Cholamandalam Investment and Finance Company Limited (Cholamandalam) may be used unwittingly as intermediaries for the transfer or deposit of monies derived from criminal activity. In order to be able to identify any such activity, Cholamandalam must know its customers and the kinds of activity in which they would reasonably be expected to engage.
An effective Customer Identification Program (“CIP”) is an important part of the effort by Cholamandalam to know its customers. The Cholamandalam CIP is integrated into the AML (Anti Money Laundering) program for the company in terms of the Prevention of Money Laundering Act, 2002 and the relevant rules notified thereunder, which contains provisions requiring the Business processes to:
verify the identity of any Person transacting with the Company to the extent reasonable and practicable
maintain records of the information used to verify a customer’s identity, including name, address and other identifying information; and
consult lists of known or suspected terrorists or terrorist organizations provided to Cholamandalam by any applicable government agency to determine whether a Person opening an account appears on any such list.
Cholamandalam will perform appropriate, specific, and where necessary, Enhanced Due Diligence on its customers that is reasonably designed to know and verify the true identity of its Customers and to detect and report instances of criminal activity, including money laundering or terrorist financing. The procedures, documentation, types of information obtained and levels of KYC due diligence to be performed will be based on the level of risk associated with the relationship (products, services, Business processes, geographic locations) between Cholamandalam and the Customer and the risk profile of the Customer. Each Business Process shall establish standards and procedures for performing KYC due diligence and Enhanced Due Diligence that are appropriate given the associated risks of their business and their particular Customers. Such standards and procedures shall comply with the requirements of law applicable to such business and the jurisdiction in which it operates and shall incorporate the components detailed below, except to the extent that compliance would conflict with requirements of law of a particular jurisdiction.
Cholamandalam shall take reasonable measures to ascertain and verify the true identity of all Customers who transact with Cholamandalam. Each Business Process shall design and implement specific due diligence standards and procedures that are appropriate given the nature of the respective businesses, Customers, and the associated risks. Such standards and procedures shall include, at a minimum, the following elements:
Each Business Process shall implement procedures to obtain from each Customer, prior to transacting, the following information as may be relevant, to that business:
1) Name; (procedures should require Business processes to use reasonable efforts to ensure that the name recorded on Cholamandalam systems as the customer will be exactly the same as (and not merely similar to, or a variation of) the name that appears on any identifying documentation reviewed in connection with the loan);
2) For individuals, date of birth;
3) Address including the documentary proof thereof;
For an individual, a residential
or business street address;
For a Person other than an individual (such as a corporation, partnership, or trust) a principal place of business, local office, or other physical location
Other than as set forth in
Above, mailing addresses (including post office boxes) are not sufficient to satisfy this requirement.
4) Telephone/Fax number:
5) Identification number;
A taxpayer identification number; passport number and country of issuance; alien identification card number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. When opening an account for a Person (other than an individual) that does not have an identification number, the Business Process must request alternative government-issued documentation certifying the existence of the business or enterprise;
For a Customer who has applied for, but has not received a taxpayer identification number, an Account may be opened, but each Business Process shall implement procedures to confirm that the application was filed before the Customer opens the Account and to obtain the taxpayer identification number within a reasonable period of time after the Account is opened.
The list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company is given as annexure 2 to this policy. These should be appropriately covered in the credit policies of the respective businesses and communicated to the credit approving authorities. Any deviations to the approved list of documents can be approved by the Credit Head of that business with an appropriate justification.
The list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company is given as annexure 2 to this policy. These should be appropriately covered in the credit policies of the respective businesses and communicated to the credit approving authorities. Any deviations to the approved list of documents can be approved by the Credit Head of that business with an appropriate justification.
Each Business Process as a part of the credit policy shall document and implement appropriate risk-based procedures designed to verify that it can form a reasonable belief that it knows the true identity of its Customers. Verification of Customer identity should occur before transacting with the customer. Procedures for each Business Process shall describe acceptable methods of verification of Customer identity, which may include verification through documents or non-documentary verification methods that are appropriate given the nature of the Business Process, the products and services provided and the associated risks.
i)Verification through documents. These documents may include, but are not limited to:
For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; or
For a Person other than an individual (such as a corporation, partnership, or trust), documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or trust instrument.
