Guidelines On Detecting STR For Coop Banks

Guidelines on detecting suspicious transactions under Rule 7(3) of the PML Rules, 2005 (2016)
Confidential
Guidelines on detecting suspicious transactions under

Rule 7(3) of the Prevention of Money Laundering
(Maintenance of Records) Rules, 2005
for Cooperative Banks .
Warning
This document is confidential and is intended for the use of Designated Director, Principal Officer and the
AML team only. Any circulation of this note to any other persons is prohibited. Co-operative Banks are
advised to ensure absolute confidentiality of this document .
Confidential
INDEX
S.No.
I
II
III
Title
Page No.
General
Detection and furnishing information in respect of suspicious

transactions
Annexures
Annexure A - Alert indicators (Red Flag Alerts) for Centralized
AML cell.
Annexure B Alert Indicators for Branches
16
Annexure C Details of the element of Suspicion in the new

reporting format.
19
Annexure D Illustrative Example of Grounds of Suspicion.
25
Annexure E Indicative List of High / Medium risk customers.
28
Annexure F Indicative List of High / Medium risk Products &

Services.
31
Annexure G Indicative List of high / Medium Risk

Geographies.
32
Confidential
1.
General
The Prevention of Money Laundering Act, 2002 (PMLA) brought into force with effect from 1 stJuly,
2005, is applicable to all the Reporting Entities (RE) as defined in the said Act. Section 12 of the PMLA
places certain obligations on the reporting entities which are as follows:
(a)
(b)
(c)
(d)
(e)
Maintain a record of all transactions, including information relating to transactions covered under
clause (b), in such manner as to enable it to reconstruct individual transactions;
Furnish to Director within such time as may be prescribed, information relating to such
transactions, whether attempted or executed, the nature and value as may be prescribed.
Verify the identity of its clients in such manner and subject to such conditions as may be
prescribed.
Identity the beneficial owner, in any, of such of its clients, as may be prescribed;
Maintain record of documents evidencing identity of its clients and beneficial owners as well as
account files and business correspondence relating to its clients.
The Prevention of Money Laundering Rules (PML Rules) have been framed under the PMLA.
Rule 3 of the PML Rules specifies the transactions, the records of which are to be maintained.
Rule 7 of the PML Rules prescribes the procedure and manner of furnishing information,
including an obligation to evolve an internal mechanism for detecting the prescribed
transactions. Rule 8 of the PML Rules prescribes the time of furnishing such information and
Rule 9 of the said Rules prescribes the procedure and manner of verification of records of
identity of clients.
The RE, its Designated Directors on the Board and employees are responsible for omissions and
commissions in relation to the reporting obligations under Chapter IV of the PMLA.
Rule 7 (1) of the PML, Rules requires that every RE should communicate to Director, FIU-IND,
the name, designation and address of the Designated Director and the Principal Officer. Rule (2)
(1) (ba) of the PML Rules defines Designated Director to mean a person designated by the
reporting entity to ensure overall compliance with the obligations imposed under Chapter IV of
the Act and the Rules and includes:(i) the managing Director or a whole time Director duly authorized by the Board of
Directors if the reporting entity is a company,
(ii) the managing partner if the reporting entity is a partnership firm,
(iii) the proprietor if the reporting entity is a proprietorship concern,
(iv) the managing trustee if the reporting entity is a trust
(v) a person or individual, as the case may be, who controls and manages the affairs of the
reporting entity if the reporting entity is an unincorporated association or a body of
individuals, and
(vi) Such other person or class of persons as may be notified by the Government if the
reporting entity does not fall in any of the categories above.
3
Confidential
Principal Officer is defined in Rule (2) (1) (f) to mean an officer designated by a RE.
The role of the Designated Director is to ensure overall compliance with the obligations imposed
under Chapter IV of the PMLA and to keep the Board informed of the AML/CFT issues. The
role of the Principal Officer is to furnish all information to director, FIU-IND under Rule 7 and 8
of the PML Rules. Thus the role of the Designated Director is larger and includes all obligations
under Chapter IV of the PMLA.
In exercise of powers conferred under Rule 7(3) of the PML Rules, these guidelines are being
issued by Director, Financial Intelligence Unit-India (FIU-IND) for detecting suspicious
transactions referred to in Rule 3 (1) (D) of the PML Rules in consultation with the Regulator.
These guidelines are illustrative. The reporting entities are advised to generate any other alert, as
they deem fit, to track suspicious transactions based on the definition of suspicious transactions
as given in Rule 2 (g) and also based on maintenance of records of transactions (nature and
value) as given in Rule 3 (1)(D) of the PML Rules.
2.
Detection and furnishing information in respect of suspicious

transactions
2.1
Relevant Rules under the PML Rules
Rule 7(3) of the PML Rules empowers the Director, FIU-IND to issue guidelines in consultation with the
regulator with regard to transactions referred to in Rule 3(1). Rule 3(1)(D) of the PML Rules pertains to
suspicious transactions.
The terms transaction and suspicious transaction have been defined in the Prevention of
Money Laundering Rules (PML Rules) as follows:
Transaction is defined under Rule 2(h) of the PML Rules and means a purchase, sale, loan, pledge, gift,
transfer, delivery or the arrangement thereof and includes(i)
(ii)
(iii)
(iv)
(v)
(vi)
(vii)
Opening of an account
Deposits, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or
by cheque, payment order or other instruments or by electronic or other non-physical means.
The use of a safety deposit box or any other form of safe deposit.
Entering into any fiduciary relationship.
Any payment made or received in whole or in part of any contractual or other legal
obligation.
Any payment made in respect of playing games of chance for cash or kind including such
activities associated with casino and.
Establishing or creating a legal person or legal arrangement.
Suspicious transaction is defined under Rule 2(g) of the PML Rules and means a transaction whether or
not made in cash which, to a person acting in good faith4
Confidential
(i)
(ii)
(iii)
(iv)
gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; as
per schedule A to PMLA; or
appears to be made in circumstances of unusual or unjustified complexity; or
appears to have no economic rationale or bonafide purpose; or
gives rise to a reasonable ground of suspicion that it may involve financing of activities
relating to terrorism.
Rule 8 of the PML Rules provides the timelines for reporting of transactions to FIU-IND. As per Rule
8(2) of the PML Rules, the Principal Officer of a RE is required to furnish the information regarding a
suspicious transaction not later than seven working days on being satisfied that the transaction is
suspicious.
As per Rule 8 (4) of the PML Rules, delay of each day in not reporting a transaction or delay of each day
in rectifying a mis-reported transaction beyond the time limit as specified in the rule shall constitute a
separate violation and penalty can be levied under section 13 of the PMLA.
2.2
Identification and Assessment of Risks
2.2.1 Rule 9(12) of the PML Rules requires every reporting entity to exercise ongoing due diligence with
respect to the business relationship with every client and closely examine the transactions in order to
ensure that they are consistent with their knowledge of the client, his business and risk profile and where
necessary, the source of funds. It has also been prescribed that when there are suspicions of money
laundering or financing of the activities relating to terrorism or where there are doubts about the adequacy
or veracity of previously obtained client identification data, the reporting entity shall review the due
diligence measures including verifying again the identity of the client and obtaining information on the
purpose and intended nature of the business relationship, as the case may be. The reporting entity is also
required to apply client due diligence measures to existing clients on the basis of materiality and risk, and
conduct due diligence on such existing relationships at appropriate times or as may be specified by the
regulator, taking into account whether and when client due diligence measures have previously been
undertaken and the adequacy of data obtained.
2.2.2 Rule 9(13) of the PML Rules requires every reporting entity to carry out risk assessment to identify,
assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients,
countries or geographic areas, and products, services, transactions or delivery channels. The risk
assessment should(a) be documented;
(b) consider all the relevant risk factors before determining the level of overall risk and the
appropriate level and type of mitigation to be applied;
(c) be kept up to date; and
(d) be available to competent authorities and self-regulating bodies.
2.2.3 RE should identify the criteria to measure potential money laundering and financing of terrorism
risks of both the customers and transactions.
5
Confidential
2.2.4 Risk associated with a geographic area, in conjunction with other risk factors, provides useful
information as to potential money laundering risks. Factors that may result in a determination that certain
geographic areas pose a higher risk include:
Countries subject to sanctions, embargoes or similar measures issued by, for example, the United
Nations (UN). In addition, in some circumstances, countries subject to sanctions or measures
similar to those issued by bodies such as the UN, but which may not be universally recognized,
may be given credence by a company because of the standing of the issuer and the nature of the
measures.
Countries identified by the Financial Action Task Force (FATF) as non-cooperative countries and
territories (NCCT) in the fight against money laundering or identified by credible sources as
lacking appropriate money laundering laws and regulations.
Countries identified by credible sources as providing funding or support for terrorist activities
Countries identified by credible sources as having significant levels of corruption, or other
criminal activity.
2.2.5 Similarly, risks posed by a client provide significant input into the overall money laundering risk
assessment. Below listed characteristics of clients have been identified with potentially higher money
laundering risks:
Cash (and cash equivalent) intensive businesses including:

o
o
o
money services businesses (remittance houses, money transfer agents and bank note
traders)
casinos, betting and other gambling related activities, or
businesses that while not normally cash intensive, generate substantial amounts of cash
for certain transactions.
Unregulated charities and other unregulated not for profit organisations (especially
those operating on a cross-border basis).
Dealers in high value or precious goods (e.g jewel, gem and precious metals dealers, art
and antique dealers and auction houses, estate agents and real estate brokers).
Clients that are Politically Exposed Persons or PEPs
2.3
Detecting suspicious transactions
2.3.1
Alert Generation
Alert generation is a process by which the preliminary details of suspicious/unusual transactions are
generated to enable the Principal Officer (PO) to analyse and review the details and arrive at a conclusion
as to whether a transaction is suspicious.
An alert is the first step in identification of a suspicious transaction and is a red flag which is generated
arising out of a transaction. Once the alert is generated, it has to be analysed to confirm whether the
transaction is ultimately suspicious or not based on the above definition.
Confidential
2.3.2
Source of Alert
i.
System Dependent: A Cooperative Bank must have system in place to generate alerts
based on certain threshold on the transactions of the client to identify suspicious
transactions. Details of probable system based alerts are at Annexure A.
ii.
System Independent: All Co-operative Banks need to have a mechanism of raising

alerts/triggers from employees, media reports, law enforcement agency queries etc.
Efforts should be made to create awareness on reporting of unusual transactions. Details
of probable system independent alerts are at Annexure B.
2.3.3
Review and Management of Alerts
An element of subjectivity and application of mind of the Principal Officer (PO) is involved in the
decision making process for reporting suspicious transactions. The PO is expected to gather as much
information as possible from all relevant sources, to arrive at the decision on an alert. The PO and the
staff assisting him in execution of AML/CFT guidelines should have timely access to customer
identification data, other KYC information and records.
While the activities of analysing alert and preparing the documents for managing the alert can be
delegated within the AML compliance team, the ultimate analysis and decision making rests with the PO.
The records verified by and papers related to this decision need to be recorded and retained for audits.
Where the PO is of the opinion that a transaction is not reportable, decision on closure and reporting
should be taken by the PO and it must be ensured that reason for not reporting the suspicious transactions
are clearly recorded.
An independent review of the process of generation of alerts by an independent person, would confirm
whether all the alerts which are required to be generated, are indeed generated as per the rules. The
responsibility of deciding on the alerts and reporting/non-reporting of the Suspicious Transactions to FIUIND cannot be delegated to any regional team members as there is a risk of the information being tippedoff.
The PO also needs to review the list of alerts and the approach from time to time to ensure that the
reporting mechanism is complete and is in line with the expectations. It is equally important that the PO
conducts surprise checks of the data being monitored by the AML compliance unit and check few random
transactions to ensure that there is no gap and all unusual transactions have been indeed highlighted to the
PO on a regular basis.
2.3.4
Process for filing of STRs through FINnet
The PMLA and the PML Rules require every reporting entity (which includes Co-operative Banks) to
furnish prescribed reports, including suspicious transaction report (STR) to FIU-IND. The reports are to
7
Confidential
be furnished through the FINnet gateway portal (FINgate), covering the details mentioned in Annexure C
which is an extract of the Reporting Format Guide. Details like information regarding clients,
Receipt/payment received from client should be covered under ground of suspicion. A few illustrative
examples of Grounds of Suspicion and Subjective test for identifying suspicious transactions are given
in Annexure D.
Indicative list of customers with potentially high ML/TF risk is given in Annexure E. Indicative
list of high / medium risk products and services is given in Annexure F. Indicative list of high/medium
risk geographies is given in Annexure G. FIU-IND website www.fiuindia.gov.in, should be referred to
for detailed guidance regarding registration and filing of reports. Detailed FAQs are also available in the
website along with other relevant user guides.
Confidential
Annexure - A
Alert Indicators (Red Flag Alerts) for centralised AML cell :
S. No.
1
Alert Indicator
Indicative Rule / Scenario

Match of customer details with individuals/
WL1.1 - Match with UN list
entities on various UNSCR Lists

2
WL1.2 - Match with UAPA List
Match of customer details with designated

individuals/entities under UAPA
WL1.3 - Match with other TF list
Match of customer details with TF suspects on lists

of Interpol, EU, OFAC, Commercial lists (WorldCheck, Factiva, LexisNexis, Dun & Bradstreet etc.)
and other sources
WL2.1
Match
with
other
Match of customer details with criminals on lists of
criminal list
Interpol, EU, OFAC, Commercial lists (WorldCheck, Factiva, LexisNexis, Dun & Bradstreet etc.)
and other sources
TM1.1
High
value
cash
Cash deposits greater than INR [X1] for
deposits in a day
individuals and greater than INR [X2] for non

individuals in a day
Top [N] cash deposits in a day
TM1.2
High
value
cash
Cash withdrawals greater than INR [X1] for
withdrawals in a day

Top [N] cash withdrawals in a day
TM1.3 - High value non-cash
Non-Cash deposits greater than INR [X1] for
deposits in a day

Top [N] non-cash deposits in a day
Non-Cash withdrawals greater than INR [X1]
withdrawals in a day
for individuals and greater than INR [X2] for

non individuals in a day
9
Confidential
S. No.
Alert Indicator

Top [N] non-cash withdrawals in a day
TM2.1
High
value
cash
deposits in a month
Cash deposits greater than INR [X1] for

individuals in a month
Top [N] cash deposits in a month
10
TM2.2
High
value
cash
withdrawals in a month
Cash withdrawals greater than INR [X1] for

Top [N] cash withdrawals in a month
11

deposits in a month
Non-Cash deposits greater than INR [X1] for

Top [N] non-cash deposits in a month
12

withdrawals in a month
Non-Cash withdrawals greater than INR [X1]

for individuals and greater than INR [X2] for
non individuals in a month
Top [N] non-cash withdrawals in a month
13
TM3.1 - Sudden high value

transaction for the client
Value of transaction is more than [Z] percent

of the previous largest transaction for the client
(or client profile)
14
15
16
TM3.2 - Sudden increase in
Value of transactions in a month is more than
value of transactions in a month
[Z] percent of the average value for the client
for the client
(or client profile)
TM3.3 - Sudden increase in
Number of transactions in a month is more
number of transactions in a
than [Z] percent of the average number for the
month for the client
client (or client profile)
TM4.1 - High value transactions

in a new account
Transactions greater than INR [X] in newly

opened account within [Y] months
10
Confidential
S. No.
Alert Indicator
17
TM4.2 - High activity in a new
Number of transactions more than [N] in newly
account
18
opened account within [Y] months
TM5.1 - High value transactions

in a dormant account
19
account within [Y] days of reactivation
TM5.2 - Sudden activity in a

dormant account
20
TM6.1
High
transactions
Transactions greater than INR [X] in dormant
Number of transactions more than [N] in

dormant account within [Y] days of reactivation
value
inconsistent
cash
Cash transactions greater than INR[X] by
with
customer with low cash requirements such as
profile
Students, Housewife, Pensioners, Wages and

salary Person and Minor Accounts
21
TM6.2
High
cash
activity
inconsistent with profile
Number of cash transactions greater than [X]

by customer with low cash requirements such
as Students, Housewife, Pensioners, Wages
and salary Person and Minor Accounts
22
of
cash
Cash deposits in amounts ranging between
below
INR
INR 9,00,000/- to INR 9,99,999.99) in multiple
10,00,000 in multiple accounts
accounts of the customer greater than [N]
TY1.1
deposits
Splitting
just
in a month
23
TY1.2
times in a month
Splitting
of
cash
deposits just below INR 50,000
Deposit of cash in the account in amounts

ranging between INR 40,000/- to INR 49,999/greater than [N] times in [Y] days
24
TY1.4
Routing
of
funds
through multiple accounts
Transactions greater than INR[X1] between

more than[N] accounts aggregating to more
than[X2] on the same day
25
TY1.5 - Frequent low cash

deposits

INR [X1] to [X2] greater than [N] times in [Y]
days
11
Confidential
S. No.
Alert Indicator
26
TY1.6 - Frequent low cash

withdrawals
Cash withdrawals in amounts ranging between

days
27
TY2.1 - Many to one fund

transfer
28
recipient
TY2.2 - One to many fund

transfer
29
TY3.1
TY3.2
Funds sent by one remitter to by more than [N]

recipients
Customer
providing
different details to avoid linkage

30
Funds sent by more than [N] remitters to one
Multiple
customers
working together
Customer provided different IDs or
Date of
Birth at different instances

