What changed
RBI observed that banks are not fully implementing KYC/AML guidelines, leaving them vulnerable to operational risk. It now mandates a time-bound completion of risk categorization and customer profile updates for all existing customers, with a hard deadline of end-March 2013. This directive follows earlier circulars from 2008 and the Monetary Policy Statement 2012-13.
What it means for you
Banks must urgently review and update customer risk profiles and identification data to meet regulatory standards. Failure to comply could increase operational risk exposure and invite supervisory action. This is a clear signal that RBI expects rigorous, not just cosmetic, adherence to KYC/AML norms.
What you must do
- Complete risk categorization and profile updates for all existing customers by March 31, 2013.
- Establish a system for periodic review of risk categorization and customer data updation.
- Ensure monitoring and closure of alerts in accounts is done effectively.
- Review current KYC/AML processes to close any gaps in compliance, both in letter and spirit.
Who it affects
Regional Rural Banks (RRBs), State Co-operative Banks (StCBs), Central Co-operative Banks (CCBs)
What is the deadline for completing risk categorization and profile updates?
The deadline is end-March 2013, as per the Monetary Policy Statement 2012-13 and this circular.
Why is RBI emphasizing this now?
RBI observed laxities in implementing KYC/AML guidelines, which leave banks vulnerable to operational risk. This circular aims to enforce stricter compliance.
Does this apply to all customers or only new ones?
It applies to all existing customers. Banks must complete risk categorization and compile/update profiles for their entire customer base.