IRDA) are required,
further to issue directions to the entities, which they regulate, as well as to ensure compliance of these directions.

RBI through its Master Directions, RBI (KYC) Directions, 2016, has issued instructions for the regulated entities to
follow the customer identification procedures while undertaking a transaction either by establishing an account-based
relationship or otherwise and monitor their transactions.

The RBI (KYC) directions, 2016 make it mandatory for REs to have a Know Your Customer (KYC) policy duly
approved by the Board of Directors of REs or any committee of the Board to which power has been delegated.

Sunil SKA
 63

Hence, Know Your Customer (KYC) procedures, are a critical function to assess customer risk and a legal as well as
regulatory requirement to comply with the Prevention of Money Laundering Act (PMLA) -2002 and the Prevention of
Money-Laundering (Maintenance of Records) Rules, 2005.

Most of the recent penalties imposed by RBI on banks have been due to non-compliance of AML, CFT, KYC
guidelines.

A financial institution ought to know its customers well enough, which is not possible without pure and authentic data.
A financial institution (FI) would face fines, sanctions, and reputational damage, if it deals with a money launderer or a
terrorist in the absence of correct data.

For financial institutions, following KYC guidelines is more than a financial risk –it’s the legal and regulatory
compliance.

“KYC” essentially refers to the steps taken by a financial institution (or business)to:
Establish customer identity.
Understand the nature of the customer’s business and activities, the primary goal being to satisfy that the
sources of the customer’s funds are legitimate.
Assess money laundering and terror financing risks associated with the customer.

For any financial institution, it is important to make sure that the data as well as the prospective customer is
trustworthy. Customer due diligence (CDD) coupled with correct data, is the critical tool of effectively managing the
related risks and protecting the FI against criminals, terrorists, and Politically Exposed Persons(PEPs) who might
present an enhanced risk.

Following are the probable impacts of erroneous data resulting in wrong reporting of data to Regulators, FIU –
IND and other Govt Agencies-
1. Erroneous data- ‘Name /First/ Last Name / Maiden Name/ Father/Mother’s Name’:

It is to be ensured that no account is opened in an anonymous or fictitious/benami name. The name Screening
process is done to ensure that the identity of the customer does not match with any person or entity, whose name
appears in the sanctions lists circulated by the Reserve Bank of India. The wrong name may -

Lead to On- boarding of a person whose name appears in the sanctions lists and bank may face
Regulatory punitive action.

Impact the quality and result of name screening against the negative lists.

Lead to wrong reporting to FIU-India.

Lead to lack of exercising due diligence as per Customer Identification Procedure

2. Feeding of erroneous data regarding ‘Gender- Male/Female/Transgender’:

Wrong feeding may lead to non-compliance of Government guidelines
in the extension of Gender-specific subsidy benefits, the differential rate of interest in certain categories of
deposit/loan scheme, etc. It may also lead to wrong reporting to FIU-India.

3. Feeding of erroneous data regarding ‘Date of Birth’:

No feeding/ wrong feeding may lead to denial of Senior Citizen benefits by the system even if they have
become a senior citizen or early giving benefits who are not the senior citizens. In both cases, it will lead to
regulatory guidelines will be non-compliant.

Minor may open their accounts in major head category, may lead bank to land into trouble under Contract
Act.

Sunil SKA
 64

May impact the quality and result of name screening against the negative lists

Conversion of accounts from minor to major, after the customer turns 18, will be impacted.

4. Feeding of erroneous data regarding ‘Customer Type’: Normal, Small or Minor.

Wrong classification may -
Deny some benefits that accrue to some category or may give wrongful benefits that does not accrue to that
category, which is against extant Regulatory guidelines.

Lead to wrong reporting to FIU-India.

5. Erroneous data in respect of ‘Marital Status’:

May lead to wrong filing of Regulatory returns.

May impact the transaction monitoring process (such as single/married/widow).

6. Feeding of erroneous data regarding ‘Nationality’

Regulatory guidelines prohibit certain country’s citizens to be on-boarded, Not feeding document based
correct Nationality may lead to on- Boarding of customers of blacklisted nations.

May lead to wrong reporting to FIU-India.

7. Feeding of erroneous data regarding ‘Educational qualification’:

May lead to wrong filing of Regulatory returns.

May lead to wrong reporting to RBI.

8. Feeding of erroneous data regarding ‘Citizenship’:

May impact proper classification.

May impact monitoring as citizens of some specific countries are not permitted to open accounts in India.

May impact proper reporting to FIU-India in mandatory report i.e., the Cross Border Wire Transfer Reports-
(CBWTR).

9. Feeding of erroneous data regarding ‘Country code of jurisdiction of residence’: may have impact on
FATCA/CRS compliance related issues.

10. Feeding of erroneous data regarding ‘Permanent Account Number(PAN)/ Form No. 60’ - Where Permanent
Account Number (PAN) is obtained, the same is to be verified from the verification facility of the issuing authority.

Feeding of wrong PAN number may lead to deduction of Tax at incorrect rate, wrong filing of statutory
returns at Bank level, etc and it may invite penalty from IT Department & cause reputation risk.

Wrong feeding or non-feeding of PAN details may lead to wrong information to FIU-India.

11. Feeding of erroneous data regarding ‘Liberalized KYC-Yes/No’:

In order to achieve the aim of 100% Financial Inclusion, RBI has allowed banks to onboard customers with Liberalised
KYC norms (such as opening of small accounts) but KYC is to be completed within prescribed period of 24 months. If
we do not mark the account as opened under Liberalised KYC-

we may not follow-up for completing KYC after prescribed period and that may lead to non-compliance.

Sunil SKA
 65

Permitting all transaction, irrespective of value, will breach RBI Guidelineson ‘Small A/Cs’

12. Feeding of erroneous data regarding ‘Marital Status’: may lead to wrong filing of Regulatory returns.

13. Feeding of erroneous data regarding ‘Political exposed person (PEP)/Relative to PEP’:
Not categorising a PEP’s account properly may lead to non-compliance of guidelines of Money Laundering
under PMLA act 2002.

Wrong reporting to FIU-India in ground of suspicion while filing STR.

14. Feeding of erroneous data regarding ‘Address Details: Current/correspondence/local address (Address
type, Proof of Address, Country name, State, City, District etc.)’ - Wrong feeding of Address details-

Impacts the quality and result of name screening against the negative lists as per regulatory guidelines.

Makes difficult in reaching out to the customer.

Important communication from Bank may not reach out the customer, despatch of ATM card, cheque book
etc. may fall into wrong hands.

15. Feeding of erroneous data regarding ‘POI- Identity Document’

For proper identification, bank shall undertake identification of customers at the time of commencement of an account-
based relationship with the customer.

Not exercising due diligence in identifying the customers based on prescribed documents as per bank’s
KYC policy may lead to punitive action of Regulators.

May lead to frauds and reputation loss.

3.2 Impact on Risk Management

Effective KYC involves knowing customers’ identity, financial status, and the risk they pose to the bank and the society
at large.

Non-compliance with KYC/AML/CFT standards can lead to use of the different channels of the Bank for Money
Laundering/financing terrorism activities and thus expose the Bank to risks such as Operational Risk, Reputation Risk,
Compliance Risk and Legal Risk etc.

As we are aware ‘Name Screening’ is an essential part of Customer Acceptance Policy of a Financial Institution, to
ensure that the Financial Institution does not on-board any person or entity whose identity matches with any person or
entity in the Negative Lists, and to weed out those persons or entities already on board, and whose name
subsequently figures in any of the Negative Lists.

Name-Screening is a process by which a given Name of a person or entity is screened against various lists circulated
by National and International Organizations, Regulators, Agencies, and the Institution itself. The necessity of creating a
process of Name Screening at the time of customer on-boarding and at periodic intervals, arises from regulations/
guidelines by RBI and FIU-IND and bank’ own KYC/AML/ CFT policy.

Through Name Screening, a Financial Institution reduces the risk of misuse of its channels and facilities by
unscrupulous elements for Money Laundering and/ or Terrorist Financing, by filtering out persons of criminal and
dubious background at the on-boarding stage itself.

Sunil SKA
 66

When a name match alert is displayed in CBS at the time of creating a new CIF or renewal of an existing CIF, the
name and ID details of the applicant / customer is matched with those of the corresponding name against which the
match has occurred in a negative list(s).

In such cases, where the Identity Document (ID) of the applicant/customer is different from the ID of the corresponding
person in the negative lists (for e.g. the customer has produced PAN card, but the available Id of the corresponding
person in the negative list is Passport), then, the name and other identifiers of the applicant/customer (date of birth,
father's name, address, mobile no.) are matched with those of the corresponding person given in the negative lists.
Incase the name and at least two other identifiers match, it is considered a positive match. (For e.g. if the name and
date of birth match but father's name/ address do not match, it cannot be taken as positive match).

If correct data related to the customers profile, such as name of the customer, name of father/ spouse, date of birth,
sex, profession, nationality etc is not available, the bank will not be able to decide the positive/ negative match as per
the afore mentioned procedure.

Thus, the bank may not be able to comply with the Master directions issued by RBI in this regard, as well as the rules
framed under UAPA. 1967, with the purpose of filtering out persons of criminal and dubious background.

Section 53 of RBI (KYC) Directions, 2016, amended up to 10.05.2021 especially directs the banks and other REs that
in case of a positive match - “The procedure laid down in the UAPA Order dated February 2, 2021, shall be strictly
followed and meticulous compliance with the Order issued by the Government shall been sured by REs.”

Risk of Regulatory Compliance related to AML-CFT

As per section 51 of RBI (KYC) Direction, 2016, updated up to 10.05.2021, “Res shall ensure that in terms of Section
51A of the Unlawful Activities (Prevention)(UAPA) Act, 1967 and amendments thereto, they do not have any account
in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links,
which are approved by and periodically circulated by the United Nations Security Council (UNSC). The details of the
two lists are as under:

The “ISIL (Da’esh) &Al-Qaida Sanctions List”, which includes names of individuals and entities associated
with the Al-Qaida. The updated ISIL &Al-Qaida Sanctions List is available at
https://scsanctions.un.org/fop/fop?xml=htdocs/resources/xml/en/consolidated.xml&xslt=htdocs/resources/xsl/e
n/al-qaida-r.xsl

The “1988 Sanctions List”, consisting of individuals (Section A of the consolidated list) and entities (Section
B) associated with the Taliban which is available at
https://scsanctions.un.org/fop/fop?xml=htdocs/resources/xml/en/consolidated.xml&xslt=htdocs/resources/xsl/e
n/taliban-r.xsl.

As per section 52 of RBI (KYC) Direction, 2016, updated up to 10.05.2021, In addition to the above lists, other
UNSCRs (United Nations Security Council Resolutions), circulated by the Reserve Bank in respect of any other
jurisdictions/entities from time to time shall also be taken note of.

RBI directions make it mandatory for Banks and other REs, to report details of accounts resembling any of the
individuals/entities in the negative lists referred in the aforesaid direction, to FIU-IND apart from advising Ministry of
Home Affairs as required under UAPA notification dated the February 2, 2021.

In the absence of correct data, the bank will be running the risk of non-compliance of the regulatory instructions
regarding not allowing to, on-board any person or entity whose name / identity matches with the name/ identity of any
person or entity, whose name is appearing in the Negative Lists.

Risk of Legal Compliance related to AML-CFT

As per section 51A of UAPA, 1967, for the prevention of, and for coping with terrorist activities, the Central
Government has powers to-

Sunil SKA
 67

1. freeze, seize or attach funds and other financial assets or economic resources held by, on behalf of or at the
direction of the individuals or entities listed in the Schedule to the Order, or any other person engaged in or suspected
to be engaged in terrorism;

2. prohibit any individual or entity from making any funds, financial assets or economic resources or related services
available for the benefit of the individuals or entities listed in the Schedule to the Order or any other person engaged in
or suspected to be engaged in terrorism;

3. prevent the entry into or the transit through India of individuals listed in the Schedule to the Order or any other
person engaged in or suspected to be engaged in terrorism".

"Schedule to Order" means the Prevention and Suppression of Terrorism (Implementation of Security Council
Resolutions) Order, 2007, as may be amended from time to time.

In order to ensure expeditious and effective implementation of the provisions of Section 51A, Ministry of Home Affairs,
has issued revised procedural guideline on 2nd Feb 2021 for being followed by Banks and other Reporting Entities.
The details of the order, interalia, are as under -

Procedure regarding communication and updation of the ‘List of designated individuals/entities’

It is on the part of the Ministry of External Affairs to update ‘The list of individuals and entities’ subject to the
UN sanction measures whenever changes are made in the lists by the UNSC 1267 Committee pertaining to Al
Qaida and Da’esh and the UNSC 1988 Committee pertaining to Taliban.

On such revisions, the Ministry of External Affairs would electronically forward the changes without delay to
the designated Nodal Officers in the Ministry of Corporate Affairs, CBIC, Financial Regulators, FIU–IND,CTCR
Division and Foreigners Division in MHA.

The list of designated persons shall be forwarded by the Financial Regulators to the banks, stock exchanges/
depositories, intermediaries regulated by SEBI and insurance companies.

Procedure regarding funds, financial assets or economic resources or related services held in the
form of bank accounts, stocks or Insurance policies etc. (Compliance for Banks)

1. The Financial Regulators will issue necessary guidelines to banks, stock exchanges/depositories, intermediaries
regulated by the SEBI and insurance companies requiring them -

1. To maintain updated designated lists in electronic form and run a check on the given parameters on a daily
basis to verify whether individuals or entities listed are holding any funds, financial assets or economic
resources or related services held in the form of bank accounts, stocks, Insurance policies etc., with them.

