KYC Norms and Customer Due Diligence in Indian Banks Explained

KYC Norms — Know Your Customer rules — are the foundation of safe, compliant banking in India. They require every bank to identify its customers, verify their identity and address, understand the nature of their transactions, and monitor accounts for suspicious activity. For JAIIB candidates studying Principles and Practices of Banking, mastering KYC norms and customer due diligence (CDD) is essential, because these rules sit at the centre of anti-money-laundering law and protect both the bank and the financial system from misuse.

The Legal Basis of KYC Norms in India

The KYC norms followed by Indian banks flow from the Prevention of Money Laundering Act (PMLA), 2002 and its rules, operationalised through the RBI's Master Direction on Know Your Customer. The PMLA obliges banks, as reporting entities, to verify the identity of clients, maintain records and report prescribed transactions to the Financial Intelligence Unit-India (FIU-IND).

The RBI Master Direction lays down the detailed procedures — what documents to collect, how to classify customers by risk, and when enhanced checks apply. The Banking Regulation Act, 1949 gives the RBI its supervisory authority to enforce these standards. Together, this architecture ensures that no account is opened anonymously and that banks can trace the beneficial owner behind every relationship. Candidates using the JAIIB course should note that KYC is not a one-time formality but a continuous obligation that runs through the life of the account.

The Four Key Elements of KYC

The RBI framework structures KYC norms around four core elements that every bank's KYC policy must cover:

• Customer Acceptance Policy (CAP): the criteria under which a bank agrees to open an account — no anonymous or benami accounts, no accounts in fictitious names.
• Customer Identification Procedure (CIP): establishing identity using reliable, independent documents at onboarding and at any point of doubt.
• Customer Due Diligence (CDD): understanding the customer's profile, expected transaction pattern and source of funds.
• Ongoing Monitoring: watching transactions for consistency with the customer's known profile and flagging anomalies.

These four pillars work together. A strong CAP prevents bad actors at the gate, CIP confirms who the customer really is, CDD assesses the risk they carry, and ongoing monitoring catches behaviour that changes over time. Practising scenario-based questions on the IIBF mock tests helps cement how these elements apply in branch operations.

Customer Due Diligence and Risk Categorisation

Customer due diligence is the analytical heart of KYC norms. At onboarding, banks collect identity and address proof, ascertain the purpose of the account, and identify the beneficial owner — the natural person who ultimately owns or controls the customer, especially for companies, trusts and partnerships. Based on this, the customer is placed in a risk category: low, medium or high.

Risk categorisation drives the intensity of checks. Low-risk customers (salaried individuals, government departments) undergo simplified due diligence and less frequent periodic updation. High-risk customers — politically exposed persons (PEPs), non-resident clients from sensitive jurisdictions, trusts with complex ownership, or accounts with unusual activity — attract Enhanced Due Diligence (EDD), including senior-management approval and closer monitoring. Periodic KYC updation is required at intervals tied to risk: typically every ten years for low risk, eight years for medium, and two years for high risk. This risk-based approach lets banks focus resources where the money-laundering threat is greatest.

Documents, e-KYC and Digital Onboarding

To satisfy KYC norms, customers submit Officially Valid Documents (OVDs) for proof of identity and address. The recognised OVDs include the passport, driving licence, Aadhaar (Proof of possession), Voter ID, NREGA job card and a letter from the National Population Register. PAN is generally required for tax-related and higher-value transactions.

India has digitised onboarding significantly. e-KYC using Aadhaar-based authentication (with customer consent), Video-based Customer Identification Process (V-CIP), and the Central KYC Records Registry (CKYCR) all reduce paperwork and duplication. For small, low-value accounts, a Small Account can be opened with relaxed documentation under defined limits. Banks must still comply with PMLA recordkeeping and report cash transactions and suspicious transactions to FIU-IND, which you can read more about at the Financial Intelligence Unit-India website. You can also track regulatory updates on the IIBF news page.

Reporting Obligations and Common Compliance Pitfalls

Identification is only half the job; banks must also report. Under the PMLA rules, reporting entities file Cash Transaction Reports (CTRs) for cash transactions above the prescribed threshold of ten lakh rupees in a month, Suspicious Transaction Reports (STRs) whenever activity appears inconsistent with a customer's profile regardless of amount, Counterfeit Currency Reports (CCRs), and reports on cross-border wire transfers. These go to FIU-IND, which analyses them and shares intelligence with enforcement agencies. Records must be preserved for a minimum of five years from the date of the transaction or the end of the relationship.

Common pitfalls that branch staff must avoid include accepting incomplete or photocopied documents without verifying originals, failing to identify the beneficial owner behind a corporate account, neglecting periodic updation, and not escalating unusual transactions. Tipping off a customer that an STR has been filed is itself an offence. Strong staff training, a board-approved policy, an independent principal officer and regular internal audit are the controls that keep a bank compliant. These operational realities are exactly what the JAIIB syllabus expects candidates to appreciate, because they translate directly into day-to-day branch responsibilities.

Why KYC Norms Matter for Bankers and the Exam

Robust KYC norms protect banks from being used as conduits for money laundering, terror financing, fraud and tax evasion. Lapses invite heavy regulatory penalties and reputational damage, which is why frontline staff must apply these rules diligently at account opening and throughout the relationship. For JAIIB PPB, expect questions on the four elements, OVDs, risk categories, periodic updation intervals and the role of FIU-IND. Strengthen your conceptual base by reading more guides on the iibf.store blog and practising application-style questions.

Conclusion

KYC norms and customer due diligence are the first line of defence against financial crime and a guaranteed scoring area in JAIIB PPB. Learn the four elements, the OVD list, risk categories and the PMLA-FIU reporting chain, then reinforce them through practice. Ready to test your knowledge? Take a free JAIIB mock test on iibf.store or enrol in the complete JAIIB preparation course to master Principles and Practices of Banking.