Periodic Updation of Customer Risk Profile

By

1. Preparation of Customer Profile from KYC Data

In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation. 

Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy

a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher;

b). Banks should prepare a profile for each new customer based on risk categorisation. The customer profile may contain information relating to customer’s identity, social/financial status, nature of business activity, information about his clients’ business and their location etc. The nature and extent of due diligence will depend on the risk perceived by the bank. However, while preparing customer profile banks should take care to seek only such information from the customer, which is relevant to the risk category and is not intrusive. The customer profile is a confidential document and details contained therein should not be divulged for cross selling or any other purposes.

c). For the purpose of risk categorisation, individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, may be categorised as low risk. Illustrative examples of low risk customers could be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government Departments and Government owned companies, regulators and statutory bodies etc. In such cases, the policy may require that only the basic requirements of verifying the identity and location of the customer are to be met. Customers that are likely to pose a higher than average risk to the bank should be categorised as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile etc. Banks should apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence include 

(a) Non­resident customers; 

(b) High net worth individuals; 

(c) Trusts, charities, NGOs and organizations receiving donations; 

(d) Companies having close family shareholding  or  beneficial  ownership; 

(e) Firms with  ' sleeping partners '; 

(f) Politically exposed persons (PEPs) of foreign origin; 

(g) Non-face to face customers and (h) those with dubious reputation as per public information available etc. 

However only NPOs/NGOs promoted by United Nations or its agencies may be classified as low risk customer.


d).It is important to bear in mind that the adoption of customer acceptance policy and its implementation should not become too restrictive and must not result in denial of banking services to general public, especially to those, who are financially or socially disadvantaged.

Risk Based approach to Customer Profiling

The RBI MD dated Feb 25, 2016 as updated on Jan 04, 2024 is not detailing how to do risk profiling but put emphasis on doing risk profiling and risk categorization.

Extracts from RBI MD dated Feb 15, 2016 as updated on Jan 04, 2024

For Risk Management, REs shall have a risk-based approach which includes the following.

Customers shall be categorised as low, medium and high-risk category, based on the assessment and risk perception of the RE


2. Updation of Profile arising from Transaction Monitoring

Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy under Transaction Monitoring

Banks should put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures. Such review of risk categorisation of customers should be carried out at a periodicity of not less than once in six months.


3. Periodic Updation of Customer Profile

Extracts from RBI MD dated Feb 15, 2016 as updated on Jan 04, 2024

REs shall adopt a risk-based approach for periodic updation of KYC ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where there is high risk. However, periodic updation shall be carried out at least once in every two years for high-risk customers, once in every eight years for medium risk customers and once in every ten years for low-risk customers from the date of opening of the account / last KYC updation. Policy in this regard shall be documented as part of REs’ internal KYC policy duly approved by the Board of Directors of REs or any committee of the Board to which power has been delegated.

The ‘Explanation’ that “High risk accounts have to be subjected to more intensified monitoring” is applicable to sub-paragraphs (a) and (b) of paragraph 37 and accordingly, the ‘Explanation’ has been shifted as per RBI MD updated version Nov 6, 2024.

To provide better clarity, the phrase ‘updation’ has been inserted with the phrase ‘periodic updation’ in the clauses (ii) and (iv) of sub-paragraph (a); and clauses (iii) and (iv) of sub-paragraph (c) of paragraph 38.

As such, REs are required to create customer profile  while onboarding and do re-profiling after the specified period during the life cycle of customer relationship in addition to transaction monitoring based re-profiling done once in every six months.



Happy reading,


1. Introduction & Overview : Customer Profile

2. Constructing a Customer Risk Profile


 

Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more