Central KYC Records Registry under Money Laundering
PREVENTION OF MONEY-LAUNDERING (MAINTENANCE OF RECORDS) AMENDMENT RULES, 2015 – AMENDMENT IN RULES 2, 9 & 10 AND INSERTION OF RULE 9A
NOTIFICATION NO.4/2015 [P.12011/5/2011-SO(ES.CELL)]/GSR 544(E), DATED 7-7-2015
In exercise of the powers conferred by sub-section (1) read with clauses (i), (j), (jj), (jjj) and (k) of sub-section (2) of section 73 of the Prevention of Money-laundering Act, 2002 (15 of 2003), the Central Government in consultation with the Reserve Bank of India hereby makes the following rules further to amend the Prevention of Money-laundering (Maintenance of Records) Rules, 2005, namely:—
- (1) These rules may be called the Prevention of Money-laundering (Maintenance of Records) Amendment Rules, 2015.
(2) They shall come into force on the date of their publication in the Official Gazette.
- In the Prevention of Money-laundering (Maintenance of Records) Rules, 2005, —
(a) in rule 2, in sub-rule (1),—
(I) after clause(a), the following clause shall be inserted, namely :—
‘(aa) “Central KYC Records Registry” means a reporting entity, substantially owned and controlled by the Central Government, and authorised by that Government through a notification in the Official Gazette to receive, store, safeguard and retrieve the KYC records in digital form of a client as referred to in clause (ha) in such manner and to perform such other functions as may be required under these rules;’;
(II) in clause (ba), in the Explanation for the words, figures and brackets “Companies Act, 1956 (1 of 1956)”, the words, figures and brackets “Companies Act, 2013 (18 of 2013)” shall be substituted;
(III) in clause (ca), for the words, figures and brackets “section 25 of the Companies Act, 1956 (1 of 1956)”, the words, figures and brackets “section 8 of the Companies Act, 2013 (18 of 2013)” shall be substituted;
(IV) clause (ca) shall be renumbered as clause (cd) and before clause (cd) as so renumbered, the following clauses shall be inserted, namely :—
‘(ca) “Know Your Client (KYC) Identifier” means the unique number or code assigned to a client by the Central KYC Records Registry;
(cb)”Know Your Client (KYC) records” means the records, including the electronic records, relied upon by a reporting entity in carrying out client due diligence as referred to in rule 9 of these rules;
(cc) “last KYC verification or updation” means the last transaction made by a reporting entity in the Central KYC Records Registry by which the KYC records of a client were recorded, changed or updated by a reporting entity;’;
(V) in clause (d), after the words “Unique Identification Authority of India”, the words “or the National Population Register” shall be inserted;
(b) in rule 9, —
(I) after sub-rule (1), the following sub-rules shall be inserted, namely : —
“(1A) Subject to the provisions of sub-rule (1), every reporting entity shall within three days after the commencement of an account-based relationship with a client, file the electronic copy of the client’s KYC records with the Central KYC Records Registry;
(1B) The Central KYC Records Registry shall process the KYC records received from a reporting entity for de-duplicating and issue a KYC Identifier for each client to the reporting entity, which shall communicate the KYC Identifier in writing to their client;
(1C) Where a client, for the purposes of clause (a) and clause (b), submits a KYC Identifier to a reporting entity, then such reporting entity shall retrieve the KYC records online from the Central KYC Records Registry by using the KYC Identifier and shall not require a client to submit the same KYC records or information or any other additional identification documents or details, unless –
(i) there is a change in the information of the client as existing in the records of Central KYC Records Registry;
(ii) the current address of the client is required to be verified;
(iii) the reporting entity considers it necessary in order to verify the identity or address of the client, or to perform enhanced due diligence or to build an appropriate risk profile of the client.
(1D) A reporting entity after obtaining additional or updated information from a client under sub-rule (1C), shall as soon as possible furnish the updated information to the Central KYC Records Registry which shall update the existing KYC records of the client and the Central KYC Records Registry shall thereafter inform electronically all reporting entities who have dealt with the concerned client regarding updation of KYC record of the said client.
(1E) The reporting entity which performed the last KYC verification or sent updated information in respect of a client shall be responsible for verifying the authenticity of the identity or address of the client.
(1F) A reporting entity shall not use the KYC records of a client obtained from the Central KYC Records Registry for purposes other than verifying the identity or address of the client and shall not transfer KYC records or any information contained therein to any third party unless authorised to do so by the client or by the Regulator or by the Director;
(1G) The regulator shall issue guidelines to ensure that the Central KYC records are accessible to the reporting entities in real time.”.
(II) in sub-rule (2), for clause (a), the following clause shall be substituted, namely: —
‘(a) the reporting entity, within two days, obtains from the third party or from the Central KYC Records Registry records or the information of the client due diligence carried out by the third party.
(c) after rule 9, the following rule shall be inserted, namely:—
“9A. Functions and obligations of the Central KYC Records Registry.– (1) The Central Government shall within a period of thirty days from the date of coming into force of the Prevention of Money-laundering (Maintenance of Records) Amendment Rules, 2015 set-up a Central KYC Records Registry having its own seal for the purpose of receiving, storing, safeguarding and retrieving electronic copies of KYC records obtained by the reporting entities from their clients in accordance with these rules.
(2) The Central KYC Registry shall perform the following functions and obligations, namely: —
(a) shall follow any operating instructions issued by the Regulator, consistent with the guidelines referred to in clause (g) and issue the same to implement the requirements of these rules;
(b) shall be responsible for storing, safeguarding and retrieving the KYC records and making such records available online to reporting entities or Director;
(c) shall take all precautions necessary to ensure that the electronic copies of KYC records are not lost, destroyed or tampered with and that sufficient back up of electronic records are available at all times at an alternative safe and secure place;
(d) shall cause an annual audit of its controls, systems, procedures and safeguards and shall undertake corrective actions for deficiencies, if any;
(e) shall provide information only to the reporting entities which are registered with it on payment of fees as specified by the Regulator;
(f) shall appoint a compliance officer who shall be responsible for monitoring the compliance of the Act, the rules made and the notifications issued thereunder and also the guidelines and instructions issued by the Central Government and the Regulator and for redressal of client’s grievances; the compliance officer shall immediately and independently report to the Central Government any non- compliance observed by him;
(g) the Regulator in consultation with the Central Government and the Central KYC Records Registry may issue guidelines to be followed by the reporting entities for filing the KYC records with the Central KYC Records Registry or any other matter in connection with or incidental thereto;
(h) the Central Government, in consultation with Regulator, may by notification in the public interest and in the interest of the regulated entities, direct that any of the provisions of rule 9 or rule 9A,
(i) shall not apply to a class or classes of regulated entities; or
(ii) shall apply to the class or classes of regulated entities with such exceptions, modifications and adaptations as may be specified in the notification.”;
(d) in rule 10, —
(I) for sub-rule (1), the following sub-rule shall be substituted, namely:—
“(1) Every reporting entity shall maintain the physical copy of records of the identity of its clients obtained in accordance with rule 9, after filing the electronic copy of such records with the Central KYC Records Registry.”;
(II) for sub-rule (2), the following sub-rule shall be substituted, namely:—
“(2) The records of the identity of clients shall be maintained by a reporting entity in the manner as may be specified by the Regulator from time to time.”.