The IBA Working Group Report(WGR) 2010 : Legal Framework & Risk Assessment

By

Indian Banks' Association (IBA) - Introduction  

Indian Banks' Association(IBA), formed on as a representative body of management of banking in India operating in India - an association of Indian banks and financial institutions,  based in Mumbai (26 Sep 1946). An association of banks and other entities in the banking ecosystem in India catering to its members is neither a Governmental entity nor a Regulatory Authority nor  amenable to Writ Jurisdiction of Courts; and not subject to the RTI Act.

It undertakes, study on different topics of interest to the banking business community and evolve common understanding on issues affecting member banks. When regulators bring new laws/changes to existing ones, it try to educate industry and bring out common set of policies and procedures in implementation. IBA has come out with various standards and codes with approval of RBI on different topics

Introduced a formal system of self-discipline in the Indian Banking Industry in the year 1973, by recommending a ceiling rate of interest on inter-bank borrowings in call money market. In the year 1977, the Ground Rules and Code ofEthics (GRACE) were evolved. This IBA Code for Banking Practice replaced the extant GRACE with effect from 1st September, 1999 for adoption by all Member Banks. The IBA had brought out its "Bankers' Fair Practice" code in June 2004 and all member banks had adopted it voluntarily. The code was essentially a commitment to be fair and transparent in dealing with individual customers. The IBA had also separately come out with "Fair Practice Code for Credit Card Operations" and "Model Code for Collection of Dues and Repossession of Security" to address specific concerns voiced by customers about banking practices in these areas.

 In accordance with the proposal contained in the Annual Policy Statement for the year 2005-06 of , The Banking Codes and Standards Board of India (BCSBI) was set up on 18th February 2006 as a collaborative effort of RBI and Banks, on the lines of a similar set up in UK to oversee the "Banking Code", a voluntary Code, evolved by the British Bankers Association (BBA), which is adopted by all banks in UK. The proposal for setting up the BCSBI was based on the recommendation made by the Committee on Procedures and Performance Audit on Public Services (Tarapore Committee), in its Report No.6 dealing with Benchmarking, ISO Certification and Performance Audit. BCSBI had made certain further refinements to the Code and the "Code of Bank's Commitment to Customers" was brought out. The Code sets minimum standards of banking practices for banks to follow when they deal with individual customers.

The "Code of Bank's Commitment to Customers" was released by Dr. Y.V. Reddy, Governor, Reserve Bank of India in an inaugural function held at RBI on 1st July 2006.

With the adoption of "Code of Bank's Commitment to Customers" by member banks who are members of BCSBI, the following voluntary Codes of IBA would not be applicable to them:

 

1.      Bankers' Fair Practice Code - effective June 2004

2.      Fair Practice Code for Credit Card Operations

3.      Model Code for Collection of Dues and Repossession of Security

 

However, member banks who are not members of BCSBI or eligible to become members of BCSBI would continue to follow these Codes.


 The IBA Working Group Report(WGR) on AML/CFT  2010

IBA Core Group on KYC and AML in its guidance note for Banks on KYC/AML/CFT obligation of Banks under PMLA 2002 has suggested following indicative parameters which can be used, to determine parameters for risk the bank is exposed to while carrying out its business. Banks differ in size, customer/product profile, etc.. Following the risk based approach, the language of risk categorization needs to be uniformly understood by all involved. This role is accomplished by the Working Groups constituted from time to time on various topics in the industry.

 This Guidance Note  aims at  Uniformity in  approach among the banks for implementing  KYC standards and AML measures and mitigate risk of the bank being used in connection with ML & TF. It was issued for the first time  by Working Group  in 2005, with substantial review of 2009 & 2012.

