Customer Acceptance Policy - CAP - of a Bank
There should be a clear customer acceptance policy that lays down explicit criteria for acceptance of customers. The Customer Acceptance Policy should ensure that explicit guidelines are in place on the following aspects of customer relationship in the bank.
- No account can be opened in anonymous or fictitious or in benami names
- Parameters of risk perception are clearly mentioned in terms of the nature of business activity, mode of payments, location of customer and his clients, volume of turnover, social and financial status etc. to enable categorization of customers into low, medium and high risk (banks may choose any suitable classification like level I, level II and level III); customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorized even higher
- Documentation necessities and other information to be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of the Prevention of Money Laundering (PML) Act, 2002 and guidelines issued by Reserve Bank (RBI) from time to time
- Accounts must not be opened nor should an existing account be closed where the bank is unable to apply appropriate customer due diligence measures i.e. bank is unable to verify the identity and / or obtain documents required as per the risk classification due to non cooperation of the customer or non reliability of the data / information provided to the bank. It may, however, be essential to have suitable built in safeguards to avoid harassment of the customer. For example, decision to close an account may be taken at a reasonably high level after giving due notice to the customer explaining the grounds for such a decision
- Situations, in which a customer is permitted to act on behalf of another person / entity, must be clearly spelt out in conformity with the established law and practice of banking as there could be occasions when an account is operated by a mandate holder or where an account may be opened by an intermediary in a fiduciary capacity
- There must be checks before opening a new account so as to make sure that the individuality of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists, terrorist organizations etc.
- Banks must prepare a profile for each new customer based on risk categorization. The customer profile must contain information relating to the customer’s identity, social / financial status, nature of business activity, information about his clients’ business and their location etc. The nature and level of due diligence will depend on the risk perceived by the bank. However, while preparing customer profile banks must take care to seek only such information from the customer, which is appropriate to the risk category and is not intrusive. The information provided by the customer for KYC compliance while opening an account is confidential and revealing any details thereof for cross selling or any other purpose would be in breach of customer confidentiality obligations. Any other information from the customer must be sought separately with his/ her permission and after opening the account. Banks are to stringently ensure compliance with their obligations to the customer in this regard.
- For the purpose of risk categorizations, individuals excluding high net worth individual and entities whose individuality and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile may be categorized as low risk. Descriptive examples of low risk customers might be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments and Government owned companies, regulators and statutory bodies etc. In such cases, the policy may require that only the basic requirements of verifying the identity and location of the customer be met. Customers that are likely to pose a more than average risk to the bank may be classified as medium or high risk depending on customers background, nature and location of activity, country of origin, sources of funds and his client profile, etc. Banks may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, particularly those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence may include :
- Non-resident customers
- High net worth individuals
- Trusts, charities, NGOs and organizations receiving donations
- Companies having close family shareholding or beneficial ownership
- Firms with sleeping partners
- Non-face to face customers
- Those with dubious reputation as per public information available, etc
- It is important to keep in mind that the adoption of customer acceptance policy and its implementation must not become too restrictive and should not result in denial of banking services to general public, especially to those, who are financially or socially disadvantaged.