Anti Money Laundering Framework For Insurance Companies

Summary: Money laundering is the process of disguising illegally obtained funds as legitimate income, typically involving three phases: placement, layering, and integration. To combat this, the Indian government enacted the Prevention of Money Laundering Act, 2002 (PMLA). This Act aims to prevent money laundering, confiscate illicitly gained property, and penalize offenders, with strict punishments including rigorous imprisonment and fines. The PMLA also mandates reporting entities, including insurance companies, to verify client identities, maintain transaction records for five years, and report suspicious activities. As per IRDAI guidelines, insurance companies must establish an Anti-Money Laundering (AML) framework comprising AML/KYC Standards, the appointment of a Designated Director and Principal Compliance Officer, employee and agent recruitment/training, and internal control/audit mechanisms. Know Your Customer (KYC) due diligence is crucial, requiring companies to identify customers properly, particularly at policy issuance and claim payout stages, and to monitor for unusual transactions. A Risk-Based Approach (RBA) categorizes customers as high or low risk based on various factors like payment modes and geographic location, leading to Enhanced Due Diligence (EDD) for higher-risk profiles. Insurance companies are obligated to submit Suspicious Transaction Reports (STRs), Cash Transaction Reports (CTRs), and other relevant reports to the Financial Intelligence Unit-India (FIU-IND) within specified timeframes, maintaining strict confidentiality (“tipping off” is prohibited). Regular training for staff and agents on AML procedures is essential, and the entire framework must be reviewed annually to adapt to evolving risks and regulatory changes.

As you are aware with “Money Laundering”, it is a process through which illegal, black or  tainted money earned from illegal sources such as Human trafficking, Smuggling, Bribes , Drugs, unaccounted  etc. introduced by criminals as legal money in the mainstream of country. Through Money Laundering process a criminal through various methods converts his tainted /illegal funds as legal funds.

We can say that Money laundering is a  process through which an illegal fund, such as black money, is obtained from illegal activities and disguised as legal money, eventually portrayed as white money. The money laundered is passed on through various channels or phases of conversions and transfers to make it legal and eventually reach a legally acceptable institution, like a bank.

We know that illegal/black /tainted money earned from illegal sources is generally kept out of system. These money generally unaccounted and it creates imbalance in economic system. These criminals some time run their own system and deal only in cash , so that there will be a trail for money utilized. These monies can be used to support terror activities, creation of imbalance in society, running a parallel government, supporting anti national activities, distributing freebies at the time of election etc.

WIKIPEDIA : Money laundering is the process of illegally concealing the origin of money, obtained from illicit activities such as drug trafficking, corruption, embezzlement or gambling, by converting it into a legitimate source.

INVESTOPEDIA: Money laundering is the illegal process of making large amounts of money generated by criminal activity, such as drug trafficking or terrorist funding, appear to have come from a legitimate source. The money from the criminal activity is considered dirty, and the process “launders” it to make it look clean.

Money laundering is a serious financial crime that is employed by white-collar and street-level criminals alike. Most financial companies today have anti-money-laundering (AML) policies in place to detect and prevent this activity.

KEY TAKEAWAYS

• Money laundering is the illegal process of making “dirty” money appear legitimate instead of ill-gotten.
• Criminals use a wide variety of money-laundering techniques to make illegally obtained funds appear clean.
• Online banking and cryptocurrencies have made it easier for criminals to transfer and withdraw money without detection.
• The prevention of money laundering has become an international effort and now includes terrorist funding among its targets.
• The financial industry also has its own set of strict anti-money laundering (AML) measures in place.

The need to check and stop Money Laundering “ is the need of the modern world for safety of people and sovereignty of nations.

The Government has enacted the  “ Prevention of Money Laundering Act, 2002 (PMLA”) to fight against the criminal offence of legalizing the income/profits from an illegal source. The PMLA, Rules 2005 notified on July 1, 2005.

The Prevention of Money Laundering Act, 2002 enables the Government or the public authority to confiscate the property earned from the illegally gained proceeds. In simple words, money laundering means converting illegally earned money into legitimate money.

OBJECTIVES OF PMLA,2002

The Prevention of Money Laundering Act, 2002, was introduced to combat the issue of money laundering. Some of its objectives are as follows:

• Prevent money-laundering.
• Combat/prevent channelising of money into illegal activities and economic crimes.
• Provide for confiscating property derived from, or involved/used in, money laundering.
• Penalise the offenders of money laundering offences.
• Appointing an adjudicating authority and appellate tribunal for taking charge of money laundering matters.
• Provide for matters connected and incidental to the acts of money laundering.

COMMON FORMS OF MONEY LAUNDERING

Below are some of the common methods of money laundering:

• Hawala
• Bulk cash smuggling
• Fictional loans
• Cash-intensive businesses
• Round-tripping
• Trade-based laundering
• Shell companies and trusts
• Real estate
• Gambling
• Fake invoicing
• Human Trafficking

HOW MONEY LAUNDERING WORKS

Money laundering typically occurs in three phases:

• PLACEMENT: Initial entry or placement is the initial movement of an amount of money earned from criminal activity into some legitimate financial network or institution.

In this case a criminal divides its tainted money into small amounts and deposits the same into accounts of its employees, relatives, friends etc. So that small amount will not come under the lens of IT. Suppose a person has a restaurant with a daily cash turnover of Rs. 25000. In this case if a criminal wants to place his tainted money, then he will report Rs. 1,00,000/- of Cash Turnover next day and place his Rs. 75000/- by increasing Cash Sales.

• LAYERING is the continuing transfer of money through multiple transactions, forms, investments, or enterprises, to make it virtually impossible to trace the money back to its illegal origin.

In this case small amounts deposited in various relatives, friends, etc. accounts transferred legally from their bank account to the account of a criminal or entities controlled by criminals going through various stages. The multiple pass-throughs from one account, or one enterprise, to another make it increasingly difficult for the money to be traced and tied back to its original illegal source.

• INTEGRATION: Final integration is when the money is freely used legally without the necessity to conceal it any further.

The tainted /black money after passing two stages become legitimate money and can be utilized to purchase or real estate or business activities. At this stage, the money has, ideally, been sufficiently laundered so that the criminal or criminal enterprise can use it freely without resorting to any criminal tactics. The money is typically then either legitimately invested or exchanged for expensive assets such as property.

WHAT IS WASHING MONEY THROUGH INVESTMENT

Financial Markets offers various opportunities to the criminals for converting their “Dirty or Tainted” money into “ Clean Money”. One of the ways is washing through investment.

In this case an investor in foreign country is contacted by the criminal for laundering his illegal money and transferred cash through Hawala Transactions to the foreign investor and foreign investor after deducting his fees again invest rest of money into companies /entities hold by criminal in domestic market in India. These companies are generally called “ Shell Companies”, their work is only circulation of money received as investment from foreign /domestic investors.

The influx of cash from the foreign investor appears as an ordinary foreign investment, as the criminals are careful to avoid exposure to the fact that they have any connection with the foreign investor. Once the money has been deposited with the shell company, the criminals can access it by having the shell company invest in another business the criminals own, perhaps by making a loan of the money to the other company.

That company can then – after passing the cash back to the criminals – default on the loan, creating a loss for the shell company that can be used to reduce taxes owed. Having defaulted on its loan, the receiving company may declare bankruptcy and go out of business. The loan default may also cause the shell company to fold up.

The criminals now have their cash, received from an apparently “clean” source – the foreign investor – and the two companies used to wash the cash through now no longer exist. All of that makes it very difficult for investigating authorities to have any hope of tracing the money back to its original source – the illegal activities of the criminal organization.