The list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company is given as annexure 2 to this policy. These should be appropriately covered in the credit policies of the respective businesses. The customer verification processes will be covered in detail in the credit policies of every business.
ii) Verification through non-documentary methods. These methods may include, but are not limited to:
Contacting or visiting a Customer;
Independently verifying the Customer’s identity through the comparison of information provided by the Customer with information obtained from a consumer reporting agency, public database, or other source;
Checking references with other financial institutions; or
Obtaining a financial statement.
iii) Additional verification procedures. If applicable, the Business Process verification procedures should address situations where:
A person is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard;
The Business Process associate is not familiar with the documents presented;
The Account is opened without
obtaining documents;
Where the Business Process is otherwise presented with circumstances that increase the risk that it will be unable to verify the true identity of a Customer through documents; and
If the Business Process cannot verify the identity of a Customer that is other than an individual, it may be necessary to obtain information about Persons with authority or control over such Account, including signatories, in order to verify the Customer’s identity.
Each Business Process shall document and implement procedures to resolve information discrepancies and to decline or cease to do business with a Customer when it cannot form a reasonable belief that it knows the true identity of such Customer or cannot adequately complete necessary due diligence. These procedures should include identification of responsible decision makers and escalation paths and detailed standards relating to what actions will be taken if a Customer's identity cannot be adequately verified.
The business shall have a system of internal reporting of suspicious transactions and cash transactions greater than Rs.10 lakhs, whether such transactions comprise of a single transaction or a series of transactions integrally connected to each other, and where such series of transactions take place within a month;
Further, the Compliance officer shall furnish information of the above mentioned transactions to the Director, Financial Intelligence Unit – India (FIU-IND) at the prescribed address in the formats prescribed in this regard including the electronic filing of reports.
Provided that where the principal officer, has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued greater than Rs.10 lakhs so as to defeat the provisions of the PMLA regulations, such officer shall furnish information in respect of such transactions to the Director within the prescribed time.
Each Business Process shall document and implement appropriate procedures to retain records of KYC due diligence and anti money laundering measures. The Business Process shall implement, at a minimum, the following procedures for retaining records
a. Transactions for which records
need to be maintained:
All cash transactions of the value of more than Rs.10 lakh or its equivalent in foreign currency.
All series of cash transactions integrally connected to each other which have taken place in a single month and where the aggregate value of these transactions exceeds Rs.10 lakhs or its equivalent foreign currency.
All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place.
All suspicious transactions whether or not made in cash
b. Information to be preserved:
The information required to be preserved with respect to the above transactions are the nature of transactions, amount and the currency in which it was denominated, date of transaction and the parties to the transaction.
c. Periodicity of retention:
The following records shall be retained for a minimum period of ten years after the related account is closed:
The Customer identification information and residence identification information including the documentary evidence thereof
All other necessary records pertaining to the transactions that could be produced as evidence for prosecution of persons involved in criminal activity
Further, a description of the methods used to verify Customer identity as well as a description of the resolution of any discrepancies in verification shall be maintained for a period of at least Ten (10) years after such record was created.
The above records shall be made available to the competent authorities upon request.
Each Business Process shall implement procedures for providing Customers with adequate notice that Cholamandalam is requesting information and taking actions in order to verify their identity. Each Business Process shall determine the appropriate manner to deliver the notice, which shall be reasonably designed to ensure that the Customer is able to view or is otherwise given such notice prior to Account opening.
The requirements of the earlier sections are not applicable to Accounts opened prior to, on or after the effective date of this Manual by existing Customers, provided that the Business Process has previously verified the identity of the Customer and the Business Process continues to have a reasonable belief that it knows the true identity of the Customer. Further, transactions in existing accounts should be continuously monitored and any unusual pattern in the operation of the account should trigger a review of the due diligence measures.