Common address/telephone used by multiple
unrelated customers
Common IDs used by multiple customers
Group of individuals conducting transactions at
the same time
31
TY4.1 - Repeated small cash
deposits followed by immediate
ATM withdrawals in different
days followed by immediate ATM withdrawals
location
32
in different location
TY4.2 - Repeated small value
Account to account transfer (RTGS/ NEFT)
transfers from unrelated parties
from unrelated parties in amounts ranging
followed
between INR [X1] to [X2]
by immediate
ATM
withdrawals
greater than [N]
times in [Y] days followed by immediate ATM

withdrawals
33

inward
remittance
Inward remittance (especially from high risk
from
countries) from unrelated parties in amounts
unrelated parties followed by
ranging between INR [X1] to [X2] greater than
immediate ATM withdrawals
[N] times in [Y] days followed by immediate

ATM withdrawals (especially other banks
12
Confidential
S. No.
Alert Indicator

ATMs)
34

inward
remittance
unrelated
parties
from
used
for
Inward remittance (especially from high risk

countries) used for purchase of communication
equipments, tickets, hotel booking etc.
specified activities
35
TY5.1 - Majority of repayments

in cash
Card repayments greater than INR [X] amount

in cash in [Y] days
Card repayment in cash is greater than
[Z]
percent of repayments in [Y] days

36
TY5.2 - Large debit balance in

credit card
37
TY5.3
Debit balance in credit card is greater than

INR[X]
Large
value
card
transactions for purchase of
Card usage greater than INR [X] for jewellery

(MCC 5944) in [Y] days
high value goods

38
TY5.4
Large
value
cash
withdrawals against international
Cash withdrawals greater than INR [X] against

international card in [Y] days
card
39

cash
withdrawals
against
international card
Cash withdrawals against international card in

amounts ranging between INR [X1] to [X2]
greater than [N] times in [Y] days in locations
with known terrorist incidents
40
TY5.6 - Large repetitive card

usage at the same merchant
41
TY7.1 - Repayment of loan in

cash
42
TY7.2 - Premature closure of

large FDR through PO/DD
More than [N] transactions at same merchant

aggregating to more than INR [X] in [Y] days
Loan repayments in cash greater than INR [X]
in [Y] months
Premature closure of FDR for amount greater
than INR [X] within [N] days and payment by
13
Confidential
S. No.
Alert Indicator

PO/DD
43
TY7.3 - High number of cheque

leaves
Greater than [X1] number cheque leaves

issued for savings bank account and [X2]
number of cheque leaves issued for Current
account in a period of [Y] days
44
TY7.4
Frequent
locker
operations
45
times in [Y] days
RM1.1 - High value transactions

by high risk customers
46
RM1.2
High
RM1.3
High
transactions
Transactions greater than INR [X] by high risk

customers
value
cash
transactions in NPO
47
Number of locker operations greater than [X]
Cash transactions greater than INR [X] in

Trust/NGO/NPO in [Y] days
value
related
to
cash
real
Cash transactions greater than INR [X] related

to real estate transactions in [Y] days
estate
48
RM1.4
High
transactions
by
value
cash
Cash transactions greater than INR [X] by
in
dealer in precious metal, precious stone or
dealer
precious metal or stone

49
RM2.2 - High value inward

remittance
50
RM2.3 - Inward remittance in a
RM2.4
Inward remittance greater than [X] value

aggregated in [Y] days
new account
51
high value goods in [Y] days
Inward remittance greater than [X] value in a

new account within [Y] days
Inward
remittance
inconsistent with client profile
Inward remittance greater than [X] value in [Y]

days in account of Students, Housewife,
Pensioners, Wages and salary Person and
Minor Accounts
52

with a country with high ML risk
Transaction greater than INR [X] involving a

country considered to be high risk from the
14
Confidential
S. No.
Alert Indicator

money
laundering
or
drug
trafficking
perspective.
53

with tax havens
Transaction greater than INR [X] involving tax

havens or countries that are known for highly
secretive banking and corporate law practices.
54
RM4.1 - Transaction involving a

country with high TF risk
Transaction involving a country considered to

be high risk from the terrorist financing
perspective.
Sources of alert
WL Watch List
TM - Transaction Monitoring
TY Typology
RM Risk Management System.
15
Confidential
Annexure - B
Alert Indicators for Branches
S. No.
1
Alert Indicator
CV1.1 - Customer left without Customer did not open account after being
opening account
informed about KYC requirements
CV2.1 - Customer offered false or Customer gives false identification documents

forged identification documents
or
documents
that
appears
to
be
counterfeited, altered or inaccurate

3
CV2.2 - Identity documents are Identity

not verifiable
are
not
CV3.1 - Address found to be non Address provided by the customer is found to
be non existent
CV3.2 - Address found to be Customer not staying at address provided

wrong
presented
verifiable i.e. Foreign documents etc.
existent
5
documents
CV4.1
during account opening

-
Difficult
identify Customer uses complex legal structures or
to
beneficial owner
where it is difficult to identify the beneficial

owner
LQ1.1
Customer
is
being Customer has been the subject of inquiry from
investigated for criminal offences
any law enforcement agency relating to

criminal offences
LQ2.1
Customer
is
being Customer has been the subject of inquiry from
investigated for TF offences
any law enforcement agency relating to TF or

terrorist activities
MR1.1 - Adverse media report Match

about
criminal
activities
of
reported in local media / open source for
customer
10
of customer details with persons
criminal offences
MR2.1 - Adverse media report Match

about TF or terrorist activities of
of customer details with persons
reported in local media / open source for

16
Confidential
S. No.
Alert Indicator
customer
11
terrorism or terrorist financing related activities
EI1.1 - Customer did not complete Customer did not complete transaction after
transaction
queries such source of funds etc.
12
EI2.1 - Customer is nervous
Customer is hurried or nervous
13
EI2.2 - Customer is over cautious
Customer
over
cautious
in
explaining
genuineness of the transaction.