 The FATF review commented on lapses in Suspicious Transaction Reporting (STR) regime. In this context the Working Group was constituted jointly by RBI and Dept of Financial services with representatives from RBI, IBA and FIU-IND


The members of the working group consisted of

Bank of India

Central Bank of India

Corporation Bank

Indian Bank

Punjab National Bank

State Bank of India

Union Bank of India

Axis Bank

HDFC bank

ICICI Bank

Kotak Bank

CITI Bank

HSBC

Standard Chartered Bank

  

Purpose of the Guidance Note

The purpose of this guidance note is to create awareness to the legal and regulatory framework for AML/CFT/Sanction requirements and systems across the banking sector, Interpret the obligation under the PMLA and other relevant regulations and how they may be implemented in practice and Help banks to align their operations with good international industry practice in AML/CFT/Sanction Procedures through a proportionate risk based approach

 

·         Create a common and shared understanding among the banking sector, regulators and FIU about the implementation of STR detection and reporting systems

·         Provide indicative lists of high risk customers, products, services and geographies

·         Provide a list of commonly used alert indicators for detection of suspicious transactions

·         Provide guidance for an effective alert management and preparation of STRs

 

The members of business of banking use it as practical guidance and the FIU-Ind use it as a reference material in the AML/CFT regime







Three sub-groups were constituted for Risk Assessment, Alert Scenarios and  Alert Management. After series of consultations, the Working Group finalized the report on December 09, 2010. The sub-groups came up with their suggestions in the light of the legal framework that existed:


Summary of Chapter 4: Legal Framework

 

1.      The section 12 of PMLA 2002 requires bank to give report to FIU-Ind on Suspicious Transactions.

2.      Freezing of Assets under section 51 A of Unlawful Activities (Prevention) Act, 1967 obligate banks to file suspicious transactions report (STR) with FIU-Ind

 

Suspicious Transaction Rule(2)(1)(g)

 

“Suspicious transaction” means a “transaction” as defined above, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith: a) Gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified, regardless of the value involved; or b) Appears to be made in circumstances of unusual or unjustified complexity; or c) Appears to not have economic rationale or bona-fide purpose; or d) Gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism. Explanation: Transactions involving of the activities relating to terrorism includes transaction involving funds suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organization or those who finance or are attempting to finance terrorism.

 

3.      RBI Master Circular dated July 01, 2010:

 

a.       The RBI master circular of RBI para 2.5(i) of July 01, 2010 requires banks to report intentionally structured transactions

b.      The RBI master circular of RBI para 2.6 of July 01, 2010 requires banks to report Suspicious Transactions

c.       The RBI master circular of RBI para 2.8(a) of July 01, 2010 requires banks to report high risk  transactions that cross certain threshold limits

d.      The RBI master circular of RBI para 2.8(b) of July 01, 2010 requires banks to carry out ongoing due diligence; PMLA Rule 9 sub-rule(1B)

e.       The RBI master circular of RBI para 2.12  of July 01, 2010 requires banks to report transactions that give rise to reasonable ground of suspicion

f.       The RBI master circular of RBI para 2.17 (ii)(B)ii) of July 01, 2010 requires banks to report high risk  transactions as per UAPA 1967

g.      The RBI master circular of RBI para 2.17(iv)c)) of July 01, 2010 requires banks to report complete originator information on suspicious Wire Transfer transactions

h.      The RBI master circular of RBI para 2.19(iv)d) of July 01, 2010 requires banks to have adequate software application tothrow alerts when transactions are inconsistent with risk categorization and updated profile of customers so as to  enable compliance of PMLA 2002 & PMR 2005

i.        The RBI master circular of RBI para 2.20 b of July 01, 2010 requires banks to report attempted Suspicious Transactions irrespective of the amount involved,

j.        The RBI master circular of RBI para 2.20 b of July 01, 2010 requires banks to report Suspicious transactions within 7 days [immediately May 2023]

k.      The RBI circular of RBI para 7 of  Aug 18, 2009 requires  to report Unusual transactions observed during the review to RBI and appropriate authorities

l.        The RBI master circular of RBI para 3  of Nov 25, , 2010 requires APs to report cases where a business relationship exists and CDD is not possible in STR to FIU-Ind

m.    The RBI master circular of RBI para 7) of Dec 07, 2010 requires banks to report operations of mule account under PMLA 2002

The RBI Master Circular of RBI para 2 & 3  of  Dec 30, 2010 requires banks to report high risk  customers transaction  involving cash intensive business like Bullion dealers, Jewellers etc


Summary of Chapter 5: Identification & Assessment of Risk

 


RBI’s requirement: approach to be followed by REs

 

  • Customer Acceptance Policy on classification of Customer to low. Medium and High risk
  • Customer Identification Process to avoid disproportionate cost to banks and burdensome regime for customers
  • Transaction Monitoring including periodic updation, ongoing due diligence
  •  
  • Risk Management Responsibility allocation including monitoring of suspicious small accounts

 

FATF guidance on Risk Based Approach (2007) suggested classification for high risk Customers, Products and Jurisdictions and Channels

 

RBI Circular July 01, 2010 requires RE to

a). Customer to be classified into Low Risk, Medium risk and High Risk based on background, nature and location of activity, country of origin, sources of funds and his client profile etc..

b). customer profiling to be done by bank based on risk perceived by the bank

c).customer Identification Process (CIP) to done. Banks needs to device program that has no undue cost to bank and at same time reduce discomfort to client

d). periodic risk class updation 2-5-8 for High-Medium-Low categories respectively

e). Enhanced due diligence for PEPs, Close relatives of PEPs and accounts of which PEP is the ultimate beneficiary

f). conduct ongoing due diligence based on the bank’s knowledge of the customer , his business, and where necessary, the source f funds

g). Board of Directors of the bank to ensure effective KYC program with appropriate procedures ensure effective implementation. It should cover proper management oversight, systems and controls, segregation of duties, training and related matters.

h). monitor small accounts for suspicious conduct of ML/Ft as per Rule9(2)

 

The FATF Guidance on Risk Based Approach  (June 2007) suggest factors to be considered in determining high risk customers, products and jurisdictions. In making their risk evaluation, banks should consider guidance provided by regulators outlining examples and characteristics of certain customers, products and services that may pose increased ML/FT risk. The examples and characteristics should be considered while introducing new products and services , and when determining the appropriate level of initial and ongoing due diligence and monitoring, depending on circumstances

Customer Risk

a)      As per RBI circular , customers that are likely to pose a higher than average risk to the bank should be categorized as medium or high risk depending on customer’s background , name and location of activity, country of origin, sources of funds and his client profile Certain categories named by RBI for which no bank account to be opened for

 

·         Benami or anonymous accounts

·         Accounts of known criminals or banned entities

·         Shell banks

·         Pooled accounts on behalf of clients by Lawyers & Accountants who are bound by customer confidentiality

 

b). RBI circular requires banks to apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence ‘ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence include –

 

·         Non-resident customers

·         High net worth individuals

·         Trusts, charities, NGOs and Organisations receiving donation (excluding NPOs/NGOs promoted by United Nations or its agencies)

·         Companies having close family shareholding or beneficial ownership

·         Firms with ‘sleeping partners’

·         Politically exposed persons(PEPs) of foreign origin, customers who are close relatives of PEPs and accounts of which a PEP is the ultimate beneficial owner

·         Non-face to customers

·         Those with dubious reputation as per public information available etc..

 

RBI circular requires identification of potential ML/FT risks which provides inputs to the overall ML/Ft risk assessment Indicative list given in Appendix-A. Each bank needs to assess based on its own criteria, whether a particular customer poses a higher risk of money laundering and whether mitigating factors may lead to a determination that customers engaged in such activities do not pose a higher risk of money laundering. Application of the risk variables plays an important part in this determination.

Any assessment of the risks that a customer may pose will be underpinned by customer on boarding procedures and developed further by ongoing monitoring.

For uniform business wise risk management, the banks are encouraged to adopt international standards such as the International standard Industrial Classification (ISIC) of economic activities maintained by the United Nations Classification registry.

