The Authority has come out with "Master Guidelines on Anti-Money laundering/Counter Financing of Terrorism (AML/CFT)" for all the insurers. These guidelines are issued by exercising the power enshrined under Section 34 of Insurance Act, 1938, Section 14(1) of Insurance Regulatory and Development Authority Act 1999 and provisions 4,5,7,9, 9A & 10 of the PML Rules.
These Guidelines would be applicable for all class of Life, General or Health Insurance business carried out by the ‘Insurers' except Re-insurance business carried out by the ‘Indian Insurance company' or ‘foreign company' in India.
These guidelines would come into force after three months from the date of notification.
LET'S CONSIDER SOME IMPORTANT DEFINITIONS
"Politically Exposed Persons (PEPs)" means the individuals who are or have been entrusted with prominent public functions in a foreign country e.g., Heads of States/Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
"Specified Transaction" means any transaction or class of transactions, as prescribed by the Government, were there is a high money-laundering or terrorist financing risk.
"Suspicious Transaction" shall have the meaning assigned to it under sub clause (g) of clause (1) of Rule 2 of the PML Rules
"Video Based Identification Process (VBIP)"means an alternative (optional)electronic process of Identification/ KYC in paperless form, carried out by the insurer/authorised person (person authorised by the insurer and specifically trained for face-to-face VBIP) by undertaking seamless, secure, real-time, consent based audio-visual interaction with the 6 customer/beneficiary to obtain identification information including the necessary KYC documents required for the purpose of client due diligence and to ascertain the veracity of the information furnished by the customer/ beneficiary.
I. WHAT IS MONEY LAUNDERING?
1. Money Laundering is a process or activity of moving illegally acquired money through financial systems so that it appears to be legally acquired. Section 3 of PMLA specifies the Offence of Money Laundering.
2. There are three common stages of money laundering as detailed below which are resorted to by the launderers. Insurers may unwittingly get exposed to a potential criminal activity while undertaking normal business transactions: -
i) Placement - the physical disposal of cash proceeds derived from illegal activity;
ii) Layering - separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the source of money, subvert the audit trail and provide anonymity; and
iii) Integration - creating the impression of apparent legitimacy to criminally derived wealth.
If the layering process has succeeded, integration schemes place the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing to be normal business funds. Insurers are therefore placed with a statutory duty to make a disclosure to Financial Intelligence Unit-India (FIU-IND) when knowing or suspecting that any property, in whole or in part, directly or indirectly, representing the proceeds of drug trafficking or of a predicated offence, or was or is intended to be used in that connection is passing through the insurers. Such disclosures are protected by law, enabling the person with information to be able to disclose the same without any fear.
II. INTERNAL POLICIES, PROCEDURES, AND CONTROLS
Policies and procedures set under AML/CFT program shall cover:
1. Communication of policies relating to prevention of ML and TF to all management and relevant staff that handle policyholder's information, (whether in branches or departments) in all the offices of the insurer;
2. Client due diligence measures, including requirements for proper identification;
3. Maintenance of records;
4. Compliance with relevant statutory and regulatory requirements;
5. Co-operation with the relevant law enforcement authorities, including the timely disclosure of information;
6. Role of internal audit or compliance function to ensure compliance with the policies, procedures, and controls relating to the prevention of ML and TF, including the testing of the system for detecting suspected money laundering transactions, evaluating and checking the adequacy of exception reports generated on large and/or irregular transactions, the quality of reporting of suspicious transactions and the level of awareness of front line staff, of their responsibilities in this regard. The internal audit function shall be independent, adequately resourced and commensurate with the size of the business and operations, organization structure, number of clients and other such factors.
7. AML/CFT program should be reviewed from time to time to conform with the extant PMLA and PML Rules
III. APPOINTMENT OF DESIGNATED DIRECTOR AND A PRINCIPAL OFFICER
1. A "Designated Director" has to ensure overall compliance with the obligations imposed under chapter IV of the Act and the Rules shall be appointed or designated by the insurers.
2. A Principal Officer (PO) at a senior level and preferably not below the level of Head (Audit/Compliance)/Chief Risk Officer shall be appointed to ensure compliance with the obligations imposed under chapter IV of the Act and the Rules.
3. The contact details with mobile no. and email id of the Designated Director and the Principal Officer or any changes thereon shall be communicated to IRDAI and FIU-IND within 7 days of its effect.
4. In terms of Section 13(2) of the PMLA, the Director, FIU-IND can take appropriate action, including imposing a monetary penalty on insurers or its Designated Director or any of its employees for failure to comply with any of its AML/CFT obligations.
