ARE REGULATED ENTITIES - AIDING OR AVOIDING MONEY LAUNDERING - A STUDY

[Commissioner CESTATHyderabad]

In simpler terms, ‘money laundering’ is the process of converting the proceeds derived out of commission of illegal activity into legitimate income and projecting it as untainted. The activity of money laundering would involve possession, acquisition, concealment and use of the ‘proceeds of crime’ and projecting it or claiming it as untainted property.

In the process of money laundering, large amounts of ill-gotten money viz., ‘proceeds of crime’ is generated through commission of a criminal activity, relating to a scheduled offence such as cheating, forgery of valuable securities, drug trafficking/evasion of taxes and duties etc.  Subsequently, the criminals would project the proceeds of crime as if it is derived from a legitimate source. The money from the criminal activity is considered dirty, and through the process of “laundering”, the criminals will distance the ‘proceeds of crime’ from its illegitimate source and make it look clean. Money laundering is a serious financial crime. It facilitates other serious crimes like terrorism, drug trafficking, corruption, evasion of taxes and other crimes etc.  Therefore, prevention of money laundering has become internationally imperative to drug trafficking, smuggling and terrorist activities etc.  In this article, we shall examine the role and responsibilities of ‘Regulated Entities’ in curbing the money laundering activities in India.

2.  Anti-Money Laundering efforts of RBI:  In terms of the provisions of Prevention of Money Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records), Rules, 2005, as notified by the Government of India, the ‘Regulated Entities’ (REs) are required to follow certain customer identification procedures while undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions.  RE’s shall have to take steps to implement the provisions of the above mentioned rules including operational instructions.  Accordingly, the Reserve Bank of India (RBI), has issued a Master Direction RBI/DBR/2015-16/18 dt. 14.01.2015[1].  These Master Directions are with regard to Know Your Customer (KYC), issued to all the banks and the financial institutions as a measure to control money laundering activities. 

a)  Important Features of the RBI Master Circular: 

The directions contained in the Master Circular shall apply to every entity regulated by RBI and also applicable to those branches and majority, owned subsidiaries of the RE’s which are located abroad, to the extent they are not contradictory to the local laws in the host country.  As per the Master Circular, “Regulated Entities” (RE’s) means-

i)  all Scheduled Commercial Banks/Regional Rural Banks/Local Area Banks/All Primary (Urban) Co-operative Banks/State and Central Co-operative Banks and any other entity which has been licensed under Section 22 of Banking Regulation Act, 1949, which as a group referred as Banks.

ii)  All India Financial Institutions

iii) All Non-Banking Finance Companies (NBFC’s), Miscellaneous Non-Banking Companies (MNBC’s) and Residuary Non-Banking Companies (RNBC’s)

iv) All Payment System Providers (PSP’s) /System Participants (SP’s) and Prepaid Payment Instrument Issuers (PPI Issuers)

v) All Authorized Persons (APS) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator.

b)  The circular stipulated for adherence to following procedures by all the RE’s while undertaking financial transactions with their customers.

