KYC Norms and Customer Due Diligence for JAIIB PPB

KYC norms are at the heart of responsible banking in India, forming the first line of defence against money laundering, terrorist financing, and financial fraud — and mastering them is essential for every JAIIB aspirant appearing in the Principles and Practices of Banking paper. Whether you are a fresh bank recruit or a seasoned officer preparing for the examination, a thorough understanding of Know Your Customer (KYC) guidelines will not only help you clear PPB but will also serve you every day at the branch counter.

What Are KYC Norms and Why Do They Matter?

KYC norms refer to the mandatory process through which banks and other regulated financial institutions verify the identity and address of their customers before establishing a business relationship and at regular intervals thereafter. The Reserve Bank of India (RBI) issues the Master Direction — Know Your Customer Direction, which is the principal regulatory instrument governing KYC compliance for all scheduled commercial banks, cooperative banks, payment banks, and small finance banks in India.

The objectives of KYC are threefold: first, to prevent banks from being used, intentionally or unintentionally, as channels for the movement of illicit funds; second, to ensure that banks fully understand their customers' risk profiles; and third, to maintain the integrity and soundness of the banking system. The Financial Action Task Force (FATF) recommendations, to which India is a signatory, underpin the entire framework, giving it an international dimension as well.

From the JAIIB examination perspective, KYC norms appear consistently in questions related to account opening, anti-money laundering (AML), and the Prevention of Money-Laundering Act (PMLA), 2002. Understanding the core elements is therefore non-negotiable for a good score in PPB.

Elements of a Robust KYC Programme

As per the latest RBI Master Direction, every bank's KYC programme must contain four key elements:

• Customer Acceptance Policy (CAP): Clear criteria about who can be accepted as a customer, which categories of customers require enhanced due diligence, and which may be declined.
• Customer Identification Procedures (CIP): Detailed procedures for verifying customers using Officially Valid Documents (OVDs) at account opening and periodically thereafter.
• Risk Management: A risk-based approach (RBA) that classifies customers as low, medium, or high risk, and determines the frequency of periodic KYC updates accordingly.
• Monitoring of Transactions: Ongoing scrutiny of customer transactions to ensure they are consistent with the bank's knowledge of the customer's business and risk profile.

These four pillars are integrated into the broader AML/CFT (Combating the Financing of Terrorism) framework and must be reflected in the bank's internal policy, board-approved guidelines, and staff training programmes. JAIIB candidates should note that the RBI can impose penalties on banks that do not maintain a documented KYC programme.

Practising mock tests covering AML and KYC will sharpen your examination readiness. Visit iibf.store/tests for a large bank of JAIIB PPB practice questions curated by subject experts.

Customer Due Diligence: Procedure and Documents

Customer Due Diligence (CDD) is the process by which a bank collects and verifies information about a customer. CDD is triggered at account opening and must be repeated periodically based on risk category. The RBI recognises the following as Officially Valid Documents (OVDs) for identity and address proof:

1. Passport
2. Driving Licence
3. Proof of possession of Aadhaar number
4. Voter ID card issued by the Election Commission of India
5. Job card issued by NREGA and signed by a State Government officer
6. Letter issued by the National Population Register containing details of name and address

A customer who submits any one of these documents for both identity and address proof satisfies the KYC requirement. However, the Aadhaar-based e-KYC route — available through biometric or OTP authentication using the UIDAI platform — has become the preferred method in urban and semi-urban branches because it eliminates physical document handling and significantly reduces turnaround time for account opening.

Video-based Customer Identification Process (V-CIP) is another RBI-approved route that allows banks to complete KYC remotely through a live, consent-based video interaction. The customer must display the original OVD and a PAN card during the call, and the bank official must record the session for audit purposes. This method is especially relevant for digital banking and was formalised to accelerate financial inclusion during and after the COVID-19 period.

Periodic KYC updates are mandatory: low-risk accounts every ten years, medium-risk every eight years, and high-risk accounts every two years. Banks that fail to update KYC within prescribed timelines must freeze account operations — meaning debit transactions are blocked — until the customer complies.

Sharpen your conceptual clarity on CDD and OVDs by exploring the study resources available on the iibf.store blog, which covers PPB, Legal and Regulatory Aspects of Banking (LRAB), and other JAIIB modules in depth.

Enhanced Due Diligence and High-Risk Categories

Not all customers carry the same risk. The RBI's risk-based approach requires banks to apply Enhanced Due Diligence (EDD) to categories that are more susceptible to misuse. Understanding these categories is critical for the PPB paper.

Politically Exposed Persons (PEPs) are individuals who have been entrusted with a prominent public function, either in India or abroad. Examples include heads of state, senior politicians, senior government officials, senior judicial or military officials, and senior executives of state-owned enterprises. Banks must obtain senior management approval before opening accounts for PEPs, take reasonable measures to establish the source of wealth, and conduct enhanced ongoing monitoring. Domestic PEPs are treated as high-risk customers.