–

–

AML/CFT GOVERNANCE FRAMEWORK STRUCTURE IN INSURANCE COMPANIES

As required by IRDAI guidelines, company’s AML Framework is broadly divided into the following main components:

1.AML/KYC Standards;

2. Appointment of Designated Director and Principal Compliance Officer;

3. Recruitment and training of employees/agents;

4. Internal control/audit;

AML/KYC STANDARDS:

a).  Basic Due Diligence [Know Your Customer (KYC)]: Keeping in view the specific requirements of the guidelines issued by IRDAI and other regulatory bodies and considering the potential threat of usage of financial services by a money launderer, company shall make reasonable efforts to determine the true identity of all customers by doing proper Customer Due Diligence (CDD). Effective procedures should be put in place to obtain requisite details for proper identification of new customers.

1.Agents / Financial Consultant’s (FCs) shall be required to provide information to indicate any behavioral aspects of a customer that are found to be suspicious at the time of their interaction.

2. Special attention will be given to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.

3. Company will not enter into a contract with a customer whose identity matches with any person with known criminal background or with banned entities and those reported to have links with terrorists or terrorist organizations. Customer’s name screening will be done daily against the negative list. In case any matching records are identified, it will be reported to the relevant authority.

4. In case of receipt of order to freeze / unfreeze account is received under section 51A of the UAPA, it will be implemented without prior notice to the designated individuals / entities.

5. Measures will be taken to identify beneficial ownership in case of non-individual customers.

WHEN SHOULD KYC BE DONE?

1.NEW CUSTOMERS:

a) In case of new contracts, KYC / CDD should be done before entering into any contract pertaining to insurance with new customer.

2. ONGOING BASIS: KYC should also be carried out at the claim payout stage and at times when additional top up remittances are inconsistent with the customer known profile. Any change which is inconsistent with the normal and expected activity of the customer, further KYC processes and / or action as considered necessary.

RISK PROFILE OF CUSTOMER

RISK PROFILE OF THE CUSTOMER ENTITY RISK ASSESSMENT: As a large General Insurance Company, the number of policies issued, and financial transactions conducted by the customers are of a very high magnitude. Regulations require the Company to monitor all policy issuances and transactions there under for any suspected incident of money laundering. However, considering the spirit as well as the requirements under the regulations, the monitoring efforts are directed more towards the customers and transactions with higher risk of money laundering, being the Risked Based Approach (RBA) for monitoring and controls.

Thus, our focus would be on higher risk areas e.g., risk arising from payments instruments viz. Demand Draft vs Cheque, Online vs Offline etc., and monitoring the same for suspected money laundering.

Adopting an RBA implies the adoption of a risk management process for dealing with Money Laundering (ML) / Terrorist Financing (TF), keeping in mind the magnitude of risk involved. A risk analysis would be performed to determine where the ML/TF risks are the greatest based on customers, products and services, including delivery channels, and geographical locations.

They can change over time, depending on how circumstances develop, and how threats evolve, and our controls would also change accordingly. This process thus encompasses recognizing the existence of the risk(s), undertaking an assessment of the risk(s) and developing strategies to manage and mitigate the identified ML risks.

In the context of the very large base of insurance customers and the significant differences in the extent of risk posed by them, insurer shall classify the customer into high risk and low risk, based on customer category / nature / occupation / geography / sourcing channel / products features / premium payment modes / review of sanctions lists for money laundering or terrorism, as follows:

Enhanced Due Diligence: It is imperative to ensure that the insurance being purchased is reasonable. Accordingly, customer’s source of funds, his estimated net worth etc., shall be appropriately documented and company obtains income proofs and details of sources of funds for all policies as specified by the Company from time to time.

Premium payments are received or can be received through various modes, including, Demand Drafts (DD), cheques, online transfers, etc. However, the Company will have power to prescribe rules / limits etc. for any particular payment mode, or to disallow any payment mode(s) for any one or more channel.

The cash acceptance limit / rules etc. shall be such, as may be decided from time to time, keeping in view business requirements and regulatory provisions. PAN and KYC documents of the payor to be obtained in case of third-party payment (other than proposer).