1. Customer Acceptance Policy (CAP): All the Regulated Entities (REs) shall frame a Customer Acceptance Policy and they should ensure that no account is opened in anonymous or fictitious/ benami name and no transaction or account-based relation is undertaken without following the Customer Due Diligence (CDD) Procedure.  The mandated information sought by the bank while opening the account during the periodic updation is specified. 
2. Risk Management: For Risk Management, the Regulated Entities shall have a Risk Based Approach which includes the following: a) customers shall be categorized as low, medium and high-risk category based on the assessment and risk perception of the RE.  b) Risk categorization shall be undertaken based on parameters such as customers identity, social/financial status, nature of business activity and information about the customers business and the location etc.,
3. Customer Identification Policy (CIP): REs shall undertake identification of customers in the following cases: i) commencement of an account-based relationship with customers ii) carrying out any International money transfer operation for a person who is not an account holder of a bank etc.,
4. Customer Due Diligence (CDD): For undertaking CDD, the Regulated Entities shall obtain the Aadhar Number, Permanent Account Number and such other documents including the nature of business and the financial status of the customer. 
5. Periodic Updation: REs shall adopt a risk-based approach for Periodic Updation of KYC.  However, Periodic Updation shall be carried out, once in every 8 years for medium risk customers and once in every ten years for low-risk customers form the date of opening of the account and once in two years for high-risk customers.
6. Enhanced and Simplified Due Diligence Procedure: Accounts of politically exposed persons (PEPs): REs shall have the option of establishing a relationship with the PEPs provided that i) Sufficient information including information about the sources of funds, accounts of the family members and close relatives is gathered on the PEPs ii) the identity of the person shall have been verified before accepting the PEP as a customer iii) the decision to open an account for a PEP is taken at a senior level in accordance with the RE’s Customer Acceptance Policy iv) In the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, senior management approval is obtained to continue the business relationship v) all such accounts are subjected to enhanced monitoring on an ongoing basis.
7. Simplified Due Diligence: Simplified Norms Self Help Groups (SHGS): i) CDD for all the members of SHG shall not be required while opening the saving bank of account of SHG ii) CDD of all the office bearers shall suffice.

3. Reporting requirements to Financial Intelligence Unit (FIU): Regulated Entities shall furnish to the Director (FIU-IND), information referred to Rule 3 of the Prevention of Money Laundering (Maintenance of Records), Rules, 2005.  And that record shall be maintained for a period of ten years from the date of cessation of the transactions between the client and the banking company, financial institution or intermediary, as the case may be. The reporting formats and comprehensive formats, prescribed by FIU will assist reporting entities in the preparation reports.  These REs are required to forward Cash Transaction Report (CTR) / Suspicious Transaction Reports (STR) to the FIU.  While furnishing the information to the Director, FIU-IND, delay of each day in not reporting transaction, and mis-representation of transaction shall be constituted as violation.

4. Wire Transfer: REs shall ensure the following while effecting Wire Transfer i) all cross border wire transfers including transactions using credit cards or debit credits shall be accompanied by meaningful information such as name, address and account number or unique reference number in the country concerned account number.  Domestic wire transfers of ₹ 50,000/- and above shall be accompanied by originated by name, address and account number.

3.  Money Laundering and Terrorist Financing Risk Assessment by RE’s:

i)   RE’s shall carryout ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment’ exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk of clients, countries or geographic areas, products, services, transactions or delivery channels etc.

ii)  The risk assessment by the RE shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of activities/structure, etc., of the RE.  Further, the periodicity of risk assessment exercise shall be determined by the Board of the RE, in alignment with the outcome of the risk assessment exercise.  However, it should be reviewed at least annually.

iii)  The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated, and should be available to competent authorities and self-regulating bodies.

iv)  RE’s shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard.  Further, RE’s shall monitor the implementation of the controls and enhance them if necessary. 

4.     Obligations of Reporting Entity under Section 12 of Prevention of Money Laundering Act, 2002 –

1. Every RE have to maintain a record of all transactions covered as per the nature and the value of which may be prescribed, in such manner as to enable it to reconstruct individual transactions;
2. They shall furnish to the Director (FIU) within such time as may be prescribed, information relating to such transactions, whether attempted or executed or the nature and the value of which may be prescribed;
3. They shall verify the identity of clients in such manner and subject to such conditions as may be prescribed;
4. They shall identify the beneficial owner, if any, of such of its clients, as may be prescribed;
5. They shall maintain record of documents evidencing identity of its clients and beneficial owners as well as account files and business correspondence relating to its clients for a period of 5 years in case of records and information relating to transactions;
6. They shall maintain the same for a period of five years after the business relationship between clients and RE as ended or the account has been closed, whichever is later. 