Cholamandalam is primarily engaged in retail finance. It does not deal with such category of customers who could pose a potential high risk of money laundering, terrorist financing or political corruption and are determined to warrant enhanced scrutiny. The existing credit policies of the Company in respect of its various businesses ensure that the Company is not transacting with such high risk customers. The Company shall conduct Enhanced Due Diligence in connection with all Customers or Accounts that are determined to pose a potential high risk and are determined to warrant enhanced scrutiny. Each Business Process shall establish appropriate standards and procedures for conducting Enhanced Due Diligence, which shall involve conducting appropriate additional due diligence or investigative actions beyond what is required by standard KYC due diligence. Enhanced Due Diligence shall be coordinated and performed by Cholamandalam, who may engage appropriate outside investigative services or consult appropriate vendor sold databases when necessary. Each Business Process shall establish procedures to decline to do business with or discontinue relationships with any Customer when Cholamandalam cannot adequately complete necessary Enhanced Due Diligence or when the information received is deemed to have a significant adverse impact on reputational risk.
All the customers under different product categories are categorized into low, medium and high risk based on their profile. The Credit manager while appraising the transaction and rendering his approval shall categorise the profile of the customer. Following is an indicative categorization for the guidance of businesses. Where businesses believe that a particular customer falling under a category mentioned below is in his judgement falling in a different category, he may categorise the customer so, so long as appropriate justification is provided in the customer file. Low Risk Category
Salaried Individual
irrespective of networth
Exposure of the
Company is less than or equal to Rs 15 Lacs towards the client
1.Public Limited
companies
Exposure of the
Company is less than or equal to Rs 15 Lacs towards the client
In case Lending
against Residential Property
(self occupied propoerty) – If
the client provides IT return
for the past two years.
Medium Risk Category
High Networth Individuals (Networth greater than 25 Lacs)
Exposure of the
Company is less than or equal to Rs 15 Lacs towards the client
Client falling under the category of Trust, NGO’s
Closely held public limited cos with less than 50 members
Private Limited companies
Partnership Firms
Note:Even if one applicant falls under the medium risk category, the loan will be categorized as medium risk loan.
High Risk Category
Negative list of Clients
Terrorist list of clients as circulated by Compliance from time to time
Politically Exposed Person of Indian/Foreign Origin
Ongoing monitoring is an essential element of effective KYC procedures. Cholamandalam can effectively control and reduce the risk only if it has an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account. The different business divisions should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. High-risk accounts have to be subjected to intensified monitoring. Company should put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures.
The Company should establish appropriate procedures and ensure effective implementation of KYC guidelines. The implementation procedure should cover proper management oversight, systems and controls, segregation of duties, training and other related matters.
Company’s internal audit and compliance functions will play a role in evaluating and ensuring adherence to the KYC policies and procedures.
As a general rule, the compliance function should provide an independent evaluation of the company’s own policies and procedures, including legal and regulatory requirements.
Internal Auditors should specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard.
The compliance in this regard may be put up before the Audit Committee of the Board on quarterly intervals.
There shall be an ongoing employee training programme so that the members of the staff are adequately trained in KYC procedures. Training requirements should have different focuses for frontline staff, compliance staff and staff dealing with new customers. It is crucial that all those concerned fully understand the rationale behind the KYC policies and implement them consistently.
If required the Company may prepare specific literature/ pamphlets etc. so as to educate the customer of the objectives of the KYC programme. The Company on an ongoing basis will educate the front desk staff, the branch staff and the new joinees on the elements of KYC through various training programmes and e-mails.
The above guidelines shall also apply to the branches.
Appointment of Principal Officer
Ms. P Sujatha is designated as Principal Officer who shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law.
In the case of any applications from trust/nominee or fiduciary accounts the Company should determine whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary.
If in doubt of the persons behind the customer, the Company may insist on receipt of satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also obtain details of the nature of the trust or other arrangements in place. Company should take reasonable precautions to verify the identity of the trustees and the settlors of trust (including any person settling assets into the trust), grantors, protectors, beneficiaries and signatories. Beneficiaries should be identified when they are defined. In the case of a 'foundation', steps should be taken to verify the founder managers/ directors and the beneficiaries, if defined.