14
EI2.3
Customer
provides Customer changes the information provided
inconsistent information
after more detailed information is requested.

Customer provides information that seems
minimal, possibly false or inconsistent.
15
EI3.1 - Customer acting on behalf Customer has vague knowledge about amount
of a third party
of money involved in the transaction.

Customer taking instructions for conducting
transactions
Customer
is
accompanied
by
unrelated
individuals.
16
EI3.2 - Multiple customers working Multiple customers arrive together but pretend
as a group
17
to ignore each other
EI4.1 - Customer avoiding nearer Customer travels unexplained distances to

branches
18
conduct transactions
EI4.2 - Customer offers different Customer offers different identifications on

identifications
on
different
different occasions with an apparent attempt to
occasions
19
avoid linkage of multiple transactions.
EI4.3 - Customer wants to avoid Customer makes inquiries or tries to convince

reporting
20
staff to avoid reporting.
EI4.4 - Customer could not explain Customer could not explain source of funds
satisfactorily
17
Confidential
S. No.
Alert Indicator
source of funds
21
EI5.1
is Transaction is unnecessarily complex for its
Transaction
unnecessarily complex
22
EI5.2
Transaction
stated purpose.
has
no The amounts or frequency or the stated
economic rationale
reason of the transaction does not make

sense for the particular customer.
23
EI5.3 - Transaction inconsistent Transaction involving movement of which is

with business
24
EI6.1
Unapproved
inconsistent with the customers business

inward Foreign remittance received by NPO
remittance in NPO
25
not
approved by FCRA
PC1.1 - Complaint received from Complaint received from public for abuse of
public
account for committing fraud etc.

Alert raised by agents about suspicion
26
BA1.1 - Alert raised by agent
27
BA1.2 - Alert raised by other Alert raised by other institutions, subsidiaries

institution
or business associates including cross-border

referral
Sources of alert
CV Customer Verification
LQ - Law Enforcement Agency Query.
MR Media Reports
EI Employee initiated
PC Public Complaint
BA Business Associates.
18
Confidential
Annexure - C
Details of the element of Suspicion in the new reporting format

Element
Description
Length
Mandatory
Yes
100
No
Yes
Source of alert for initiation of the STR.

Permissible values are:
Source Of Alert
CV Customer Verification
WL - Watch List
TY - Typology
TM - Transaction Monitoring
RM - Risk Management System
MR - Media Reports
LQ - Law Enforcement Agency Query
EI - Employee Initiated
PC- Public Complaint
BA Business Associates
ZZ - Others
XX - Not Categorised
Red Flag indicator which had generated alert resulting in STR.
Alert Indicator
The reporting entity may use a standard language of the red flag
indicator. The reporting entity may use the language used in the
instructions of the regulator or communication of FIU-IND.
One STR can have more than one Alert Indicator. In the XML format
more than one indicator can be mentioned for a report. In the fixed
text format, the number of indicators for a report is limited to three.
Whether the suspicion is on account of clause (a) of Rule 2(1)

(g) relating to proceeds of an offence specified in the Schedule
to the Act, regardless of the value involved.
Suspicion Due
To Proceeds Of
Crime
Y- Yes
N- No
X Not categorised
One STR may be related to more than one clause.
19
Confidential
Element
Description
Length
Mandatory
Yes
Yes
Yes
Yes
Whether the suspicion is on account of clause (b) of Rule 2(1)

(g) relating to circumstances of unusual or unjustified
complexity.
Suspicion Due
To Complex
Trans
Y- Yes
N- No
X Not categorised
Whether the suspicion is on account of clause (c) of Rule 2(1)
(g) relating to no economic rationale or bonafide purpose.
Suspicion Due
To Non
Economic
Rationale

Y- Yes
N- No
X Not categorized
Whether the suspicion is on account of clause (d) of Rule 2(1)

(g) relating to financing of the activities relating to terrorism.
Suspicion Of
Financing Of
Terrorism
Y- Yes
N- No
X Not categorized
Whether the STR relates to an attempted transaction that was

not completed. Permissible values are:
Attempted
Transaction
Y- Yes
N- No
X Not categorised
20
Confidential
Element
Description
Length
Mandatory
4000
Yes
4000
No
Yes
Summary of suspicion and sequence of events covering

following aspects:
Grounds Of
Suspicion
Background/profile/occupation of the customer and

other related individuals/entities.
When did the relationship with the customer begin?
How was suspicion detected?
What information was linked or collected during the

review process?
What explanation was provided by the subject(s) or

other persons (without tipping off)?
Summary of suspicion
Whether the suspicious activity is an isolated incident or

relates to another transaction?
Who benefited, financially or otherwise, from the

transaction(s), how much, and how (if known)?
What is the volume of transactions in reported accounts

in the financial year, and what is the volume of cash
transactions?
Whether any STR filed for the customer earlier?
Any additional information that might assist law

enforcement authorities.
Details about investigation being conducted covering the name of

agency, contact person and contact details.
Details Of
Investigation
The investigation could be both internal to the reporting entity or any

investigation by law enforcement agency. In case of law enforcement
agency the details of contact person needs to be separately furnished
under LEA Details below.
Whether any Law enforcement agency is informed about the incident
reported in the STR.