Section 13 in The Prevention of Money-Laundering Act, 2002
13. Powers of Director to impose fine.—
(1) The Director may, either of his own motion or on an application made by any authority, officer or person, call for records referred to in sub-section (1) of section 12 and may make such inquiry or cause such inquiry to be made, as he thinks fit.
(2) If the Director, in the course of any inquiry, finds that a banking company, financial institution or an intermediary or any of its officers has failed to comply with the provisions contained in section 12, then, without prejudice to any other action that may be taken under any other provisions of this Act, he may, by an order, levy a fine on such banking company or financial institution or intermediary which shall not be less than ten thousand rupees but may extend to one lakh rupees for each failure.
(3) The Director shall forward a copy of the order passed under sub-section (2) to every banking company, financial institution or intermediary or person who is a party to the proceedings under that sub-section.
IV. RECRUITMENT AND TRAINING
Periodic risk management reviews should be conducted at least once in a year to ensure Insurer's strict adherence to laid down process and strong ethical and control environment. The concept of AML/CFT should be part of in-house training curriculum for employees/ agents.
V. INTERNAL CONTROL/AUDIT
Internal audit/inspection department of insurers shall verify compliance with the extant policies, procedures and controls related to money laundering activities at least on an annual basis. Insurers shall also upgrade its questionnaire and system from time-to-time in accordance with the extant PMLA and PML Rules. The reports should specifically comment on the robustness of the internal policies and processes in this regard and make constructive suggestions where necessary, to strengthen the policy and implementation aspects.
VI. KNOW YOUR CUSTOMER (KYC) NORMS
What are KYC Norms?
1. Considering the potential threat of usage of the financial services by a money launderer, insurers should make reasonable efforts to determine the true identity of customer(s).
2. Effective procedures should be put in place to obtain requisite details for proper identification of new/ existing customer(s). Special care has to be exercised to ensure that the contracts are not under anonymous or fictitious names.
3. Where a client is a juridical person, insurers shall take steps to identify the client and its beneficial owner(s) and take all reasonable measures to verify his/her identity to their satisfaction so as to establish the beneficial ownership. Procedures for determination of Beneficial Ownership shall be as prescribed in sub rule (3) of Rule 9 of PML Rules.
Rules 9 in the Prevention of Money-laundering (Maintenance of Records of the Nature and Value of Transactions, the of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005
Rule 9(3) Where the client is a company, it shall for the purposes of sub-rule (1) submit to the banking company or financial institution or intermediary, as the case may be,one certified copy of the following documents:—
(i) Certificate of incorporation;
(ii) Memorandum and Articles of Association;
(iii) a resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf; and
(iv) an officially valid document in respect of managers, officers or employees holding an attorney to transact on its behalf.
4. No reporting entity shall allow the opening of or keep any anonymous account or account in fictitious names or account on behalf of other persons whose identity has not been disclosed or cannot be verified.
5. While implementing the KYC norms on juridical person other than those mentioned in Annexure I, insurers shall verify that any person purporting to act on behalf of such client is so authorised and verify the identity of that person.
6. Where a client is an individual person, insurers shall verify the identity, address and recent photograph in order to comply with provision as specified in Rule 9 (4) of the PML Rules.
Rules 9 in the Prevention of Money-laundering (Maintenance of Records of the Nature and Value of Transactions, the of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005.
Rules 9(4) Where the client is a partnership firm, it shall for the purposes of sub-rule (1) submit to the banking company, or the financial institution, or the intermediary one certified copy of the following documents:—
(i) registration certificate;
(ii) partnership deed; and
(iii) an officially valid document in respect of the person holding an attorney to transact on its behalf.
7. Insurers may perform KYC process by any of the following methods:
i) Aadhaar based KYC through Online Authentication subject to notification by the Government under section 11A of PMLA or
ii) Aadhaar based KYC through offline verification or
iii) Digital KYC as per PML Rules or
iv) Video Based Identification Process (VBIP) as consent based alternate method of establishing the customer's identity, for customer. The process of VBIP has been specified in Annexure III.
v) By using ‘KYC identifier' allotted to the client by the CKYCR or
vi) By using Officially Valid documents and
vii) PAN/Form 60 (if the premium amount aggregating to more than fifty thousand rupees in a financial year) and any other documents as may be required by the insurer.
8. It is imperative to ensure that the insurance premium should not be disproportionate to income/ asset.
9. At any point of time, where insurers are no longer satisfied about the true identity and the transaction made by the customer, a Suspicious Transaction Report (STR) should be filed with Financial Intelligence Unit-India (FIU-IND).
VII. SIMPLIFIED DUE DILIGENCE (SDD)
1. Simplified measures as provided under sub-clause (d) of clause (1) of Rule 2 of PML Rules are to be applied by the insurer in case of individual policies, where the aggregate insurance premium is not more than Rs 10000/ - per annum.
Rule 2(1)(d) "officially valid document" means
i) the passport,
ii) the driving licence
iii) proof of possession of Aadhaar number,
iv) the Voter's Identity Card issued by Election Commission of India,
v) job card issued by NREGA duly signed by an officer of the State Government,
vi) the letter issued by the National Population Register containing details of name, address or
vii) any other document as notified by the Central Government in consultation with the Regulator,
viii) the Permanent Account Number (PAN) Card.
Provided that where simplified measures are applied for verifying the identity of the clients the following documents shall also be deemed to be 'officially valid documents:
(a) identity card with applicant's Photograph issued by Central/State Government Departments, Statutory/Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, and Public Financial Institutions;
(b) letter issued by a gazetted officer, with a duly attested photograph of the person;
Provided further that where simplified measures are applied for verifying the limited purpose of proof of address of the clients, where a prospective customer is unable to produce any proof of address, the following documents shall [also] be deemed to be 'officially valid document':
(a) utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, Water bill);
(b) property or Municipal tax receipt;
(c) bank account or Post Office savings bank account statement;
(d) pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
(e) letter of allotment of accommodation from employer issued by State or Central Government Departments or Public Sector Undertakings, scheduled commercial banks, financial institutions and listed companies. Similarly, leave and licence agreements with such employers allotting official accommodation; and
Provided also that in case the officially valid document presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.
Provided also that where the client submits his proof of possession of Aadhaar number as an officially valid document, he may submit it in such form as are issued by the Unique Identification Authority of India.
Explanation. - For the purpose of this clause, a document shall be deemed to an "officially valid document" even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.
(da) "offline verification" shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016).
2. Simplified Client Due Diligence measures are not acceptable whenever there is a suspicion of money laundering or terrorist financing or where specific higher-risk scenarios apply, based on the Risk Assessment/categorization policy of the insurers.
3. Risk categorization shall be undertaken based on parameters such as
i) customer's identity,
ii) social/financial status,
iii) nature of business activity, and
iv) information about the clients' business and their location etc.
While considering customer's identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
4. The list of simplified due diligence documents are listed in Annexure II of the Master Guidelines.
VIII. ENHANCED DUE DILIGENCE (EDD)
1. Insurers shall, prior to the commencement of each specified transaction:
i) Verify the identity of the clients preferably using Aadhaar subject to the consent of customer or;
ii) Verify the client through other modes/ methods of KYC as mentioned above.
2. Insurer shall examine the ownership and financial position, including client's source of funds commensurate with the assessed risk of customer and product profile which may include:
i) Conducting independent enquiries on the details collected on/provided by the customer wherever required,
ii) Consulting a credible database, public or other, etc.
3. Where the risks of money laundering or terrorist financing are higher, insurers should be required to conduct enhanced due diligence measures, consistent with the risks identified. In particular, they should increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear unusual or suspicious.
4. Insurer shall not allow the specified transaction to be carried out where the client fails to submit the required details / documents, as required by the Insurers.
5. Conducting enhanced due diligence should not be limited to merely documenting income proofs. It would mean having measures and procedures which are more rigorous and robust than that of normal KYC. These measures should be commensurate to the risk. While it is not exhaustive, the following are some of the reasonable measures in carrying out enhanced due diligence:
i) More frequent review of the customers' profile/transactions
ii) Application of additional measures like gathering information from publicly available sources or otherwise
iii) Review of the proposal/contract by a senior official of the insurers.
6. Measures so laid down should be such that it would satisfy competent authorities (regulatory/enforcement authorities), if need be at a future date, that due diligence was in fact observed by the insurers in compliance with the guidelines and the PML Act, based on the assessed risk involved in a transaction/contract.
7. Insurers shall increase the future monitoring of the business relationship with the client, including greater scrutiny or transactions where any specified transaction or series of specified transactions undertaken by a client is considered suspicious or likely to involve proceeds of crime.
IX. SHARING KYC INFORMATION WITH CENTRAL KYC REGISTRY(CKYCR)
1. Government of India has notified the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.
2. Where a customer submits a "KYC identifier" for KYC, the Insurers shall retrieve the KYC records from CKYCR. In such case, the customer shall not submit the KYC records unless there is a change in the KYC information required by Insurers as per Rule 9(1C) of PML Rules. However, for the purpose of proper due diligence, Insurers may seek the other necessary documents.
RULE 9(1C) Where a client, for the purposes of clause (a) and clause (b), submits a KYC Identifier to a reporting entity, then such reporting entity shall retrieve the KYC records online from the Central KYC Records Registry by using the KYC Identifier and shall not require a client to submit the same KYC records or information or any other additional identification documents or details, unless
(i) there is a change in the information of the client as existing in the records of Central KYC Records Registry;
(ii) the current address of the client is required to be verified;
(iii) the reporting entity considers it necessary in order to verify the identity or address of the client, or to perform enhanced due diligence or to build an appropriate risk profile of the client.
3. If KYC is done relying on "KYC identifier" submitted by third party and the Insurer is satisfied with KYC as per Rule 9 of PML Rules, no KYC records requires to be uploaded by the Insurers, unless there is any change in KYC information, provided by the customer.
4. If the KYC identifier is not submitted by the client / customer, insurers shall search (with certain credentials) for the same on CKYCR portal and record the KYC identifier of the client/ customer, if available.
i) If the KYC identifier is not submitted by the client/customer or not available in the CKYCR portal, insurer shall capture the KYC information in the prescribed KYC Template meant for ‘Individuals' or ‘Legal Entities', as the case may be.
ii) Insurers shall file the electronic copy of the client's KYC records with CKYCR within 10 days after the commencement of account-based relationship with a client/ Customer.
5. Once "KYC Identifier" is generated/ allotted by CKYCR, the Insurers shall ensure that the same is communicated immediately to the respective policyholder in a confidential manner, mentioning its advantage/ use to the individual/legal entity, as the case may be.
6. Insurer shall not use the KYC records of the client obtained from Central KYC Records registry for purposes other than verifying the identity or address of the client and should not transfer KYC records or any information contained therein to any third party unless authorised to do so by the client or Insurance Regulatory and Development Authority of India(IRDAI) or by the Director(FIU-IND).
7. Insurers shall upload the KYC data pertaining to accounts of legal entities opened on or after April 1, 2021, on to CKYCR in terms of Rule 9 (1A) of the PML Rules.
RULE 9(1A) Subject to the provisions of sub-rule (1), every reporting entity shall within ten days after the commencement of an account-based relationship with a client, file the electronic copy of the client's KYC records with the Central KYC Records Registry.
8. Insurers shall also ensure that in case of accounts of legal entities opened prior to April 1, 2021, the KYC records are uploaded on to CKYCR during the process of periodic updation by/ before the next transaction. Insurers shall ensure that during periodic updation, the customers' KYC details are migrated to current Customer Due Diligence (CDD) standards.
X. RELIANCE ON THIRD PARTY KYC
For the purposes of KYC norms under clause 10, while insurers are ultimately responsible for customer due diligence and undertaking enhanced due diligence measures, as applicable, insurers may rely on a KYC done by a third party subject to the conditions that-
i) the Insurer, within two days from the commencement of the account based relationship, obtains valid KYC documents from the third party or the information of the client due diligence carried out by the third party. However, where the insurer relies on a third party that is part of the same financial group, they should obtain the KYC documentswithin fifteen days from the commencement of the account based relationship.
ii) the Insurer is satisfied that such third party is regulated, supervised or monitored for, and has measures in place for compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the Act.
iii) the third party is not based in a country or jurisdiction assessed as high risk.
iv) the Insurer is ultimately responsible for client due diligence and undertaking enhanced due diligence (if required).
XI. RISK ASSESSMENT/ CATEGORIZATION
i) Insurers has to carry out "Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment exercise as provided in sub rule (13) of Rule 9 of PML Rules periodically at least once in a year to identify, assess, document and take effective measures to mitigate its money laundering and terrorist financing risk for clients, customers or geographic areas, products, services, services, nature, volume of transactions or delivery channels etc. While assessing the ML/TF risk, the insurers are required to take cognizance of the overall sector specific and country specific vulnerabilities, if any, that the Government of India / IRDAI may share with insurers from time to time. Further, the internal risk assessment carried out by insurer should be commensurate to its size, geographical presence, complexity or activities/ structure etc.
RULE (13)
(i) Every reporting entity shall carry out risk assessment to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, and products, services, transactions or delivery channels that is consistent with any national risk assessment conducted by a body or authority duly notified by the Central Government.
