KYC organisation draft rules unveiled: companies related to capital market required to obtain licence: SECP

16 Apr, 2016

The stock exchange, central depository, clearing company or any other company related to capital market desirous of providing services for performance of Know Your Customer (KYC) may be required to apply to the Securities and Exchange Commission of Pakistan (SECP) for operating as a centralised KYC organisation.
According to the draft Centralized (Know Your Customer) Organisation Rules, 2016 issued by the SECP here on Friday, no person shall establish and carry on a business as a centralized KYC organisation or hold himself out as carrying on such a business unless licensed by the Commission as a centralized KYC organisation under these rules. A stock exchange, central depository, clearing company or any other company related to capital market desirous of providing services for performance of KYC and maintenance of KYC information of the customers of authorised intermediaries, may make an application to the Commission for the purpose of acting as a centralized KYC organisation.
An application for licensing as a centralized KYC organisation shall be made to the Commission in such Form as specified in Form-I along with all documents for licensing of centralized KYC organisation and receipt evidencing payment of non-refundable fee of such amount as specified in Schedule-I. The Commission, while considering the application for licensing, may require the applicant to furnish such further information or clarification regarding its activities and businesses as it deems appropriate.
A centralized KYC organisation may, three months prior to the date of expiry of its licence, apply to the Commission for cancellation of its license. The Commission may, upon being satisfied that the centralized KYC organisation has completed all the formalities for closure of business, accept the application made under sub-rule (1) and cancel the licence of such centralized KYC organisation. The Commission may, after giving a reasonable opportunity of hearing to the applicant or centralized KYC organisation, as the case may be, refuse to grant or renew a licence if in opinion of the Commission such applicant or centralized KYC organisation, as the case may be, does not fulfil the requirements prescribed under these rules or where the Commission, after taking into account the facts, is of the view that it is not in the public interest or in the interest of the capital market to grant or renew such licence.
A centralized KYC organisation shall be responsible to put in place adequate information system for registration, updation, transmission and maintenance of KYC information of customers; register, verify, update, store, safeguard and retrieve KYC information along with necessary supporting documents; perform independent verification process for KYC information provided by authorised intermediaries in relation to their customers and ensure secure connectivity for transmission of data with all authorised intermediaries for uploading KYC information on information system.
A centralised KYC organisation shall maintain KYC Information along with supporting documents in both electronic and physical form for a specified time period; ensure the integrity of the information system and KYC database at all times; ensure data encryption and technical and administrative controls, to protect the customers against identity, theft and related compromises; ensure deployment of appropriate technical controls to prevent cyber extortion and viruses or malware, leading to any loss of data, unauthorised access to data, etc; ensure safeguards for maintaining data privacy and prevent unauthorised sharing of data and ensure adequate measures to prevent unauthorised access to information system and KYC information.
A centralised KYC organisation shall facilitate all authorised intermediaries for ensuring compliance with the KYC requirements; disseminate all information updated on the request of customers by authorised intermediary to all other relevant authorised intermediaries; submit any document, report or information as and when required by the Commission; confirm the KYC information through a letter or email for local customers and foreign customers, as the case may be, after receipt of the KYC information and supporting documents from the authorised intermediary and ensure that systems including information system, controls and procedures are audited annually.
Where a centralised KYC organisation fails to discharge its functions in accordance with these rules or fails to comply with or contravenes any provisions of these rules or any directive issued or order passed by the Commission or otherwise fails to carry on its business in the interest of the capital market, the Commission, after providing opportunity of hearing to the centralised KYC organisation, may (a) impose a restriction on its activities as centralised KYC organisation; or suspend its licence. The Commission may, if satisfied that it is necessary or expedient to do so in the public interest or in the interest of the capital market, by order in writing give directions to a centralised KYC organisation not inconsistent with these rules, the Securities Act and the Ordinance, 1984, the draft rules added.

Read Comments