LEA Informed
R - Information received
S - Information sent
N - No correspondence sent or received
X - Not categorised.
Refer section 11.1.7.2 for further details on enumerations.
21
Confidential
Element
LEA Details
Description
Contact details of person in the law enforcement agency which is
conducting the investigation.
The details of the investigation should be furnished under Details Of
Investigation above.
Length
Mandatory
250
No
Yes
Yes
Yes
Priority attached to the report as per assessment of the

reporting entity.
P1- Very High Priority
Priority Rating
P2- High Priority

P3- Normal Priority
XX- Not categorised
The reporting entity can attach P1 priority for reports which requires
immediate attention of FIU. Refer section 11.1.7.3 for further details
on enumerations.
Whether all the suspicious transactions are covered or a

sample set is being reported?
Report
Coverage
C - Complete
P - Partial
X - Not categorised
Refer section 11.1.7.4 for further details on enumerations.
Whether the reporting entity wants to submit additional

documents separately for the STR.
Y - Yes
Additional
Documents
N - No
X - Not categorised
The reporting entity cant upload additional documents with the
report. They will be sent a separate request for providing
additional information.
22
Confidential
Enumeration for Source Of Alert

Code Description
Remarks
CV
Customer Verification
Detected during customer acceptance, identification or

verification (excluding reasons mentioned in other codes) (e.g.
Use of forged ID, wrong address etc.)
WL
Watch List
The customer details matched with watch lists (e.g. UN list,

Interpol list etc.)
TY
Typology
Common typologies of money laundering, financing of terrorism

or other crimes (e.g. structuring of cash deposits etc.)
TM
Transaction Monitoring
Transaction monitoring alert (e.g. unusually large transaction,

increase in transaction volume etc.)
RM
Risk Management System
Risk management system based alert (e.g. high risk customer,

country, location, source of funds, transaction type etc.)
MR
Media Reports
Adverse media reports about customer (e.g. newspaper reports)
Law Enforcement Agency Query
Query or letter received from law enforcement agency (LEA) or

intelligence agency (e.g. blocking order received, transaction
details sought etc.)
EI
Employee Initiated
Employee raised alert (e.g. behavioral indicators such as

customer had no information about transaction, attempted
transaction etc.)
PC
Public Complaint
Complaint received from public (e.g. abuse of account for

committing fraud etc.)
BA
Business Associates
Information received from other institutions, subsidiaries or

business associates (e.g. cross-border referral, alert raised by
agent etc.)
ZZ
Others
Sources other than mentioned above
XX
Not Categorised
The information is not available. No category has been selected
LQ
23
Confidential
Enumeration for LEA Informed
Code Description
Remarks
Information received
Correspondence has been received from any Law Enforcement

Agency (LEA) on this case
Information sent
Matter has been referred to LEA for enquiries/investigations
No correspondence sent or received
The LEA is not aware of the case
Not Categorised
Enumeration for Priority Rating

Code
Description
Remarks
P1
Very High Priority
For immediate attention by FIU
P2
High Priority
For attention of FIU
P3
Normal Priority
Reasonable time
XX
Not Categorised
Enumeration for Report Coverage

Code Description
Remarks
Complete
All suspicious transactions have been reported
Partial
Reported transactions are sample transactions and there are

many more similar transactions.
Not Categorised
24
Confidential
Annexure - D
ILLUSTRATIVE EXAMPLES OF GROUNDS OF SUSPICION

The following are some of the illustrative examples of Grounds of suspicion which may
lead to a conclusion about the suspicious nature of the transaction (these are covered
by the RBI in its various circulars or IBA guidelines)
i)
If a branch has reason to believe that a customer is intentionally structuring any

transaction into a series of transactions below the threshold of Rs.50000/- (Rupees fifty
thousand). The branch should verify identity and address of customer and also consider
filing a Suspicious Transaction Report (STR).
ii)
In the circumstances when a branch believes that it would no longer be satisfied that it
knows the true identity of the account holder, the branch should also file an STR.
iii)
Branches should pay special attention to all complex, unusually large transactions and all
unusual patterns, which have no apparent economic or visible lawful purpose.
Transactions that involve large amounts of cash inconsistent with the normal and expected
activity of the customer should particularly attract the attention of the branch. Very high
account turnover inconsistent with the size of the balance maintained may indicate that
funds are being 'washed' through the account. High-risk accounts have to be subjected to
intensified monitoring.
iv)
Branch should exercise ongoing due diligence with respect to the business relationship
with every client & closely examine the transactions in order to ensure that they are
consistent with their knowledge of the client, his business and risk profile and where
necessary, the source of funds.
v)
If a branch has reason to believe that a customer is intentionally structuring wire transfer to
below Rs.50000/- (Rupees fifty thousand) to several beneficiaries in order to avoid
reporting or monitoring, the branch must insist on complete Customer Identification before
effecting the transfer. In case of non-cooperation from the customer, efforts should be
made to establish his identity and STR should be made.
vi)
Wire transfers lacking complete originator information shall be identified and this must be
considered as a factor in assessing whether a wire transfer or related transactions are
suspicious. If they are found to be of suspicious nature then STR to be created.
vii)
Money Mules can be used to launder the proceeds of fraud schemes (e.g. phishing and
identity theft) by criminals who gain illegal access to deposit accounts by recruiting third
parties to act as Money Mules. The operations of mule accounts can be minimized if
25
Confidential
branches follow the guidelines contained in the RBI Circulars on KYC. Branches are,
therefore, advised to strictly adhere to the guidelines on KYC issued and to those relating
to periodical updation of Customer Identification data after the account is opened.
Branches are also required to monitor transactions in order to protect themselves and their
customers from misuse by such fraudsters.
viii) Branches are required to apply enhanced due diligence measures on high and medium
risk customers. Accordingly, branches are also required to subject these high and medium
risk accounts to intensified transaction monitoring. Higher risk associated with such
accounts should be taken into account by the branches to identify suspicious transactions
for filing STRs.
ix)
It is likely that in some cases transactions are abandoned/aborted by customers on being

asked to give some details or to provide documents. The branches should report all such
attempted transactions in STRs, even if not completed by customers. These should be
reported irrespective of the amount of the transaction. Branches should raise STRs if they
have reasonable ground to believe that the transaction involves proceeds of crime
irrespective of the amount of transaction and/or the threshold limit envisaged for predicate
offences
x)
The transactions that give rise to a reasonable ground of suspicion that these may involve
financing of the activities relating to terrorism should also be reported.
xi)
When a business relationship is already in existence & it is not possible to perform

