RBI KYC requirements govern customer due diligence, identification, risk categorization, records, and ongoing monitoring. Third-party reliance is sensitive because the regulated entity remains accountable for KYC and AML obligations.
Official source
What the requirement is trying to do
KYC controls prevent regulated entities from onboarding or servicing customers without adequate identification, due diligence, risk assessment, and monitoring. Where third-party reliance is allowed, the firm needs assurance that required information and records can be obtained and relied on.
What teams need to do
- Identify reliance parties, agents, onboarding vendors, data providers, screening tools, and
outsourced KYC operations.
- Document reliance eligibility, scope, records, timing, and accountability.
- Review data quality, auditability, confidentiality, sanctions and AML escalation, and record
retention.
- Monitor exceptions, provider performance, rule changes, and remediation.
Evidence to maintain
- Reliance and provider inventory.
- KYC workflow and customer due diligence records.
- Contracts, procedures, quality assurance, escalation, and record-access evidence.
- Exceptions, issues, remediation, and reporting.
Common gaps
- Screening tools and reliance arrangements are not distinguished.
- Provider data quality is not tested.
- Exception handling lives outside the governance record.
How Halbarad helps
Halbarad helps financial crime teams map reliance parties, providers, workflows, evidence, issues, remediation, and audit trail.
Disclaimer
This guide is for general information only and is not legal advice. Review the official regulation, guidance, and supervisory materials, and consult qualified counsel or compliance advisors for your organization's specific obligations.