2. In case, the particulars of any of their customers match with the particulars of designated
individuals/entities, the banks, stock exchanges/depositories, intermediaries regulated by SEBI, insurance
companies shall immediately inform full particulars of the funds, financial assets or economic resources or
related services held in the form of bank accounts, stocks or Insurance policies etc., held by such customer on
their books to the Central [designated] Nodal Officer for the UAPA, at Fax No.011-23092551 and also convey
over telephone No. 011-23092548.The particulars apart from being sent by post shall necessarily be conveyed
on email id: [email protected] .

3. The banks, stock exchanges/depositories, intermediaries regulated by SEBI and insurance companies shall
also send a copy of the communication mentioned above to the UAPA Nodal Officer of the State/UT where the
account is held and to Regulators and FIU-IND, as the case may be, without delay.

Sunil SKA
 68

4. In case, the match of any of the customers with the particulars of designated individuals/entities is beyond
doubt, the banks, stock exchanges/depositories, intermediaries regulated by SEB Iand insurance companies
shall prevent such designated persons from conducting financial transactions, under intimation to the Central
[designated] Nodal Officer for the UAPA at Fax No.011-23092551 and also convey over telephoneNo.011-
23092548. The particulars apart from being sent by post should necessarily be conveyed on e-mail id: jsctcr-
[email protected] , without delay.

5. The banks, stock exchanges/depositories, intermediaries regulated by SEBI, and insurance companies shall
file a Suspicious Transaction Report (STR) with FIU-IND covering all transactions in the accounts, mentioned
above, carried through or attempted as per the prescribed format.

2. On receipt of the particulars, the Central [designated] Nodal Officer for the UAPA would cause a verification to be
conducted by the State Police and/or the Central Agencies so as to ensure that the individuals/ entities identified
by the banks, stock exchanges/depositories, intermediaries and insurance companies are the ones listed as
designated individuals/ entities and the funds, financial assets or economic resources or related services, reported
by banks, stock exchanges/depositories, intermediaries regulated by SEB Iand insurance companies are held by the
designated individuals/entities. This verification would be completed expeditiously from the date of receipt of
such particulars.

3. In case, the results of the verification indicate that the properties are owned by or are held for the benefit of
the designated individuals/entities, an order to freeze these assets under Section 51A of the UAPA would be
issued by the Central[designated] nodal officer for the UAPA without delay and conveyed electronically to the
concerned bank branch, depository and insurance company under intimation to respective Regulators and FIU-
IND.

The order shall be issued without prior notice to the designated individual/entity.

Procedure regarding implementation of requests received from foreign countries under U.N. Security
Council Resolution 1373 of2001:

1. The U.N. Security Council Resolution No.1373 of 2001 obligates countries to freeze without delay the funds or other
assets of persons who commit, or attempt to commit, terrorist acts or participate in or facilitate the commission of
terrorist acts; of entities owned or controlled directly or indirectly by such persons; and of persons and entities acting
on behalf of, or at the direction of such persons and entities, including funds or other assets derived or generated from
property owned or controlled, directly or indirectly, by such persons and associated persons and entities.

2. The Central [designated] Nodal Officer for the UAPA shall cause the request to be examined without delay, so as to
satisfy itself that on the basis of applicable legal principles, the requested designation is supported by reasonable
grounds, or a reasonable basis, to suspect or believe that the proposed designee is a terrorist, one who finances
terrorism or a terrorist organization, and upon his satisfaction, request would be electronically forwarded to the Nodal
Officers in Regulators, FIU-IND and to the Nodal Officers of the States/UTs. The proposed designee, as mentioned
above would be treated as designated individuals/entities.

Procedure regarding unfreezing of funds, financial assets or economic resources or related services of
individuals/entities inadvertently affected by the freezing mechanism upon verification that the person or
entity is not a designated person:

1. Any individual or entity, if it has evidence to prove that the freezing of funds, financial assets or economic
resources or related services, owned/held by them has been inadvertently frozen, they shall move an
application giving the requisite evidence, in writing, to the concerned bank, stock exchanges/depositories,
intermediaries regulated by SEBI, insurance companies, Registrar of Immovable Properties, ROC, Regulators
of DNFBPs and the UAPA Nodal Officers of State/UT. \

Sunil SKA
 69

2. The banks, stock exchanges/depositories, intermediaries regulated by SEBI, insurance companies,

Registrar of Immovable Properties, ROC, Regulators of DNFBPs and the State/ UT Nodal Officers shall inform
and forward a copy of the application together with full details of the asset frozen given by any individual or
entity informing of the funds, financial assets or economic resources or related services have been frozen in
advertently, to the Central [designated] Nodal Officer for the UAPA within two working days.

3. The Central [designated] Nodal Officer for the UAPA shall verify on the basis of the evidence furnished by
the individual/entity, and, if satisfied, he/she shall pass an order, without delay, unfreezing the funds, financial
assets or economic resources or related services, owned/held by such applicant, under intimation to the
concerned bank, stock exchanges/depositories, intermediaries regulated by SEBI, insurance company,
Registrar of Immovable Properties, ROC, Regulators of DNFBPs and the UAPA Nodal Officer of State/UT.
However, if it is not possible for any reason to pass an Order unfreezing the assets within 5 working days, the
Central[designated] Nodal Officer for the UAPA shall inform the applicant expeditiously.

Procedure for communication of compliance of action taken under Section 51A: The Central [designated]
Nodal Officer for the UAPA and the Nodal Officer in the Foreigners Division, MHA shall furnish the details of funds,
financial assets or economic resources or related services of designated individuals/entities frozen by an order, and
details of the individuals whose entry into India or transit through India was prevented, respectively, to the Ministry of
External Affairs for onward communication to the United Nations.

Procedure regarding communication of the Order issued under Section 51A of Unlawful Activities
(Prevention) Act, 1967: The order issued by the Central [designated] Nodal Officer for the UAPA relating to funds,
financial assets or economic resources or related services, shall be communicated to all the UAPA nodal officers in the
country, the Regulators of Financial Services, FIU-IND and DNFBPs, banks, depositories/stock exchanges,
intermediaries regulated by SEBI, Registrars performing the work of registering immovable properties through the
UAPA Nodal Officer of the State/UT.

In absence of correct data regarding Name/ Spouse/ Father’s name, Date of Birth/ Date of Incorporation/ and
other identifier like correct identification documents, banks may fail to ensure proper compliance with above
procedural order and expose itself to operational, legal & compliance risk which in turn will cause huge
reputational loss to the bank.

RBI instructions on Money Laundering and Terrorist Financing Risk Assessment by Banks & other REs -
In terms of RBI (KYC) directions, 2016-

1. REs shall carry out ‘Money Laundering (ML) and Terrorist Financing (TF)Risk Assessment’ exercise
periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist
financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels,
etc.

2. The assessment process should consider all the relevant risk factors before determining the level of overall
risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk
assessment, REs shall take cognizance of the overall sector-specific vulnerabilities, if any, that the
regulator/supervisor may share with Res from time to time.

3. The risk assessment by the RE shall be properly documented and be proportionate to the nature, size,
geographical presence, complexity of activities/structure, etc. of the RE. Further, the periodicity of risk
assessment exercise shall be determined by the Board of the RE, in alignment with the outcome of the risk
assessment exercise. However, it should be reviewed at least annually.

4. The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in
this regard has been delegated and should be available to competent authorities and self-regulating bodies.

Sunil SKA
 70

5. REs shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and
should have Board approved policies, controls and procedures in this regard. Further, REs shall monitor the
implementation of the controls and enhance them if necessary.

A critical element to a successful risk mitigation, both at the institutional level anda t the micro level of each account, is
ensuring the compliance of KYC policy and guidelines at each step that is from the onboarding stage to the monitoring
of transactions in the account through customer due diligence. While the regulator may provide guidelines, it’s up to
the individual institution to determine the exact level of risk and applying Risk Based approach (RBA) for management
of the identified risk.

The correct data will only make it possible to manage the related risk and abide by regulatory and legal requirements.

3.3 Impact on Customer Risk Categorisation

Customer Risk Categorisation enables a bank to follow a risk-based approach on AML/CFT. The Risk categorisation
will not reflect the true state of affairs in case of erroneous data.

Erroneous data may lead to Improper classification of risk category of the customer- High risk customer may be
categorised as low risk or vice-versa.

For proper risk assessment of business relationship with customers and evolving suitable monitoring mechanism, all
customers, individuals and non individuals are to be categorised as High, Medium and Low risk based on correct data,
based on the assessment and risk perception of the Bank which will be erroneous in case of spurious data.

Risk categorisation is undertaken based on certain pre-approved parameters, already specified in the KYC policy,
such as customer’s identity, social/financial status, nature of business activity, and information about the customer’s
business and their location etc, hence correct and complete data is required for proper risk categorization.

Enhanced Due Diligence for certain high-risk customers.

Enhanced due diligence is required to be undertaken in respect of certain type of high-risk customers as directed in
terms of RBI (KYC) Directions-2016 such as-

1. Accounts of non-face-to-face customers (other than Aadhaar OTP based on-boarding):

2. Accounts of Politically Exposed Persons (PEPs)

3. Client accounts opened by professional intermediaries.

In case the data is not correct, bank will not be able to undertake Enhanced Due diligence in respect of customers
qualifying for EDD.

Periodic Updation of KYC:

Periodic updation of KYC is to be carried out at least once in every two years for high-risk customers, once in every
eight years for medium risk customers and once in every ten years for low-risk customers.

Ongoing monitoring, which is an essential element of effective KYC/AML procedures, will not be effective in the
absence of correct data.

Ongoing due diligence is to be exercised in respect of customers to monitor transactions to ensure that they are
consistent with the customer’s personal profile, business / risk profile and source of funds.

Ongoing due diligence is based on the following principles:

Sunil SKA
 71

1. The extent of monitoring depends on the risk category of the account.High risk accounts must be subjected to more
intensified monitoring.

2. Particular attention is paid to transactions posing higher AML/CFT risk.

3. Review of risk categorization of customers should be carried out at aperiodicity of not less than once in six months.

4. Transactions in accounts of Marketing firms especially accounts ofMultilevel Marketing Firms/ Companies should be
closely monitored

It’s not enough to just check the customer once at the time of onboarding, are porting entity, needs to have a system to
monitor the customer on an ongoing basis. The ongoing monitoring function includes oversight of financial transactions
and accounts based on thresholds and red flags developed as necessary part of a customer’s risk profile.

In case of reasonable ground of suspicion, a Suspicious Transaction Report (STR)/Suspicious Activity Report (SAR)
must be filed.

AML/CFT department undertakes monitoring of transactions to analyse unusual trend of transactions, un-matching
with the status of the account holder.

Wrong feeding or no feeding of data may lead to wrong conclusion and wrong reporting leading to penalties from FIU-
IND/ RBI.

Following are the probable impacts of erroneous data impacting Customer Risk Categorisation-

1. Feeding of erroneous data regarding ‘Residential Status- RI/NRI’:

Feeding of wrong residential status in the system may -

Lead to Tax-Related Non-Compliance

Lead to FEMA related Non-Compliance
May lead to the wrong classification of the risk category of the customer.
Effect the obtention of KYC document periodicity due to the wrong classification of risk category of the
customer
Lead to errors in alert generation for transaction monitoring.

2. Feeding of erroneous data regarding ‘Customer Type’: Normal, Small or Minor - The wrong classification
impacts the Customer Risk Categorization.

3. Feeding of erroneous data regarding ‘Nationality’ also Impacts the Customer Risk Categorization.

4. Feeding of erroneous data regarding ‘Citizenship’: Impacts the classification of proper risk category of the
customer.

5. Feeding of erroneous data regarding ‘Country code of jurisdiction of residence’: May also lead to wrong
classification of risk of the customer.

6. Feeding of erroneous data regarding ‘Liberalized KYC-Yes/No’: Impacts the Customer Risk Categorization due
to wrong selection of customer profile customer profile.

7. Feeding of erroneous data regarding ‘Political exposed person (PEP)/Relative to PEP’:

It has direct impact on risk categorization of the customer.

Sunil SKA
 72

These are high risk category accounts and need enhanced due diligence and up-dation of periodical risk
categorisation. Not categorising a PEP’s account properly may lead to non-compliance of guidelines of Money
Laundering under PMLA act 2002.

8. Feeding of erroneous data regarding ‘Address Details: Current/correspondence/local address (Address

type, Proof of Address, Country name, State, City, District etc.)’ - Wrong feeding of Address details impacts risk
categorization of the customer. There are certain districts or centres which are classified as high-risk locations.

3.4 Impact on Transaction Monitoring &Reporting

Analysing the transactions conducted by a customer/ non-customer, with a view to ensuring that the value, nature and
pattern of transaction is consistent with the customer profile and/ or to determine whether the transaction under
consideration has an economic rationale, is termed as transaction monitoring.

The Prevention of Money laundering Act, 2002 and the Rules there under require every banking company to furnish
details of suspicious transactions whether or not made in cash in the form of a suspicious transaction report.

The Customer Profile must be created as accurately as possible, as it determines the risk category of the customer.
The customer should be advised that correct profiling is in the customer’s interest to be compliant with various
directives from the bank, RBI and the relevant laws/ enactments issued from time to time by the Government.

For the purpose of monitoring individual transactions in accounts correct and updated profile of the customer is the key
requirement. Any error in the profile will lead to ineffective monitoring and wrong or non-reporting of suspicious
transactions.

1. “Customer Profile” of individual account holders is compiled from the information in the account opening forms,
covering information like Occupation/activity, Source of funds, Monthly Income, Annual turnover(in the case of
business), Date of Birth, Educational qualification, Details of existing credit facilities, if any, Assets (approximate value)
etc.

2. Customer profiles are to be prepared for all accounts: Customer profiles must be reviewed whenever the branch has
doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data.

3. Additional information to be collected for risk categorization -

a. purpose/reason for opening the account or establishing the relationship.
b. anticipated level and nature of the activity that is to be undertaken.
c. expected source of funds.
d. details of occupation / employment and sources of wealth or income.