Customer Due Diligence on the customer in respect of the business relationship STR to be
created.
xii)
Accounts of persons under investigation by any regulatory authority should be reported as

suspicious.
xiii)
It is imperative that the bank has a system in place, which will ensure that the account of
the person of any dubious back ground is not opened or any suspicious transaction if
routed through the branch will be identified. The CIP module of the AML package throws
the alerts, if the name of the accountholder is similar to the name of the persons
enumerated in the various lists uploaded in the system (UN sanctioned Terrorist list,
Mumbai Police List, RBI cautioned list of exporters). If the branches are unable to
establish if the true identity of the account holder is different from the name appearing in
the list, then the same need to be reported as STR.
26
Confidential
Subjective test for identifying suspicious transactions:

The review of pattern of transactions in the account and other related information provides an
insight into intended purpose of the transaction. Examples where such review can assist in
meeting the subjective test that gives rise to reasonable ground of suspicion is as follows:
i)
Transaction pattern are not consistent with normal business, personal, remittance or
tourist spending activity. For eg: High value transactions in the account of a maid servant,
tailor etc.;
ii)
The amounts or frequency or the stated reason of the transaction does not make proper
business sense or not commensurate with the profile of the customer, say student, etc.;
iii)
Large number of transfers received at once or over a certain period of time which is much
greater than what would be expected for such a receiver;
iv)
Unrelated sender or receiver;
v)
Customer who travels unexplained distances to conduct transactions;
vi)
Migrant remittances made outside the usual remittance corridors;
vii) Personal funds sent at a time not associated with salary payments;
viii) Several accounts with same authorized signatories/introducer;
ix)
Cash deposited and transferred to own account with other bank or veceversa;
x)
Property transactions though cheque/RTGS in a newly opened account;
xi)
Walk in customer especially saying that he does not have any bank account till date;
It should be ensured that the business transactions are not routed through other than the
business accounts. eg: Business transactions routed through savings account should be treated
as suspicious
27
Confidential
Annexure E
Indicative List of High / Medium risk customers
The following lists are indicative and can be expanded. The banks have the option to upgrade
the risk categorisation (i.e. medium to high) for any specific industry / segment.
Characteristics of High Risk Customers
1. Individuals and entities in various United Nations' Security Council Resolutions
(UNSCRs) such as UN 1267 etc.;
2. Individuals or entities listed in the schedule to the order under section 51A of the
Unlawful Activities (Prevention) Act, 1967 relating to the purposes of prevention of, and
for coping with terrorist activities;
3. Individuals and entities in watch lists issued by Interpol and other similar international
organizations;
4. Customers with dubious reputation as per public information available or commercially
available watch lists;
5. Individuals and entities specifically identified by regulators, FIU and other competent
authorities as high-risk;
6. Customers conducting
their
business relationship
or
transactions
in
unusual
circumstances, such as significant and unexplained geographic distance between the

institution and the location of the customer, frequent and unexplained movement of
accounts to different institutions, frequent and unexplained movement of funds between
institutions in various geographic locations etc.;
7. Customers based in high risk countries/jurisdictions or locations (refer Appendix G);
8. Politically exposed persons (PEPs) of foreign origin, customers who are close relatives
of PEPs and accounts of which a PEP is the ultimate beneficial owner;
9. Non-resident customers and foreign nationals;
10. Embassies / Consulates;
11. Off-shore (foreign) corporation/business;
12. Non face-to-face customers;
13. High net worth individuals;
14. Firms with 'sleeping partners' ;
28
Confidential
15. Companies having close family shareholding or beneficial ownership ;
16. Complex business ownership structures, which can make it easier to conceal underlying
beneficiaries, where there is no legitimate commercial rationale;
17. Shell companies which have no physical presence in the country in which it is
incorporated. The existence simply of a local agent or low level staff does not constitute
physical presence;
18. Investment
Management
Money
Management
Company/Personal
Investment
Company;
19. Accounts for "gatekeepers" such as accountants, lawyers, or other professionals for their
clients where the identity of the underlying client is not disclosed to the financial
institution;
20. Client Accounts managed by professional service providers such as law firms,
accountants, agents, brokers, fund managers, trustees, custodians, etc;
21. Trusts, charities, NGOs/NPOs (especially those operating on a cross-border basis)
unregulated clubs and organizations receiving donations (excluding NPOs/NGOs
promoted by United Nations or its agencies);
22. Money Service Business: including seller of: Money Orders / Travelers Checks / Money
Transmission / Check Cashing / Currency Dealing or Exchange;
23. Business accepting third party checks (except supermarkets or retail stores that accept
payroll checks/cash payroll checks);
24. Gambling/gaming including Junket Operators arranging gambling tours;
25. Dealers in high value or precious goods (e.g. jewel, gem and precious metals dealers,
art and antique dealers and auction houses, estate agents and real estate brokers);
26. Customers engaged in a business which is associated with higher levels of corruption
(e.g., arms manufacturers, dealers and intermediaries;
27. Customers engaged in industries that might relate to nuclear proliferation activities or
explosives;
28. Customers that may appear to be Multi level marketing companies etc.
29
Confidential
Characteristics of Medium Risk Customers
1. Non-Bank Financial Institution;
2. Stock brokerage;
3. Import / Export;
4. Gas Station;
5. Car / Boat / Plane Dealership;
6. Electronics (wholesale);
7. Travel agency;
8. Used car sales;
9. Telemarketers;
10. Providers of telecommunications service, internet caf, IDD call service, phone cards,
phone center;
11. Dot-com company or internet business;
12. Pawnshops;
13. Auctioneers;
14. Cash-Intensive Businesses such as restaurants, retail shops, parking garages, fast food
stores, movie theaters, etc.;
15. Sole Practitioners or Law Firms (small, little known);
16. Notaries (small, little known);
17. Secretarial Firms (small, little known);
18. Accountants (small, little known firms);
19. Venture capital companies.
30
Confidential
Annexure F
Indicative List of High / Medium risk Products & Services
1. Electronic funds payment services such as Electronic cash (e.g., stored value and
payroll cards), funds transfers (domestic and international), etc
2. Electronic banking
3. Private banking (domestic and international)
4. Trust and asset management services
5. Monetary instruments such as Travelers Cheque
6. Foreign correspondent accounts
7. Trade finance (such as letters of credit)
8. Special use or concentration accounts
9. Lending activities, particularly loans secured by cash collateral and marketable securities
10. Non-deposit account services such as Non-deposit investment products and Insurance
11. Transactions undertaken for non-account holders (occasional customers)
12. Provision of safe custody and safety deposit boxes
13. Currency exchange transactions
14. Project financing of sensitive industries in high-risk jurisdictions
15. Trade finance services and transactions involving high-risk jurisdictions
16. Services offering anonymity or involving third parties
17. Services involving banknote and precious metal trading and delivery
18. Services offering cash, monetary or bearer instruments; cross-border transactions, etc.
31
Confidential
Annexure - G
Indicative List of High / Medium Risk Geographies

Countries/Jurisdictions
1. Countries subject to sanctions, embargoes or similar measures in the United Nations
Security Council Resolutions (UNSCR).
2. Jurisdictions identified in FATF public statement
as having substantial money
laundering and terrorist financing (ML/FT) risks (www.fatf-gafi.org)

3. Jurisdictions identified in FATF public statement with strategic AML/CFT deficiencies
(www.fatf-gafi.org)
4. Tax havens or countries that are known for highly secretive banking and corporate
law practices
5. Countries identified by credible sources 1 as lacking appropriate AML/CFT laws,
regulations and other measures.
6. Countries identified by credible sources as providing funding or support for terrorist
activities that have designated terrorist organisations operating within them.
7. Countries identified by credible sources as having significant levels of criminal
activity.
8. Countries identified by the bank as high-risk because of its prior experiences,
transaction history, or other factors (e.g. legal considerations, or allegations of
official corruption).
Locations
1. Locations within the country known as high risk for terrorist incidents or terrorist
financing activities (e.g. sensitive locations/cities and affected districts)
2. Locations identified by credible sources as having significant levels of criminal,
terrorist, terrorist financing activity.
3. Locations identified by the bank as high-risk because of its prior experiences,
transaction history, or other factors}.
32

Guidelines On Detecting STR For Coop Banks

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Guidelines On Detecting STR For Coop Banks

Загружено:

Авторское право:

Доступные форматы

Guidelines on detecting suspicious transactions under Rule 7(3) of the PML Rules, 2005 (2016)

Guidelines on detecting suspicious transactions under

Detection and furnishing information in respect of suspicious

Annexure B Alert Indicators for Branches

Annexure C Details of the element of Suspicion in the new

Annexure D Illustrative Example of Grounds of Suspicion.

Annexure E Indicative List of High / Medium risk customers.

Annexure F Indicative List of High / Medium risk Products &

Annexure G Indicative List of high / Medium Risk

Detection and furnishing information in respect of suspicious

Relevant Rules under the PML Rules

Identification and Assessment of Risks

Cash (and cash equivalent) intensive businesses including:

Detecting suspicious transactions

System Independent: All Co-operative Banks need to have a mechanism of raising

Review and Management of Alerts

Process for filing of STRs through FINnet

Indicative Rule / Scenario

WL1.1 - Match with UN list

entities on various UNSCR Lists

WL1.2 - Match with UAPA List

Match of customer details with designated

WL1.3 - Match with other TF list

Match of customer details with TF suspects on lists

Match of customer details with criminals on lists of

Cash deposits greater than INR [X1] for

individuals and greater than INR [X2] for non

Cash withdrawals greater than INR [X1] for

individuals and greater than INR [X2] for non

TM1.3 - High value non-cash

Non-Cash deposits greater than INR [X1] for

individuals and greater than INR [X2] for non

TM1.4 - High value non-cash

Non-Cash withdrawals greater than INR [X1]

for individuals and greater than INR [X2] for

Indicative Rule / Scenario

Cash deposits greater than INR [X1] for

Cash withdrawals greater than INR [X1] for

TM2.3 - High value non-cash

Non-Cash deposits greater than INR [X1] for

TM2.4 - High value non-cash

Non-Cash withdrawals greater than INR [X1]

TM3.1 - Sudden high value

Value of transaction is more than [Z] percent

TM3.2 - Sudden increase in

Value of transactions in a month is more than

value of transactions in a month

[Z] percent of the average value for the client

for the client

(or client profile)

TM3.3 - Sudden increase in

Number of transactions in a month is more

than [Z] percent of the average number for the

month for the client

client (or client profile)

TM4.1 - High value transactions

Transactions greater than INR [X] in newly

Indicative Rule / Scenario

TM4.2 - High activity in a new

Number of transactions more than [N] in newly

opened account within [Y] months

TM5.1 - High value transactions