 

As all characteristics of customer risk cannot be assessed using a computerized system, the employee training should address following risks posed by a customer behavior:

·         Where there is no commercial rationale for the customer buying the product he seeks

·         Requests for a complex or unusually large transaction which has no apparent economic or lawful purpose

·         Requests to associate undue levels of secrecy with a transaction

·         Situations where the origin of wealth and/or source of funds cannot be easily verified or where the audit trail has been deliberately broken and/or unnecessarily layered

·         The unwillingness of customers who are not private individuals to give the names of their real owners and controllers

Non-face to face transactions can present  a greater money laundering or terrorist financing risk than those conducted in person because it is inherently more difficult to be sure that the person with whom the firm is dealing is the person that they claim to be. Enhanced due diligence is required be carried out in accordance with the bank’s procedures.

 

The customer risk is also impacted by the way the customer comes to the bank such as:

·         Occasional transactions v/s business relationship

·         Introduced business, depending on the effectiveness of the due diligence carried out by the introducer

·         Non-face to face acceptance

 

RBI circulars mentions that for the purpose of risk catergorisation, individuals (other than High Net Worth ) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, may be categorized as low risk. Many customers, by their nature, or through what is already known about them by the bank, carry a lower ML/FT risk . these might include:

 

·         Salaried employee whose salary structures are well defined

·         People belonging to lower economic strata of the society whose accounts show small balances and low turnover

·         Govt departments and Govt owned companies, regulators and statutory bodies etc..

·         Customers who are employment-based or with a regular source of income from a known source which supports the activity being undertaken (this applies equally to pensioners or benefit recipients or to those whose income originates from their partner’s employment)

·         Customers with a long- term and active business relationship with the bank.

 

 Products and Services Risk

Determining the potential ML/FT risks presented by services offered by a ban or financial institution also assists in the overall risk assessment. Services that pose a higher risk of ML/FT should be included in determination of the overall risks posed

Under RBI’s MC banks are required to pay special attention to any money laundering threats that may arise from new or developing technologies including internet banking that might favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes. Many banks are engaged in the business of issuing a variety of Electronic Cards that are used by customers for buying goods and services, drawing cash from ATMs and can be used for electronic transfer of funds. Banks are required to ensure full compliance with all KYC/AML/CFT guidelines issued from time to time, in respect of add-on or supplementary card holders also.

Further, marketing of credit cards is generally done through the services of agents. Banks should ensure that appropriate KYC procedures are duly applied before issuing the cards to the customers.

Banks should be mindful of new or innovative services not specifically being offered by banks, but that make use of the bank’s services to deliver the product. Determining the money laundering risks of services should include a consideration of such factors as:

o   What risk is posed by the product/service the customer is using?

o   Do the features of the product /service be used for ML/FT ?

o   Do the features of the product /service be used for ML/FT ?

o   Do the features of the product /service provide anonymity to the customer?

o   Do the features of the product /service not allow proper identification and detection?

o   Does the product or Service allow/facilitate payments to third parties  ?

o   Is there risk of inappropriate assets being placed with, or moving from , or through, the bank?

o   Does a customer migrating from one product to another within the bank carry a risk ?

Banks should ensure that services intended to render the customer deliberately anonymous to the bank to avoid identification and detection shall not be offered.

The indicative list of high/medium risk products and services is given in Appendix-B. banks amy consider the list and factors discussed above, depending on circumstances, in determining the risk level of products.

The distribution channel for products may alter the risk profile. For instance, credit cards may be used through a number of channels. They may be used at merchant’s premises at the point of sale, or may be used remotely over the telephone, web or mail.

 Geographic risk

 The RBI Master Circular specifically directs banks to: 

Establish a risk based customer acceptance policy that defines risk parameters in terms of the location of the customer and the customer’s clients as well as factors, such as the nature of business activity, mode of payments, turnover, and customer’s social and financial status. 

