What changed
Previously, full KYC updation was required every 5 years for low risk and every 2 years for high/medium risk customers. Now, full KYC is due every 10 years for low risk, every 8 years for medium risk, and every 2 years for high risk. Additionally, a lighter 'positive confirmation' process must be done every 3 years for low risk and every 2 years for medium risk customers.
What it means for you
This reduces the compliance burden on banks and customers, especially for low-risk accounts where documents rarely change. Banks must still conduct ongoing due diligence and transaction monitoring. The new timelines allow more efficient resource allocation, focusing intense KYC efforts on high-risk customers while streamlining processes for others.
What you must do
- Update your bank's KYC policy to reflect the new full KYC timelines: 10 years for low risk, 8 for medium, 2 for high risk.
- Implement a system for positive confirmation every 2 years for medium risk and every 3 years for low risk customers.
- Ensure fresh photographs are obtained from minor customers when they become major.
- Continue ongoing due diligence and transaction monitoring for all customers as per existing AML/CFT guidelines.
Who it affects
Regional Rural Banks (RRBs), State and Central Co-operative Banks, All customers of these banks, especially low and medium risk account holders
What is the new full KYC updation frequency for low risk customers?
Full KYC exercise must be done at least every ten years for low risk individuals and entities.
Do we still need to do anything for medium risk customers between full KYC updates?
Yes, positive confirmation (e.g., via email, letter, or phone) is required at least every two years for medium risk customers.
Are there any changes for high risk customers?
No change for high risk—full KYC remains required at least every two years.