More Stories

Informist, Saturday, Nov. 29, 2025

NEW DELHI – The Reserve Bank of India Friday issued master directions detailing Know-Your-Customer norms for non-banking financial companies, in line with international standards recommended by the Financial Action Task Force, to prevent money laundering and terrorist financing. 

The central bank said every NBFC needs to have a KYC policy, with the board of directors, or any committee approving it. The KYC policy will include four key elements – customer acceptance policy, risk management, customer identification procedures, and monitoring of transactions. The policy will incorporate provisions for periodic updation of KYC, any exceptional measures for KYC updation, obtaining a copy of an officially valid document, providing facility to update KYC at any branch, and change of registered mobile number for accounts opened in a non-face-to-face set-up.

Accordingly, NBFCs will have to implement group-wide programmes against money laundering and terror financing collectively. Sharing information on 16 such programmes will include adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.

These directions will apply to all kinds of NBFCs as well as branches and majority-owned subsidiaries of NBFCs located abroad, to the extent they are not contradictory to the local laws in the host country. "In case there is a variance in KYC/AML standards prescribed by the RBI and the host country regulators, branches/subsidiaries of the NBFC shall adopt the more stringent regulation of the two," the central bank said.

Under the guidelines, NBFCs will have to carry out money laundering and terrorist financing risk assessment exercises periodically to identify, assess, and take effective measures. The assessment process will consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. "While preparing the internal risk assessment, the NBFC shall take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the NBFC from time to time," the RBI said.

The central bank also asked NBFCs to form a 'customer acceptance policy', under which NBFCs cannot open any account with an anonymous or fictitious name. 

Further, NBFCs will have to categorise customers into low-, medium-, and high-risk categories, based on its assessment and risk perception. The categorisation will be based on parameters like the customer's identity, social or financial status, nature of business activity, and information about the customer's business and its location, geographical risk covering customers as well as transactions, type of products or services offered, delivery channel used for delivery of products or services, types of transactions undertaken such as cash, cheque, or monetary instruments, wire transfers, forex transactions, among others.

NBFCs will also have to put in place robust digital KYC norms, RBI said. NBFCs have to adopt a risk-based approach for periodic updation of KYC ensuring that it keeps the information or data collected under customer due diligence up-to-date and relevant, particularly where there is high risk. "However, the NBFC shall carry out periodic updation at least once in every two years for high-risk customers, once in every eight years for medium risk customers and once in every 10 years for low-risk customers from the date of opening of the account / last KYC updation," RBI said. 

In line with the Financial Action Task Force, NBFCs have to put in place appropriate risk management systems to determine whether the customer or the beneficial owner is a "politically exposed person". If so, it needs the senior management's approval to open an account, and subject these accounts to enhanced monitoring.

To identify and report suspicious transactions effectively, NBFCs have to implement robust software that generates alerts when transactions are inconsistent with a customer's risk categorisation and updated profile. NBFCs also have to ensure they don't have accounts of persons or groups classified as terrorists and related to unlawful activities, while also ensuring that transactions do not happen with countries that are flagged as "risky" by the Financial Action Task Force, the RBI said. 

This comes in the light of the Financial Action Task Force has been flagging concerns over the growing popularity of online modes for terrorist financing. The agency has uncovered instances of funding using social media, e-commerce platforms and messaging channels, and online transactions with virtual assets using virtual private networks, or VPNs.  End

Reported by Priyasmita Dutta

Edited by Tanima Banerjee

For users of real-time market data terminals, Informist news is available exclusively on the NSE Cogencis WorkStation.

Cogencis news is now Informist news. This follows the acquisition of Cogencis Information Services Ltd. by NSE Data & Analytics Ltd., a 100% subsidiary of the National Stock Exchange of India Ltd. As a part of the transaction, the news department of Cogencis has been sold to Informist Media Pvt. Ltd.

Informist Media Tel +91 (22) 6985-4000

Send comments to feedback@informistmedia.com

© Informist Media Pvt. Ltd. 2025. All rights reserved.