(ii) The risk assessment mentioned in clause (i) shall -
(a) be documented;
(b) consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied;
(c) be kept up to date; and
(d) be available to competent authorities and self-regulating bodies.
ii) In the context of the very large base of insurance customers and the significant differences in the extent of risk posed by them, as part of the risk assessment, the insurers shall at a minimum, classify the customer into high risk and low risk, based on the individual's profile and product profile, to decide upon the extent of due diligence.
iii) The documented risk assessment shall be updated from time to time. The insurers shall consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to bet shall be made available to competent authorities and lawenforcement agencies, as and when required.
Risk Categorization
iv) For the purpose of risk categorization, individuals (other than High Net Worth) and entities whose identities and source of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile may be categorized as low risk.
Illustrative examples of low risk customers could be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society, government departments and government owned companies, regulators and statutory bodies. In such cases, the policy may require that only the basic requirements of verifying the identity and location of the customer are to be met.
Notwithstanding the above, in case of continuing policies, if the situation warrants, as for examples if the customer profile is inconsistent with this investment through top-ups, a re-look on customer profile is to be carried out.
v) For the high risk profiles, like for customers who are nonresidents, high net worth individuals, trusts, charities, NGO's and organizations receiving donations, companies having close family shareholding or beneficial ownership, firms with sleeping partners, politically exposed persons (PEPs), and those with dubious reputation as per available public information who need higher due diligence, KYC and underwriting procedures should ensure higher verification and counter checks.
XII. CONTRACTS WITH POLITICALLY EXPOSED PERSONS (PEPS)
i) Insurers shall devise procedure to ensure that proposals for contracts with high risk customers are concluded only after approval of senior management officials. It is however emphasized that proposals of Politically Exposed Persons (PEPs) (as specified in the AML/CFT Master Circular issued by Reserve Bank of India from time to time) in particularrequires examination by senior management, not below the level of Head (underwriting) /Chief Risk Officer.
ii) Insurers are directed to lay down appropriate on-going risk management procedures for identifying and applying enhanced due diligence measures on an on-going basis to PEPs and customers who are close relatives of PEPs. These measures are also to be applied to insurance contracts of which a PEP is the ultimate beneficial owner (s).
iii) If the on-going risk management procedures indicate that the customer or beneficial owner(s) is found to be PEP, or subsequently becomes a PEP, the senior management should be informed on this business relationship and apply enhanced due diligence measures on such relationship.
XIII. NEW BUSINESS PRACTICES/DEVELOPMENTS
i) Insurers shall pay special attention to money laundering threats that may arise from
a) Development of new products
b) New business practices including new delivery mechanisms;
c) Use of new or developing technologies for both new and preexisting products.
ii) Special attention should especially, be paid to the ‘non-face-to-face' business relationships brought into effect through these methods.
iii) Insurers should lay down systems to prevent the misuse of money laundering framework. Safeguards will have to be built to manage typical risks associated in these methods like the following:
a) Ease of access to the facility;
b) Speed of electronic transactions;
c) Ease of making multiple fictitious applications without incurring extra cost or the risk of detection;
iv) The extent of verification in respect of such ‘non face-to-face' customers will depend on the risk profile of the product and that of the customer.
v) Insurers shall have in place procedures to manage specific increased risks associated with such relationships e.g. verification of details of the customer through on-site visits.
XIV. IMPLEMENTATION OF SECTION 51A OF THE UNLAWFUL ACTIVITIES (PREVENTION) ACT, 1967 (UAPA)
i) Section 51A of the Unlawful Activities (Prevention) Act, 1967(UAPA), relating to the purpose of prevention of, and for coping with terrorist activities was brought into effect through UAPA Amendment Act, 2008. In this regard, the Central Government has issued an Order dated August 27, 2009 detailing the procedure for the implementation of Section 51A of the UAPA.
ii) The insurers should not enter into a contract with a customer whose identity matches with any person in the UN sanction list or with banned entities and those reported to have links with terrorists or terrorist organizations.
iii) Insurers shall periodically check MHA( Ministry of Home Affairs) website for updated list of banned entities.
iv) A list of individuals and entities subject to UN sanction measures under UNSC Resolutions (hereinafter referred to as ‘designated individuals/ entities') would be circulated to the insurers through Life/ General Insurance Council, on receipt of the same from the Ministry of External Affairs (MEA). This is in addition to the list of banned entities compiled by Ministry of Home Affairs (MHA) that have been circulated to the insurers till date.
