AML Sanction Lists
The Requirements / obligations under International Agreements Communications from International Agencies focus on the AML screening for identifying terrorist links. All REs now have a specific requirement to screen users against the UNSC Sanctions Lists, UAPA Sanction Lists, and Politically Exposed Persons (PEPs) along with their relatives and close associates. Daily verification of customer databases against these sanction lists is mandated.

Additionally, REs need to leverage the latest technological innovations and tools for effective implementation of name screening to meet the sanctions requirements.

Ongoing Due Diligence
REs may consider adopting appropriate innovations including AI / ML to support effective monitoring. Furthermore, the RBI emphasizes the significance of profile-based risk assessments and periodic reassessments of onboarded users as best practices.

Risk Categorization
The indicative list of parameters for risk categorization has been expanded to include geographical risk covering customers as well as transactions, type of products / services offered, delivery channel, types of transaction undertaken, etc.

V-CIP (Video-based Customer Identification Process)
REs must own the data completely in case they use V-CIP with the cloud model. The timeframe for Aadhaar XML file / Aadhaar Secure QR code generation has changed to 3 “working” days from the date of conducting the V-CIP.

Enhanced Due Diligence (Non-face to face Customer Onboarding)
Amended measures include – RE shall verify the current address through positive confirmation (through address verification letters, contact point verification, etc.) before allowing operations in the account, PAN verification. Customers need to be verified by face-to-face or V-CIP, else will be categorized as high-risk customers and accounts opened subjected to enhanced monitoring.

Introduction of New Technologies
REs must identify and assess the ML / TF risks that may arise in relation to the development of new products, business practices, delivery mechanisms, and use of new technologies and take appropriate measures to manage and mitigate the risks.

Customer Acceptance Policy (Know Your Business – KYB)
It has become mandatory to verify the GST number of an entity before onboarding them. RE shall file an STR where it is suspicious of money laundering or terrorist financing, and reasonably believes that performing the CDD process will tip-off the customer.

Updation / Periodic Updation of KYC Data
Aadhaar OTP-based e-KYC in non-face-to-face mode is permitted now, besides V-CIP. High-risk customers need to update their KYC every 2 years.

Identification of Beneficial Owner
The threshold for “Controlling ownership interest” for the purpose of determination of Beneficial Owner has been revised to 10% for both companies and trusts down from 25% and 15%. For wire transfers, verifying the identity of both the originator and beneficiary is mandatory.

CKYC
REs can obtain KYC identifier with explicit customer consent to download records from CKYCR for CDD.

CDD Measures in Case of Certain Categories of Non-individual Customers
Includes certain additional information / document requirements of companies, partnership firms, and trusts, namely – the names and addresses.