PERPETUAL KYC IN INDIA- MYTH OR REALITY?

CONTIBUTED BY ADV. PRADEEP JOY & ADV. ANJALY ANN JOSEPH

The concept of Know Your Customer (KYC) emerged as a weapon to combat money
laundering. International awareness on the need for enhanced customer due diligence preceded
the incorporation of KYC into the legal regime of different nations. With the formation of
Financial Action Task Force (FATF) in 1989, the international arena was set to embrace the
strict compliance measures to prevent money laundering and terrorist financing. The US took
the lead with the enactment of the Patriot Act in 2001, introducing the concept of due diligence
for foreign financial institutions and Private Banking accounts.

In consonance with the international developments, Prevention of Money Laundering Act,2002

was enacted in India, to improve transparency in financial transactions. Subsequently an
amendment was brought in later on to insert a provision for enhanced due diligence. Further, in
2016 Reserve Bank of India released Master Direction on Know your customer.

Know Your Customer (KYC) Direction,2016

According to this direction, Regulated Entities shall have a KYC policy, duly approved by the
Board of Directors. The key elements to be included in the KYC Policy include:

1. Customer Acceptance Policy

Banks shall form a Customer Acceptance Policy that mandates the proper
implementation of Customer Due Diligence (CDD) before opening of accounts. The
Customer Acceptance Policy of the Bank must specify the information to be sought for
opening an account and during periodic updation. The regulation permits OTP based e-
KYC for deposit accounts below one lakh Rupees.

2. Risk Management

Risk management measures shall be brought to effect by categorizing customers into

low, medium and high risk, based on the information collected.

3. Customer Identification Procedures (CIP)

 Banks shall carry out identification of customers while an account is being created by the
customer, international money transfer is conducted by a person who is not an account
holder and in similar circumstances. And for the identification of customers, banks shall
rely on customer due diligence conducted by a third party.

4. Monitoring of Transactions

Banks shall conduct on-going due diligence, and they are to closely monitor large and
complex transactions. The monitoring shall be aligned with the risk categorization of the
customer.

The Concept of Perpetual KYC

Undoubtedly, KYC has become an established practice in the banking industry. However, there
is a need for better technology that is both customer friendly and consistent in the risk
assessment of technology. Perpetual KYC offers an alternative to the old fashioned method of
customer acceptance and verification.

Perpetual KYC is a proactive approach to risk assessment whereas customer monitoring is

conducted in continuous fashion with the help of automation. This technology solution
constantly updates customer data and continuously monitors transactions. As a result, any
change in the risk rating of the customer will be automatically informed to the bank. Perpetual
KYC is basically a tech enabled system that fulfills the know your customer requirements of a
financial institution from the onboarding to lifecycle of the customer.

Perpetual KYC includes assessing the validity of the document submitted by the customer,
collecting information available in the public domain related to the customer, screening the
customer and identifying politically exposed persons and calculating the risk involved.

Digital Kyc In India

Moving with the times, the Regulatory authority of financial sector in India, came up with the
model of ‘Digital KYC’. Amendment on Jan 9, 2020 to the KYC Directions,2016 captured the
idea of digitally accepting the customer and submitting e-documents. Digital KYC is itself
defined as the conduct of verification of the customer by clicking live photos of the customer and
officially valid documents, such as Aadhar. The definition of Digital KYC presents itself as an
alternative, when offline verification cannot be carried out.
Provision for Video based Customer Identification Process (V-CIP) was inserted into the Master
Directions on KYC by amendment dated 10 May,2021. RBI permits the conduct of Customer
Due Diligence via video. V-CIP can be resorted for carrying out CDD for customer onboarding,
and periodic updation of KYC. But the Banks should have basic tech infrastructure for
conducting V-CIP. During the V-CIP procedure, the date, time and GPS coordinates have to be
captured. Moreover, the entire recordings of V-CIP should be stored within India.

International Perspective

FATF recommendations take the prime position in endorsing an ongoing Know Your Process.
Even though the recommendations does not specifically mention the word ‘perpetual KYC’. It
calls for a continuous monitoring of customer and transactions. Section 10(d) of the
recommendations outlines the principle for conducting Customer Due Diligence:

“Conducting ongoing due diligence on the business relationship and scrutiny of

transactions undertaken throughout the course of that relationship to ensure that the
transactions being conducted are consistent with the institution’s knowledge of the
customer, their business and risk profile, including, where necessary, the source of
funds”.

Also, the recommendations also mention that:

“Financial institutions should be required to ensure that documents, data or information

collected under the CDD process is kept up-to-date and relevant by undertaking reviews
of existing records, particularly for higher-risk categories of customers”.

However, in Countries like Australia, the regulatory body AUSTRAC, has come up with
requirements for ongoing due diligence of customers. The regulatory body has mandated that
financial institutions must have a robust monitoring mechanism to bring the transaction under
surveillance and thereby to identify, mitigate and manage risk.

In U.S , Anti - Money Laundering (AML) Source Tool for Broker Dealers published by U.S..
includes procedures for conducting ongoing customer due-diligence, which mentions:

“Conduct ongoing monitoring to identify and report suspicious transactions as well as

maintain and update customer information, including beneficial ownership information for
legal entity customers”.
Similarly, the European Union (EU) in its 6th AMLD calls for stringent measures to prevent
money laundering. It prescribes the integration of technology in the KYC process. Likewise,
Hong Kong Monetary Authority (HKMA) have also laid down principles for using automated
models in the financial sector.

Final Thoughts

The amendments to the Master Direction on KYC Regulation, 2016 allows the use of technology
to conduct online verification of customers. Digital KYC and V-CIP covers only Customer Due
Diligence (CDD) through online, which is merely a single aspect of Perpetual KYC. In the wake
of the pandemic, I think these changes have been resorted to for the sake of ensuring
availability of financial services. However, Perpetual KYC is a broader term which involves
integration of technology for conducting a continuous and ongoing assessment of customers,
where the entire risk categorization, CDD, verification of customers is a tech aided process.
Further, in a Perpetual KYC, only a fraction of manual work is involved, where the output of
automated KYC is routed to the screen of the analyst for assessment.

Interestingly, even foreign nations have not been able to truly inculcate the entire concept of
Perpetual KYC into their regulations. However, FATF and other nations have recognized the
need for technology integration to KYC norms to prevent money laundering. More elaborate
policies from the governments are expected in this direction, as Perpetual KYC is the need of
the hour.