v) Insurers shall maintain an updated list of designated individuals/entities in electronic form and run a check on the given parameters on a regular basis to verify whether designated individuals/entities are holding any insurance policies with the insurers. An updated list of individuals and entities which are subject to various sanction measures as approved by Security Council Committee established pursuant to UNSC 1267 can be accessed regularly from the United Nations website at https://www.un.org/securitycouncil/sanctions/1267/aq_sanctions_listandUNSC 1988 can be accessed regularly from the United Nations website at https://www.un.org/securitycouncil/sanctions/1988/materials.
vi) By virtue of Section 51A of the Unlawful Activities (Prevention) Act, 1967 (UAPA), the Central Government is empowered to freeze, seize or attach funds of and/or prevent entry into or transit through India any individual or entities that are suspected to be engaged in terrorism. [The list is accessible at website https://www.mha.nic.in/BO]. To implement the said section an order reference F. No. 17015/10/2002-IS-VI dated 27th August, 2009 has been issued by the Government of India. The salient aspects of the order with particular reference to insurance sector are provided at Annexure IV[ of Master Guidelines on AML].
vii) Shri Prabhat Kumar Maiti, Sectoral Development Department, Insurance Regulatory and Development Authority of India, Sy. No- 115/1, Financial District, Nanakramguda, Gachibowli, Hyderabad-500032; E-mail: prabhat@irdai.gov.in; Telephone: 040 - 20204866; is the UAPA Nodal Officer for the purposes of implementation in the insurance sector.
XV. CONTRACTS EMANATING FROM COUNTRIES IDENTIFIED AS DEFICIENT IN AML/CFT REGIME
Insurers are required to:
i) Conduct enhanced due diligence while taking insurance risk exposure to individuals/entities connected with countries identified by FATF as having deficiencies in their AML/CFT regime.
ii) Pay Special attention to business relationships and transactions, especially those which do not have apparent economic or visible lawful purpose. In all such cases, the background and purpose of such transactions will as far as possible, have to be examined and written findings have to be maintained for assisting competent authorities.
iii) Alert Agents/Brokers/ employees appropriately to ensure compliance with this stipulation.
iv) Go beyond the FATF statements and consider publicly available information when identifying countries which do not or insufficiently apply the FATF Recommendations while using the FATF PublicStatements, being circulated through the Life/ General Insurance Council.
v) Take similar measures on countries considered as high risk from terrorist financing or money laundering perspective based on prior experiences, transaction history or other factors (e.g., legal considerations, or allegations of official corruption).
XVI. REPORTING OBLIGATIONS
i) Insurers shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof.
3. MAINTENANCE OF RECORDS OF TRANSACTIONS (NATURE AND VALUE). –
(1) Every reporting entity shall maintain the record of all transactions including, the record of-
(A) all cash transactions of the value of more than ten lakh rupees or its equivalent in foreign currency;
(B) all series of cash transactions integrally connected to each other which have been individually valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds an amount of ten lakh rupees or its equivalent in foreign currency;]
[(BA) all transactions involving receipts by non-profit organisations of value more than rupees ten lakh, or its equivalent in foreign currency;]
[(C) all cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions;]
(D) all suspicious transactions whether or not made in cash and by way of:
(i) deposits and credits, withdrawals into or from any accounts in whatsoever name they are referred to in any currency maintained by way of:
(a) cheques including third party cheques, pay orders, demand drafts, cashiers cheques or any other instrument of payment of money including electronic receipts or credits and electronic payments or debits, or
(b) travellers cheques, or
(c) transfer from one account within the same banking company, financial institution and intermediary, as the case may be, including from or to Nostro and Vostro accounts, or
(d) any other mode in whatsoever name it is referred to;
(ii) credits or debits into or from any non-monetary accounts such as d-mat account, security account in any currency maintained by the banking company, financial institution and intermediary, as the case may be;
(iii) money transfer or remittances in favour of own clients or non-clients from India or abroad and to third party beneficiaries in India or abroad including transactions on its own account in any currency by any of the following:-
(a) payment orders, or
(b) cashiers cheques, or
(c) demand drafts, or
(d) telegraphic or wire transfers or electronic remittances or transfers, or
(e) internet transfers, or
(f) Automated Clearing House remittances, or
(g) lock box driven transfers or remittances, or
(h) remittances for credit or loading to electronic cards, or
(i) any other mode of money transfer by whatsoever name it is called;
(iv) loans and advances including credit or loan substitutes, investments and contingent liability by way of:
(a) subscription to debt instruments such as commercial paper, certificate of deposits, preferential shares, debentures, securitised participation, inter bank participation or any other investments in securities or the like in whatever form and name it is referred to, or
(b) purchase and negotiation of bills, cheques and other instruments, or
(c) foreign exchange contracts, currency, interest rate and commodity and any other derivative instrument in whatsoever name it is called, or
(d) letters of credit, standby letters of credit, guarantees, comfort letters, solvency certificates and any other instrument for settlement and/or credit support;
(v) collection services in any currency by way of collection of bills, cheques, instruments or any other mode of collection in whatsoever name it is referred to.
