Money & Banking
Operational risks of KYC and AML policies in India

Both know your customer and anti-money laundering processes, which are meant to reduce risks in the Indian banking sector, are themselves fraught with the danger of being caught in the web of operational risks

The Basel guidelines (a set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally) define operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. The Basel guidelines on operational risks also prescribe that banks should keep capital to protect themselves against operational failures. While operational risks arise from various banking activities, one of the key susceptible areas of operational risks that pose challenge for the entire banking system is the facts that know your customer (KYC) and anti-money laundering (AML) processes are not immune from operational risks. Both KYC & AML processes, which are meant to reduce risks are themselves fraught with the danger of being caught in the web of operational risks.

The Cobrapost expose on money laundering revealed it all. Employees across banks were found wanting in the implementation of AML & KYC guidelines. The Reserve bank of India (RBI) ended up penalising 22 banks. The HSBC money laundering case, at the international level, also reflected the role of operational risks in proliferation of money laundering process. During the investigation it was found that HSBC had a vastly understaffed compliance department. At times, only one to four employees were responsible for reviewing alerts identifying suspicious wire transactions. When HSBC processed bulk cash, a business it calls banknotes, only one or two compliance officials oversaw transactions for 500 to 600 customers, which shows a clear cut case of under-staffing.

So how does the operational risk impact the AML and KYC processes in the banks and financial institutions?

This needs to be understood within the context of the famous saying: a chain is as strong as the weakest link in the chain. The weakest link in any chain in the operational process is the human resource. The weaknesses arising from human resource gets aggravated if they are not duly supported by strong processes and technology, two other critical pillar of operational risk management. The weakness in the entire operational procedure can derail the successful implementation of AML and KYC process. Here is an indicative list of risks associated with the people, process and technology.

People-related risks

Process-related risks

Technology-related risks

Untrained or ill-trained human resource

Dominance of check box approach in KYC & AML process

Single view of client missing which means that many banks cannot identify clients opening account based on different identification proofs as one single client. In absence of this multiple operations of clients from different locations cannot be tracked

Revenue generation pressure forcing sales resources to compromise on KYC/AML practices

Risk assessment not always part of the process and is mostly reactionary

Technology resources not good enough to manage complex issues related to of handling of accounts related to high risk clients such as politically exposed persons. Also PEP database is always difficult to manage

Lack of adequate staff and resources to oversee successful implementation of anti money laundering measures

Absence of a robust and ongoing due diligence process

Increasing cost of compliance which requires implementation of high end technology. Since it is not a revenue generating business for the bank, the banks and financial institutions may not be very keen on implementing it

Frontend staff not very strict with implementation of AML & KYC process even in cases when they are well trained

Lack of integration of AML processes in new products launched by banks and financial institutions

Poor data quality of transactions as well as account opening is a big hindrance for effective usage of technology. Banks and regulators need to standardise account opening documents to make technology more effective

Integrity of human resources cannot be gauged. This poses a serious threat to the spread of money laundering. A robust process with multi layer check needs to be implemented

Regulator’s role is reactionary and not pro-active. RBI penalised banks when identified AML fraud in multiple banks

Lack of databases such as which can provide effective management of loopholes in AML process


It has been seen in many cases that banks and financial institutions have not been very particular about strict implementation of AML and KYC.  The regulator has also shown some leniency in this regard. The RBI diluted the full KYC process for medium and low risk clients by issuing a circular, which stated that full KYC exercise will be required to be done at least every ten years for low risk and at least every eight years for medium risk individuals and entities. KYC process in the banks mostly ends with collection of relevant document by the staff at the bank counter and transaction monitoring is assumed to be completed if a customer furnishes his PAN card, which is more of a tax compliance document. The check box approach is dominating the bank system. This means mapping the documents and control points with what customer has declared at the time of account opening.

How the prevailing operational risks can be controlled remains a subject of debate. There is no need to say that the three-pronged approach of involving regulators, policy makers and banks is required. India has been granted. While the Financial Action Task Force (on Money Laundering) (FATF), has stated in its 8th follow up report of mutual evaluation that India has addressed the shortfall in fight against money laundering, much need to be done at the ground level to plug operational risks.

(Vivek Sharma has worked for 17 years in the stock market, debt market and banking. He is a post graduate in Economics and MBA in Finance. He writes on personal finance and economics and is invited as an expert on personal finance shows.)



Minoo Mody

3 years ago

Your comments overlook the harassment we as customers suffer on being called upon to comply with KYC repeatedly. i have received compliance notices every year in some of my a/cs. please save us from this!


