IRDAI Regulations for KYC in the Insurance sector, 2022

The need for New IRDAI Regulations for KYC & AML

Banking and capital market players already have stringent KYC & AML processes in place. And now, they are also joined by the insurance sector. Under the new IRDAI guidelines for general insurers; performing KYC (Know Your Customer) and AML checks on individuals is now mandatory before onboarding.

These checks help FIs decide if they can trust an individual with their financial services. They also help FIs categorise their customers as per the risk (low, medium, and high) involved.

For those not aware, the insurance sector in India is regulated by the IRDAI – Insurance Regulatory and Development Authority of India. 

On 1st August 2022, IRDAI released a new set of regulations to safeguard the insurance sector against money laundering. While similar standards have always applied for life insurance; it is the 1st time that general insurers have been subjected to stringent onboarding rules. Let’s dive into what the new regulation says. 

6 Key takeaways from the new IRDAI regulations for KYC (and AML) in Insurance 

1. IRDAI requires the Insurers to conduct customer KYC in this manner:

– KYC for individual customer(s):

• Make best efforts to determine the true identity of a customer 
• Put special procedures in place to identify new/existing customers
• Ensure that no insurance contracts are given to anonymous or fictitious names 
• Verify identify, address, and the recent photograph of a customer
• Ask for ‘self-declaration’ when a customer wants to submit an address different than what’s on their Aadhaar card. Otherwise, Aadhar can serve as both, identity and address proof
• Request OVD (Officially valid documents) from customers who cannot go through Aadhaar authentication due to age, injury, illness, or otherwise

-KYC for a juridical person:

(Juridical person is an entity, constituted either by a collection or succession of natural or physical individuals, that can take part in legal actions)

• Take steps to identify the entity and its beneficial owner(s)
• Take reasonable steps to identify beneficial ownership

(What is beneficial ownership? – A natural person who ultimately owns or controls an entity on whose behalf the transaction is being conducted, and includes a person who exercises ultimate effective control over a juridical person)

• Verify that any person purporting to act on behalf of a juridical person is authorized and verify the identity of that person
• Identify and verify a juridical person’s legal status through various documents to support details like 

1. The name, legal form, and proof of existence, 
2. Powers that regulate and bind the juridical persons, 
3. Address of the registered office/ main place of business, 
4. Authorized individual person(s), who is/ are purporting to act on behalf of such client
5. Ascertaining Beneficial Owner(s)

Note: No insurance company shall allow the opening of or keep any accounts that are anonymous, under fictitious names, or on behalf of individuals whose identity has not been disclosed or cannot be verified. 

2. The KYC processes accepted by IRDAI are:

• Aadhaar-based KYC through online authentication
• Aadhaar-based KYC through offline authentication
• Digital KYC as per PML Rules
• Video-Based Identification Process (VBIP)
• Insurers may undertake live VBIP by developing an application (using VKYC service providers like IDfy) that facilitates the KYC process either online or face-to-face in-person verification through video
• By using the ‘KYC identifier’ allotted to the client by the CKYCR
• Or by using the customer’s OVD (Officially Valid documents)

Note: Insurers may perform KYC on their potential customers using any one of the above ways

3. In case, during KYC, a customer is found to be a ‘Politically Exposed Person’ (PEP) category, Insurers must follow these:

• Consult the senior management to get onboarding approval for such proposals 
• Lay down risk management procedures and practice additional due diligence on PEP as well as their close relatives on an on-going basis. This is also applicable in the case of insurance in which a PEP is the ultimate beneficial owner
• Notify the senior management about changes in the status of a PEP or about a customer newly transitioning to PEP. In such case, additional due diligence must be practiced

4. In addition to the above, some other mandatory activities for an IRDAI-compliant AML are:

• Collection of PAN/Form 60 from customers 
• Under all kinds of Group Insurance (Life /General/Health), KYC must be conducted on the ‘Master Policyholders’ / ‘Juridical Person’ / ‘Legal Entity’, and the respective ‘Beneficial Owners (BO)’. In addition, the Master Policyholders of the group insurance should maintain the details of all the individual members covered in the insurance. Which they should make available to the insurer as and when required
• Customer information should be collected from all relevant sources, including from agents/intermediaries
• Care has to be exercised to avoid involvement in insuring assets bought out of illegal funds
• It is imperative to ensure that the insurance premium should not be disproportionate to the customer’s income/asset
• At any point of time, where insurers are no longer satisfied about the true identity or the transaction(s) made by a customer, a Suspicious Transaction Report (STR) should be filed with Financial Intelligence Unit-India (FIU-IND) 

5. Insurers must also practice client due diligence as per Rule 9 of PML rules. 

• Under this, Insurers must practice necessary Client Due Diligence using KYC on both, new and existing customers. They must also practice ongoing due diligence on customers based on the risk levels and the aggregate amount of insurance in a financial year. 

6. To implement Section 51A of the Unlawful Activities (Prevention) Act, 1967 (UAPA), Insurers must:

• Not enter into a contract with a customer whose identity matches with any person in the UN sanction list or with banned entities and those reported to have links with terrorists or terrorist organizations
• Periodically check MHA website for an updated list of banned entities
• Maintain an updated list of designated individuals/entities in electronic form and run a check on the given parameters on a regular basis to verify whether designated individuals/entities are holding any insurance policies with the insurers

What has changed for Life and General Insurance companies 

Here’s a comparison between the KYC process at life and general insurance companies before and after the new IRDAI regulations for KYC.