The Covid-19 pandemic over the last two years has not stopped the Reserve Bank of India (RBI) and the Financial Intelligence Unit India (FIU-IND) from cracking the whip on the cooperative banking sector. For the second year in a row, the sector was hit with the highest number of penalties.
Changes introduced in 2020 to the Banking Regulation Act brought urban cooperative banks under the direct supervision of the RBI, treating them at par with commercial banks. The RBI seems to be utilizing the regulatory and supervisory oversight accorded to it through enforcement actions on cooperative banks to fix compliance issues.
Besides, the Mutual Evaluation of India by the Financial Action Task Force (FATF) is already underway and fixing strategic deficiencies is critical to demonstrating technical compliance and effectiveness. Cooperative banks are one such sector perceived as having weaker Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) controls compared to traditional banks.
Penalties Increase Seven-fold in FY 2021-22
The RBI and FIU-IND collectively penalized 41 banks and financial institutions in Financial Year (FY) 2021-22 (from April 2021 to March 2022) for various deficiencies in their Know Your Customer (KYC) and AML programmes. The number of institutions penalized almost doubled from 21 in the previous year to 41 in FY 2021-22. In sharp contrast to the previous year, the Reserve Bank of India (RBI) was more active than the FIU-IND in FY 2021-22, penalizing 37 institutions as against only 4 in the previous year.
The total penalty amount was a thumping 6.7 times more than in the previous year increasing from INR 1,67,40,000 (USD 2,21,670) in the previous year to INR 11,23,50,000 (USD 1,486,851) in FY 2021-22.
It is important to note that the penalty amount levied by the RBI for AML/KYC deficiencies could be significantly overstated. This is because the RBI India may levy cumulative penalty for multiple violations or contraventions (including other than KYC/AML violations) but does not provide a breakdown by each violation separately. Accordingly, penalties levied upon 24 out of the 37 FIs penalized by the RBI were for multiple violations that included AML/KYC as one of the areas for which the institution was penalized.
Penalties Increase Seven-fold in FY 2021-22
34 out of the 41 banks and financial institutions (FIs) penalized during the year were cooperative banks, while in the previous year, 14 out of the 21 FIs penalized were cooperative banks. Within this sector, the highest number of penalties were levied on non-scheduled urban cooperative banks. The average penalty amount levied on cooperative banks has also increased significantly from INR 1,06,429 in FY 2020-21 to INR 10,38,235 in FY 2021-22.
Besides cooperative banks, a few non-banking finance companies (NBFCs), banks and payment system operators were also on the list in FY 2021-22. The average penalty amount for NBFCs was INR 13,50,000, higher than that for cooperative banks.
Only one public sector bank and one private sector bank made it to the list. However, penalty amounts were higher in these two cases, with Bank of India levied an INR 4,00,00,000 penalty by the RBI in June 2021 for AML/KYC violations (among other compliance lapses). Axis Bank on the other hand was levied a penalty of INR 25,00,000 by the RBI in September 2021, exclusively in connection with AML/CFT failures within a specific customer account.
Just as the RBI does not provide a breakdown of the penalty value spread over multiple violations, in most cases it also does not provide the specific reason why a bank was penalized other than indicating that there was ‘non-compliance with the directions issued by RBI on KYC’. Accordingly, the reason for levying the penalty was not known in the case of 14 penalties levied by the RBI.
For institutions where the reason was published, the failure to ensure categorization of customers based on risk assessment and risk perception, and its periodic review were among the prime areas for violation.
Other reasons include:
- No system to generate alerts and monitor suspicious transactions
- Process for risk categorization of accounts and its periodical review
- Not allotted Unique Customer Identification Codes (UCICs) to all its new and existing customers
- Not completed KYC updates
- Issues with specific customer account/s
All the penalties levied by the FIU-IND were for lapses in reporting such as non-submission or delayed reporting, primarily for cash transaction reports (CTRs).
Risk categorization and monitoring suspicious transactions are the pillars of a robust AML/CFT programme in an organisation. Lapses in these fundamental areas signal a lack of intent to comply with AML/CFT regulations.
In our conversations with institutions in these sectors, spending on AML/CFT controls is perceived as a cost center. Smaller institutions routinely cite lack of budgets to spend on technology and systems for KYC, screening, and monitoring. They also do not get approvals from top management to spend on training and awareness generation for their staff.
While the measures to enforce compliance on institutions with weaker controls are justified, there is a need to significantly increase AML/CFT awareness and capacity building in a holistic manner in sectors such as cooperative banks and NBFCs.