The Evolution of Customer Due Diligence Norms under Indian Banking Law: A Legal Analysis of KYC and AML Compliance.

Admin

By: Harshitha R, a student at Dayanand Sagar University,Bengaluru.

In today’s fast-changing financial world, Customer Due Diligence (CDD) plays a vital role in ensuring the safety and transparency of banking systems. It requires banks and financial institutions to confirm who their customers are, assess any risks associated with them, and regularly monitor their transactions. In India, this process is mainly carried out through Know Your Customer (KYC) procedures and Anti-Money Laundering (AML) regulations. These systems have evolved significantly over the years, shaped by global developments and the growing threat of financial crimes.

Legal Jargon

  • Know Your Customer (KYC): A regulatory step where banks verify a customer’s identity using official documents.
  • Customer Due Diligence (CDD): A broader concept that includes KYC and also assesses customer risks and monitors financial activities.
  • Anti-Money Laundering (AML): Laws and guidelines aimed at preventing the use of the banking system for hiding or “cleaning” illegal money.
  • Politically Exposed Person (PEP): Someone in a high public position—such as politicians or government officials—who may pose higher corruption risks.
  • Beneficial Owner: The real person who ultimately owns or controls an account, even if not officially named.
  • Financial Action Task Force (FATF): An international body that sets global rules for fighting money laundering and terrorism financing.
  • The Legal Backbone of CDD in India

India’s CDD framework is supported by several important laws and regulatory policies:

  1. Prevention of Money Laundering Act, 2002 (PMLA): The central law that mandates banks to identify, track, and report suspicious transactions.
  2. RBI’s Master Directions on KYC (2016, regularly updated): Detailed rules on how banks should carry out KYC and CDD, including guidelines for digital verification and client monitoring.
  3. Banking Regulation Act, 1949: Grants RBI the authority to issue directions to banks, including those relating to CDD and AML.
  4. Information Technology Act, 2000: Legalizes digital documents and electronic signatures, making e-KYC possible.
  5. FATF Standards: Since joining FATF in 2010, India has worked to align its domestic laws with global best practices in anti-money laundering and counter-terrorism financing.

Abstract

This article reviews how Customer Due Diligence norms have evolved in Indian banking, especially focusing on KYC and AML measures. From minimal early checks to a robust legal and technological framework, the journey reflects India’s effort to meet global standards while ensuring financial inclusion. The article also explores key laws, court rulings, and tech innovations that have shaped this transformation.

Key Judicial Developments

RBI v. Jayantilal N. Mistry (2015):

Issue: Whether internal RBI reports can be made public under RTI.

Importance: Highlighted the need to balance public transparency with customer confidentiality.

Shahid Balwa v. Union of India (2014):

Issue: Accusations of money laundering through shell firms.

Importance: Showed how strong KYC documents help trace illegitimate financial activities.

Union of India v. Hassan Ali Khan (2011):

Issue: Massive foreign account-related money laundering case.

Importance: Exposed how weak CDD systems can be exploited on a global scale.

State Bank of India v. Rajendra Kumar Shukla (2020):

Issue: A customer contested his account being frozen over KYC issues.

Importance: Reaffirmed that banks can legally act if KYC is not followed.

Timeline: Growth of CDD in India

Pre-2000s – No Formal Rules:

Banks followed their own internal policies without uniform standards for customer verification.

2002 – Law Comes Into Play:

The PMLA was introduced, bringing banks under a strict legal regime to track and report suspicious activity.

2005–2015 – Global Standards Adopted:

Post-FATF membership, the RBI issued detailed instructions, including:

Customer risk categorization

  • Enhanced Due Diligence (EDD) for high-risk individuals (like PEPs)
  • Periodic account reviews based on risk levels
  • 2016 – Master KYC Directions:
  • A unified set of rules from RBI brought clarity, covering:
  • Aadhaar-based and offline e-KYC methods
  • Video-based customer identification (V-CIP)
  • Central KYC Registry (CKYCR) for unified records across institutions

Post-2018 – Digital Shift & Legal Checks:

After the Supreme Court’s judgment in Justice K.S. Puttaswamy v. Union of India, Aadhaar use became voluntary. New tech-driven changes included:

  • AI tools to monitor unusual behavior
  • Blockchain for secure data handling
  • Real-time alerts for suspicious transactions

Current Challenges in Implementation

  • Privacy vs Surveillance:

The more data banks collect, the greater the concern over personal privacy. Strong safeguards and clear consent protocols are essential.

  • Risk of Exclusion:

Rural and low-income individuals may be left out if they lack the necessary documents or digital access.

  • Fake Documents and Identity Theft:

Despite new tech, fake IDs and impersonation still pose a threat—especially for smaller institutions.

  • Limited Resources in Small Banks/NBFCs:

Many regional and rural banks find it hard to adopt costly or complex AML software.

  • Global Transactions Are Complex:

Verifying the real owners of foreign accounts or entities remains a legal and logistical challenge.

Conclusion

India’s approach to Customer Due Diligence has come a long way—from informal checks to a highly regulated and tech-enabled system. Laws like the PMLA and RBI’s KYC directives have built a strong foundation, helping banks identify and prevent financial crimes. But with rising digitalization come new challenges—like protecting data, avoiding financial exclusion, and supporting smaller institutions. Going forward, India must strike a balance between security and accessibility, ensuring that its financial system is both safe and inclusive.

FAQs

Q1. How is KYC different from Customer Due Diligence (CDD)?
Ans. KYC, or Know Your Customer, is essentially the first step where banks confirm a customer’s identity using official documents. CDD, on the other hand, goes a step further—it not only checks who the customer is but also looks into what they do, the potential risks they might pose, and keeps track of their financial activities on an ongoing basis.

Q2. Can banks refuse services if someone doesn’t complete KYC?
Ans. Yes, they can. According to the Reserve Bank of India’s rules, if a customer doesn’t finish the KYC process, banks are within their rights to freeze or even close the account. However, they must give proper notice before doing so, as per legal guidelines.

Q3. Is digital KYC accepted under Indian law?
Ans. Definitely. Digital KYC—like Aadhaar-based e-verification and video KYC—is legally recognized by the RBI. The key is that these methods must respect data privacy norms and can only be done with the customer’s clear and informed consent.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *