Blog Overview KYC in insurance industry

KYC in insurance industry

KYC in insurance industry

The need for New IRDAI Regulations for KYC & AML

Banking and capital market players already have stringent KYC & AML processes in place. And now, they are also joined by the insurance sector. Under the new IRDAI guidelines for general insurers; performing KYC (Know Your Customer) and AML checks on individuals is now mandatory before onboarding.

These checks help FIs decide if they can trust an individual with their financial services. They also help FIs categorize their customers as per the risk (low, medium, and high) involved.

For those not aware, the insurance sector in India is regulated by the IRDAI – Insurance Regulatory and Development Authority of India. 

On 1st August 2022, IRDAI released a new set of regulations to safeguard the insurance sector against money laundering. While similar standards have always applied for life insurance; it is the 1st time that general insurers have been subjected to stringent onboarding rules. Let’s dive into what the new regulation says. 

6 Key takeaways from the new IRDAI regulations for KYC (and AML) in Insurance 

  1. IRDAI requires the Insurers to conduct customer KYC in this manner:


– KYC for individual customer(s):

  • Make best efforts to determine the true identity of a customer 
  • Put special procedures in place to identify new/existing customers
  • Ensure that no insurance contracts are given to anonymous or fictitious names 
  • Verify identify, address, and the recent photograph of a customer
  • Ask for ‘self-declaration’ when a customer wants to submit an address different than what’s on their Aadhaar card. Otherwise, Aadhar can serve as both, identity and address proof
  • Request OVD (Officially valid documents) from customers who cannot go through Aadhaar authentication due to age, injury, illness, or otherwise

 

-KYC for a juridical person:

(Juridical person is an entity, constituted either by a collection or succession of natural or physical individuals, that can take part in legal actions)

  • Take steps to identify the entity and its beneficial owner(s)
  • Take reasonable steps to identify beneficial ownership

(What is beneficial ownership? – A natural person who ultimately owns or controls an entity on whose behalf the transaction is being conducted, and includes a person who exercises ultimate effective control over a juridical person)

  • Verify that any person purporting to act on behalf of a juridical person is authorized and verify the identity of that person
  • Identify and verify a juridical person’s legal status through various documents to support details like 
  1. The name, legal form, and proof of existence, 
  2. Powers that regulate and bind the juridical persons, 
  3. Address of the registered office/ main place of business, 
  4. Authorized individual person(s), who is/ are purporting to act on behalf of such client
  5. Ascertaining Beneficial Owner(s)

Note: No insurance company shall allow the opening of or keep any accounts that are anonymous, under fictitious names, or on behalf of individuals whose identity has not been disclosed or cannot be verified. 

  1. The KYC processes accepted by IRDAI are:
  • Aadhaar-based KYC through online authentication
  • Aadhaar-based KYC through offline authentication
  • Digital KYC as per PML Rules
  • Video-Based Identification Process (VBIP)
  • Insurers may undertake live VBIP by developing an application (using VKYC service providers like IDfy) that facilitates the KYC process either online or face-to-face in-person verification through video
  • By using the ‘KYC identifier’ allotted to the client by the CKYCR
  • Or by using the customer’s OVD (Officially Valid documents)

Note: Insurers may perform KYC on their potential customers using any one of the above ways

 

  1. In case, during KYC, a customer is found to be a ‘Politically Exposed Person’ (PEP) category, Insurers must follow these:
  • Consult the senior management to get onboarding approval for such proposals 
  • Lay down risk management procedures and practice additional due diligence on PEP as well as their close relatives on an on-going basis. This is also applicable in the case of insurance in which a PEP is the ultimate beneficial owner
  • Notify the senior management about changes in the status of a PEP or about a customer newly transitioning to PEP. In such case, additional due diligence must be practiced

 

  1. In addition to the above, some other mandatory activities for an IRDAI-compliant AML are:
  • Collection of PAN/Form 60 from customers 
  • Under all kinds of Group Insurance (Life /General/Health), KYC must be conducted on the ‘Master Policyholders’ / ‘Juridical Person’ / ‘Legal Entity’, and the respective ‘Beneficial Owners (BO)’. In addition, the Master Policyholders of the group insurance should maintain the details of all the individual members covered in the insurance. Which they should make available to the insurer as and when required
  • Customer information should be collected from all relevant sources, including from agents/intermediaries
  • Care has to be exercised to avoid involvement in insuring assets bought out of illegal funds
  • It is imperative to ensure that the insurance premium should not be disproportionate to the customer’s income/asset
  • At any point of time, where insurers are no longer satisfied about the true identity or the transaction(s) made by a customer, a Suspicious Transaction Report (STR) should be filed with Financial Intelligence Unit-India (FIU-IND) 

 

  1. Insurers must also practice client due diligence as per Rule 9 of PML rules. 
  • Under this, Insurers must practice necessary Client Due Diligence using KYC on both, new and existing customers. They must also practice ongoing due diligence on customers based on the risk levels and the aggregate amount of insurance in a financial year. 

 

  1. To implement Section 51A of the Unlawful Activities (Prevention) Act, 1967 (UAPA), Insurers must:
  • Not enter into a contract with a customer whose identity matches with any person in the UN sanction list or with banned entities and those reported to have links with terrorists or terrorist organizations
  • Periodically check MHA website for an updated list of banned entities
  • Maintain an updated list of designated individuals/entities in electronic form and run a check on the given parameters on a regular basis to verify whether designated individuals/entities are holding any insurance policies with the insurers

 

What has changed for Life and General Insurance companies 

Here’s a comparison between the KYC process at life and general insurance companies before and after the new IRDAI regulations for KYC. 

 

For General Insurers

 

As per old regulation         As per new circular Which circular?
  • KYC (with PoI & PoA) was required only in cases where claim payout/premium refund was greater than Rs. 1 Lakh
  • KYC is mandatory for all customers
  • Simplified due diligence applicable to low-risk customers with an annual premium less than Rs. 10,000 
  • For everyone else, enhanced due diligence is needed. This means identity document verification is mandatory
2013 AML/CFT Guidelines for General Insurers
  • KYC (with PoI & PoA) to be carried out only at the claims/payout stage
  • KYC required for all customers at the time of onboarding
  • KYC needs to be done for all existing customers
2013 AML/CFT Guidelines for General Insurers
  • No clear guidelines for when AML needs to be conducted
  • Few lists mentioned 
  • Clearly states no insurer shall enter into contracts with people whose names appear on certain sanctions lists (UN sanctions, MHA, terrorist links)
  • Number of Lists expanded
2013 AML/CFT Guidelines for General Insurers
  • No mention of PEP checks
  • Mandatory ongoing PEP checks required for all customers
2013 AML/CFT Guidelines for General Insurers
  • No mention of obtaining ‘dubious information from public sources’ about a person
  • Need to obtain this information for risk classification
2013 AML/CFT Guidelines for General Insurers
  • Onboarding mentioned only using KYC documents
  • Onboarding via CKYC and Video KYC are now allowed 
2013 AML/CFT Guidelines for General Insurers
  • KYC of the beneficial owner of the company who is the recipient of the group insurance is not needed
  • KYC of company & Beneficial Owners who are the recipient(s) of the group insurance is mandatory 
  • ‘Details’ of individual policy holders need to be maintained by the company 
2013 AML/CFT Guidelines for General Insurers
  • No connection of Insurance Premium to income/ asset
  • It is imperative to ensure that the insurance premium should not be disproportionate to income/ asset.
2013 AML/CFT Guidelines for General Insurers

 

For Life Insurance 

 

As per old regulation As per new circular Which circular?
  • Only one common proof of address (PoA) & proof of identity (PoI) needed (e.g. if an Aadhaar card is supplied, PAN is not needed) for most cases
  • PAN needed only if the annual premium is > Rs. 1 lakh. Or in case of premium/proposal deposits remittances in cash beyond  Rs. 50,000/-
  • If annual premium < Rs. 10,000, then only PoI is needed (PoA not needed)
  • PAN is mandatory for onboarding all new customers 
  • For existing customers for whom PAN is not available, PAN has to be updated by a deadline. This is necessary for continued operation
2015 Master Directions, 2019 Clarification
  • No mention of PAN in VCIP (Video-Based Customer Identification Process) for customer onboarding
  • Photo of PAN & subsequent database verification needed
2020 VBIP Guidelines
  • Simplified due diligence applicable to all low-risk customers (defined as salaried, lower-income customers, etc.) irrespective of premium amounts
  • Simplified due diligence applicable to low-risk customers with annual premium < Rs. 10,000 (translates to life insurance amount of Rs. 60-70 Lakhs)
  • For everyone else, enhanced due diligence is needed. This means that identity document verification is mandatory along with identifying the source of funds 
2015 Master Directions
  • KYC of the company who is the recipient of the group insurance wasn’t needed
  • KYC of company & Beneficial Owners who is the recipient of the group insurance is needed 
  • ‘Details’ of individual policyholders needed to be maintained by the company 
2015 Master Directions
  • KYC should be carried out at claim payout 
  • Since KYC will be conducted at the time of onboarding, it won’t be needed during the payout stage
2015 Master Directions
  • No connection of Insurance Premium to income/ asset
  • It is imperative to ensure that the insurance premium should not be disproportionate to income/ asset
2015 Master Directions
  • A lot more focus on risk assessment & potential scrutiny on practices