With reference to the guidelines regarding ‘Know Your Customer' norms issued by the National Housing
Bank (“NHB”) in terms of its Circulars No. (1) NHB(ND)/DRS/POL-No-02/2004-05 dated August 25, 2004,(2) NHB(ND)/DRS/POL-No-05/2004-05 dated September 23, 2004, (3) NHB(ND)/DRS/POL-No-08/2004-05 dated March 31, 2005, (4) NHB(ND)/DRS/POL-No-32/2009-10 dated March 16, 2010 and (5) NHB/ND/DRS/POL-No-33/2010-11 dated October 11, 2010 wherein Housing Finance Companies (HFCs)Were advised to follow certain customer identification procedure for opening of accounts andmonitoring transactions of suspicious nature for the purpose of reporting it to appropriate authority,APTUS has revised its KYC / AML policy. This revised policy comes into effect from Nov 4, 2011
This policy is applicable to all categories of products and services offered by the Company
The Recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering(AML) standards and on Combating Financing of Terrorism (CFT) standards have become theinternational benchmark for framing Anti Money Laundering and combating financing of terrorismpolicies by the regulatory authorities. Compliance with these standards both by the banks/financialinstitutions, including HFCs, has become necessary for international financial relationships. The Reserve
Bank of India(RBI) has issued revised set of comprehensive ‘Know Your Customer' Guidelines to all Non-
Banking Financial Companies (NBFCs), Miscellaneous Non-Banking Companies and Residuary Non-
Banking Companies in the context of the recommendations made by the Financial Action Task Force (FATF) and Anti Money Laundering (AML) standards and combating financing of terrorism policiesby the regulatory authorities and advised all NBFCs to adopt the same with suitable modificationsdepending on the activity undertaken by them and ensure that a proper policy framework on KYC andAML measures are formulated and put in place with the approval of their respective Boards. The ‘KnowYour Customer' Guidelines issued by the National Housing Bank for HFCs have been drafted and issued in the above context
The main objective of this policy is to enable the Company to have positive identification of its customers.
The objective of KYC guidelines is to prevent HFCs from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures also enable HFCs to know/understand their customers and their financial dealings better which in turn help them manage their risks prudently. APTUS has framed its KYC policy incorporating the following four key elements:
For the purpose of the KYC policy, a ‘Customer' is defined as:
APTUS’s Customer Acceptance Policy, which lays down explicit criteria for acceptance of customers, ensures the following aspects of the customer relationship:
The Company shall carry out full scale customer due diligence (CDD) before opening an account. When the true identity of the account holder is not known, the Company shall file Suspicious Transaction Reporting (STR) as provided below in reports
APTUS will prepare a profile for each new customer which may contain information relating to the customer's identity, social/financial status, nature of business activity, information about his clients' business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by APTUS. However, while preparing the customer profile, APTUS will seek only such information from the customer which is relevant and is not intrusive. The customer profile will be a confidential document and details contained therein will not be divulged for cross selling or any other purposes.
Given the nature of our business – small ticket loans to low and middle income, informal and financially excluded families – we have categorized our customers as low risk.. It is highly unlikely that APTUS will have any medium / high risk clients given its focus on the lower income section of society, but for information, examples of customers requiring higher due diligence may include:
APTUS will follow clear NHB guidelines on the Customer Identification Procedure to be carried out at different stages, i.e. while establishing a relationship; carrying out a financial transaction or when APTUS has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data. Customer identification means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data or information. APTUS will obtain sufficient information necessary to establish, to its satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship. Being satisfied means that APTUS must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place. Besides risk perception, the nature of information/documents required would also depend on the type of customer (individual, corporate etc). For customers that are natural persons, which will be most of its clients, APTUS will obtain sufficient identification data to verify the identity of the customer, his address/location, and also his recent photograph. For customers that are legal persons or entities (very unlikely to be a customer except for project finance to construction companies), APTUS will:
Ongoing monitoring is an essential element of effective KYC procedures. APTUS can effectively control and reduce its risk only if it has an understanding of the normal and reasonable activity of the customer so that it can identify transactions that fall outside the regular pattern. However, the extent of monitoring will depend on the risk sensitivity of the account. Since APTUS will not have any deposit accounts, this situation will hardly arise, but APTUS will in any case pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose, or transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer. APTUS will put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures. APTUS will ensure that a record of transactions in the accounts is preserved and maintained as required in terms of section 12 of the PML Act, 2002 (and the Amended Act, 2009). It will also ensure that transactions of suspicious nature and/or any other type of transaction notified under section 12 of the PML Act, 2002 (and the Amended Act, 2009), is reported to the appropriate law enforcement authority.
