What changed
Previously, NBFCs were required to prepare customer risk profiles and apply enhanced due diligence on higher-risk customers. Now, they must also assess ML/TF risk for countries, geographical areas, products, services, and delivery channels. Boards must approve policies to manage and mitigate these risks using a risk-based approach.
What it means for you
NBFCs need to broaden their AML/CFT framework beyond customer risk profiling to include product, service, and geographic risk assessments. This requires board-approved policies and enhanced measures for medium or high-risk categories. The IBA's risk-based transaction monitoring report can serve as a practical guide. Non-compliance may attract penalties under the RBI Act.
What you must do
- Identify and assess ML/TF risks for customers, countries, products, services, and delivery channels.
- Get board approval for policies, controls, and procedures to manage and mitigate these risks.
- Adopt enhanced due diligence measures for medium or high-risk customers, products, and services.
- Refer to IBA's guidance on risk-based transaction monitoring for practical implementation.
Who it affects
All Non-Banking Financial Companies (NBFCs), Residuary Non-Banking Companies (RNBCs), Compliance and risk management teams at NBFCs, Boards of NBFCs
What is the key new requirement for NBFCs under this circular?
NBFCs must now assess ML/TF risk not only for customers but also for countries, geographical areas, products, services, and delivery channels, with board-approved policies.
Can NBFCs use the IBA's guidance on risk-based transaction monitoring?
Yes, the circular explicitly states that NBFCs may use the IBA's report on parameters for risk-based transaction monitoring as guidance in their own risk assessment.
What happens if an NBFC fails to comply with these guidelines?
Non-compliance or contravention may attract penalties under the relevant provisions of the RBI Act, 1934, as the guidelines are issued under Sections 45K and 45L.