5.     Penalties under Section 13(2)(d) of the PMLA, 2002:

Monetary penalties can be imposed on defaulting RE’s or its designated Director on the Board or any of its employees, which shall not be less than 10,000/- rupees but may extend to 1 lakh rupees for each failure. 

6.     It can be observed that the Know Your Customer (KYC) directions of RBI, discussed in the foregoing paras, were issued as measures to curb and combat the money laundering activities.  The Government of India has also incorporated several obligations for the RE’s in the PMLA, 2002; (Section 12 & 13 of the PMLA Act).  Thus, both the directions of RBI and the provisions of PMLA, 2002, would lay thrust on adherence to the stipulated instructions by RE’s in identification of the customer before allowing them to open an account and to strictly follow the Customer Acceptance Policy, Customer Identification Policy, Customer Due Diligence scrupulously.  The Master Circular also stipulated for periodical updation of the KYC, by categorizing the clients into high risk, medium risk and low risk categories by the REs.  It has also casted a responsibility of forwarding the Cash Transaction Reports (CTRs), Suspicious Transaction Reports (STRs) to the Financial Intelligence Unit (FIU-IND) by the RE’s on a regular basis.  Correspondingly, the provisions of PMLA, 2002, has also vested similar responsibilities on REs.  These provisions further, stipulated that the RE shall maintain the record evidencing their business relationship with the client for 5 years after the business relationship between the client and the RE has ended or the account has been closed, whichever is later.  This provision would help the investigators who wanted to know to the past transactions between the RE and customers for future investigations.  The contents of RBI Master Circular and the corresponding provisions in the PMLA, 2002 with regard to obligations of the REs are measures to curb and combat money laundering activities and would complement with each other.

7.     The RBI, vide Circular RBI/2021-22/35/dated 03.05.2021[2], amended the Master Direction.  The abovementioned circular amended the definition of V-CIP viz., Video-based Customer Identification Process (V-CIP).  This is an alternate method of customer identification with facial recognition and customer due diligence by an authorized official of the RE by undertaking seamless, secure, live, informed-consent based audio-visual interaction with the customer to obtain identification information required for CDD purpose, and to ascertain the veracity of the information furnished by the customer through independent verification and maintaining audit trail of the process.  Such processes complying with prescribed standards and procedures shall be treated on par with face-to-face CIP for the purpose of the Master Direction.  Accounts, both deposit and borrowal, opened using OTP based e-KYC shall not be allowed for more than one year unless identification as per Section 16 or as per Section 18 (V-CIP) is carried out, if Aadhaar details are used under Section 18, the process shall be followed in its entirety including fresh Aadhaar OTP authentication.    

8.     Salient features of the RBI Annual Report for the Financial Year 2020-21 on Bank Frauds: -

a)     Fraud Cases - Bank Group-wise

(Amount in ₹ crore)

Bank Group/ Institution	2018-19		2019-20		2020-21
	Number of Frauds	Amount Involved	Number of Frauds	Amount Involved	Number of Frauds	Amount Involved
1	2	3	4	5	6	7
Public Sector Banks	3,704 (54.5)	64,207 (89.8)	4,410 (50.7)	1,48,224 (79.9)	2,903 (39.4)	81,901 (59.2)
Private Sector Banks	2,149 (31.6)	5,809 (8.1)	3,065 (35.2)	34,211 (18.4)	3,710 (50.4)	46,335 (33.5)
Foreign Banks	762 (11.2)	955 (1.3)	1026 (11.8)	972 (0.5)	521 (7.1)	3,315 (2.4)
Financial Institutions	28 (0.4)	553  (0.8)	15 (0.2)	2,048 (1.1)	25  (0.3)	6,839 (4.9)
Small Finance Banks	115 (1.7)	8 (0.0)	147 (1.7)	11 (0.0)	114 (1.6)	30  (0.0)
Payments Banks	39 (0.6)	2 (0.0)	38 (0.4)	2 (0.0)	88 (1.2)	2 (0.0)
Local Area Banks	1 (0.0)	0.02 (0.0)	2 (0.0)	0.43 (0.0)	2 (0.0)	0 (0.0)
Total	6,798 (100.0)	71,534 (100.0)	8,703 (100.0)	1,85,468 (100.0)	7,363 (100.0)	138,422 (100.0)

b)     Fraud Cases – Area of Operations

(Amount in ₹ crore)

