AML/ CFT Compliances Expand – RBI Further Amends KYC Master Directions

– Chirag Agarwal | Executive |


The Reserve Bank of India (“RBI” or “Regulator”) plays a pivotal role in India meeting its anti-money laundering (AML) and combating financing of terrorism (CFT) obligations as part of its membership with the Financial Actions Task Force (FATF). As the Regulator of the credit sector and payment systems it does so by  ensuring the implementation of robust and up-to-date Know Your Customer (KYC) norms vide its  Master Direction – Know Your Customer (KYC) Direction, 2016 (“KYC Directions”). With a possible FATF evaluation around the corner, on October 17, 2023, the RBI introduced significant amendments to these KYC directives through its notification titled – Amendment to the Master Direction on KYC (“Amendment”), impacting various regulated entities, including Non-Banking Financial Companies (NBFCs).

Figure 1 – Upcoming FATF assessment

Source – FATF website

This article delves into the key modifications brought about by the said Amendment and explores the operational changes for NBFCs arising from these Amendments.

Summary of changes and action items for NBFCs

Figure 2 – Summary of changes

Identification of Beneficial Owner (BO)

Changes in the PML (Prevention of Money Laundering) Rules have triggered a revision of the criteria for the identification, as required by the KYC Directions, of Beneficial Owner(s) of partnership firms. The Amendment involves a change in the threshold for determining who qualifies as the BO of such firms. The prior threshold which stipulated 15% ownership or entitlement to a share of profit has now been revised to a lower threshold of 10% ownership or share of profit and also persons who exercises control over management or policy decisions shall be considered as BO. Consequently, NBFCs are obligated to conduct KYC procedures for natural persons who possess a minimum of 10% ownership or are entitled to 10% of the share of profit of the partnership firm or who exercises control over management or policy decisions. 

Principal Officer to be a management-level designation

Another significant Amendment resulting from changes in the PML Rules is the stipulation that the Principal Officer designated for the purpose of furnishing information to Director, FIU-IND and ensuring compliance shall be atleast of a management-level position. While the requirement to appoint a Principal Officer was always there in the KYC Directions and from April 28, 2023, the RBI had also mandated NBFC to inform the Regulator the details of such Principal Officer; the current Amendment requires such Officer to be at the managerial level in the organisation’s hierarchy. 

Periodicity of ML/ TF risk assessment

The Amendment has introduced a change in the process of prescribing the periodicity for conducting ML/TF risk assessments. Previously, the board of directors of the NBFC was mandated to determine the frequency of these assessments. However, in a relaxation of this provision, the RBI now allows for the delegation of this decision-making authority to a Committee of the Board. This means that NBFCs have the flexibility to assign this responsibility to committees such as the Risk Management Committee (RMC) or any other board-level committee, streamlining the process and enhancing efficiency.

Applicability of group-wide AML policy

The Amendment has offered a crucial clarification concerning the scope of application of the group AML policy as per para 4 of KYC Directions. The RBI has explicitly stated that the group-wide AML policy is to be adopted solely by the regulated entities that are part of the group and is not applicable to unregulated entities. This provides clarity on the distinction and helps regulated entities understand the boundaries of their AML policy implementation.

There have been cases where NBFCs were unclear as to the applicability of the group-wide KYC policy and some had sought our advice. This clarification validates our recommendations to them to consider the regulated entities as per the KYC Direction and those obligated under chapter IV of the Prevention of Money Laundering Act (PMLA) within the purview of their “group”, for adoption of such policy, considering the relevance and operational practicalities.

Filing of Suspicious Transaction Report (STR)

The Amendment includes a mandate to file a Suspicious Transaction Report (STR) with the Director, FIU-IND, if the NBFC is unable to apply appropriate Customer Due Diligence (CDD) measures for a customer. It may be noted that as per the existing framework, no loan account can be opened where the NBFC is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer. Further, NBFCs are now obligated to take prompt and diligent action when they encounter situations where they cannot apply the necessary CDD measures for a customer. 

Change in compliance for outsourcing of KYC function

Another essential Amendment resulting from changes in the PML Rules is  the requirements for obtaining records or CDD information from third-party entities in cases where these processes are outsourced. Previously, NBFCs were obligated to secure these records within a two-day timeframe. However, the recent revision now mandates the immediate acquisition of such records or information from third-party sources, eliminating the previous two-day grace period. This change necessitates that NBFCs establish efficient procedures for swift coordination and communication with third-party entities to ensure the prompt collection of necessary documentation, thereby underlining the significance of timeliness in upholding compliance with CDD obligations.

Record maintenance of walk-in customers

RBI has clarified by way of this Amendment that NBFCs (with branches) are required to maintain records not only for customers who hold accounts with the entity but also for walk-in customers. These walk-in customers are individuals who do not have an account with the regulated entity but engage in transactions with them. Although NBFCs typically have fewer instances of such walk-in customers compared to banks, if any such instance does occur, NBFCs must diligently ensure the preservation of records for these customers in compliance with amended KYC Directions.

Simplified procedure for opening accounts

The RBI has introduced a new requirement for NBFCs concerning accounts opened through the simplified procedure as outlined in KYC Directions. Under this new mandate, NBFCs must maintain continuous monitoring of these accounts, and if any suspicion arises regarding ML/TF activities, or if a high-risk scenario emerges, the customer’s identity must be established using the normal procedures detailed in para 16 or 18 of the KYC Directions. This entails following the standard Customer Due Diligence (CDD) process.

Disclosure of status of trustee

RBI has imposed a new mandatory disclosure requirement on trustees when dealing with NBFCs. NBFCs are now obligated to obtain the status of the trustees in following specific scenarios:

  1. When initiating an account-based relationship with the trust;
  2. When the trust, acting as a walk-in customer, conducts transactions involving a minimum of fifty thousand rupees;
  3.  If the NBFC has reasonable grounds to suspect that the trust is intentionally structuring transactions to remain below the fifty thousand rupees threshold.


In conclusion, the recent Amendment introduced by the RBI to the KYC norms brought about substantial changes that impact NBFCs. These changes encompass a wide range of areas, from the criteria for identifying BO within partnership firms to the periodicity of ML/TF risk assessments. Furthermore, there are clarifications regarding the applicability of group AML policies, record maintenance for walk-in customers, and the management of accounts opened through the simplified procedure. While these Amendments reflect the RBI’s commitment to enhancing compliance and strengthening AML and CFT measures across the financial sector, KYC compliance related requirements form the major chunk of the operational activities of the NBFCs outside of their primary lending and investment activities and these Amendments continue to drive up operational costs and timeline. The Government has made efforts to streamline the process both for NBFCs and for the convenience of the common borrower by introducing public infrastructure like the Central KYC Registry (CKYCR) and implementation of a single unique KYC ID. With increased adoption, it now becomes imperative that such infrastructure perform efficiently, remain secure and safeguard against outages. The Government and the Regulator would also do well in bolstering such public infrastructure, for instance in the domain of digital/ video-based customer identification process, and ensuring that it continues to cater to the  evolving regulatory landscape when it comes to the AML/ CFT compliances.

Our Resources on KYC compliances can be accessed here:

  1. Understanding KYC
  2. Amended KYC norms: A move towards faceless KYC
  3. KYC/AML risk categorisation of customers
  4. Simplifying the KYC process and business identifier
  5. KYC goes live!
  6. PML Act and Rules: Recent changes may have new compliance requirements
  7. RBI amends the KYC Master Directions
  8. Our YouTube Shastrarth: Amendments to KYC Directions including non-face-to-face KYC
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *