With the rise of fraudulent or suspicious activities or transactions, it is now mandatory for payment service providers to draft and implement Know Your Customer (KYC) and Customer Due Diligence (CDD) policies. The Banks and Financial Institution Regulation Department of the Nepal Rastra Bank (NRB) has enforced these customer identification processes for users transacting through digital wallets. The central bank has put in place this mechanism to identify and verify customers based on prescribed documents, information, and data to control suspicious transactions.
It is essential to identify the beneficiary of transactions to validate their purpose and intention. Despite the convenience of digital transactions, they carry significant risks. Therefore, digital wallets must maintain strong KYC policies to curb and mitigate these risks. Effective customer information and due diligence can minimise reputational, operational, legal, financial and concentration risks for payment service providers. Reputational risk, for example, can result from negative impacts on the market positioning of wallets, affecting their ability to attract employees, customers, funding and business. Any wrongful activities can lead to significant reputational damage for these entities.
There are 26 payment service providers in the country, according to the latest Payment System Indicators Report of the NRB. The central enforced the new requirements by issuing a circular to payment service providers on May 13. This follows NRB’s decision to dissolve one payment service provider for defying its directives, rules, and regulations as per Payment and Settlement Act, 2018 and Payment and Settlement Regulations, 2020. In addition to the stringent measures dated June 3, 2024, due to the dispute of over regulations guidelines, bank accounts of the licensed institutions had been blocked by the central bank until further notice. Although these steps directly impact customers, they are necessary as deviation from the central bank’s regulations can impact the investment sector and damage the economic status of the country. It is necessary to take such measures for the benefit of the economic development of the country.
According to the Payment System Unified Directive, 2023, while loading funds into any wallet and transferring funds from one wallet to another, it is mandatory to disclose the purpose of the transactions. Each entity must fulfil its obligation to work on anti-money laundering and combating financing transactions to prevent fraudulent or any kind of criminal activity through the wallet. As per the guidelines, wallet entities need to verify the transactions performed by customers. It also states that if transactions of Rs 1 million or above are initiated on a continuous basis from one wallet or bank to another, then they shall be reported to the concerned authority as a threshold transaction report with proper analysis within 15 days.
If the KYC and CDD policy is faulty or poorly implemented, it may provide an opportunity for criminal elements to conduct illegal activities. Customer due diligence involves preserving records. Licensed entities are required to maintain these records, including transactions initiated by customers through different modes of payment, for at least five years. It is essential for all reporting entities to identify risk categories based on the nature of transactions and customers' occupations. The risk levels may be classified as high, medium, or low. Banks and financial institutions rigorously follow KYC/CDD policies, identifying politically exposed persons (PEPs) before conducting business activities with the approval of senior management. Payment service providers must also follow these procedures effectively to identify PEPs and verify their details properly to prevent suspicious transactions. According to the Financial Action Task Force recommendations, PEPs are categorised as high-risk due to the volume of their transactions. Reporting entities must also properly verify the details of PEPs' family members.
The KYC policy helps monitor customer accounts and transactions on a daily basis. If any suspicious activities are detected, it is the responsibility of the reporting entity to report these transactions to the financial information unit within seven days of the event. The Financial Information Unit (FIU) of the central bank plays an effective role in monitoring fraudulent activities. The FIU's functions include obtaining transaction details from government entities, banks, financial institutions, and non-financial institutions on a regular basis, maintaining records of transactions, conducting preliminary inquiries for investigation purposes, and regulating financial institutions in the subsequent process. Reporting entities are required to examine the documents and transaction activities of their customers. If any suspicious transactions are detected, they should be reported to the FIU for investigation purposes.
Managing operational risk is a complex process for every organisation. According to the Financial Action Task Force, countries need to establish a financial intelligence unit to report suspicious transactions and other transactions associated with predicate offences that impact the country's reputational risk. Therefore, it is imperative for every payment service provider in Nepal to follow the central bank's rules and regulations to mitigate reputational risk.
Tracing fraudulent transactions is essential also because the country's economy is at stake. It is important to understand that this is not a burden but beneficial for the country. It is the duty of every customer to provide clear and detailed information in the KYC form as it makes it more convenient for reporting entities. A strong KYC policy helps prevent businesses from being used for illegal activities. In today's competitive business environment, operational excellence is crucial for a competitive advantage. The most significant operational risk involves a breakdown in internal controls and corporate governance. Such breakdowns can lead to financial loss through error, fraud, or failure to perform in a timely manner, compromising the interests of financial technology.
It is essential for every payment service provider to follow KYC and CDD measures stringently. Non-compliance will result in penalties as per the Payment System Unified Directive, 2023. Licensed institutions must work effectively and adhere to the guidelines and regulations prescribed by the central bank. The customer due diligence principle involves identifying customers based on the nature of their business, the volume of transactions, and any other documents prescribed by related entities.
This process must be effectively performed before maintaining business activities. If any unwanted activity or transaction is detected, the person may be liable for fines or imprisonment for up to four years, according to the Money Laundering Prevention Act, 2008. KYC principles involve verifying the credibility of customer details and transactions and taking effective action against fraudulent or suspicious activities. To protect the country from being a vehicle for laundering funds through digital transactions, Nepal Rastra Bank has been bringing good governance policies for the betterment of the country's economic development.
(Pant is Operation Executive at Nepal Clearing House Limited)
(The opinion article was published on the August issue of the New Business Age magazine .)