Non-Resident Indians (NRIs) and Foreign Nationals often require additional scrutiny because cross-border fund flows carry heightened AML/CFT risks. Banks must verify the foreign address, obtain passport and visa copies, and in some cases request country-of-origin bank statements.

Non-Face-to-Face Customers — those who open accounts via digital channels, V-CIP, or through agents — are inherently higher risk because the bank cannot physically verify the customer. Banks must apply additional safeguards such as certified copies of documents, first payment through an account with a regulated bank in India, and enhanced transaction monitoring.

Trusts, Companies, and Partnerships require identification of Ultimate Beneficial Owners (UBOs). As per the RBI Master Direction, any individual holding 10% or more of the shares/capital or controlling voting rights in a company must be identified as a UBO and their KYC documents must be obtained.

• For companies: identify all directors, authorised signatories, and beneficial owners holding ≥10% equity.
• For trusts: identify the settler, trustees, beneficiaries, and any person exercising effective control.
• For partnerships: identify all partners and authorised signatories.

Questions on UBOs, PEPs, and EDD are common in JAIIB PPB examinations. Reinforce your understanding by playing the KYC concept matching game on iibf.store — a gamified revision tool that helps you retain key terms quickly.

KYC for Account Opening and Operating: Practical Aspects

Bank officials at the branch level must be aware of the practical application of KYC norms at every stage of the account lifecycle — from onboarding to closure.

At Account Opening: The bank must complete CDD before the account is opened and any transaction is permitted. The customer must fill in an account opening form, submit OVDs, provide a recent photograph, and, where applicable, furnish a PAN card or Form 60/61 as required under the Income Tax Act, 1961. Aadhaar seeding is encouraged but the Supreme Court's ruling in Justice K.S. Puttaswamy v. Union of India (2018) clarified that Aadhaar cannot be made mandatory for private bank account opening.

Customer Profile and Risk Classification: Based on information in the account opening form — occupation, nature of business, expected transaction volume, and country of origin — the bank assigns a risk category. This classification determines the frequency of future KYC reviews and the intensity of transaction monitoring.

Accounts for Small/Vulnerable Customers: The RBI provides for "Small Accounts" — a simplified KYC facility for individuals who cannot furnish OVDs. A Small Account can be opened with a self-attested photograph and a signature or thumb impression. However, these accounts have strict limits: aggregate credits must not exceed ₹1 lakh per year, aggregate withdrawals must not exceed ₹10,000 per month, and the total balance must not exceed ₹50,000 at any time. Small accounts are valid for twelve months initially, extendable by another twelve months if the customer applies for an OVD.

Ongoing Transaction Monitoring: Banks must monitor transactions in real time or near-real time using a Transaction Monitoring System (TMS) or Core Banking Solutions (CBS) alerts. Transactions that are inconsistent with the customer's risk profile, unexplained large cash deposits, or unusual cross-border transfers must be scrutinised and, where warranted, reported to the Financial Intelligence Unit – India (FIU-IND) as Suspicious Transaction Reports (STRs) under the PMLA.

For the latest RBI notifications and circulars related to KYC and AML, bookmark iibf.store/resources/rbi-rates and iibf.store/resources/iibf-news — both updated regularly to keep aspirants abreast of regulatory changes.

KYC and Anti-Money Laundering: The PMLA Connection

KYC norms do not stand alone — they are inextricably linked to the Prevention of Money-Laundering Act, 2002 (PMLA), which imposes legal obligations on "reporting entities" (a category that includes banks) to maintain records, verify identities, and report suspicious transactions. Non-compliance attracts civil and criminal penalties.

Key PMLA obligations for banks include:

• Maintaining records of all transactions (including cash transactions above ₹10 lakh) for five years from the date of the transaction or the date of cessation of business relationship, whichever is later.
• Filing Cash Transaction Reports (CTRs) with FIU-IND for all cash transactions exceeding ₹10 lakh in a calendar month.
• Filing Suspicious Transaction Reports (STRs) within seven working days of concluding that a transaction is suspicious.
• Not "tipping off" the customer that an STR has been filed — disclosure is a criminal offence under PMLA.

The link between KYC and PMLA is a favourite area for JAIIB examiners. A candidate who understands that robust KYC is essentially the foundation of AML compliance — not a separate discipline — will answer such questions with confidence.

Enrol in the comprehensive JAIIB preparation course on iibf.store to access structured video lessons on PPB, LRAB, and all other JAIIB modules. If you are also planning CAIIB, check out the CAIIB course which covers Advanced Bank Management and Bank Financial Management in similar depth.

Mastering KYC norms and Customer Due Diligence is not only essential for passing the JAIIB PPB paper but also for building a sound career in banking compliance. Reinforce every concept covered here with targeted practice: take a full-length PPB mock test on iibf.store today and identify your weak areas before the examination. For the authoritative regulatory text, refer directly to the RBI website, where the latest version of the Master Direction — Know Your Customer Direction is always available.