Area of Operation	2018-19		2019-20		2020-21
	Number of Frauds	Amount Involved	Number of Frauds	Amount Involved	Number of Frauds	Amount Involved
1	2	3	4	5	6	7
Advances	3,603 (53.0)	64,539 (90.2)	4,608 (52.9)	1,81,942 (98.1)	3,501 (47.5)	1,37,023 (99.0)
Off-balance Sheet	33 (0.5)	5538 (7.7)	34 (0.4)	2445 (1.3)	23 (0.3)	535 (0.4)
Foreign Exchange Transactions	13 (0.2)	695 (1.0)	8 (0.1)	54 (0.0)	4 (0.1)	129 (0.1)
Card/Internet	1,866 (27.5)	71 (0.1)	2,677 (30.8)	129 (0.1)	2,545 (34.6)	119 (0.1)
Deposits	593 (8.7)	148 (0.2)	530 (6.1)	616 (0.3)	504 (6.8)	434 (0.3)
Inter-Branch Accounts	3 (0.0)	0 (0.0)	2 (0.0)	0 (0.0)	2 (0.0)	0 (0.0)
Cash	274 (4.0)	56 (0.1)	371 (4.3)	63 (0.0)	329 (4.5)	39 (0.0)
Cheques/Demand Drafts, etc.	189 (2.8)	34 (0.1)	201 (2.3)	39 (0.0)	163 (2.2)	85 (0.1)
Clearing Accounts, etc.	24 (0.4)	209 (0.3)	22 (0.2)	7 (0.0)	14 (0.2)	4 (0.0)
Others	200 (2.9)	244 (0.3)	250 (2.9)	173 (0.1)	278 (3.8)	54 (0.0)
Total	6,798 (100.0)	71,534 (100.0)	8,703 (100.0)	1,85,468 (100.0)	7,363 (100.0)	1,38,422 (100.0)

c)     RBI Report Analysis-

1. The number of frauds reported during 2020-21 decreased by 15 per cent in terms of number and 25 per cent in terms of value, vis-à-vis 2019-20 [Table 8(a)].  
2. The share of Public Sector Banks (PSB’s) in total frauds (both in terms of number and value) decreased while that of private sector banks increased during the corresponding period.
3. In terms of area of operations, frauds have been occurring predominantly in the loan portfolio (advances category), both in terms of number and value [Table 8(b)].
4. Though the value of frauds reported in advances category for 2020- 21, in percentage terms, remained almost same as compared to the last year, the incidence of frauds in advances category, in terms of number, has come down over the previous year.  
5. The share of off-balance sheet (in terms of value) has been decreasing since 2018-19.
6. The average time lag between the date of occurrence of frauds and the date of detection was 23 months for the frauds reported in 2020-21.
7. However, in respect of large frauds of ₹ 100 crore and above, the average lag was 57 months for the same period.
8. As regards foreign banks, even though, there is decrease in number of frauds, there is a substantial increase in fraud amount in the Financial Year 2020-21 compared to the previous Financial Year.  

9.    Enforcement Actions (July 2020-March 2021)

Regulated Entity	No. of Penalties	Total Penalty (₹ crore)
Public Sector Banks	3	4.50
Private Sector Banks	2	4.72
Cooperative Banks	39	2.14
Foreign Banks	2	4.00
Payments Banks	1	1.00
Small Finance Banks	-	-
NBFCs	7	3.05
Total	54	19.41

-: Nil.

Source: RBI.

In view of the abovementioned facts, it can be observed that the bank frauds detected in both the public sector and private sector banks has resulted in monetary loss of ₹ 1,28,236/- crores in the Financial Year 2020-21.  The worrying feature of the report is the huge time lag noticed between the date of occurrence of the fraud and the date of detection of frauds.  It is painful to note that the time lag in respect of frauds involving more than ₹ 100 crores and above is 57 months that is nearly five years and for other frauds, the time lag is 23 months.  Another prominent feature of the RBI report is that the frauds were occurring in ‘Advances’ category mostly.  In the Financial Year 2020-21, the fraud amount involved under the ‘Advances Category’ is ₹ 1,37,023/- crores which constitutes 99 percent.  It is worthwhile to remember that in the recent past Vijay Mallya, Mehul Choksi and Nirav Modi cheated the Indian banks taking huge loans, diverted the loan amounts for unintended purposes to other countries, acquired properties abroad and indulged in money laundering activities thereby causing huge losses to Indian banks.  All the above facts would therefore show that the ‘Regulated Entities’ are not scrupulously following the RBI Instructions with respect to Customer Identification Process, Customer Acceptance Policy, Customer Due Diligence stipulated in the Master Circulars.  It seems that they were also not following the KYC (Know Your Client) mechanism stipulated by the RBI.  It is no secret that the bankers sometimes tend to relax the KYC norms to attract deposits and the high-profile customers to improve their business.  Asked about the reason for the said relaxation, they will advocate the ‘stiff market competition concept’ that they had to face with other bankers in attracting the clients.  The casual altitude of the RE’s coupled with not too serious enforcement of KYC’s appear to be mainly responsible for the bank frauds.  Besides the above, cyber-crimes like phishing scams, internet fraud, online intellectual property infringements, identity theft and online harassment and cyberstalking etc., are also responsible for increase in bank frauds.  As a result, the ‘Regulated Entities’ including the banks are unknowingly, aiding the money laundering activities in the country and it is high time to stop/arrest this process by strictly enforcing the rules already made.  Further, to obviate the problem of huge time lag, involved in between the commission of fraud and its detection, enhancement of Fraud Risk Management System including improving efficacy of Early Warning Signal (EWS) framework, strengthening fraud governance and response system, introduction of dedicated Market Intelligence (MI) unit for frauds and implementation of automated unique system generated number of each fraud, already contemplated by the RBI under Agenda for 2021-22 must be scrupulously pursued.  Further, streamlining the process of data collection from all the banks and their off-site assessment and on-site supervision of select banks based on the outcome of risk-based model developed for KYC/Anti-Money Laundering Supervision need to be pursued more vigorously.  Considering the huge volumes of monies involved in the frauds, which may threaten the social and financial security of the nation.  It is felt that ‘Regulated Entities’, which are required to maintain Anti-Money Laundering regulations, may voluntarily register with Financial Intelligence Unit (FIU-IND) to participate in sharing information with each other.  The request can only be made for the purpose of identifying and/or reporting activity that the Entity suspects may be involved in terrorist activity or money laundering.  The information received may only be used for Suspicious Transaction Report (STR) filing, or Suspicious Activity Report (SAR) to determine whether to open or maintain an account or conduct a transaction.  Strict confidentiality about the process must be maintained by all the participants.  Further stern actions need to be taken against erring Regulated Entities.  To act as a deterrent, the Government may mull the idea of imposing high penalties against the top officials of the financial institutions who assisted the process of money laundering directly or indirectly by acting negligently.                                                                

[The author is working as Additional Commissioner, CESTAT, Hyderabad and the views expressed are strictly personal]

 

By L. VENKATESWARA RAO

ADDITIONAL COMMISSIONER (AR), CESTAT, REGIONAL BENCH, HYDERABAD.

[1]Master Circular RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015-16

[2] RBI/2021-22/35 DOR.AML.REC.No. 15/14.01.001/2021-22 dated May 10, 2021