In case of erroneous data, the customer profiling exercise will not be effective to manage the related risk.

Following are the probable impacts of erroneous data impacting monitoring and reporting of transactions-

1. Feeding of erroneous data regarding ‘Occupation type/Monthly Income/Threshold Limit’

For Monitoring of Transaction, these three fields are very important. The threshold limit should be matching with the
status of the account holder.

AML/CFT department undertakes monitoring of transactions to analyse the unusual trend of transactions,
un-matching with the status of the accountholder. Wrong feeding of occupation code or no feeding may lead AML/CFT
department to draw wrong conclusions and wrong reporting to FIU-IND.

May impact on risk categorization of the customer

Sunil SKA
 73

May impact the generation of alerts for transaction monitoring.

May lead to wrong reporting to FIU-India on the ground of suspicion while filing STR.

2. Feeding of erroneous data regarding ‘Date of Birth’:

May impact the quality and result of name screening against the negative lists

May mislead the case manager at AML-CFT while analysing case/alert generated in the account (due to
wrong calculation of age such as students/ senior citizen etc.).

3. Feeding of erroneous data regarding ‘Customer Type’: Normal, Small or Minor.

May impact the generation of alerts for transaction monitoring.

May mislead the case manager at AML-CFT while analysing case/alert generated in the account.

4. Erroneous data in respect of ‘Marital Status’:

May lead to wrong filing of Regulatory returns.

May impact the transaction monitoring process (such as single/married/widow).

5. Feeding of erroneous data regarding ‘Nationality’

Impacts the generation of alerts for transaction monitoring.

May lead to wrong reporting to FIU-India.

6. Feeding of erroneous data regarding ‘Educational qualification’:

The case manager at AML-CFT department may draw wrong conclusion while analysing the case / alert
generated on the customer.

7. Feeding of erroneous data regarding ‘Permanent Account Number(PAN)/ Form No. 60’ -

May impact the generation of alerts for transaction monitoring.

Wrong feeding or non-feeding of PAN details may lead to wrong information to FIU-India.

8. Feeding of erroneous data regarding ‘Liberalized KYC-Yes/No’:

Will result in permitting all transaction, irrespective of value, will breach RBI Guidelines on ‘Small A/Cs’

Impacts the generation of alerts for transaction monitoring.

9. Feeding of erroneous data regarding ‘Marital Status’: may impact the transaction monitoring process (such as
single/married/widow).

10. Feeding of erroneous data regarding ‘Political exposed person (PEP)/Relative to PEP’:

It Impacts the generation of alerts for transaction monitoring.

May lead to wrong reporting to FIU-India in ground of suspicion while filing STR.

Sunil SKA
 74

Impacts the quality and result of name screening against the negative lists.

11. Feeding of erroneous data regarding ‘Address Details: Current/correspondence/local address (Address
type, Proof of Address, Country name, State, City, District etc.)’ -

Wrong feeding of Address details-

May impact the generation of alerts for transaction monitoring.

Wrong reporting to FIU-India in ground of suspicion while filing STR.

May impact the quality and result of name screening against the negative lists.

12. Feeding of erroneous data regarding ‘Occupation of customer’

The bank has taken a strict instance in respect of feeding of correct information of the occupation of the customer, due
to importance of this information in preparing the correct profile of the customer as well as its vital role in effective
monitoring of transactions with a view to identify suspicious transactions.

For achieving data purity and feeding of correct description of the occupation of the customers, Bank has rationalized
the ‘Occupation’ codes in CBS and 27 Occupation codes have been made available under 04 categories –

1. Service,
2. Business,
3. Others, &
4. Not categorised

As per extant instructions of bank, in case, the operating Staff/Official, selects the category I CBS as “Not Categorised
type,” then the Maker/Checker has to mandatorily key in the occupation of the customer as mentioned in the
AOF in the description field.

As description field, cannot be validated by the system, while inputting the data due care should be taken by
maker/checker to input correct Occupation type.

Later-on, if it is found that junk/incorrect data has been keyed into the system, necessary action will be
initiated against the operating staff/official, for data infringement.

Sunil SKA
 75

Module 3 - Assessment
Which of the following is a probable impact due to account opened with wrong name? C
a. On- boarding of a person whose name appears in the RBI Defaulter's list leading the bank to Regulatory
punitive action.
b. On- boarding of a person who is already a customer of another bank leading the bank to Regulatory Punitive
action.
c. On- boarding of a person whose name appears in various sanctions lists circulated by RBI leading the bank to
Regulatory punitive action
d. All of the above
Feeding of erroneous data regarding ‘Political exposed person (PEP) /Relative to PEP’ status may not result in to D
____
a. non-compliance of guidelines of Money Laundering under PMLA act 2002
b. wrong reporting to FIU-India in ground of suspicion while filing STR.
c. deduction of tax at source at incorrect rate.
d. All of the above
Which of the following actions banks are required to take in case the match of any of the customers with the C
particulars of designated individuals/entities is beyond doubt as per laid procedure for implementation of Section
51A of the Unlawful Activities (Prevention) Act, 1967?
a. The banks shall prevent such designated persons from conducting financial transactions under intimation to the
Central [designated] Nodal Officer for the UAPA.
b. The banks shall close the account of such designated persons and transfer the fund to the account of under
intimation to the Central [designated] Nodal Officer for the UAPA.
c. both of these
d. None of these
As per laid procedure for implementation of Section 51A of the Unlawful Activities (Prevention) Act, 1967, in case D
of which type of transaction(s), banks shall file Suspicious Transaction Report (STR) with FIU IND in case, the
particulars of any customers match with the particulars of designated individuals/entities?
a. Few Selected transaction which arise suspicion
b. All successful transactions only
c. All attempted transaction only
d. All transactions carried through or attempted
The 27 'Occupation codes' available in CBS have been divided in to _____ categories. B
a. 5
b. 4
c. 3
d. 9
RBI directions make it mandatory for Banks/REs to report details of accounts resembling any of the D
individuals/entities in the negative lists to various authorities. Which set of the institutions given in the following
options is the correct one?
a. Ministry of External Affairs & FIU-IND
b. RBI & Ministry of External Affairs
c. CBDT & Ministry of Home Affairs
d. FIU -IND & Ministry of Home Affairs
Which of the following statement is /are correct regarding RBI instructions on Money Laundering and Terrorist C
Financing Risk Assessment by Banks & other REs?
a. The regulator will determine the exact level of ‘Money Laundering (ML) and Terrorist Financing (TF) risk for
Individual institution/ RE.
b. The regulator may provide guidelines, but it’s up to the individual institution/ RE to determine the exact level of
‘Money Laundering (ML) and Terrorist Financing (TF) risk
c. Both the statements are correct.
d. Both the statements are false.
In the process of Name screening, a positive match is said to occur when_____ D
a. the name and at least five other identifiers as given in negative list match.
b. the name and at least one other identifiers as given in negative list match.
Sunil SKA
 76

c. the name and at least three other identifiers as given in negative list match.
d. the name and at least two other identifiers as given in negative list match.
Feeding of erroneous data regarding ‘Date of Birth’ may lead to D
a. denial of Senior Citizen benefits by the system even if they have become a senior citizen
b. incorrect analysis to decide positive/ negative match in case of alert generated during name screening against
the negative lists.
c. erroneous conversion of accounts from minor to major.
d. All of the above
Non-conforming data is the data which … A
a. has not been normalized as per the system of records.
b. has been entered in two different fields, not confirming to each other.
c. has been entered in the wrong field.
d. has variation in naming, spelling.
Which of the following is NOT a probable impact due to account opened with misspelt name (Rahim/Raheem) ? B
a. Wrong reporting to FIU-India.
b. Impacts monitoring as citizens of some specific countries are not permitted to open accounts in India.
c. Impacts the quality and result of name screening against the negative lists.
d. Lack of exercising due diligence as per Customer Identification Procedure
Due diligence as per Customer Identification Procedure may not be exercised properly due to feeding of erroneous D
data regarding _____ .
a. Father's Name
b. Name of the customer
c. Date of Birth
d. All of the above
Bank may face Regulatory punitive action for which of the following? C
a. On- boarding of a person whose name appears in the RBI Defaulter's list.
b. On- boarding of a person who is already a customer of another bank.
c. On- boarding of a person whose name appears in the sanctions lists circulated by RBI.
d. All of the above
All customers, individuals and non individuals, are to be categorised as High, Medium and Low risk for the purpose C
of_____
a. proper transaction monitoring
b. proper regulatory reporting
c. Both of the above
d. None of the above
Enhanced due diligence is required to be undertaken in respect of which type of customers? C
a. Certain type of medium-risk customers & High risk customers
b. RBI selected list of customers
c. High-risk customers
d. Certain type of low-risk customers & High risk customers
Due diligence as per Customer Identification Procedure may not be exercised properly due to feeding of erroneous D
data regarding ______ .
a. Politically exposed person status
b. Residential Status (RI/NRI)
c. PAN/Form 60
d. All of the above
which of the following additional information need to be collected for risk categorization ? a) Father / Mother's B
maiden name, b) anticipated level and nature of the activity that is to be undertaken, c) Marital Status, d) details of
occupation / employment and sources of wealth or income.
a. Only a, b & d
b. Only b & d
c. Only a, c & d
d. All of the above

Sunil SKA
 77

Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967 requires Banks/REs to ensure_____ C
a. filing of STRs in the accounts, where the transactions do not match with the customer profile.
b. that they do not have any account in the name of individuals/ entities appearing in the lists of individuals and
entities, suspected of having terrorist links, which are approved by UNSC.
c. Both of these
d. None of these
Which of the following statement is NOT correct? C
a. A financial institution ought to know its customers well enough, which is not possible without pure and authentic
data.
b. Customer due diligence (CDD) coupled with correct data, is the critical tool for effectively managing the related
risks and protecting the FI against criminals, terrorists, who might present an enhanced risk.
c. A financial institution (FI) would not face any fines, sanctions, and reputational damage, if it deals with a money
launderer or a terrorist in the absence of correct data.
d. For any financial institution, it is important to make sure that the data as well as the prospective customer is
trustworthy.
Which of the following statement is NOT correct regarding 'Small Account' opened under Liberalised KYC? B
a. We may not follow-up for completing KYC after prescribed initial period of 12 months and that may lead to non-
compliance.
b. There is no requirement of further regulatory compliance for such accounts opened under Liberalised KYC.
c. We may be permitting all transaction, irrespective of value, in such accounts breaching RBI Guidelines on ‘Small
A/Cs’
d. We may not follow-up for completing KYC after prescribed extended period of 24 months and that may lead to
non-compliance.
Mr Associate has selected 'Occupation Code' as 'Not Categorised" in CBS while creating a CIF. Further when D
keying in the details of the occupation of the customer, the Maker entered it as 'others" instead of keying in the
exact details of occupation as mentioned in the AOF in the description field. Is it a right practice, what are the
provisions in this regard?
a. Maker has selected 'Occupation Code' as 'Not Categorised" in CBS while creating a CIF. There is no provision
in CBS to further key in data manually regarding the Occupation of the customer, hence the action of the Maker is
justifiable.
b. Maker has selected 'Occupation Code' as 'Not Categorised" in CBS while creating a CIF. It is not mandatory to
further key in data manually regarding the Occupation of the customer to maintain the sanctity of the data in
system.
c. Maker has selected 'Occupation Code' as 'Not Categorised" in CBS while creating a CIF. As sufficient codes are
not available in CBS to map the occupation of the customer, it is not advisable key in data manually regarding the
Occupation of the customer to maintain the sanctity of the data in system.
d. If junk/ incorrect data is keyed into the system instead of keying in the details as mentioned in the AOF in the
description field, necessary action may be initiated against the Maker/Checker for data infringement.
Reporting Entities are NOT required to carry out ‘Money Laundering (ML) and Terrorist Financing (TF) Risk C
Assessment’ exercise periodically in respect of_____
a. Transactions or delivery channels
b. Services and products
c. Auditors
d. Clients, countries or geographical areas
Which of the following problems would be caused by erroneous feeding of Address proof details of Resident C
Indians?
a. Penalty from Income-tax department.
b. Errors in name screening by AMLOCK software.
c. Errors in alert generation for transaction monitoring.
d. None of these
Which of the following information is not required for creating customer profile? B
a. Monthly Income, Annual turnover (in the case of business)
b. Year of Graduation
c. Date of Birth Occupation/activity,
Sunil SKA
 78

d. Source of funds,
As per section 51A of UAPA, 1967, for the prevention of, and for coping with terrorist activities Central Govt has B
been given certain powers. Please select all correct statement from the following-
a. freeze, seize or attach funds and other financial assets or economic resources held by listed individuals or
entities.
b. prohibit any individual or entity from making any funds, financial assets available for the benefit of the listed
individuals or entities.
c. prevent the entry into or the transit through India of listed individuals.
d. impose penalty equal to the value of funds/ assets held by such individuals or entities.
a. Only b & d
b. only a, b & c
c. only a & b
d. Only a, b & d
How many 'Occupation codes' are available in CBS? B
a. 25
b. 27
c. 33
d. 21
Data which has been entered in wrong field is called _______ D
a. non-conforming data.
b. Inaccurate data.
c. duplicate data.
d. inappropriate data.
Which type of erroneous data may NOT have impact on FATCA/CRS compliance related issues B
a. Data regarding ‘Citizenship’.
b. Data regarding Educational qualification.
c. Data regarding Country code of jurisdiction of residence
d. Data regarding ‘Nationality’.
Which of the following data error will impact result of name screening by AMLOCK software? A
a. Political exposed person
b. Name of the customer
c. Country code of jurisdiction of residence
d. Customer Type
The list of designated individuals and entities subject to the UN sanction measures, is updated by _____. C
a. FIU -Ind
b. Reserve Bank of India
c. Ministry of External Affairs
d. Ministry of Home Affairs

Sunil SKA
 79

4.1 Different Mechanisms of Vigilance

Preventive Vigilance

Vigilance: Vigilance is being watchful in day to day transactions in line with the laid down system and procedures.