[(E) all cross border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency where either the origin or destination of fund is in India;
(F) all purchase and sale by any person of immovable property valued at fifty lakh rupees or more that is registered by the reporting entity, as the case may be.
RULE 7. PROCEDURE AND MANNER OF FURNISHING INFORMATION
(1) Every reporting entity shall communicate to the Director the name, designation and address of the Designated Director and the Principal Officer.
(2) The Principal Officer shall furnish the information referred to in clauses (A), (B), (BA), (C), (D), (E) and (F) of sub-rule (1) of rule 3 to the Director on the basis of information available with the reporting entity. A copy of such information shall be retained by the Principal Officer for the purposes of official record.
(3) Every reporting entity shall evolve an internal mechanism having regard to any guidelines issued by regulator, for detecting the transactions referred to in clauses (A),(B),(BA),(C),(D), (E) and (F) of sub-rule (1) of rule 3 and for furnishing information about such transactions in such form as may be directed by its Regulator.
(4) It shall be the duty of every reporting entity, its designated director, officers and employees to observe the procedure and the manner of furnishing information as specified by [the Director in consultation with] its Regulator.]
EXPLANATION
In terms of Third Amendment Rules notified September 22, 2015 regarding amendment to sub rule 3 and 4 of rule 7, Director, FIUIND shall have powers to issue guidelines to the Insurers for detecting transactions referred to in various clauses of sub-rule (1) of rule 3, to direct them about the form of furnishing information and to specify the procedure and the manner of furnishing information.
ii) The reporting formats and comprehensive reporting format guide, prescribed/ released by FIU-IND and Report Generation Utility and Report Validation Utility developed to assist insurers in the preparation of prescribed reports shall be taken note of. The editable electronic utilities to file electronic Cash Transaction Reports (CTR) / Suspicious Transaction Reports (STR) (Annexure V) which FIU-IND has placed on its website shall be made use of by Insurers which are yet to install/adopt suitable technological tools for extracting CTR/STR from their live transaction data. The Principal Officers of those insurers, whose all branches are not fully computerized, shall have suitable arrangement to cull out the transaction details from branches which are not yet computerized and to feed the data into an electronic file with the help of the editable electronic utilities of CTR/STR as have been made available by FIU-IND on its website https://fiuindia.gov.in.
iii) While furnishing information to the Director, FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a misrepresented transaction beyond the time limit as specified in the Ruleshall be constituted as a separate violation. Insurers shall not put any restriction on operations in the accounts where an STR has been filed. Insurers shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.
iv) Robust software, throwing alerts when the transactions are inconsistent with risk categorization and updated profile of the customers shall be put in to use as a part of effective identification and reporting of suspicious transactions.
XVII. RECORD KEEPING
i) In view of Rule 5 of the PML rules, the insurers, its designated director, Principal Officer, employees are required to maintain the information/records of types of all transactions [as mentioned under Rules 3 and 4 of PML Rules 2005] as well as those relating to the verification of identity of clients for a period of five years.
ii) The records referred to in the said Rule 3 shall be maintained for a period of five years from the date of transaction.
iii) Records pertaining to all other transactions, (for which insurers are obliged to maintain records under other applicable Legislations/Regulations/Rules) insurers are directed to retain records as provided in the said Legislation/Regulations/Rules but not less than for a period of five years from the date of end of the business relationship with the customer.
iv) Records can be maintained in electronic form and/or physical form. In cases where services offered by a third party service providers are utilized.
v) Insurers should implement specific procedures for retaining internal records of transactions both domestic or international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved (if any) so as to provide, if necessary, evidence for prosecution of criminal activity. Insurers should retain the records of those contracts, which have been settled by claim or cancelled, for a period of at least five years after that settlement.
vi) In situations, where the records relate to ongoing investigations, or transactions which have been the subject of disclosure, they should be retained until it is confirmed that the case has been closed. Wherever practicable, insurers are required to seek and retain relevant identification documents for all such transactions and report such transactions of suspicious funds.
vii) In case of customer identification data obtained through the customer due diligence process, account files and business correspondence should be retained (physically or electronically) for at least five years after the business relationship is ended.
viii) In case of non- availability of KYC of the existing clients as per the extant PML Rules or if the records of the existing client are to be updated to comply with the extant PML Rules, the insurers shall obtain the records by / before the next transaction.