Activities not consistent with the customer's business, i.e. accounts with large volume of credits whereas the nature of business does not justify such credits.
Any attempt to avoid Reporting/Record-keeping Requirements/provides insufficient / suspicious information
Each business process as a part of the credit policy will document and implement appropriate risk-based procedures designed to verify that it can form a reasonable belief that it knows the true identity of its customers. Verification of customer identity should occur before transacting with the customer. Procedures for each business process shall describe acceptable methods of verification of customer identity, which may include verification through documents or non-documentary verification methods that are appropriate given the nature of the business process, the products and services provided and the associated risks.
These documents may include, but are not limited to the list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company as provided in to this policy. These are appropriately covered in the credit policies of the respective businesses.
The list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company is given to this policy. These should be appropriately covered in the credit policies of the respective businesses. The customer verification processes will be covered in detail in the credit policies of every business.
These methods may include, but are not limited to:
If applicable, the business process verification procedures should address situations where:
Where a low risk category customer expresses inability to complete the documentation requirements on account of any reason that the Company considers to be genuine, and where it is essential not to interrupt the normal conduct of business, the Company may complete the verification of identity within a period of six months from the date of establishment of the relationship.
The Company is primarily engaged in retail finance. It does not deal with such category of customers who could pose a potential high risk of money laundering, terrorist financing or political corruption and are determined to warrant enhanced scrutiny. The existing credit policies of the Company in respect of its various businesses ensure that the Company is not transacting with such high risk customers. The Company shall conduct Enhanced Due Diligence in connection with all customers or accounts that are determined to pose a potential high risk and are determined to warrant enhanced scrutiny. Each business process shall establish appropriate standards, methodology and procedures for conducting Enhanced Due Diligence, which shall involve conducting appropriate additional due diligence or investigative actions beyond what is required by standard KYC due diligence. Enhanced Due Diligence shall be coordinated and performed by the Company, who may engage appropriate outside investigative services or consult appropriate vendor sold databases when necessary. Each business process shall establish procedures to decline to do business with or discontinue relationships with any customer when the Company cannot adequately complete necessary Enhanced Due Diligence or when the information received is deemed to have a significant adverse impact on reputational risk.
The following are the indicative list where the risk perception of a customer may be considered higher:
i. Customers requesting for frequent change of address/contact details
ii. Sudden change in the loan account activity of the customers
iii. Frequent closure and opening of loan accounts by the customers
Enhanced due diligence may be in the nature of keeping the account monitored closely for a re-categorisation of risk, updation of fresh KYC documents, field investigation
The Board of Directors of APTUS has ensured that an effective KYC program is in place and has established appropriate procedures and is overseeing its effective implementation. The program covers proper management oversight, systems and controls, segregation of duties, training and other related matters. Responsibility has been explicitly allocated within APTUS to ensure that APTUS’s policies and procedures are implemented effectively. The Board of APTUS is aware that while all customers will be of low risk profile given the nature of its business, unless belonging to a higher risk profile listed under #5 above and approved as an exception, it will apply various Anti Money Laundering measures keeping in view the risks involved in a transaction, account or business relationship.
APTUS's Board -through its Audit Committee will directly evaluate and ensure adherence to the KYC policies and procedures, including legal and regulatory requirements.
APTUS has already ensured that its front line staff and credit staff are aware that no loan accounts will be created unless the KYC procedures are adhered to completely.
Company’s internal audit and compliance functions play a role in evaluating and ensuring adherence to the KYC policies and procedures.
Internal Auditors specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard.
The compliance in this regard is put up before the Audit Committee of the Board on quarterly intervals
The Company shall have a system in place for periodical updation of customer identification data after the account is opened. Full KYC exercise will be done at a periodicity not less than once in ten years in case of low risk category customers, not less than once in eight years in case of medium risk category customers and not less than once in two years in case of high risk category customers.