Vigilance word is derived from root word vigil meaning wakefulness, being watchful and alert even during the time
given for rest or sleep. Vigilance is being watchful in day to day transactions in line with the laid down system and
procedures as well as being judicious, transparent, and disciplined in all the official dealings.

Vigilance is essential in every unit of the organization and that is why it is stressed that every manager & staff
becomes vigilant. Vigilance being a mechanism of control that kindles the senses and operative skills to ward off
mishaps.
Vigilance as a tool ensures:
Disciplining the wrong doers
Protecting honest performers
Increasing transparency and fairness
Ascertaining accountability
Reducing wastages/leakages
Promoting culture of honesty and integrity
Reforming systems for corruption-free delivery
Vigilance is a Management Tool

Different Mechanisms of Vigilance

Punitive vigilance: It comes into picture when transgressions of the Bank’s systems or gross negligence or corrupt
and irregular practices have already resulted in financial and reputational loss to the Bank. It deals with the aftereffects
and ensures that punishment in such cases is commensurate with the nature of offences alleged and proved in an
inquiry. It deters the occurrence of lapses.

Detective vigilance: Detective vigilance aims at identifying & verifying the occurrence of Lapse. It is Fact Finding,
Investigation, ascertains causative factors, defines extent of accountability of officials, suggests measures to plug
loopholes in the system.

Corrective Vigilance: It covers analysis of results of detective vigilance. It looks into the reasons and contributory
factors and finds solution to stop recurrence of unwanted incidents.

Predictive Vigilance: Foreseeing activity prejudicial to the interest of the institution.

Preventive Vigilance: It refers to the mechanism or branch of Vigilance activity which involves taking proactive steps
as against reactive which makes the prognosis as against diagnosis of the organizational environment. It defines/
delineates and delimits the systems & procedures and tests their robustness in an efficacious manner.

The role of Preventive Vigilance in creating an atmosphere of ethical environment at workplace is well established.
Preventive Vigilance is one area which involves deep understanding of the organization, its complexities and areas
which are vulnerable / susceptible to corruption, apart from employees holding specific posts who are vulnerable and
exposed to such temptations. It involves studying the organization, its policies, and its people; and implementing
effective measures so that these do not become vulnerable to corruption.

Preventive vigilance starts with the individual irrespective of his / her position in the administrative hierarchy and
everyone has a role to play in preventive vigilance.

Preventive Vigilance is the most important aspect in Vigilance Administration which needs participation of every
employee. It is the obligation of all stakeholders to be vigilant in their day-to-day activities to safeguard the interest of
the organisation and in the process protect themselves.

Sunil SKA
 80

Preventive Vigilance in Banks

The main functions of banks include accepting of deposits from the public and lending the same. The credit areas
include sanctioning of various types of loans e.g., loan to Corporate, Small businessmen and Retails loans. Banks
accept deposits from individuals, Corporates & Institutions. Both credits as wells as deposits are areas vulnerable to
frauds, both with and without connivance and facilitation by insiders. Besides, banks make huge investments in IT
related procurements, hiring of premises, etc. which are also areas in which one with malafide intention can subvert
the systems and procedures. Although banks have well defined systems / guidelines for concurrent audit, statutory
audit, RFIA etc., however the importance of a mechanism for preventive vigilance can hardly be overemphasized for
safeguarding the banks’ funds. Though, credit decisions are taken based upon circumstances and availability of
information at that point of time and risk taking is an internal part of the credit functions of the banks, there is a very
thin line between bonafide commercial decisions and malafides commercial decisions and malafides decisions.

In this backdrop, preventive vigilance measures can, to a great extent, insulate the bank from probable loss of funds as
well as image. Preventive vigilance must cover every conceivable area of banking activity, be it deposits, remittances,
fee based transactions, credit related matters, Forex transactions, procurements, HR initiative, engaging premises for
offices, compliance of Government guidelines, Knowledge empowerment and training and sensitizing of workforce on
a continuous basis should be the key would on every bank related activity.

Preventive vigilance means exercising caution to prevent irregularities / lapses and frauds and in fact all administrative
instructions are nothing but preventive vigilance. The systems and procedures prevalent in the Bank have inbuilt
checks and controls. However non-observances at times facilitate unscrupulous employees / outsiders to perpetrate
frauds on the Bank.

4.2 Need of Preventive Vigilance

Most of the organisations follow this mechanism / approach of Vigilance. It is the most effective among all the
approaches and cost effective also.

Cost Effective: Many Studies conducted in manufacturing sector which also apply to Service sector indicate the cost
of PV vis-a-vis Corrective maintenance and failure cost follow a ratio 1:10:100. Preventive Vigilance follows almost
similar pattern vis a vis other types of approach.
To minimise frauds, irregularities, lapses
To formulate remedial measures and initiate corrective actions
To follow systems and procedures meticulously
To enjoy faith and confidence of public
To prevent loss of business

4.2 Preventive Vigilance and fraud mitigationmeasures in day-to-day banking

Payment of High Value Cheque in Current Account(Fraud Prevention)

Branches should ensure that:

1. All cheques with reasons to doubt their genuineness should be subjected to fugitive ink/ water droplet test and
ultraviolet lamp test, irrespective of amount.

2. Physical verification of cheques is to be carried out in a meticulous manner, even a smallest variance in feature to
be examined critically to avoid payment of cloned cheques.

3. Customer is to be called before making payment of cheque for amount ofRs.5 lakh and above, to ensure that the
cheque presented has not been stolen. In case of payment of non-Home cheque of Rs.5 lakh and above and any
suspicious transactions irrespective of amount involved, the drawer is to be contacted over registered mobile number
to ascertain genuineness of the instrument/ transaction.

Sunil SKA
 81

4. Discreet enquiry to be made from the presenter of the cheque over counter for payment as to how he has received
the cheque from the drawer/ account holder.

5. In case of Multi City Cheque presented at non-home branches, amount of the cheque should be within the value cap
mentioned on the cheque.

6. In the event of contacting customer is not possible/ successful, home branch of the customer is to be contacted.
Record of such calls must be maintained.

7. A standardized mail should be sent to home branch in respect of cases where customer could not be contacted on
the registered mobile available in CBS and the cheque was paid. Home Branch should accordingly take up the matter
with the customer to prevent such cases.

8. All high value instruments must be referred to the Branch Head/ CCPC Head and, in case of suspicion, the drawer
branch/ customer drawing the cheque should be referred before releasing payment.

9. Correct and updated Mobile number is seeded in the current accounts to receive the SMS alerts and calls from
Bank, to ascertain genuineness of the instrument/ transaction and maintain the record of such calls.

10. Email is registered to receive the mail in respect of cases where the customer could not be contacted on the
registered mobile available in the CBS and the cheque was paid.

Cheque Truncation System (CTS) – Fraud Mitigation Measures

A new security feature of UV Band in variable fields (i.e., payee’s name, Amount in words, Amount in figure and
Account Number) is introduced in Multi City Cheques (CTS-2010) along with the other existing security features. Under
this feature, UV Band is incorporated under the variable fields and any alteration made in these areas would be visible,
when checked under the UV Lamp. After introduction of this new feature our cheques will have 12 security features
asunder including 9 mandatory features as per CTS-2010 standards

Mandatory Standard Cheque Security Features as per CTS 2010 Guidelines

1. CTS India Watermark paper
2. VOID Pantograph
3. Bank’s Logo in UV Ink
4. Micro Lettering
5. Cheque Colors & Background Mandatory CTS Standards
6. New Rupee symbol
7. Standardized Field Placements
8. Account Number Field
9. Printer Name along with CTS 2010
10. Fugitive Background with Secondary Fluorescent Ink
11. Account Number Printed in Reverse in a Black Box (recently added).
12. UV Band in variable fields (Payees Name, Amount in words, Amount in figure and Account Number)

Home loan - Preventive Measures

In light of the large number of frauds in Home Loans involving forged KYC and Income docs, it is felt that collecting
photocopy of the papers relating to KYC and income proofs are not sufficient to prevent frauds if they are not
scrutinized for authenticity. It has therefore, been decided by the Appropriate Authority that as apart of pre-sanction
Survey for Home loans and Home Related Loans, verification of documents verifiable online, need to be carried out by
the operating functionaries as a Measure/Tool for prevention of Frauds. Operating units will verify the websites and a
signed confirmation will be provided by Sourcing as well as Processing Units that they have verified the websites for
the authenticity of documents submitted by the applicants. The confirmation will be kept in Loan Documents as a
record. Documents verifiable online are as under:

Sunil SKA
 82

Sl What can be seen at the web site Websites for verification along with What to be
navigation path verified

1 TAN is applicable to those who are https://incometaxindiaefiling.gov.in TAN of borrower

supposed to deduct TDS i.e. if ->Select know your TAN> Category of the TAN of employer
Borrower deducts TDS as well as Deductor > State > Search by Tan > Tan No > as per Form 16
employer Image > Mobile No > Submit

2 TIN-Businessman/Self https://www.tinxsys.com/TinxsysInternet TIN of borrower

Employed/Professional who pay VAT Web/index.jsp
will have TIN Select -> Dealer/Firm Search -> I agree -
>Search By TIN > TIN > Search

3 Goods & Service Tax Registration No. https://cbec-easiest.gov.in/EST Select - GST Registration
Businessman/Self >Assessee Code Based Search > Assessee No. of the
Employed/Professional who have to Code > Image > Get Details borrower GST
pay Goods and Service Tax Registration No.
of the of dealer

4 Form 16 from Traces https://contents.tdscpc.gov.in/ Select from the verify with 7 digit
top-> Tax Payer >Select from the left-hand side certificate
column-> View TDS/TCS Credit>Select -> number on form
verification code -> verify TDS Certificate 16

5 Status of Acknowledgement receipt https://incometaxindiaefiling.gov.in Select -> Income tax return

(ITR-V) can be verified ITR-V Receipt Status electronically
filed by borrower

6 Tax Paid Challan https://tin.tin.nsdl.com/oltas/servlet/Query TDS of the

TaxpayerAjax Select > CIN based view > BSR borrower
code > Challan tender date > Challan Serial No
> Amount (only rupees i.e. 3560)

7 Chartered Accountant membership (a) CA membership no: www.icai.org Select -> B/S & P/L of the
number verification: Balance sheet & members-> members Directory search -> As on borrower Contact
P/L should be signed by CA with his Date-> Search members database by CA to confirm.
membership number and submitted Membership No- As on date
along with ITR. (b) CA’s Firm Regd. Number –verify on :
www.icai.org Select -> members-> List of Firms
as on……..

8 Voter ID (if submitted) - Visit the site :

http://eci.nic.in/eci/eci.html
(i) Select YOUR NAME IN VOTERS
LIST ->Select State ->Feed in
electoral photo ID card number (even
if only ID card number is fed in it
accepts it) ->Select Search
OR
(ii) Select NATIONAL ELECTORAL
SEARCH (it takes time to load) It will
give 2 options (1) SEARCH BY
DETAILS (2) SEARCH BY EPIC -
>Select SEARCH BY EPIC ->Feed in
electoral photo ID card number If it
does not give information then

Sunil SKA
 83

SEARCH BY DETAILS

Agri Gold Loans - Prevention of Frauds

Surprise verification
1. Controllers should ensure surprise verification of quality and number of gold ornaments pledged under Agri gold
loan scheme at all branches by an officer other than the Joint Custodians quarterly.

2. The identified official should ensure that the number of gold loan bags tally with the number of accounts reported in
Loan Balance file / CCOD file generated during the EoD process of the previous working day; and

3. On a random basis check the ornaments for purity (30% or maximum of100 gold loan accounts whichever is less) to
safeguard against frauds.

SME Business
a) Disposal of Collateral Security - Preventive Measures
1. Bank should file application for urgent hearing before DRAT to vacate the stay and after vacating the stay, the
properties should be sold under SARFAESI Act.

2. Details of property to be registered with CERSAI and CERSAI ID certificate for mortgaged properties to be kept on
record.

3. All original title deeds must be obtained at the time of creation of mortgage.

4. Independent verification of mortgaged properties to be carried out at regular intervals.

5. Pre and post sanction due diligence in advances advised vide Circular No. CCO/CPPD- ADV/100/2015-16 dated
07.10.2015.

6. i) Certified copy of Title Deed to be obtained from Sub-Registrar’s Office and compared with the original submitted
for creation of mortgage by the panel Advocate before issuing TIR & ii) Search to find out any prior encumbrances be
done by the Advocate and certify in TIR to be complied with.

b) Asset Backed Loan - Preventive Measures

1. Detailed due diligence process to be carried out to verify the antecedents of the borrowed property details i.e. its
location, valuation, approach, demarcation etc.

2. TIRs should be obtained as per Bank’s guidelines. SOP on Title Deeds & Title Investigation Report (TIR) states that
a Search Report/ encumbrance certificate for the intervening period, i.e. from the date of TIR to the date of deposit of
original Title Deeds/ creation of EM should be obtained and held on record, as part of equitable mortgage documents.

3. End use of funds to be ensured at the time of disbursement of loan, and through inspection/ verification of purchase
bills, etc. In addition, QOD(Quarterly Operational Data) cum status working capital funds statement to be obtained from
the borrower to confirm the level of current assets and end use of funds.

4. Physical verification of the property must be done personally by the concerned officials. Submission/ uploading of
security inspection report along with snapshots through e LLMS App to be carried out as per extant guidelines.

5. Search report encumbrance certificate for the intervening period, i.e. from the date of TIR to the date of deposit of
original Title deeds /creation of EM should be obtained and held on record, as part of equitable mortgage documents.