Accounts of companies and firms
Company needs to be vigilant against business entities being used by individuals as a ‘front’ for transactions. Company should examine the control structure of the entity and identify the natural persons who have a controlling interest and who comprise the management.
These requirements may be moderated according to the risk perception e.g. in the case of a public company.
Client accounts opened by
professional intermediaries
Where the transaction is with a professional intermediary who in turn is on behalf of a single client, that client must be identified.
Accounts of Politically Exposed
Persons (PEPs) resident outside
India
Politically exposed persons are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
The Company offers products primarily to Indian residents only. The Company if extending any finance to non residents should check if he is a PEP and check all the information available on the person in the public domain. The decision to transact with the PEP should be taken only by the Head of credit of the respective businesses supported by appropriate verification. Businesses should also subject such accounts to enhanced monitoring on an ongoing basis. The above norms may also be applied to the contracts of the family members or close relatives of PEPs.
In an event of an existing customer or the beneficial owner of an existing account, subsequently becomes a PEP, the Company shall obtain the approval of Management Committee to continue the business relationship and subject the account to the KYC due diligence measures as applicable to the customers of PEP category including enhanced monitoring on an ongoing basis.
Accounts of non-face-to-face
customers
The Business shall not do any transactions with non-face-to-face customers.
Customer Identification Procedure
Features to be verified and
documents that may be obtained from
customers
KYC Documents for Identification and
verification
Identity
Proof
Individual:
- Valid Passport
- Valid PAN card
- Valid driving license
- ration card with photo
- bank pass book with photo
attested and latest
statement,
- employee photo ID card
issued by Govt
- ESIC medical cards with
photo,
- Registered property documents with photograph
- Any other government issued ID proofs like post office ID card, UID etc.,
Others:
- Certification of incorporation or other incorporation documents
- Valid PAN card
- Board Resolution
- Shop & establishment Act
certificate
- Sales tax registration
certificate
- MOA/AOA with registration
certificate
- Registered partnership
deed.
Address
Proof
- Valid
passport
- Voter identity card,
- Valid driving license,
- Latest property tax
receipt,
- Ration card
-
Latest Telephone bill – landline and postpaid mobile bills (Not more than six months old)
- Latest Utility bills( Not more than six months old)
- Bank account statement (Not more than six months old)
- Registered property documents
- Any other government issued address proofs like post office address card, UID/ID card issued by PSUs and Govt. companies
- Registered Lease deed along with utility bill in the name of the landlord
Others:
- Shops and establishment
certificate,
- Sales tax registration,
- Registered lease deed,
- Latest property tax bills(Not more than six months old)
- Latest telephone bills (Not more than six months old)
- Latest utility bills. (Not more than six months old)
Note: All the customers namely applicant, co applicants and guarantor shall have valid ID proof as prescribed above
(i) The National Credit Manager has the power to approve the following document in lieu of ID and address proof
A certificate from the public authority (i.e) Gazette Officer of State or Central Govt.,/Magistrate/MRO/VRO/Gram Panchayat Sarpanch.
A certificate from the public authority (i.e) Gazette Officer of State or Central Govt.,/Magistrate/MRO/VRO/Gram Panchayat Sarpanch.
(ii) The National Credit Manager jointly with the Business Head has the power to approve the following documents in lieu of ID and address proof. In lieu of
Identity proof
Notarized copy of Marriage certificate with the applicant photograph.
In lieu of address proof
Unregistered rental agreement along with rent receipt and utility bill of the Landlord.
In case the customer has a temporary address being a transit arrangement provided by real estate builder – Allotment letter issued by the builder + permanent address proof
In deserving cases where there is no address proof for one of the applicants or guarantors, an affidavit signed by Close Relative (only in case of spouse, parents or children) confirming that the co applicant / guarantor is staying together in the same address.
(iii) In the event of any genuine reason for non availability of any of the prescribed documents under this policy, the Managing Director, Business Head and Compliance Officer, any two jointly, are authorized to approve any alternate document based on the merits of that case.