Suspicious Transactions (including Suspicious Cash Transactions): The AML program envisages submission of Suspicious Transaction Reports (STR) / Cash Transactions Reports (CTR) / Counterfeit Currency Report (CCR) / Non-Profitable Organisation Transactions Report (NTR) to the Financial Intelligence Unit-India (FIU-IND) set up by the Government of India to track possible money laundering attempts and for further investigation and action.

PROHIBITION FROM “TIPPING OFF” Employees (permanent and temporary) are prohibited (should maintain strict confidentiality) from disclosing the fact that a Suspicious Transactions Report or related information of a policyholder / prospect is being reported or provided to the FIU-IND.

eRECORD KEEPING: Company will maintain the records (either in electronic or in paper form) of types of transactions mentioned under Rules 3 and 4 of PMLA Rules 2005 and the copies of the Cash / Suspicious Transactions reports submitted to FIU as well as those relating to the verification of identity of customers for a period of 5 years in order to enable company to comply swiftly with information requests from the competent authorities.

Such records shall be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved (if any) so as to provide, if necessary, evidence for prosecution of criminal activity. Company will retain the records of those contracts, which have been settled by maturity or claim, surrender or cancellation, for a period of at least 5 years after that settlement.

Records pertaining to all other transactions, (for which the Company is obliged to maintain records under other applicable Legislations / Regulations / Rules) the Company will retain records as provided in the said Legislations / Regulations / Rules but not less than 5 years from the date of end of the business relationship with the customer. The Designated Director, Principal Compliance Officer and staff assisting in execution of AML guidelines should have timely access to customer identification data, other KYC information and records.

APPOINTMENT OF ‘DESIGNATED DIRECTOR’ AND PRINCIPAL COMPLIANCE OFFICER:

a) APPOINTMENT: Company will designate ‘Designated Director’ and ‘Principal Compliance Officer’ and intimate the names of the ‘Designated Director’ and ‘Principal Compliance Officer’ to IRDAI and FIU-IND.

Any change in incumbency will be intimated to IRDAI and FIU-IND immediately. The ‘Designated Director’ will be Managing Director or a whole-time Director duly authorized by Board of Directors.

The Principal Compliance Officer will be at a senior level and preferably not below the HeadAudit / Compliance / Chief Risk Officer level and should be able to act independently and report to senior management.

b) RESPONSIBILITIES:

The Designated Director shall: Ensure overall compliance with the obligations imposed under chapter IV of the Act and the Rules.

The Principal Compliance Officer shall:

1). Implementation of the AML Program effectively, including monitoring compliance by the company’s insurance agents with their obligations under the program.

2). Ensure that employees and agents of the company have appropriate resources and are well trained to address questions regarding the application of the program in light of specific facts. 3). Be responsible for regulatory reporting, as prescribed under the IRDAI guidelines, for Cash Transactions, Suspicious Transactions, Counterfeit Currency Notes and Non-Profit Organisation details.

RECRUITMENT AND TRAINING OF EMPLOYEES/AGENTS: The selection process of agents shall be monitored. It shall be ensured that if any unfair practice is being reported, then action is taken after due investigation. Company will have adequate screening procedures when hiring employees / agents. Instruction manuals on the procedures for selling insurance products, customer identification, record keeping, acceptance and processing of insurance proposals, issue of insurance policies will be set out. The concept of AML will be part of in-house training curriculum for agents.

The following training requirements are considered essential based on the class of employees.

1.Employees: A general appreciation of the background to money laundering, and the subsequent need for identifying and reporting of any suspicious transactions to the appropriate designated official shall be provided to all new employees who will be dealing with customers or their transactions, irrespective of the level of seniority.

2. Sales/Advisory staff: Members of staff who are dealing directly with the public (whether as members of staff or agents) are the first point of contact with potential money launderers and their efforts are therefore vital to the strategy in the fight against money laundering. It is vital that “front-line” staff is made aware of company’s AML Framework for dealing with non-regular customers particularly where large transactions are involved, and the need for extra vigilance in these cases.