Prepare profile for all new customers based on risk categorization , taking into account the above factors, including the location of the customer’s business activity, and to conduct due diligence based on the bank’s risk perception. It could be expected that these systems should include procedures for assessing and paying special attention to the ML/Ft risks of customer’s located in, and transactions from other countries, including high risk countries that do not or insufficiently apply FATF Recommendations 

Banks are required to take into account risks arising from the deficiencies in AML/CFT regime of the jurisdictions included in the FATF statement. In addition to te FATF statements circulated by Reserve Bank of India from time to time, banks should also consider publicly available information for identifying countries, which do not or insufficiently apply the FATF Recommendations. It has been clarified that banks should also give special attention to business relationships and transactions with persons (including legal persons and other financial institutions)  from or countries that do not or insufficiently apply the FATF  recommendations and jurisdictions include in FATF statements. 

 

The Indicative list of high/medium risk jurisdictions and locations is given in Appendix C to the report

Customer should be subjected to higher due diligence, if following criteria falls under “higher risk” geographies:

 

·         Country of nationality (individuals)

·         Country of residential address (individuals)

·         Country of incorporation (Legal entities)

·         Country of residence of principal shareholders/beneficial owners(Legal entities)

·         Country of business registration such as branch/laison /project office

·         Country of source of funds

·         Country of the business or correspondence address

·         Country with whom customer deals (e.g.., over 50% of business –trade etc..)

 

Apart from the risk categorization of the countries, the banks should categorise the geographies/locations within the country on both ML/FT risk. The FT risk of a location is more relevant if the utilization of money or cash withdrawal is taking place in locations with known terrorist incidents. Priority needs to be given on identification of location (pincodes or districts) with high or very high TF risk to detect TF related STRs

 

Variables that may impact risk

 

According to guidance paper, the risk assessment should take into account risk variables specific to a particular customer or transaction. These variables may increase or decrease the perceived risk posed by a particular customer or tyransaction and may include:

The purpose of an account or relationship may influence the assessed risk. Accounts opened to facilitate traditional, low denominated consumer transactions may pose a lower risk than an account opened to facilitate large cash transactions from a previously unknown commercial entity

The level of assets to be deposited by a particular customer or size of transactions undertaken. Unusually high levels of assets or unusually large transactions compared to what might reasonably be expected of customers with a similar profile may indicate that a customer not otherwise seen as higher risk should be treated as such. Conversely, low levels of assets or low value transactions involving a customer that would otherwise appear to be higher risk might allow for a financial institution to treat the customer as lower risk.

The level of regulation or other oversight or governance regime to which a customer is subject. A customer that is a financial institution regulated in a country with a satisfactory AML regime poses less risk from a money laundering perspective than a customer that is unregulated or subject only to minimal AML regulation. Additionally, companies and their wholly owned subsidiaries that are publicly owned and traded on a recognized exchange generally pose minimal money laundering risks. These companies are usually from countries with an adequate, recogniosed regulatory scheme, and  therefore, generally pose less risk due to the type of business they conduct and the wider governance regime to which they are subject. Similarly, these entities may not be subject to as stringent account opening due diligence or transaction monitoring during the course of the relationship.

Regularity or duration of relationship.  Long standing relationships involving frequent customer contact throughout the relationship may present less risk from a money laundering perspective

The familiarity with a country, including knowledge of local laws , regulations and rules, as well as the structure and extent bof regulatory oversight, as a result of the financial institution’s own operations within the country.

The use of intermediate corporate vehicles or other structures that have no apparent commercial or other rationale or that unnecessarily increase the complexity or otherwise result in a lack of transparency. The use of such vehicles or structures, without an acceptable explanation, increases risk


Happy Reading


Those who read this, also read:


1. The IBA Working Group Report on AML/CFT  2010 : Alert Generation

2. The IBA Working Group Report on AML/CFT  2010 : Appendices A, B and C

3. The IBA Working Group Report on AML/CFT  2010 : Appendices D & E

4. The IBA Working Group Report on AML/CFT  2010 :  Alert Management

5. The IBA Working Group Report on AML/CFT 2010: Preparation & Submission of STRs



Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more