Sagar Mahatara
Sagar Mahatara

Corporate Lawyer

FDI Lawyer

IP Lawyer

Sagar Mahatara
Sagar Mahatara

Corporate Lawyer

FDI Lawyer

IP Lawyer

Menu
#Blog

Banking Compliance for Companies in Nepal: NRB Rules, AML/CFT, KYC & Foreign Exchange Obligations

October 4, 2025 Banking & Finance by admin_lawsagar
Banking Compliance for Companies in Nepal: NRB Rules, AML/CFT, KYC & Foreign Exchange Obligations

Introduction

This article is an in-depth legal and practical guide for company directors, compliance officers, CFOs and external counsel in Nepal on banking compliance for companies. It explains the regulatory architecture (NRB, FIU, Foreign Exchange Act and AML laws), key compliance areas (KYC, AML/CFT, reporting and record-keeping, foreign exchange rules), governance and internal controls required, practical steps to stay compliant, common pitfalls and enforcement risks, and a checklist that companies can implement immediately. The guidance relies on NRB directives, AML/CFT guidelines and the Bank and Financial Institution Act, and it reflects the most recent NRB AML/CFT directives and risk-guidance updates (2024–2025).

Why does banking compliance matter for companies?

Companies today interact with the formal banking system constantly: payments, loans, escrow, cross-border receipts, payroll, vendor payments, and investment transfers. Non-compliance with banking rules can trigger administrative penalties, freezing of accounts, criminal exposure under AML/Countering Financing of Terrorism (CFT) statutes, reputational damage and serious operational disruption. Nepal’s primary supervisory authority — Nepal Rastra Bank (NRB) — issues directives and guidelines that financial institutions must implement, and those institutions, in turn, expect corporate customers to cooperate with KYC, AML/CFT and foreign exchange compliance measures. Failure to cooperate can result in account closures, reporting to the Financial Intelligence Unit (FIU) and tax or criminal referrals.

Regulatory landscape — the instruments you must know

  1. Nepal Rastra Bank (NRB) Directives and Guidelines — AML/CFT Directives, KYC guidance, Risk Management Guidelines and sectoral circulars. NRB periodically issues class-wise directives (A/B/C class BFIs and other licensees).
  2. Bank and Financial Institution Act (2073 / 2017) — governance duties of banks and supervisory powers (affects how banks apply compliance checks vs corporate clients).
  3. Asset (Money) Laundering Prevention Act and AML/CFT framework — obligations to report suspicious transactions, customer due diligence, and record retention. NRB and FIU implement and operationalise these requirements.
  4. Foreign Exchange Act (1963) and NRB FX regulations — rules for repatriation, foreign currency accounts, import/export payments, and licensing for FX dealers.
  5. Sectoral regulations & FATF/APG assessments — national risk assessments and mutual evaluations can drive additional supervisory measures (e.g., heightened due diligence for certain sectors or clients).

Core components of banking compliance for companies

1. Know Your Customer (KYC) and Customer Due Diligence (CDD)

What boards and compliance teams must ensure:

  • Accurate company identification (certificate of incorporation, MOA/AOA, tax/PAN, registered address, ownership chart).
  • Identification of ultimate beneficial owners (UBOs) — identify and verify individuals who own or control the company (thresholds and definitions as per NRB/FIU).
  • Verification of authorised signatories and their authority (board resolutions or power of attorney).
  • Understand the customer’s business, source of funds, expected transaction profile and counterparty risk.
    Why it matters: KYC is the foundation of AML/CFT. Financial institutions must apply KYC to onboard customers: incomplete or inconsistent KYC can lead banks to refuse accounts or escalate to the FIU. Corporate officers must proactively provide accurate documentation.

2. AML/CFT controls and suspicious transaction reporting (STR/SAR)

Obligations for companies interacting with banks:

  • Maintain clear transaction records and provide explanations for unusual flows (e.g., sudden large inbound payments from opaque jurisdictions).
  • Cooperate with bank requests for supporting documents (invoices, contracts, board minutes) where transactions deviate from normal business patterns.
  • Where companies hold internal treasury functions, implement AML controls and a reporting mechanism for internal suspicious activity.
    Banks are required to file Suspicious Transaction Reports (STRs) to the FIU; companies can be the subject or originator of such reports — exposing management to investigation. The NRB has updated AML/CFT directives for different classes of BFIs in 2024–2025, underscoring stronger controls and reporting.

3. KYC for high-risk customers (PEPs, HNIs, cross-border exposure)

  • Politically Exposed Persons (PEPs) require enhanced due diligence.
  • For high-net-worth individuals (HNI) and complex ownership structures, banks will expect deeper verification (source of wealth, declaration of beneficial owners).
  • Cross-border payments to/from jurisdictions on risk lists require documentary justification and may trigger temporary holds. NRB and FIU guidance require banks to escalate and document enhanced due diligence.

4. Foreign exchange (FX) compliance

Key areas:

  • Registration and licensing for FX transactions where companies deal in foreign currency (import/export proceeds, repatriation of profits for foreign investors).
  • Supporting documentation: import/export invoices, customs documentation, contracts, investment approval letters (for FDIs).
  • Repatriation: foreign investors must follow the approval and repatriation process via NRB (DOC/IBN approvals may be necessary). Companies receiving foreign investment must keep NRB-informed records.

5. Record-keeping and retention

  • NRB/AML laws prescribe minimum retention periods for customer identification data, transaction logs, and supporting documents.
  • Internal policies should define retention, secure storage and retrieval processes to support regulatory audits and inquiries.

6. Reporting obligations (regulatory & tax)

  • Companies must cooperate with NRB-supervised institutions for statutory reporting (transaction reports, STRs forwarded by banks, trade finance documentation).
  • In cross-border disputes or tax authority queries, the company’s cooperation with banks and retention of documents will be decisive. Non-cooperation can lead to regulatory escalation.

7. Internal governance, policies and training

  • Adopt corporate Banking Compliance Policy, AML/CFT Policy, KYC Policy, Record Retention Policy, and Escalation Matrix.
  • Assign a senior compliance officer (or outsource to a qualified consultant) to liaise with banks.
  • Train finance, treasury and sales teams to spot red flags: unexplained routing of funds, third-party payments inconsistent with contracts, sudden offshore transfers.

Practical steps companies must take — an actionable checklist

  1. Identify and document UBOs — obtain PANs and national IDs; if foreign, passport + proof of address.
  2. File board resolution authorising bank signatories and power of attorney, where appropriate.
  3. Prepare an onboarding pack: Company registration, MOA/AOA, recent audited financials, tax registration, proof of business address, KYC forms for signatories, trade documents for import/export companies.
  4. Adopt AML/CFT & KYC policies and circulate them internally; consider customised versions for subsidiaries or JV partners.
  5. Implement transaction monitoring: Treasury to flag unusual inflows/outflows and keep supporting invoices/contracts.
  6. Ensure FX compliance: have FX authorisations in place; maintain contract, customs, and shipping docs.
  7. Maintain audit trail: timestamped records of payments, invoices and bank correspondences for minimum statutory retention (confirm NRB/FIU retention periods for specific data).
  8. Engage with your bank proactively: when you expect unusual seasonality or a large inbound cross-border receipt, notify the bank, provide documents, and request expected hold times.
  9. Conduct periodic AML/CFT risk assessments (annual or semi-annual) and record findings.

Common red flags that trigger bank escalations and regulatory scrutiny

  • Large cash deposits are inconsistent with business scale or declared revenue.
  • Sudden routing of payments through multiple intermediaries or unrelated third parties.
  • Payments from or to jurisdictions on FATF high-risk lists, or where the counterparty is opaque.
  • Use of shell entities with nominee shareholders.
  • Rapid movement of funds between multiple accounts without a commercial rationale.
  • Repeated account opening/closure across different BFIs without clear reasons.
    Spotting these early and preparing documentary explanations is a key corporate defence.

Interaction with banks — negotiating practical accommodations

As counsel, I often advise companies to treat banks as partners: many compliance holds are process-based and avoidable if the company offers timely documentation. Consider:

  • Pre-notification letters for large inbound funds.
  • Legal opinions where ownership is complex (e.g., trusts, cross-jurisdictional structures).
  • Escrow arrangements for M&A or project receipts to reassure banks.
  • Third-party audit confirmations for unusual historical transactions.
    These measures reduce friction and the risk of accounts being frozen pending investigation.

Enforcement, sanctions and penalties — what keeps management awake at night

Non-compliance can result in:

  • Administrative fines and directions from NRB.
  • Reporting to FIU and a potential criminal investigation under AML/CFT laws.
  • Freezing of accounts or refusal to process payments.
  • Reputational harm is hindering banking relationships and FDI inflows.
    FATF/APG mutual evaluations influence domestic supervisory intensity—Nepal’s mutual evaluation findings in recent years have driven a stronger regulatory emphasis on STRs and AML controls. Directors and senior management can face personal exposure if willful blindness or negligence in AML duties is proven.

FDIs, remittances & fintech

FDIs and banking compliance

Foreign investors and companies receiving FDI must ensure that funds are routed via authorised channels with NRB approvals for repatriation and maintain appropriate documentation, such as DOI/IBN approvals. Companies must also keep clear beneficial ownership records for foreign shareholders.