Murthy AVSN

In Reply to Minoo Mody 3 years ago

The need for compliance at such a frequency arises only if there is a wide variance from an earlier assessment on the level and type of financial transactions. It is necessary to update the risk profile or redo the " customer due diligence (CDD)" in the event the institution comes across widely varying type and level of transaction. Otherwise, the CDD is not necessiated at such a frequency.
Thanks and regards.

Murthy AVSN

In Reply to Minoo Mody 3 years ago

The need for compliance at such a frequency arises only if there is a wide variance from an earlier assessment on the level and type of financial transactions. It is necessary to update the risk profile or redo the " customer due diligence (CDD)" in the event the institution comes across widely varying type and level of transaction. Otherwise, the CDD is not necessiated at such a frequency.
Thanks and regards.

Gopalakrishnan T V

3 years ago

Operational Risks can be minimised if bank officials do keep a watch on the transactions involving huge amounts based on Exceptional reports generated by the System and have some interactions with those customers once in a while. Further, the banks should have some coordination with the Home affairs Department of each state to gather more information about the terrorists activities and the mode of financing. Money laundering is done and is a complicated procedure which can be traced only through effective and close monitoring of transactions with the aid of IT,human intervention at some sensitive transactions and coordinated approach between the Intelligence bureau of the Government, CBI, police and bank officials. KYC presently in vogue which is nothing but a document verification cannot reduce operational risks. It can only enhance the risks. A


Murthy AVSN

In Reply to Gopalakrishnan T V 3 years ago

I fully agree with the comment.
All the functionaries involved in the task need ( on a continuous basis )to exercise vigil and be willing to prevent Money Laundering and Suspicious transactions.

Dayananda Kamath k

3 years ago

to catch 5% of wrong doers 95% of the customers are being harrassed.what is is follwed as know your cutomers documents than cusotmer.when documents become focus it will lead to frauds because documents can be easily manipulated today. today branch audit is done for target fufilemnt and auditors do not get time to verify opertaions in the account when theydo not get time even for verification of documents. and by chance an auditor does this job deligently he will be considered as an hinderance in business growth and will be harrased.all these exercises are just eye wash to show.



In Reply to Dayananda Kamath k 3 years ago

I too agree with you sir.


3 years ago

There is absolutely no reason for seeking KYC again from regular customers who have filed their documents earlier. Banks' work has been unnecessarily increased by this. They should concentrate on reviewing unusual transactions, dormant accounts with large amounts and do random sample checks on other customers. Instead of this they are wasting time, energy and paper on an exercise that will burden them with documents they do not have resources to review. Really poor thinking - our banking system is being run by inept people, unfit for leadership in today's business environment.


3 years ago

In a nation where "rule of law" (equity, equality under law, speedy justice and objective judicary) has broken down and the rulers are driven by unaccountable greed, lust and ambition, where there is also no universal secondary education and the Nation has been turned into a majoritarian sociometric kleptocracy, KYC and so on imaginary tigers that the Banks themselves can help you circumvent with agents to buy you documents of convenience and all laws are constructed with lop holes for the powerful and levers of extortion. India is for sale. India's rulers are the first traitors and criminals of the land:

Murthy AVSN

3 years ago

RBI needs to ensure that the Money Laundering Reporting Officer ( MLRO )that every Every Financial institution is required to post is having the freedom responsibility to monitor and prevent money laundering transactions and also report the Suspicious transaction.
The interference, in the role of MLRO, by the field functionaries and or business development executives needs to be checked and controlled for prevention of the Money Laundering.

Gujarat Gas Petroleum Corp: Another victim of MoEF?

A non-approved pipeline laid by Gujarat Gas Petroleum threatens to sideline gas supply. Is Gujarat Gas another victim of MoEF vague rules?

It is sad to note that the Gujarat State Petroleum Corporation's $1.8 billion project, which has the potential to produce an estimated 5.7 million standard cubic metres per day (mscmd) to 8.6 mscmd, cannot commence work, simply because it has not got the "clearance" to lay about 10 to 12 kms pipeline, underground, onshore from the authorities!


It may be recalled, that the company struck gas in the off-shore block KG-OSN-2001/3, rechristened as ‘Deen Dayal’, way back in 2005. GSPC holds 80% operating interest, while 10% each are held by Jubilant Energy and GeoGlobal Resources.


This project was awaiting environmental coastal regulatory zone approvals for laying this underground pipeline on the peripheries of Covringa Sanctuary in Andhra and commissioning of the onshore terminal; original plans were to commence trial operations in June, and were postponed by three months to get the "clearances". With the assurances received from the authorities, they revised the target to commence the operations from October 2013.


As per plans, 16 wells are to be drilled; they have now readied four, with pre-commissioning of one platform and the other in advanced stage of completion. In the meantime, sub-sea pipeline has been completed. Though located in the shallow water, the actual reservoir is deep under the sea bed.