3. Ongoing training: Refresher training at regular intervals shall be provided to ensure that staff does not dilute its approach to AML Implementation. AML training shall cover aspects related to:

• AML definition, guidelines and requirements
• Possible risks due to non-compliance with AML
• Prevention of fraud or suspicious transactions
• Mandatory documentation for AML.

Records of training imparted to agents / staff in the various categories detailed above shall be maintained.

INTERNAL CONTROL/AUDIT: insurer audit / inspection departments shall verify on a regular basis, compliance with policies, procedures and controls relating to money laundering activities. Exception reporting under AML Framework shall be done to Audit Committee of the Board.

 REVIEW OF AML FRAMEWORK: The AML framework shall be reviewed at least annually, and changes effected based on experience and regulatory changes shall be incorporated in the same.

REPORTING UNDER AML/CFT GUIDELINES

The Prevention of Money-Laundering Act, 2002 (‘PMLA’) forms the core of the legal framework put in place by India to combat Money Laundering. For the purpose of these guidelines, Money Laundering is defined in terms of Rule 3 of PMLA.

PMLA envisages certain record-keeping and reporting obligations for financial institutions and persons carrying on designated business or profession. Persons carrying on designated business or profession are defined in Clause (s) of sub-section (1) of Section 2 of the PMLA.

Sub-clause (vi) of the said clause includes within the ambit of ‘person carrying on designated business or profession’ persons carrying on such other activities as the Central Government may, by notification, designate from time-to-time.

These guidelines shall be called AML & CFT Guidelines for Reporting Entities Providing Services Related To Virtual Digital Assets (hereinafter called “The Guidelines”) and aim to provide a summary of the provisions of the applicable antimoney laundering, counter-terrorism financing and proliferation financing legislations in India, viz. the Prevention of Money Laundering Act, 2002 (hereinafter referred to as the “PMLA”), the Unlawful Activities (Prevention) Act, 1967 (hereinafter referred to as the “UAPA”), The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (hereinafter referred to as the “WMDA”) and rules thereunder and their applicability to and implications for the providers of services related to Virtual Digital Assets hereinafter referred to as Service Providers (SPs) and their role in applying Anti-Money Laundering, Countering the Financing of Terrorism and Combating Proliferation Financing (AML/CFT/CPF) obligations.

a). These guidelines are intended to set out the steps that a SP shall implement to discourage and to identify any money laundering, terrorist financing or proliferation financing activities. It prescribes the procedures and obligations to be followed by the reporting entities to ensure compliance with AML/CFT/CPF guidelines.

b). The strategy would be to use deterrence (implementation of effective KYC, CDD and EDD measures), detection (e.g., monitoring and suspicious transaction reporting), and record-keeping so as to facilitate investigations by the appropriate authorities wherever required.

REPORTING OBLIGATIONS OF SERVICE PROVIDERS (SPS) The AML/CFT/CPF program envisages submission of reports on certain transactions to Financial Intelligence Unit-India (FIU-IND) set up by the Government of India to coordinate and strengthen collection and sharing of financial intelligence through effective national, regional, and global network to combat money laundering and related crimes.

FIU-IND is the central nodal agency responsible for receiving, processing, analysing, and disseminating information relating to suspect financial transactions.

All SPs are required to, where they have reasonable grounds to suspect that funds are the proceeds of crime or are related to ML, TF and PF, report their suspicions promptly to FIU-IND.

In addition, SPs may be required to report specific indicators that may be associated with VDA activity, such as device identifiers, IP addresses with associated time stamps, VDA wallet addresses, and transaction hashes.

REPORTING TO FINANCIAL INTELLIGENCE UNIT-INDIA

a). In terms of the PMLR, reporting entities are required to report information relating to cash and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:

Director, FIU-IND, Financial Intelligence Unit-India,

6th Floor, Tower 2, Jeevan Bharati Building, Connaught Place, New Delhi-110001.