Remittances & payroll to foreign employees

Comply with NRB’s foreign exchange rules for payroll remittances — maintain employment contracts and tax clearances where required to avoid rejections or holds.

Fintech and digital wallets

NRB has issued sector-specific KYC/AML guidance for digital wallet providers and payment processors. Companies integrating payment services or issuing wallets must follow NRB and AML directives. For corporate clients, expect additional due diligence when partnering with fintech vendors.

Corporate compliance governance — who is responsible?

  • Board of Directors: oversight, policy approval, and periodic review of compliance posture.
  • CEO/CFO: resourcing, policy implementation and escalation on material events.
  • Compliance Officer / Head of Treasury: day-to-day KYC liaison, STRs, and bank interface.
  • Internal Audit: periodic testing of transaction monitoring, KYC files and record retention.
    If your company lacks capacity, engage external AML/KYC consultants or legal counsel to set a baseline compliance program.

Sample internal policies (what to include)

  1. Banking Compliance Policy — purpose, scope, UBO verification requirements, signatory rules, escalation.
  2. AML/CFT Policy — CDD, EDD (enhanced due diligence), STR reporting flow, record retention.
  3. FX Compliance Policy — approvals, documentation for foreign currency transactions, repatriation process.
  4. Confidentiality & Data Retention — secure storage and GDPR-like protections for customer and staff personal data.
  5. Training & Awareness — annual mandatory compliance training for finance & treasury teams.

Due diligence for third-party payments & vendors

  • Verify vendor corporate documents, UBO, and business rationale for payments.
  • Avoid complex payment routing: insist on direct invoicing and bank-to-bank transfers when possible.
  • Use escrow for high-value vendor payments pending delivery.

Practical templates & documentation (list of documents to prepare)

  • Company onboarding pack for banks (as above).
  • Board resolution for signatories.
  • UBO declaration forms.
  • Standard contract clauses to document the source of funds.
  • Internal suspicious activity reporting form.
  • FX transaction checklist (invoice, contract, customs docs).

How to prepare for NRB or bank inspections

  • Maintain indexed and digitised KYC files with a clear audit trail.
  • Keep a compliance diary logging interactions with banks and regulatory requests.
  • Conduct mock audits and internal control reviews annually.
  • Ensure internal audit reports and remediation plans are implemented and evidenced.

Case studies

  1. Project developer with a sudden large foreign deposit: the bank held the funds pending trade documents; the company avoided a prolonged hold by providing a contract + shipping docs and an investor declaration. Lesson: pre-emptive documentation prevents holds.
  2. Trading company with multiple third-party intermediaries: the bank filed STR, and the company’s accounts were frozen for 30 days pending FIU review. Lesson: Avoid opaque intermediaries and maintain clear invoicing chains.

FAQs

Q1: What documents should we prepare before opening a corporate bank account in Nepal?
A: Certificate of incorporation, MOA/AOA, PAN/tax registration, board resolution for signatories, UBO declarations, proof of business address, audited financial statements (if available), copies of contracts or expected transaction documents.

Q2: Can a bank refuse to open an account for my company?
A: Yes. Banks can refuse or delay account opening if they cannot satisfy KYC/CDD; they must document reasons. Companies should proactively supply requested documents.

Q3: How long must we retain banking and transaction records?
A: Retention periods are prescribed under NRB and AML laws—retain customer ID and transaction records for statutory periods (commonly 5–7 years or as per directive). Confirm specifics in the applicable NRB directive and AML regulations.

Q4: What happens if our company is reported in an STR?
A: The FIU may analyse the STR. Banks may freeze or restrict accounts during inquiries. Management should engage counsel immediately and cooperate with FIU requests while protecting legal rights.

Q5: Are directors personally liable for compliance failures?
A: Directors can face administrative or criminal exposure where willful negligence or complicity is shown under AML statutes and sectoral laws. Ensure proper governance and documented delegations.

Implementation roadmap (90-day priority plan)

Days 1–14: Prepare bank onboarding pack; board resolution; UBO identification.
Days 15–45: Adopt and circulate AML/CFT and Banking Compliance policies; designate compliance responsible person.
Days 46–75: Complete internal risk assessment; remediate KYC gaps; train treasury.
Days 76–90: Run mock audit with internal audit or external advisor; finalise retention and escalation processes.

Risk matrix — top 5 risks and mitigations

  1. Account freezes due to STRs — mitigation: proactive documentation & rapid bank cooperation.
  2. Regulatory fines for AML lapses — mitigation: robust AML/CFT policy + periodic testing.
  3. Reputational damage from public enforcement — mitigation: internal remediation & external communications plan.
  4. FX non-compliance — mitigation: maintain FX approvals and contracts on file.
  5. Director liability — mitigation: ensure board oversight, minutes and compliance delegations.
Related Posts
Write a comment