Low risk category customers need not submit fresh proofs of identity and address at the time of periodic updation, in case of no change in status with respect to their identities and addresses and a self-certification by the customer to that effect shall suffice in such cases. In case of change of address of such ‘low risk’ customers, they can forward a certified copy of proof of address by mail/post, etc.
All the customers under different product categories are categorized into low, medium and high risk based on their profile. The Credit manager while appraising the transaction and rendering his approval will prepare the profile of the customer based on risk categorization. An indicative categorization for the guidance of businesses is provided in Customer Identification Procedure. Each business process adopts the risk categorization in their respective credit policies subject to confirmation by compliance based on the credit appraisal, customer’s background, nature and location of activity, country of origin, sources of funds, client profile, etc., Where businesses believe that a particular customer falling under a category mentioned below is in his judgement falling in a different category, he may categorise the customer so, so long as appropriate justification is provided in the customer file.
Individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile shall be categorised as low risk.
Illustrative examples are:
Customers that are likely to pose a higher than average risk may be categorized as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile etc. Illustrative examples of medium risk category customers are:
The business shall have a system of internal reporting of suspicious transactions, counterfeit transactions and cash transactions greater than Rs.10 lakhs, whether such transactions comprise of a single transaction or a series of transactions integrally connected to each other, and where such series of transactions take place within a month.
“Suspicious transaction” means a transaction whether or not made in cash which, to a person acting in good faith:
gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or.
a. appears to be made in circumstances of unusual or unjustified complexity; or
b. appears to have no economic rationale or bona fide purpose; or
c. gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
Further, the Compliance officer shall furnish information of the above mentioned transactions to the Director, Financial Intelligence Unit – India (FIU-IND) at the prescribed address in the formats prescribed in this regard including the electronic filing of reports.
Provided that where the principal officer, has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued greater than Rs.10 lakhs so as to defeat the provisions of the PMLA regulations, such officer shall furnish information in respect of such transactions to the Director within the prescribed time.
The implementation of KYC procedures requires APTUS to demand certain information from customers, which may be of personal nature, or which has hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information. APTUS’s front line staff will therefore personally discuss this with customers and if required, APTUS will also prepare specific literature/ pamphlets, etc. so as to educate the customer on the objectives of the KYC program.
The requirements of the earlier sections are not applicable to accounts opened by existing customers, provided that the business process has previously verified the identity of the customer and the business process continues to have a reasonable belief that it knows the true identity of the customer. Further, transactions in existing accounts should be continuously monitored and any unusual pattern in the operation of the account should trigger a review of the due diligence measures.
The above guidelines shall also apply to all branches and subsidiaries
APTUS will pay special attention to any money laundering threats that may arise from new or developing technologies including on-line transactions that might favour anonymity, and take measures, if needed, to prevent its use in money laundering schemes
APTUS has appointed its Managing Director to be designated as ‘Principal Officer'. Per the NHB guidelines, the Principal Officer will be located at the corporate office and will be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. He will maintain close liaison with enforcement agencies, other HFCs and any other institution which are involved in the fight against money laundering and combating financing of terrorism.
Though it will be unlikely in APTUS’s case, due to its focus on lower income families, APTUS has a system of maintaining proper record of transactions prescribed under Rule 3, of the Prevention of Money-Laundering and value of transactions, the procedure and manner of maintaining and verification and maintenance of records of the identity of the clients of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005, as mentioned below:
Designated director , will be provided details of the above transactions on a monthly basis. This report will be provided even if there are no transactions.
As per the NHB guidelines, APTUS is required to maintain the following information in respect of transactions referred to in Rule 3:
APTUS has a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities. APTUS will maintain for at least ten years from the date of cessation of transaction between the bank and the client, all necessary records of transactions, both domestic or international, which will permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity. APTUS will also ensure that records pertaining to the identification of the customer and his / her address (e.g. copies of documents like passports, identity cards, driving licenses, PAN, utility bills etc.) obtained while opening the account and during the course of business relationship, are properly preserved for at least ten years after the business relationship is ended. The identification records and transaction data will be made available to the competent authorities upon request.
In terms of the PMLA rules, APTUS will report information relating to cash and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:
Financial Intelligence Unit-India,
6 th Floor, Hotel Samrat,
Chanakyapuri,New Delhi-110021APTUS will ensure that the provisions of PMLA Rules framed and the Foreign Contribution and Regulation Act, 1976, wherever applicable, are adhered to strictly.