Website: http://fiuindia.gov.in

b). Format for reporting Transactions: The format for reporting transactions, including suspicious transactions made or attempted, as required under Rule 7(2) of PMLR, would be as prescribed by FIU-IND.

SUSPICIOUS TRANSACTIONS REPORT (STR): Rule 8(2) read with Rule 3(1)(D) of the PMLR provides for prompt reporting of a suspicious transaction, which includes an attempted suspicious transaction, to the Financial Intelligence Unit (FIU-IND), if a reporting entity suspects or has reasonable grounds to suspect that funds used by a client are the proceeds of a criminal activity or are related to terrorist financing.

As detailed in Rule 3(1) of PMLR, suspicious transactions shall be reported no later than seven working days from the date of forming of suspicion.

a) Suspicious activity monitoring program should be appropriate to the SP and the services it provides. Special attention should be paid to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. Background of such transactions, including all documents/ office records/ memorandums pertaining to such transactions, as far as possible, should be examined by the Principal Officer for recording their findings.

b). Nothing in these Regulations is intended to limit any function or power conferred on another body or authority under the AML/CFT/CPF laws.

THE STR REPORTING WOULD BE AT MULTIPLE POINTS AS ILLUSTRATED BELOW, e.g., if an SP X is designated as an RE, then the STR reporting obligation would be on the following entities;

 i). The FI from where the funds flow into X, if the funding of a user wallet is done through NEFT/RTGS/IMPS.

ii). The SP X, when the funds are moved on the exchange hot wallet for purchase of VDAs for further purchase of VDAs. E.g., X purchasing VDA from SP Y via an escrow account for a customer and then crediting the VDA to the customer hot wallet.

iii). X in cases where P2P transfer is done between customers of X since KYC data of both customers would be available with X.

iv). X in cases where P2P transfer is done between a customer of X and an unhosted wallet since KYC data of the customer holding a hosted wallet at X would be available with X along with the beneficiary wallet details of the beneficiary used at the time of VDA transfer.

REPORTING OF RECEIPTS BY NON-PROFIT ORGANIZATIONS: All transactions, involving receipts by non-profit organizations (i.e., wallets directly owned by NGOs/ NPOs or by persons known to be affiliated to them) of value more than ₹10,00,000/- or its equivalent in foreign currency, should be reported to FIUIND.

For the purposes of these guidelines ‘non-profit organisation’ shall have the same meaning assigned to it as per rule 2(1) (cf) of PMLR. As prescribed under Rule 2(9A) of PMLR, every SP shall register the details of NPO accounts/ wallets held by it on the DARPAN Portal of NITI Aayog, if not 21 already registered, and maintain such registration records for a period of five years after the business relationship has ended or the account has been closed, whichever is later.

PROHIBITION OF TIPPING-OFF Reporting entities and their directors, officers, and employees (permanent and temporary) shall be prohibited from disclosing (“tipping off”) that an STR or related information is being reported or provided to the FIU-IND. This prohibition on tipping off extends not only to the filing of the STR and/ or related information but even before, during and after the submission of an STR.

Thus, it shall be ensured that there is no tipping off to the client at any level. It is clarified that the reporting entities, irrespective of the amount of transaction and/or the threshold limit envisaged for reporting under PMLA, shall file an STR if they have reasonable grounds to believe that the transactions involve proceeds of crime.

SHARING OF INFORMATION: Sharing of information on customers as defined under Section 66 of PMLA would be applicable.

RECORD RETENTION UNDER SECTION 12(3) OF PMLA SPs are required to retain records as defined in Sections 12(1)(a) and 12(1)(e) of PMLA and for a period of five years after the business relationship between a client and the reporting entity has ended or the account has been closed, whichever is later as mentioned in Section 12(3) of PMLA, in order to ensure that such documents are not destroyed.

 *****

DISCLAIMER: the article presented here is only for sharing information with readers. In case of necessity do consult with professionals.