6. Black listing of empaneled valuer who had done the wrong valuation to be done.

7. Abnormal increase or decrease in valuation to be analyzed critically.

Sunil SKA
 84

8. Obtention of two separate valuation reports and verification from market bourses to be ensured without fail.

c) Cash Credit Limit - Preventive Measures

1. Independent assessment of value of properties as per valuation report to be done by branch officials.

2. Details of property to be registered in CERSAI.

3. CIBIL report to be periodically generated and scrutinized to ascertain borrowing from other banks/ FIs

4. Charge on Collateral securities (mortgaged properties) to be noted in revenue records.

5. Assessment and appraisal of the credit needs of the borrowers to be done properly and sanctioning process must
be followed.

6. Meaningful post disbursement inspection to be carried out and end use of funds to be ensured.

7. High value transactions in CC account to be scrutinized to ensure against possible diversion / siphoning.

8. Stock Audit to be carried out as per Bank’s laid down instructions andreport to be scrutinised properly, put up for
closure to appropriate authority.

9. Periodic inspection of securities charged to be ensured.

10. Business model/ need for all sister concerns and justification/ need for limits to be established on approval.
Transfer of funds among the family concerns to be probed with extra due diligence.

11. Credit limit to be sanctioned after detailed appraisal/ assessment duly supported by the documentary evidence.

12. Irregularity report to be submitted periodically and comments thereon to be acted upon.

13. Noting of charge with revenue authority on mortgaged property to be ensured immediately after creation of EM.

14. The immovable security (Primary or Collateral) to be inspected at the time of accepting the property for the first
time and yearly there after. & Ownership & Possession status of the property to be ascertained by making enquiries
with the neighborhood and occupant of the property.

15. TIR to be obtained after every 3 years or at the time of enhancement.

16. Instructions are in place for conduct of post sanction inspection of stocks and receivables in a diligent manner.

d) Fabricated Financials and forged title deed – Preventive Measures

Meaningful pre-sanction due diligence to be carried out to ascertain genuineness of the documents submitted by the
borrowers.

1. Detailed due diligence before sanction be carried out including past record with CIC for loans availed.

2. Physical verification of property must be done without fail by concerned official. Photograph of the property along
with the borrower should be taken as an integral part of inspection.

3. check the authenticity of the documents/ reports/ certificates etc. with UDIN and the key fields provided by the
certifying Chartered Accountants.

4. Need based credit facilities and ability to discharge the obligation to be ensured.

Sunil SKA
 85

5. Pre-sanction survey and post sanction inspection should be carried out in meaningful manner to ascertain
antecedents and credential of borrowers / units / securities etc.

6. Justification of limits for the group concerns, proper assessment, satisfying about business model is essential to
avoid accommodation loans.

7. Conduct of periodic stock audit to be ensured and due closure of Audit report.

8. Obtention of CIBIL report on guarantors indicating satisfactory record.

9. Reporting of Third-Party Entity (TPE) to IBA/ ICAI for blacklisting

e) Overvaluation of collateral and diversion of funds - Preventive Measures

1. Value of the property offered as security to be independently verified by the Bank official and to be duly recorded.

2. Due diligence on the supplier to be done and opinion report to be obtained. Funds to be disbursed directly to
suppliers.

3. During post disbursement inspection, details of machineries purchased to be verified and periodic inspection to be
done at irregular intervals.

4. Deficiencies pointed out in various audit reports to be promptly attended and rectified.

5. Account with other Bank to be closed as and when detected.

f) Frauds in collateral Security - Preventive Measures

1. Independent verification of the property and assessment of its valuation need to be ensured by branch official.

2. Obtaining certified copies of title deeds by Advocate and comparison with original title deeds to be ensured.

3. Display of Bank’s board at prominent place in the unit.

4. Charge on Collateral securities (mortgaged properties) to be recorded in revenue record. Periodic Encumbrance
Certificate to be obtained.

5. Proper scrutiny of the lawyer’s report and valuation report.

6. Pre-sanction due diligence including physical verification of the property needs to be ensured meaningfully.

7. To make post-sanction inspection on surprise basis.

8. Early Warning Signals to be attended promptly.

9. Issuance of Look out notice to be processed.

10. Noting of charge with revenue authority on mortgaged property to be ensured immediately after creation of EM.

11. TIR to be obtained after every 3 years or at the time of enhancement.

12. Registration of charge with CERSAI.

g) GSS/ Stand Up India/ MUDRA - Preventive Measures

1. Credential of Suppliers to be verified properly.

Sunil SKA
 86

2. Loan proposal to be processed and accounts to be opened through LOS only.

3. Sanctioning officer to visit the unit, meet promoters and carry out proper due diligence before sanctioning the loan.

4. Physical verification of assets created be ensured immediately.

5. Due diligence on supplier- supplier should not be a related party.

6. During visit by controller/ periodic review, reasons for spurt in advances to be examined in detail.

7. OTMS alerts to be attended promptly.

h)Fraud in SRTO - Preventive Measures

1. Assets/security created out of Bank’s finance to be verified immediately after disbursement.

2. Registration of vehicle and noting of Bank’s hypothecation charge in the books of RTO to be done and verified from
“vahan.nic.in” site.

3. Inspection of the vehicles and borrower to be done immediately after default of one instalment and procedure for
Seizure to be initiated so that fraud if any, get unearthed immediately.

i) Fraud in Forex - Preventive Measures

1. Credit limit to be sanctioned after detailed appraisal / assessment duly supported by documentary evidences.

2. EPC to be released after obtaining copies of confirmed orders and to be liquidated out of export proceeds.

3. Proposal for sanction of pre-shipment should cover detailed examination/ comments of sources of liquidation of EPC
with proper justification.

4. Goods meant for export to be segregated from stocks meant for domestic sale.

5. ECGC guarantee cover to be obtained and guidelines to be ensured.

6. Export order register to be maintained and updated. Validity of orders/submission of export bills to be diarised and
followed up.

7. Credit officials handling forex/ EPC to be given adequate training.

8. No cheque facility is to be provided for EPC account.

j) Fraud in Term Loan - Preventive Measures

1. Disbursement to be made to the account of supplier.

2. Immediate inspection after purchase of machinery to be done to ensure proper utilization of funds.

3. Regular inspection and follow up including scrutiny of books should be made to ensure that the funds are not
diverted.

4. Physical progress / status of project to be monitored on an ongoing basis.

5. Certificate from Chartered account and Architect to be submitted by the company on quarterly basis for progress of
construction of the said project in respect of amount incurred on the project.

Sunil SKA
 87

6. Transfer to associate/ related parties should be done only after satisfying on genuineness of the transaction
documentary evidence.

7. Physical verification of the property must be done personally by the concerned officials. Submission/ uploading of
security inspection report along with snapshots through e LLMS App to be carried out.

8. All terms & conditions of sanction to be complied before disbursement.

9. Transaction with related party to be closely monitored.

10. Post sanction inspection to be done at periodic interval to ensure end use of funds.

k) Fraud in E-DFS - Preventive Measures

1. Bank wise segregation of stock be ensured. Diversion of funds to entities engaged in unrelated activities be
examined properly.

2. Depletion of stock to be converted into reduction in liability.

3. Pre/Post sanction surveys to be carried out in a meaningful manner.

4. As per Circular No. CCO/CPPD- ADV/136/2018-19 dated 18.12.2018,check the authenticity of the documents/
reports/ certificates etc. with UDIN and the key fields provided by the certifying Chartered Accountants.

l) Fraud in WHR - Preventive Measures

1. Meaningful pre-sanction survey to be carried out to ascertain identity, address, credit worthiness and integrity of the
Proprietor of the firm.

2. Warehouse/ Godowns to be visited and stocks to be verified periodically. It is to be ensured that underlying stocks
are segregated/ properly tagged with Bank’s name. Market Price advised by Collateral Manager to be cross-checked
with local Mandi/ MCX.

3. Financing of stocks held in borrowers godowns to be avoided.

4. Adequate Insurance Cover for the commodity / stock to be ensured, due date of insurance to be diarized.

5. Any adverse report on Collateral Manager to be shared immediately with Corporate Centre.

m) High Value Banking Frauds - Preventive Measures

1. Genuineness of various documents should be ascertained

2. Genuineness of the buyers should be verified to ascertain their capability of huge buying

3. Direct visits should be made to major debtors and confirmation should be obtained from them

4. Meaningful analysis of stock statements should be carried out

5. Past track record and status of the customers should be critically analysed

6. Financial statements and other documents should be thoroughly checked for their genuineness through various
online sources e.g., ROC website, UDIN, GSTN network etc. End use of the funds to be ensured. Staff accountability
should be examined for staff who had certified end use of funds

7. Assessment of WC is being done as per Bank’s guidelines/procedures.

Sunil SKA
 88

8. A proper scrutiny of debtors should be carried out.

9. Financial statements should be scrutinised by field staff.

10. Effective exchange of information between banks should be strengthened.

11. End use of funds should be monitored and due diligence procedures to be applied to identify instances of utilisation
of funds for the purpose, other than business.

COVID-19 Pandemic environment-Emerging threats of Money Laundering and financing of terrorism

Some of the precautions that may be exercised at operating units are mentioned below:

New Accounts containing “COVID / CORONA” or related words: Fraudsters may try to open new accounts
containing terms such as COVID / CORONA etc. This may be done either to resemble an existing genuine account for
public benefit or with the intention of defrauding people by bogus fundraising / diversion / misdirection of funds etc.
Extra Due Diligence should be applied while opening such accounts and KYC check must be performed thoroughly. A
list of such accounts opened since February 2020 may be extracted and verified.

Vigilance should be exercised while dealing with FCRA / NPO / Charitable institutions / other accounts in
which donations in the name of COVID are being credited.

While the country is busy fighting the COVID-19 Pandemic, some of the states continue to face terrorist
activities. Therefore, Branches situated in terrorist sensitive locations should exercise vigilance against suspicious
financing activities and scrutinize KYC in all those accounts where any suspicious transactions are observed as
criminals / terrorists may try to open accounts through fake Names and IDs.

Impersonation of Government Officials: Criminals may impersonate as government / police/ health officials
and try to obtain personal banking information from banks and misuse it for personal gains. Due care should be taken
to properly identify the persons claiming to be government officials and seeking information which is normally not
provided

The miscreants may misuse account of Money mules to receive grants from Government. Sudden increase
of Government credit observed in accounts of the person who may not be entitled for such grants, should be discreetly
enquired into, before allowing withdrawal.

Instances of malicious or fraudulent activities, cybercrimes, fund raising in the name of renowned
organizations/ NGOs, fake charities targeting gullible persons may increase in the COVID-19 Pandemic environment.
Branches should be more vigilant while opening accounts in the name of charitable institutions/ NGOs. KYC and
customer due diligence measures should be strictly followed while onboarding customers.

Customers should be made aware of the increasing risk of online frauds through phishing emails, SMS,
fraudulent loan and moratorium offers, fakeCOVID-19 sites and apps, fake banking and insurance websites etc. The
possible risks and measures suggested above are illustrative only and not exhaustive.

4.3 Whistle Blower Policy as a Tool of Preventive Vigilance

OBJECTIVE
The objective of ‘Whistle Blower Policy’ is to ensure highest ethical, moral and business standards in the course of
functioning and to build a lasting and strong culture of Corporate Governance within the Bank. In terms of Policy, an
internal mechanism is established for staff members to report to the management, concerns about unethical
behaviour, actual or suspected fraud or violation of the Bank's Code of Conduct policy. The Policy is intended to
encourage all employees of the Bank to report suspected or actual occurrence of illegal, unethical or inappropriate
actions, behaviours or practices by staff members without fear of retribution. The employees can voice their concerns

Sunil SKA
 89

on irregularities, malpractices and other misdemeanours through this policy. It also provides necessary safeguard and
protection to the employees who disclose the instances of unethical practices/ behaviour observed in the Bank.

The Whistle Blower Policy has been modified as per relevant Notifications of RBI, Section 177 of Companies Act, 2013
& relevant rules thereon and SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 and existing
instructions of the Bank as well as Government of India/Central Vigilance Commission/RBI/SEBI in this matter issued
from time to time, including but not limited to Circular NO. 02/03/2019 issued by the Central Vigilance Commission.

DEFINITIONS
The definitions of some of the key terms used in this policy are given below:

Whistle Blower - The Employees of the Bank making the disclosure under this policy. The Whistle Blower’s role is
that of a reporting party. Whistle blowers are not investigators or finders of facts; neither can they determine the
appropriate corrective or remedial action that may be warranted.

Designated Official – Deputy General Manager & CFO at Local Head Offices for staff members posted in the
respective Circles and General Manager (Fraud Monitoring Deptt.) at Corporate Centre for staff members posted at
Corporate Centre, its establishments and other business groups.

Subject – Branch / Employee – The specific branch and/or employee in respect of whom disclosure is being made.

Employees – All employees of the Bank, including officer and award staff members, as also those under contract
service in the Bank.

Disclosure – Any communication, whether by letter/ email/ on designated portalor over telephone, relating to unethical
practice or behaviour or violation of service rules, made in good faith by the Whistle Blower.

Reviewing Authority – Chief General Manager (Fraud Monitoring Deptt.) at Corporate Centre for all staff members
posted at Corporate Centre/ its establishments/Circles/ Other Business Groups. Upon receiving the remarks and
recommendation, he may take a view on closure of the complaint or forward the same to the concerned department for
initiation of disciplinary proceedings.

Appropriate Departmental Action – Departmental action as per the applicable service rules of the
Employees/Officers.

Investigators - mean any person(s) duly appointed/consulted by the Designated Official to conduct an investigation
under this policy.

COVERAGE
All employees of the Bank posted at domestic branches/offices are covered under this policy. The Policy covers
malpractices and events which have taken place/suspected to have taken place in the Bank involving:

Corruption
Frauds
Misuse/ abuse of official position,
Manipulation of data / documents,
Any other act of an employee which affects the interest of the Bank adversely and has the potential to cause
financial or reputational loss to the Bank.

The details in the complaint should be specific and verifiable.

REPORTING MECHANISM
The Fraud Monitoring Department at Corporate Centre and Fraud Monitoring Cells in the Circles will arrange to
circulate name, telephone number, and e-mail address of the Designated Officer(s) in the Bank/Circles to enable the

Sunil SKA
 90

staff members to register their complaints under Whistle Blower Policy. Any employee(officer / award) willing to
disclose information may do so in any of the following manner.

1. In writing on prescribed format, duly addressed to the Designated Officer(s) in a sealed envelope specifically super
scribed in capital letters “Disclosure under Whistle Blower Policy”.

2. The envelope containing the complaint to be sent to the related Designated Official i.e. General Manager (Fraud
Monitoring Deptt.) ,Corporate Centre or to Deputy General Manager & CFO of the respective Circles. Efforts should be
made not to disclose the identity of Whistle Blower on the top of the envelope containing the disclosure. The
whistleblower may submit his application directly to the Chairman of Audit Committee of Board (ACB) in
exceptional or appropriate cases only.

3. Suitable proof of his identity / contact numbers / address so that additional information, if any, can be obtained. In
case identity cannot be ensured, the complaints will be treated as anonymous/ pseudonymous complaints and may not
attract further action.

4. Complaints can also be sent to the designated e-mail ID created for the purpose from the official e-mail ID of the
employee. The contact details /address of the Whistle Blower should however be provided. In case of
absence/incorrectness of the same the complaints will be treated as anonymous/pseudonymous complaints and may
not attract further action.

5. The information can be sent through bank’s portal i.e. https://whistleblower.sbi.co.in

6. Disclosures can also be made over a dedicated Telephone number. The Whistle Blower would, however, be
required to disclose his identity and furnish sufficient information for verifying his identity by the Designated Official.
Additional information, as deemed necessary, will be sought for by the designated official attending the call.

7. The disclosure whether by letter / email/ telephone, should provide specific and verifiable information in respect of
the “Subject – Branch / Employee”

CONFIDENTIALITY MECHANISM OF WHISTLE BLOWER

1. The complaints received under Whistle Blower on the prescribed format, will be opened by the addressee only.

2. Upon receipt of Complaint, the Designated Authority will enter the particulars of Complaint in the Register and allot a
code number on all the pages of the complaint. The first page containing the whereabouts of Whistle Blower along with
the envelope will be retained with the custody of Designated Authority. The subsequent pages containing the details of
Whistle Blower case will be handed over to concerned desk official for investigation purpose. The Designated Officer
will strive to ensure that identity of Whistle Blower is not disclosed. The register will be confidential and retained with
the Designated Official.

3. The particulars of the Complaint will be recorded in the prescribed Register

PROTECTION TO WHISTLE BLOWER

1. The Bank will protect the confidentiality of the complainants and their names / identity will not be disclosed except as
statutorily required under law.

2. No adverse penal action shall be taken or recommended against an employee in retaliation to his disclosure in good
faith of any unethical and improper practices or alleged wrongful conduct. It will be ensured that the Whistle Blower is
not victimized for making the disclosure.

3. In case of victimization in such cases, serious view will be taken including departmental action on such persons
victimizing the Whistle Blower.

Sunil SKA
 91

4. Identity of the Whistle Blower will not be disclosed to the Investigating Official.

5. If any person is aggrieved by any action on the ground that he is being victimized due to the fact that he had filed a
complaint or disclosure, he may file an application before the Reviewing Authority i.e. Chief General Manager- Fraud
Monitoring Deptt., Corporate Centre seeking redressal in the matter, wherein the Reviewing Authority may give
suitable directions to the concerned person or the authority.

6. To protect the interest of the Whistle Blower for any adverse reporting in Annual Appraisal/Performance report,
he/she may be given an option to request for a review of his/her Annual Report by the next higher Authority of the
Reviewing Authority of his/her Report within three (03) months after the closure of the relevant financial year ending
31st March.

DISQUALIFICATIONS FROM PROTECTION

1. Protection under the Policy would not mean protection from departmental action arising out of false or bogus
disclosure made with malafide intention or complaints made to settle personal grievance.

2. Whistle Blowers, who make any disclosures, which have been subsequently found to be malafide or frivolous or
malicious shall be liable to be prosecuted and appropriate disciplinary action will be taken against them under Service
Rules/ bipartite settlements only when it is established that the Complaint has been made with intention of malice.

3. This policy does not protect an employee from an adverse action which occurs independent of his disclosure under
this policy or for alleged wrongful conduct, poor job performance, any other disciplinary action, etc. unrelated to a
disclosure made pursuant to this policy.

MECHANISM FOR ACTION/ REPORTING ON SUCH DISCLOSURES

1. The designated official shall, on receipt of the complaint, arrange to verify the identity of the Whistle Blower.

2. Proper record will be kept of all disclosures received. The action taken against each disclosure will be also noted
and put up to the Reviewing Authority within 7 days of receipt of complaint.

3. Only on being satisfied that the disclosure has verifiable information, necessary enquiry / investigation will be done
with regard to the complaint. The Designated Official will also have the authority to seek the assistance /support from
other departments/ offices to conduct enquiry /investigation. The process of investigation will be completed within 45
days of receipt of the Complaint.

4. The identity of the Whistle Blower will not be disclosed to the officials conducting the enquiry / investigation. In case
additional information is required to be collected from the Whistle Blower, it will be through the Designated Official.

5. Any inquiry/ investigation conducted against any Subject shall not be construed by itself as an act of accusation and
shall be carried out as a neutral fact-finding process, without presumption of any guilt.

6. The inquiry/ investigation shall be conducted in a fair manner and provide adequate opportunity for hearing to the
affected party and a written report of the findings should be prepared for submission.

7. A time frame of maximum 45 days will be permitted to complete the investigation / enquiry. In case the same cannot
be completed within the stipulated period, interim report should be mandatorily submitted by the Investigating Officer,
giving, inter- alia, the tentative date of completion.

8. Depending upon the nature of disclosure and its gravity, the Designated Official will take a view to take up
investigation on a priority basis and fix shorter time frame for its completion.

Sunil SKA
 92

9. In case the disclosure made does not have any specific & verifiable information, the Designated Official will be
authorized not to take any action. This would be suitably recorded and placed before the Reviewing Authority.

10. In case the allegations made in the disclosure are substantiated, appropriate departmental action as per the
provisions of service conditions in vogue will be taken against the employee (officer/award) concerned on whose part
the lapses are observed.

11. The action taken against the subject/employee as stated in the above paragraph will be in addition to any other
action or prosecution which maybe initiated against said subject/employee under any statute or law in force.

12. Roles and Responsibilities of Designated Authority and Reviewing Authority– Annexure –1

13. Workflow Chart – Annexure -2

REVIEW OF STATUS REPORT

1. Functioning of the Policy will be reviewed by the Reviewing Authority at quarterly basis.

2. The Designated Officer shall submit a status report on the prescribed format to the Reviewing Authority and any
other information relating to the disclosures received under the Whistle Blower Policy on quarterly basis. The status
report would include the following:

The status of the disclosure received during the present and prior period and the action taken thereon.

The special areas which need focussed attention.

The nature of disclosures made & their Circle wise distribution.

The Reviewing Authority, Chief General Manager (Fraud Prevention & Monitoring Deptt), Corporate Centre shall
submit consolidated status report of the bank, to the Audit Committee of the Board (ACB) on quarterly basis with action
taken report.

IMPLEMENTATION OF THE POLICY

The General Manager (Fraud Prevention & Monitoring Deptt.) at Corporate Centre and the Deputy General Manager &
CFO at Local Head Offices will ensure that the revised Policy is known to all employees. A copy of the Policy shall be
uploaded in the SBI Times.

This policy can be changed, modified, rescinded or abrogated at any time by the Bank in accordance with law.
However, the Fraud Prevention & Monitoring Deptt at Corporate Centre will review the Policy every twelve months.

ANNEXURE-1- Roles and Responsibilities

Designated Authority: {General Manager (Fraud Monitoring) / Deputy General Manager & CFO}

1. Encourage all employees of the Bank to report suspected or actual occurrence of illegal, unethical or inappropriate
actions, behaviours or practices by staff members without fear of retribution. To circulate name, telephone number, e-
mail address of the Designated Officer(s) in the Bank to enable the staff members to register their complaints under
Whistle Blower Policy.

2. The Designated Authority will be the focal point to receive the complaint from Whistle Blower.

3. Ensure that the identity of Whistle Blower is not disclosed. It also provides necessary safeguard and protection to
the employees who disclose the instances of unethical practices/ behaviour observed in the Bank.

Sunil SKA
 93

4. Appoint/ authorise any official to conduct an investigation under this Policy and submit the report to Designated
Authority.

5. On the basis of investigation report, Designated Authority will forward the same to Reviewing Authority with his/her
remark and recommendation.

6. The Designated Officer shall submit a status report on the prescribed format to the Reviewing Authority and any
other information relating to the disclosures received under the Whistle Blower Policy on quarterly basis.

7. The Designated Authority will be responsible to implement the Policy and ensure that the Policy is known to all
employees.

Reviewing Authority: {Chief General Manager (Fraud Monitoring)}

1. Functioning of the Policy will be reviewed by the Reviewing Authority on quarterly basis.

2. Upon receiving the investigation report along with Designated Authority’s remark and recommendation, Reviewing
Authority may take a view on closure of the complaint or forward the same to the concerned department for initiation of
disciplinary proceedings.

3. If any person (Whistle Blower) is aggrieved by any action on the ground that he is being victimized due to the fact
that he had filed a complaint or disclosure, he may file an application before the Reviewing Authority, seeking
redressal in the matter, wherein the Reviewing Authority may give suitable directions to the concerned person or the
authority.

4. The Reviewing Authority, Chief General Manager (Fraud Monitoring),Corporate Centre shall submit consolidated
status report of the bank, to the Audit committee of the Board (ACB) on quarterly basis, with Action Taken Report.

ANNEXURE-2 – Workflow Chart

Whistle Blower: She/he will submit complaint form to Designated Authority on the prescribed format along with all
supporting documents of the case.

(The whistle blower may submit his/her application directly to the Chairman of Audit Committee of Board (ACB) in
exceptional or appropriate cases only.)

Designated Authority: The designated authority shall, on receipt of the complaint, arrange to verify the identity of
the Whistle Blower.

Only on being satisfied that the disclosure has verifiable information, investigator will be appointed and entrusted for
investigation.

Investigator: Investigator will investigate into the matter and submit his/her report to Designated Authority within 45
days of receipt of complaint.

Designated Authority: Report with suitable remark & recommendation will be submitted to Reviewing Authority for
closure or for initiation of disciplinary proceedings.

Reviewing Authority: If allegations made in disclosure are substantiated, Reviewing Authority will take decision on
appropriate departmental action as per service condition.

The Reviewing Authority shall submit consolidated status report of the Bank to the Audit Committee of the Board
(ACB) on quarterly basis.

Sunil SKA
 94

Audit Committee of the Board (ACB): The Audit Committee of the Board (ACB) will review the status report
submitted by Reviewing Authority on quarterly basis and place their observation /direction for taking corrective
measures to prevent recurrence of such events in future.

If any Whistle Blower submits the application directly to the chairman of the ACB, he may forward the application to the
Reviewing Authority with his direction/observation to take appropriate action and submit his Action Taken Report with
remarks and recommendation.

4.4 Measures to strengthen Preventive Vigilance

Measures to strengthen Preventive Vigilance

Preventive vigilance starts with the individual irrespective of his / her position in the administrative hierarchy. Each
individual has a role to play in preventive vigilance. Very often it is observed that while detailed instructions have been
issued and procedures laid down for the conduct of different types of business, the non-adherence to the Systems and
Procedures has led to the perpetration of a fraud or an act of malfeasance. The need is, therefore, to ensure strict
adherence to Systems and Procedures so that the integrity of the System is protected.

To achieve the above objective, following measures need to be emphasised:

1. Planning and enforcement of regular inspections and surprise visits, identification / location of sensitive areas of
business.

2. Maintaining proper surveillance on officers of doubtful integrity and those in “Agreed List”.

3. Careful scrutiny of control returns.

4. Regular transfer of officers, job rotation for award staff at regular intervals and transfer of award staff as per extant
instructions and service rules.

5. Close scrutiny of staff accounts.

6. Use of the branch visits by controllers to detect danger signals so that steps can be taken either to prevent frauds or
other acts of malfeasance or to contain the damage where such act has already been perpetrated.

7. Rotation of officers working in sensitive positions for more than 2/3 years.

8. During periodical visits to the branches, the Controllers must hold meetings of branch staff and brief them on the
features and importance of the Whistle Blower Scheme as a fraud / malfeasance preventive measure. Controllers
should particularly try to remove any apprehensions in the mind of staff that their identity may get disclosed in the
process of whistle blowing by clearly emphasising the protection that is mandated by the Scheme from any sort of
identity leakage and consequent victimisation, direct or indirect.

9. It should be ensured that all staff members maintain secrecy of their passwords and also keep changing them as
frequently as possible. Instances of casual approach by any password holder should be dealt with ruthlessly as the
same may put huge funds at risk. Controllers during their periodic visit to the branches should verify whether the
employees are changing their passwords at stipulated intervals or not. Any deviation in this regard may be dealt with
deterrent action.

A few other areas of Preventive Vigilance where special focus is needed to improve the quality of operations are:

1. Critical analysis of Complaints before closure, in particular, where verifiable facts are available.

2. RFIA remarks compliance – Analysis of Management letter by Controllers /DGM (Vigilance).

Sunil SKA
 95

3. Meaningful VVR checking on a day-to-day basis.

4. Conducting of PVC meetings at Branches and presence of Controllers /Vigilance Department officials.

5. Ensuring compliance of pre-sanction, post-sanction formalities for advance accounts.

6. Reconciliation of all office accounts at regular intervals and monitoring of long pending entries.

7. Observance of KYC / AML guidelines while opening accounts as per extant instructions.

8. Sensitising staff on data integrity and its relevance.

9. Surprise visit to critical Branches to verify compliance of Systems and Procedures.

10. Suo motu investigations by Vigilance Department officials.

11. Surprise / random check of intra-day cash balance.

12. Surprise / Random check of ATM cash balances by Channel Managers as stipulated.

13. Stock / Receivable Audits at periodical intervals as required.

14. Migrating customers to Alternate Channels proactively as in such cases the transactions are originated and
terminated by customers only.

15. Scrutiny of Exception Reports. All near miss events must also be included as an integral part of Preventive
Vigilance Meetings as their proper &timely identification, reporting, collection and root-cause analysis is crucial for
development of a robust Operational Risk Management System. (Near Miss Event is a risk event that otherwise meets
the definition of an operational loss event but did not materialize in financial loss to the Bank, e.g. attempt to encash a
forged cheque, attempted fraud, failed controls etc.) It is the responsibility of the Controllers at all levels to spread the
message of ‘Zero Tolerance’ to malafide and violation of systems and procedures among the staff working under their
control.

Preventive Vigilance at Administrative Units/Branches

Preventive vigilance is one of the important functions of the controllers, particularly the Regional Managers / Branch
heads / Heads of Processing Cells etc. Where the control and supervision are effective, there is little opportunity for
the unscrupulous elements to take advantage of the situation to the detriment of the Bank. To make control effective,
every source of information, formal and informal, has to be utilized by the controllers.

The system of submission of control return by the authority exercising the discretionary powers to the next higher
authority forms an important part of preventive vigilance exercise. While it is incumbent upon the officer exercising
discretionary power to submit the control return, the controller is equally responsible for obtaining / scrutinizing and
approving or otherwise of the control returns to the branches/offices. The controllers are also responsible for
monitoring the warning signals emanated from the CBS reports and keep an overview on the unusual/suspicious
growth in any of the areas.

Another important source available to the controllers is the various audit /inspection reports. In addition to initiating
steps to rectify the irregularities pointed out in the reports, the controller should also analyse the reasons for such
irregularities having taken place and take steps to ensure that such irregularities do not take place in other branches
under his control.

Preventive Vigilance Committee (PVC)

Sunil SKA
 96

With a view to augmenting the support and involvement of staff at operating unit level in curbing irregularities by
creating all round awareness, a ‘Preventive Vigilance Committee’ is required to be formed. The Committee consisting
of two or three members from different sections/ departments at the branch, will act as a catalyst in spreading the
concept and practice of preventive vigilance at the Branch / operating units. It may clearly be noted that the Preventive
Vigilance Committee is neither a ‘power center’ nor the sole means for exercising preventive vigilance. It is akin to the
‘Knowledge Circle’, aimed at prevention of loss and enhancement of performance. It will endeavor to properly ‘educate’
the staff on preventive measures and also identify the ‘weak spots’ to plug the loopholes, if any, in the functioning of
the operating unit.

Preventive Vigilance Committees have to be formed at the following branches /operating units of the Bank:

1. Branches having staff strength of 10 or more (including SAM Branches).

2. Processing cells, irrespective of their staff strength

3. The units handling the back-office activities:

4. The branches rated as “D” category, irrespective of staff strength.

5. Once a fraud is detected at a branch, (irrespective of the staff strength), till such time the branch undergoes the next
RFIA.

Constitution of PVC:
30% of staff members, minimum 3 officers / employees should be co-opted on the PVC of each unit. The head of the
Branch / Unit and official dealing with operational risk would be permanent members and other members to be rotated
at yearly intervals.

Periodicity of Meeting
1. The meetings of PVCs be held at least once in a quarter.

2. The controllers (any officer from controlling office-designated for the purpose) to guide the staff in identifying the
areas of vulnerability to frauds / malpractices, visit the branches / units periodically and if possible, to attend meetings
of PVCs, at least once in 6 months.

3. The DGM (Vig.) or a staff identified by him at the Circle to visit the branches/ units and guide the PVCs thereat.

4. A summary of such meetings by way of a self-contained Note enumerating important observations / suggestions
should be submitted by LHOs to Vigilance Department, Corporate Centre on a quarterly basis. Sharing of such
information shall benefit the Bank as a whole.

Although the areas vulnerable to frauds / malpractices may not be exactly the same for all branches / other operational
units, the PVCs may have to identify the same for sharing the information with the other colleagues at the Branch /
Units etc. The gist of the discussions that took place in the PVC meetings are to be shared with other staff at the
Branch / Unit.

The Branch / Unit may oversee the functioning of the PVC and the suggestions made by the PVC may be examined.
During their Branch visits, the Controllers should also make it a point to ensure that the PVC are functioning as
envisaged and also that the meaningful analysis of the suggestions is being carried out. They may also participate in
the meetings of PVC as observers, where possible.

It needs hardly any emphasis that in all the matters enumerated in the foregoing paragraphs, constant interaction
between the DGM (Vigilance) at the Circles and the controllers is absolutely essential. The control and guidance of the

Sunil SKA
 97

CMC in these matters in particular and vigilance matters in general, is a sine qua non for improving all round vigilance
awareness.

The second aspect at the Branch level which can have serious implications is the possibility of the Branch Manager
himself indulging in fraudulent activities which becomes difficult to detect for lack of further ‘supervision’ over his
activities at the Branch level. For such contingencies, it is already laid down that the next junior functionary is duty-
bound to report to the controller about any act of suspicious nature by the Branch Manager. Failure to do so would be
treated as a misconduct attracting disciplinary action.

Since Preventive Vigilance Committee meeting and suo-moto investigations are aimed to oversee and to ensure
adherence of systems and procedures by Branches and Outfits, each official of Vigilance Department is entrusted with
the responsibility to attend at least 4 PVC meetings and conduct 6 suo- moto investigations during the year.

4.5 Alertness Award-Scheme for Recognition &Reward for Staff Members

Title: The scheme shall be called the “Alertness Award for Near Miss Events including Prevention/Detection/Foiling of
Frauds”.

Scope:
The magnitude and diversity of frauds has assumed serious proportions, with both the number and amount involved
rising alarmingly. Incidence of staff involvement is also on the increase. There are several instances where frauds
could be averted due to the alertness of staff members. However, the efforts of such employees have gone, more or
less, un-noticed. In this background, there is a felt need for affirmative action to create a culture for alertness and a
healthy respect for observance of laid down systems and procedures.

Near Miss Events (NMEs) are important for management purposes for promptly detecting failures/ errors in processes
or internal control systems. It is also relevant for measurement purpose as per RBI Guidelines on Operational Risk
Loss Events forming part of “implementation of the Advanced Measurement Approach(AMA) for calculation of capital
charge for operational risk.” The good work done by Staff members in this area also needs recognition.

Objective: The objective of the scheme is to recognize and reward the contributions of staff members in prevention,
detection, foiling of frauds and "Near Miss Events‟.

Coverage: The scheme will be applicable to all staff members, including regular, part-time and contract employees in
the service of the Bank.

Definitions:
Fraud:
“A fraud may be defined as a deliberate act of omission or commission by any person, carried out in the course of a
banking transaction or in the books of account maintained (manually or under computer system) in the Bank, resulting
into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the Bank,
either by way of concealment of facts or otherwise.”

NME:
Near Miss Event is a risk event that otherwise meets the definition of an operational loss event, but for which no
financial loss has been incurred not because of effective controls but due to fortuitous circumstances. NME is an
operational risk event that could have but did not result in a financial loss either by chance or on account of existing
control measures but are required for internal modeling purposes. Broadly, it is an undesired event or sequence of
events with potential to cause serious damage. Some of the examples of NMEs are attempted fraud, attempted
theft/burglary, attempt to encash a forged / fake cheque, attempt to obtain credit facility by submitting fake/forged
KYC/Income/financial documents, etc.

Prevention/Detection/Foiling of Frauds:

Sunil SKA
 98

“Any action or set of actions taken by staff member(s) that directly results in averting a fraud and preventing any loss
to the Bank”. This would not imply simple adherence to laid- down rules and regulations.

“Discovering a set of fraudulent activities and/ or a transaction or series of transactions that have taken place in the
Bank which is/ are fraudulent in nature”.

“Staving off an attempt by any person or persons to defraud the Bank, which results in prevention of fraud”. In other
words, it means prevention of a fraud while an attempt is being made, without any loss caused to the Bank.

Identification / Reporting / Collation and Analysis of Near Miss Events:

The first step involved in the process is recognition and identification of an NME. The Bank shall treat events for
which recovery has been made on the same business day of the event as an NME.

Capturing NME as many as possible even though not all of them will have the same importance. Simple reporting
format complete reporting to encourage everyone for filling out a report without spending much time and developing
culture and enriching the data base.

Determining the NME which requires immediate attention, analysis, evaluation and escalation. Prioritization will be
based on the following aspects:

* Worst case events require estimation of maximum but realistic damage that could have impacted or can
impact in future if similar incidents takes place again.

* Repeating events require knowledge of past incidents so as to give higher priority for similar events occurring
multiple times.

* Incident reach - events that can impact a larger region or area of operation, etc. need to be prioritized with
view to control their happening into other areas.

The NMEs, based on priority, identify the cause(s) and action plan initiated for elimination of recurrence. High
priority incidents to be given thorough causal analysis such as identification of root cause etc.

Process:
As soon as a fraud is detected, averted or an attempt of fraud is foiled, the Branch Manager will immediately advise
the Controlling Authority concerned, furnishing details of the modus operandi and the specific contribution, if any,
made by staff member(s) in such prevention/ detection/foiling of the fraud. The Local Head Office will forward the
information to the Central Office, thereafter, in a specific format detailing the contribution of the staff member(s) and
recommending sanction of the Alertness Award. The Fraud Monitoring Cell in the Banking Operations Department
(R&DB), depending upon the recommendations of the Circle, will put up such cases with details of the contribution of
staff member(s) in prevention/ detection/ foiling of the fraud, for consideration, to the Alertness Award Committee.

Once an NME is identified the same should be reported without spending much time. Operational Risk (OR) Managers
at Circles and at Business and Support Groups will collect top and critical NMEs from operating functionaries and will
maintain updated inventory / library of NMEs. OR Manger in consultation with DGMs & CFO in Circles and DGMs
(Risk) at Business and Support Groups will identify NMEs that are required to be placed before Risk Management
Committee of the Circle (RMCC) and Risk Management Committee (RMC)respectively. In addition, OR Manager will
also identify the NMEs for the purpose of recognition and reporting to the Alertness Award Committee.

The Alertness Award Committee shall be constituted at Central Office, comprising following functionaries:
1. Chief General Manager, Banking Operations (R&DB), Chairman
2. Dy. General Manager, Systems & Procedures
3. Dy. General Manager, Vigilance
4. Dy. General Manager, Cadre Management Department
5. Dy. General Manager, ITSS

Sunil SKA
 99

6. DGM (Operational Risk Management)

7. General Manager (FC), Convener

The Alertness Award Committee may meet at least once in a calendar quarter and examine the proposals prepared by
the Fraud Monitoring Cell and / or Risk Management Committee to decide the quantum of reward. For the purpose of
valid quorum, minimum three members must be present in addition to the Chairman of the Committee. The committee
may invite other officials, who have expertise in certain areas as special invitees. These special invitees, however, will
not have any voting rights. The committee may frame additional rules for its proper functioning, including development
of a matrix for deciding the quantum of the award. Based on the decision of the Committee, proposals for sanction of
the reward will be put up by the Chairman, Alertness Award Committee to the Managing Director (R&DB), who may be
designated as the „competent authority‟ for the purpose of sanction of cash rewards under the Scheme.

Criteria
The following criteria would have to be considered / kept in mind to determine the contribution made by a staff member
in prevention/ detection /foiling of fraud:

1. The contribution made by the staff members in prevention of frauds/detection of frauds/ foiling attempts of
fraud/Near Miss Events should be significant and exemplary. The prize and its quantum would depend upon whether
the contribution was made during checking / verification of documents, signatures etc. or the staff member was alert to
other signals such as suspicious behaviour, circumstances surrounding the case, awareness of similar cases and
spotting the linkages etc. and identifying / nabbing the culprits and action taken for recovery etc.

2. The role assigned to the staff member in relation to prevention/detection/ foiling of fraud and detection / identification
of NMEs should have a bearing on the award and quantum of reward.

3. The amount saved by such contribution by the staff member(s), may be a guiding factor in determining the quantum
of award, though it need not be the deciding factor. However, in case of NMEs as a tool for Operational Risk
Management, promptness in detecting failures/errors in process or internal control systems need to be the deciding
factor.

4. The initiative taken by the staff member(s) to probe deeper in to transactions, which prima-facie appear to be
irregular, their persevering efforts as also the exemplary presence of mind displayed in foiling attempt(s) to defraud,
identifying NMEs etc. will be major factors to be borne in mind while determining the quantum of reward.

5. Detection of income leakage by staff members will not fall under the purview of this scheme unless such income
leakage was of fraudulent nature.

The Awards
Staff members selected for recognition and reward under the scheme may be given one of the following combinations
of rewards:

Category I: A citation or certificate of merit.

Category II: A citation or certificate of merit and a specially designed memento (to be standardised), containing a
suitable legend.
Category III: A citation or certificate of merit, a specially designed memento(to be standardised) containing a suitable
legend along with cash rewards ranging from Rs 5,000/- to Rs 2,00,000/- (depending on the contribution of the staff
member(s) in prevention / detection/ foiling of frauds, identification of NMEs). Besides, suitable remarks will be made in
the personal files/ service records of the staff members selected under the Scheme. Special mention about the
recognition will also be made in the Annual Appraisal Report of the staff members concerned.