XVIII. INFORMATION TO BE MAINTAINED
Insurers are required to maintain and preserve the information as prescribed in Rule 4 of PML Rules in respect of transactions referred in Rule 3 of PML Rules.
RULE (4). Records containing information. - The records referred to in rule 3 [shall contain all necessary information specified by the Regulator to permit reconstruction of individual transaction, including] the following information: -
(a) the nature of the transactions;
(b) the amount of the transaction and the currency in which it was denominated;
(c) the date on which the transaction was conducted; and
(d) the parties to the transaction.
XIX. EXEMPTIONS/ RELAXATION
Notwithstanding the standards mentioned for Simplified Due Diligence of these guidelines, the insurers may exercise different Exemptions/ Relaxations from the stipulated KYC norms in certain conditions, as mentioned below:
i) Under Individual Policies, those individuals who are not able to undergo Aadhaar Authentication due to any injury, illness or old age or otherwise, or they do not wish to go for Aadhaar Authentication, they may submit their Officially Valid Documents (OVDs) at the time of commencement of Account based relationship.
ii) For continued operation of accounts of existing customers having insurance policy of not more than aggregate premium of Rs. 50,000/- in a financial year, exemption from PAN/Form 60 may be granted till such date as may be notified by the central government.
iii) Under an Individual Travel Insurance, for the ‘Policyholder / Insured', KYC may be exempted at the time of commencement of Account based relationship as well as at the time of claim pay out for a value less than Rs. 1,00,000/-.
iv) Under an Individual Health policies, for the ‘Policyholder / Insured' , KYC may be exempted at the time of claim pay out for a value less than Rs. 1,00,000/-.
v) Under All kinds of Group Insurance (Life /General/Health) except Group Credit insurance and Government Schemes, for the member beneficiary/certificate of Insurance (COI) Holders KYC may be exempted at the time of commencement of Account based relationship as well as at the time of claim pay out for a value less than Rs. 1,00,000/-, provided the KYC of Master Policyholders / Juridical Person / Legal Entity and the respective Beneficial Owners (BO) are completed.
However, the above exemptions/relaxations are not acceptable whenever there is a suspicion of money laundering or terrorist financing or where specific higher-risk scenarios apply, basis the Risk Assessment/categorization policy of the insurers.
CONCLUSION
An exhaustive list of documents have been given by way of Annexures to this Master Guidelines.
- ANNEXURE I- LIST OF DOCUMENTS FOR KYCs PURPOSE( Client is other than Individual).
- ANNEXURE II- LIST OF DOCUMENTS FOR KYCs PURPOSE( where client is an individual).
- ANNEXURE III- VIDEO BASED IDENTIFICATION PROCESS.
- ANNEXURE IV- IMPLEMENTATION OF SECTION 51A OF UAPA.
- ANNEXURE V- ILLUSTRATIVE LIST OF SUSPICION TRANSACTIONS.
DISCLAIMER: The article presented here is only for sharing information with readers. The views are personal and should not be taken as professional advice. In case of more understanding and clarity on subject matter do consult with insurance advisors.
ILLUSTRATIVE LIST OF SUSPICIOUS TRANSACTIONS
1. Customer insisting on anonymity, reluctance to provide identifying information, or providing minimal, seemingly fictitious information;
2. Frequent free look cancellation by customers;
3. Assignments to unrelated parties without valid consideration;
4. Request for purchase of a policy in amount considered beyond apparent need;
5. Policy from a place where he does not reside or is not employed;
6. Frequent request for change in addresses;
7. Inflated or totally fraudulent claims e.g. by arson or other means causing a fraudulent claim to be made to recover part of the invested illegitimate funds;
8. Overpayment of premiums with a request for a refund of the amount overpaid;
9. Refund of proposal deposit by cancelling the proposal on request of the customer;
10. Media reports about a customer;
11. Information sought by Enforcement agencies;
12. Unusual termination of policies;
13. Borrowing the maximum loan amount against a policy soon after buying it
Note: The list is only illustrative and not exhaustive. Red Flag Indicators issued by FIU-IND also be taken in account for Suspicious Transaction wherever necessary. For more examples on Suspicious Transactions please visit https://fiuindia.gov.in