According to their engineers, the nature of the reservoir coupled with high pressure and temperature has made it a technically challenging operation. But to take care of their interest, and protect themselves, GSPC will supply imported regassified LNG (R-LNG) to Gujarat Gas from January 2014 till July 2015. This will be a major relief to Gujarat Gas as it will get assured gas supply for a long period. Their dependence on spot LNG will reduce as the supply pact is expected to help it meat nearly 50% of its total R-LNG requirement of 1.3 mmscmd.


The price of gas will be determined in the relevant gas station control systems and it is expected to be formula-based. The details are awaited, in due course.


After assuming charge of the Ministry of Environment and Forests (MoEF), Veerappa Moily, the minister, had stated that he would clear "all pending" matters within one month of his taking over. To his credit, in the first twenty days he has cleared 70 projects valued about Rs1.5 lakh crore (since 24 December 2013) and there is no doubt that he will not leave anything undone by the end of January 2014.


Besides, it is gratifying to note that the MoEF will comply with the recent Supreme Court order establishing an independent regulator to decide on environmental clearances for industrial and other projects. "The body will have a lot of independence and autonomy," Moily said, which is to be welcomed by all.


Unfortunately, for GSPC, they had overlooked to take necessary forest clearance for laying the key pipeline. They had started commissioning the same in non-forest areas. As per rules, commissioning of such infrastructure cannot be initiated unless forest authorities grant clearance for the relevant portion. It appears this omission and subsequent action by the forest authorities led to the cost escalation, on the part of the project contractor! Why should the clearance be needed for work outside the purview of the MoEF jurisdiction? This needs to be clarified.


It now appears that this matter has been taken up by Punj Lloyd, and both sides claim progress in the talks, indicating that they are in the final stages of processing the same, for which further details are expected shortly.


It was hoped that actual gas production would start three months hence, sometimes around October 2013. However, as the situation stands today, it is very unlikely that actual production from the first two wells, which are expected to produce about 100,000 mscmd is likely before May/June this year, which depends upon getting the "clearances".


It is hoped that when we do have a regulator in place to tackle these matters, as mentioned by Veerappa Moily, we do hope that serious actions are taken against those people who are responsible for wantonly delaying the issues on some flimsy ground. They must remember that they cannot delay the national growth in this manner and wrong doers be punished.


(AK Ramdas has worked with the Engineering Export Promotion Council of the ministry of commerce. He was also associated with various committees of the Council. His international career took him to places like Beirut, Kuwait and Dubai at a time when these were small trading outposts; and later to the US.)


Karl Slym's death: Thai police suspect suicide

Tata Motors MD Karl Slym is the second high profile official from the Tata group after Charu Deshpande, to have committed 'suicide'

Karl Slym, managing director of Tata Motors Ltd, died after falling from a hotel room in Bangkok in what police said on Monday could be a possible suicide, says a report from Reuters. This is the second high-profile 'suicide' of a top executive at Tata group company. Last year on 28th June, Charudatta Deshpande (Charu Deshpande), former chief of corporate communication at Tata Steel was found hanging at his home in Vasai near Mumbai.


Slym, 51, had attended a board meeting of Tata Motors’ Thailand unit in the Thai capital and was staying with his wife in a room on the 22nd floor of the Shangri-La hotel. Hotel staff found his body on Sunday on the fourth floor, which juts out above lower floors.


"We didn't find any sign of a struggle," Police Lieutenant Somyot Boonyakaew, who is heading the investigation, told Reuters.


"We found a window open. The window was very small so it was not possible that he would have slipped. He would have had to climb through the window to fall out because he was a big man. From my initial investigation we believe he jumped," the report says.


According to Reuters, Thai police had found a three-page note, written in English, which they were translating into Thai.


Coming back to the Charu Deshpande case, in November Vasai police booked Prabhat Sharma, the head for corporate affairs at Tata Steel for allegedly abetting the suicide of Deshpande. This followed a complaint by Forbes India's former editor Indrajit Gupta against the Tata Steel official for allegedly abetting the suicide of Charu Deshpande.


According to Gupta’s complaint, Charu, a senior official at Tata Steel, was constantly humiliated and harassed between May 2012 and May 2013 following which he took the drastic decision to end his life.


Two diaries of 2012 and 2013 were found in which Charudatta Deshpande had mentioned about the happenings in office. And in one of the pages, he had even written notes and named some Tata Steel officials.


We are listening!

Solve the equation and enter in the Captcha field.

To continue

Sign Up or Sign In


To continue

Sign Up or Sign In



The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Magazine and Lion Stockletter)