Presentation:

Sunil SKA
 100

The Alertness Awards will be presented to the staff members on the 1st of July - State Bank Day. Awards falling under
category I and Category II can be presented at the Module level and awards falling under Category III can be
presented at the LHO level.

Sunil SKA
 101

Module 4 - Assessment
According to Bank’s guidelines on fraud prevention in collateral security which of the following statement is/are B
correct :
I) Obtaining certified copies of title deeds by Advocate and comparison with original title deeds to be ensured.
II) Noting of charge with revenue authority on mortgaged property to be ensured within one year of EM creation.
III) To make post-sanction inspection on appointment basis.
IV) Charge on Collateral securities (mortgaged properties) to be recorded in revenue record. Periodic
Encumbrance Certificate to be obtained.
a. Only II, III and IV
b. Only I and IV
c. Only I, II and IV
d. Only I and III
According to Bank’s guidelines on fraud prevention in term loan, which of the following statement is/are incorrect : B
I) Disbursement to be made to the account of supplier
II) Immediate inspection after purchase of machinery to be done to ensure proper utilization of funds.
III) Physical progress / status of project to be monitored on an ongoing basis
IV) Certificate from Chartered account and Architect to be submitted by the company on annual basis for progress
of construction of the said project in respect of amount incurred on the project.
a. Only I
b. Only IV
c. Only II
d. Only III
According to Bank’s guidelines on fraud prevention in SME loans relating to disposal of collateral security which of B
the following statement is/are correct :
I) Bank should file application for urgent hearing before DRAT to vacate the stay to be complied/ ensured, and
after vacating the stay, the properties should be sold under SARFAESI Act,
II) Details of property to be registered with CERSAI and CERSAI ID certificate for mortgaged properties to be kept
on record,
III) Copies of title deeds must be obtained at the time of creation of mortgage, IV) Independent verification of
mortgaged properties to be carried out only once
a. Only I, II and IV
b. Only I and II
c. Only I and IV
d. Only II and IV
Bank’s guidelines are in place for fraud prevention and mitigation measures in SME loans. which of the following D
statement is/are correct in respect of frauds owing to overvaluation of collateral and diversion of fund :
I) Value of the property offered as security to be independently verified by the Bank official and to be duly
recorded.
II) Due diligence on the supplier to be done and opinion report to be obtained. Funds to be disbursed directly to
borrower.
III) Deficiencies pointed out in various audit reports to be promptly attended and rectified.
IV) Account with other Bank to be closed as and when detected.
a. Only I and III
b. Only I, II and IV
c. Only I and IV
d. Only I, III and IV
Bank’s guidelines are in place for fraud prevention and mitigation measures in SME loans. which of the following C
statement is/are incorrect in respect of frauds owing to overvaluation of collateral and diversion of fund :
I) Value of the property offered as security to be independently verified by the Bank official and to be duly
recorded.
II) Due diligence on the supplier to be done and opinion report to be obtained. Funds to be disbursed directly to
borrower.
III) During post disbursement inspection, details of machineries purchased to be verified and periodic inspection to
be done at regular intervals.
Sunil SKA
 102

IV) Account with other Bank to be closed as and when detected.

a. Only II, III and IV
b. Only II and III
c. Only I II and IV
d. Only I and IV
According to Bank’s guidelines on fraud prevention in Cash Credit Limits which of the following statement is/are C
incorrect :
I) Business model/ need for all sister concerns and justification/ need for limits to be established on approval.
Transfer of funds among the family concerns to be probed with extra due diligence.
II) TIR to be obtained after every 5 years or at the time of enhancement.
III) Irregularity report to be submitted annually and comments thereon to be acted upon.
IV) CIBIL report to be periodically generated and scrutinized to ascertain borrowing from other banks/ FIs
a. Only I and IV
b. Only I, II and IV
c. Only II and III
d. Only I and III
According to Bank’s guidelines on fraud prevention in High Value Banking Frauds, which of the following statement D
is/are incorrect :
I) Genuineness of the buyers should be verified to ascertain their capability of huge buying
II) Meaningful analysis of stock statements should be carried out
III) Past track record and status of the customers may be ignored
IV) Financial statements and other documents should be thoroughly checked for their genuineness through various
online sources e.g. ROC website, UDIN, GSTN network etc. End use of the funds to be ensured.
a. Only I
b. Only II
c. Only IV
d. Only III
Who is the Reviewing Authority under whistle blower policy of the Bank? A
a. CGM (Fraud Monitoring Department)
b. DGM & CFO for circles / GM (Fraud Monitoring Department) for CC establishments
c. CVO
d. DGM (VIG)
Fraud Mitigation Measures include surprise verification of Agri gold loans. In surprise verification of gold loans the C
random basis check involves:
a. Checking the ornaments for purity in respect of 25% or maximum of 50 gold loan accounts whichever is less
b. Checking the ornaments for purity in respect of 50% or maximum of 100 gold loan accounts whichever is less
c. Checking the ornaments for purity in respect of 30% or maximum of 100 gold loan accounts whichever is less
d. Checking the ornaments for purity in respect of 30% or maximum of 50 gold loan accounts whichever is less
In case of payment of Non-Home cheque of ₹5 lakh and above and any suspicious transactions irrespective of A
amount involved, the drawer is to be contacted over
a. Registered Mobile Number of the drawer
b. Mobile Number given overleaf
c. Alternate Mobile Number of the drawer
d. Landline Number of the drawer
According to Bank’s guidelines on fraud prevention in WHR which of the following statement is/are correct : B
I) Meaningful pre-sanction survey to be carried out to ascertain identity, address, credit worthiness and integrity of
the Proprietor of the firm.
II) Adequate Insurance Cover for the commodity / stock to be ensured, due date of insurance to be diarized.
III) Market Price advised by Collateral Manager to be cross-checked with local Mandi/ MCX.
IV) Any adverse report on Collateral Manager to be shared immediately with Corporate Centre.
a. Only I, II and IV
b. Only I, II, III and IV
c. Only I, II and III
d. Only I and III
Sunil SKA
 103

According to Bank’s guidelines on fraud prevention in Cash Credit Limits which of the following statement is/are B
correct :
I) Transfer of funds among the family concerns to be permitted without any limit.
II) TIR to be obtained after every 3 years or at the time of enhancement.
III) Noting of charge with revenue authority on mortgaged property to be ensured immediately after creation of EM.
IV) CIBIL report to be periodically generated and scrutinized to ascertain borrowing from other banks/ FIs
a. Only I and IV
b. Only II, III and IV
c. Only I, II and IV
d. Only I and III
Preventive Vigilance Committee (PVC) is one of the tools for exercising preventive vigilance. Which of the A
following statement is/are correct :
I) 30% of staff members, minimum 3 officers / employees should be co-opted on the PVC of each unit.
II) The head of the Branch / Unit and official dealing with operational risk would be permanent members and other
members to be rotated at yearly intervals.
III) The meetings of PVCs be held at least once in 6 months.
IV) The controllers (any officer from controlling office-designated for the purpose) to guide the staff in identifying
the areas of vulnerability to frauds / malpractices, visit the branches / units periodically and if possible, to attend
meetings of PVCs, at least once in 6 months.
a. Only I, II and IV
b. Only II and IV
c. Only I and II
d. Only I and IV
Fraud Mitigation Measures include surprise verification of Agri gold loans. Surprise verification of gold loans is D
done by?
a. Joint Custodian
b. Regional Manager
c. Branch Manager
d. An officer other than the Joint Custodians
Which of the following is not a security feature in Cheque Truncation System (CTS-2010) for Fraud Mitigation C
Measures?
a. CTS India Watermark paper
b. Account Number Field
c. Telephone number field
d. Micro Lettering
Which among the following is/are among roles and responsibilities of Reviewing Authority under Whistle Blower D
Policy :
I) Functioning of the Policy will be reviewed by the Reviewing Authority on quarterly basis
II) Upon receiving the investigation report along with Designated Authority’s remark and recommendation,
Reviewing Authority may take a view on closure of the complaint or forward the same to the concerned department
for initiation of disciplinary proceedings.
III) The Reviewing Authority will be responsible to implement the Policy and ensure that the Policy is known to all
employees
IV) If any person (Whistle Blower) is aggrieved by any action on the ground that he is being victimized due to the
fact that he had filed a complaint or disclosure, he may file an application before the Reviewing Authority, seeking
redressal in the matter, wherein the Reviewing Authority may give suitable directions to the concerned person or
the authority.
a. Only I and IV
b. Only II and IV
c. Only I and II
d. Only I, II and IV
PIDPI means B
a. Public Interest Disclosure & Prevention of Incidents
b. Public Interest Disclosure & Protection of Informer
Sunil SKA
 104

c. Posting Information & Disclosure in Public Interest

d. None of these
According to Bank’s guidelines on fraud prevention in WHR which of the following statement is/are correct : D
I) Warehouse/ Godowns to be visited and stocks to be verified periodically. II) It is to be ensured that underlying
stocks are segregated/ properly tagged with Bank’s name.
III) Market Price advised by Collateral Manager to be cross-checked with local Mandi/ MCX.
IV) Financing of stocks held in borrowers godowns may be permitted.
a. Only I and III
b. Only I, II, III and IV
c. Only I, II and IV
d. Only I, II and III
According to Bank’s guidelines on fraud prevention in term loan, which of the following statement is/are correct : A
I) Disbursement to be made to the account of borrower
II) Immediate inspection after purchase of machinery to be done to ensure proper utilization of funds.
III) Transaction with related party to be allowed without restrictions
IV) Post sanction inspection to be done at periodic interval to ensure end use of funds
a. Only II and IV
b. Only II, III and IV
c. Only I, II and IV
d. Only I and III
Which of the following does not come under the purview of the Whistle Blower Policy B
a. Corruption, frauds, misuse/abuse of official position
b. Complaint with non verifiable contents
c. Manipulation of data/ documents
d. Decision taken by the committees established by the Bank
According to Bank’s guidelines on fraud prevention in collateral security which of the following statement is/are D
correct :
I) TIR to be obtained after every 2 years or at the time of enhancement.
II) Display of Bank’s board at prominent place in the unit.
III) Proper scrutiny of the lawyer’s report and valuation report.
IV) Charge on Collateral securities (mortgaged properties) to be recorded in revenue record. Periodic
Encumbrance Certificate to be obtained.
a. Only I and III
b. Only I, II and IV
c. Only I and IV
d. Only II, III and IV
In COVID-19 Pandemic environment fraudsters may try to open new accounts containing terms such as COVID / B
CORONA. According to Bank’s guidelines on fraud prevention which of the following statement is/are correct:
I) Customers should be made aware of the increasing risk of online frauds through phishing emails, SMS,
fraudulent loan and moratorium offers, fake COVID-19 sites and apps, fake banking and insurance websites etc.
II) Branches should be more vigilant while opening accounts in the name of charitable institutions/ NGOs.
III) Sudden increase of Government credit observed in accounts of the person who may not be entitled for such
grants, should be discreetly enquired into, before allowing withdrawal.
IV) A list of such accounts opened since February 2020 may be extracted and verified
a. Only I, II and III
b. Only I, II, III and IV
c. Only I, II and IV
d. Only I and III
Fraud Mitigation Measures include surprise verification of Agri gold loans. In surprise verification of gold loans the B
identified official should ensure that the number of gold loan bags tally with the number of accounts reported in the:
a. Loan Balance file / CCOD file of the last Friday
b. Loan Balance file / CCOD file (generated at the EoD of the previous working day)
c. Last RFIA report
d. Register kept with Joint Custodian
Sunil SKA
 105

The Whistle Blower Policy has been modified as per D

a. Section 177 of Companies Act, 2013
b. Relevant Notifications of RBI,
c. SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015
d. All of the above
Bank’s guidelines are in place for Fraud prevention and mitigation measures in SME loans. which of the following A
statement is/are correct in respect of frauds owing to fabricated financial and forged title deed:
I) Check the authenticity of the documents/ reports/ certificates etc. with UDIN and the key fields provided by the
certifying Chartered Accountants.
II) Reporting of Third-Party Entity (TPE) to IBA/ ICAI for black listing.
III) Justification of limits for the group concerns, proper assessment, satisfying about business model is essential to
avoid accommodation loans.
IV) Obtention of CIBIL report only on borrowers and not on guarantors.
a. Only I, II and III
b. Only I and IV
c. Only I, II and IV
d. Only II and III
Which of the following is the new feature in Cheque Truncation System (CTS-2010) for Fraud Mitigation D
Measures?
a. Micro Lettering
b. New Rupee symbol
c. VOID Pantograph
d. UV Band in variable fields
Whistle Blower portal of our bank may be accessed using B
a. https://blowwhistle.sbi.co.in
b. https://whistleblower.sbi.co.in
c. http://whistleblow.sbi.co.in
d. https://whistleblower.cvo.in
Preventive Vigilance covers which areas of banking activities? D
a. Credit related matters
b. Procurements
c. HR initiative
d. All of the above
According to Bank’s guidelines on fraud prevention in WHR which of the following statement is/are incorrect : C
I) Warehouse/ Godowns to be visited and stocks to be verified periodically. II) Financing of stocks held in
borrowers godowns may be Permitted
III) Market Price advised by Collateral Manager to be cross-checked with local Mandi/ MCX.
IV) It is to be ensured that underlying stocks are segregated/ properly tagged with Bank’s name.
a. Only I
b. Only III
c. Only II
d. Only IV
As per confidentiality mechanism of whistle blower, the identity of the whistle blower remains with the: D
a. Investigating Official
b. GM (Network/ Business Group)
c. CGM (Circle/ Business Group)
d. Designated Authority

Sunil SKA