AML and KYC Policy

Table of Contents

1. PREAMBLE
2. OBJECTIVE OF THE POLICY
3. KEY ELEMENTS OF THE POLICY
3.1 – CUSTOMER ACCEPTANCE POLICY (CAP)
3.2 – CUSTOMER IDENTIFICATION PROCEDURE
3.3 – MONITORING OF TRANSACTIONS
3.4 – RISK MANAGEMENT
4. COMPLIANCE OF KYC POLICY
5. ONGOING DUE DILIGENCE
6. PERIODIC UPDATION OF KYC
a.For Individual Customers
b.For Legal Entities (LE)
c. Additional Measures
7. Customer Education
8. DIGITAL PLATFORM AND INTRODUCTION OF NEW TECHNOLOGIES
9. ‘PRINCIPAL OFFICER ‘ and ‘DESIGNATED DIRECTOR’
10. MONEY LAUNDERING AND TERRORIST FINANCING
11. REPORTING TO FINANCIAL INTELLIGENCE UNIT – INDIA

1. Preamble

  1. Pursuant to Reserve Bank of India (“RBI”) Notification vide Circular no. DNBR (PD) CC No. 051/03.10.119/2015-16 dated July 1, 2015 on ‘Know Your Customer’ (“KYC”) Guidelines – Anti Money Laundering (“AML”) standards issued to non-banking financial companies (“NBFCs”), and RBI’s Master Directions-Know your Customer(KYC) Direction 2016 (updated as on May 10, 2021) and other Directions of RBI from time to time the Board of Directors have adopted the KYC & AML Policy for Udhyam Financial Services Private Limited (“Company)
  2. A copy of RBI’s Master Directions-Know your Customers(KYC) Direction 2016 (updated as on May 10, 2016) is appended for ease of reference.
  3. The KYC and AML Policy, as adopted below, are in conformity with the guidelines as contained in the aforesaid RBI Circulars and Master Directions.
  4. The Company is committed to transparency and fairness in dealing with all stakeholders and in ensuring adherence to all laws and regulations.
  5. The Company ensures that the information collected from the customer for any purpose would be kept as confidential. The Company shall not divulge any details thereof for cross selling or any other purposes. The Company commits that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer will be sought separately with his /her specifi
  6. The company will always keep in mind the spirit of the instructions issued by the RBI so as to avoid undue hardships to individuals who are otherwise classified as low risk customers.
  7. The Company will also communicate its KYC norms to its customers by uploading the same on its website.
  8. The contents of the Policy shall always be read in tandem with the changes/modifications which may be advised by RBI from time to time
  9. For the purpose of this Policy, a ‘customer’ is defined as a person who is engaged in a financial transaction or activity with the company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.

2. Objective of the policy

  1. To prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering activities
  2. To know/understand the Customers and their financial dealings better, which in turn, helps in managing their risks prudently.

3. Key elements of the policy

    1. Customer Acceptance Policy
    2. Customer Identification Procedures
    3. Monitoring of Transactions
    4. Risk Management

3.1 Customer Acceptance Policy

Explicit criteria for acceptance of customers

  1. No loan account shall be opened in anonymous or fictitious / benami name(s).
  2. Customers are categorized into different level of risk perception as in Section 3.1a below
  3. The company shall accept customers after verifying their identity as laid down in customer identification procedures. No transaction or account-based relationship will be undertaken without following the customer due diligence (CDD) procedure (para 3.2a below). CDD procedures shall be followed for all the joint account holders, while opening a joint account.
  4. Documentation requirements and other information shall be collected in respect of different categories of customers depending upon the perceived risk and keeping in mind the requirements of Prevention of Money Laundering Act, 2002.
  5. The company shall not open an account or close an existing account where the company is unable to apply appropriate customer due diligence measures, i.e. unable to verify the identity and /or obtain documents required as per the risk categorization due to non–co-operation of the customer or non-reliability of the data/information furnished to the Company.
  6. Where PAN is obtained the same shall be validated from the verification facility of the issuing authority. Where an equivalent e-document is obtained the digital signature shall be verified as per provisions of the Information Technology Act,2000 (21 of 2000).
  7. However, care shall be taken that the implementation of the policy does not lead to harassment of the customer and denial of banking/financial facility to the public – especially to the financially or socially disadvantaged.
  8. Circumstances in which a customer is permitted to act on behalf of another person/entity shall be clearly spelt out in the relevant document supporting it, which should be in conformity with the established law and Practices.
  9. Cross Checks shall be made to confirm that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations etc. Suitable system shall be put in place to ensure that the identity of the customer does not match with any person or entity whose name appears in the sanctions lists circulated by Reserve Bank of India.
  10. The customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or any other purposes.

CATEGORIZATION OF CUSTOMERS ACCORDING TO RISK PROFILE
Low Risk Customers

  • Customers requiring basic verification of Identity and address – would be done by taking physical signs on KYC documents.
  • People belonging to lower economic strata of society whose accounts show small balances and low turnover
  • Salaried employees whose salary structures are well defined

Medium Risk Customers
Customers requiring a higher degree of due diligence which may involve inter alia physical verification:

  • High Net-Worth individuals
  • Companies having close family shareholding or beneficial ownership
  • Firms with ‘sleeping partners’

High Risk Customers
Customers requiring thorough probe

  • Politically Exposed Persons (PEP)
  • Those with dubious reputation as per public information available

The categorization of customers as per risk profile and implementation of the measures, however, should not result in denial of Company’s services to general public, especially to those, who are financially or socially disadvantages

3.2 Customer Identification Procedure

Customer identification means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data or information. The Company will obtain sufficient information necessary to establish, to its satisfaction, the identity of each new customer, whether regular or occasional, and the purpose of the intended nature of the business relationship. The Company must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place. The nature of information/documents required would depend on the type of customer (individual, corporate etc).

Customer Identification Procedures to be carried out at different stages as below:

  • while establishing a business relationship; or
  • where the company has a doubt about the authenticity/veracity; or
  • when the company has reason to believe that a customer (account- based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of Rs. 50,000; or
  • inadequacy of the previously obtained customer identification data if any; or
  • when the company feels it is necessary to obtain additional information from the existing customers based on the conduct or behavior of the accounts

CUSTOMER DUE DILIGENCE(CDD)

Each business process as a part of the credit policy will document and implement appropriate risk-based procedures designed to verify that it can form a reasonable belief that it knows the true identity of its customers. Verification of customer identity should occur before transacting with the customer. Procedures for each business process shall describe acceptable methods of verification of customer identity, which may include verification through documents or non-documentary verification methods that are appropriate given the nature of the business process, the products and services provided and the associated risks.

The company will be non-deposit taking and therefore the accounts opened would only be borrowal accounts.

The procedure for CDD to be followed based on RBI’s guidelines is summarized below

  1. For Individuals
    On receipt of the completed CAF, the authorized officer of the company will set up suitable time with the applicant and carry out the Video Customer Identification Process ( V-CIP ) as per the guidelines of RBI in para 18 b of the above referred Master Directions.
  2. For Sole Proprietorship Firms
    CDD of the individual (proprietor) shall be carried out through any two of the following documents or the equivalent e documents shall be obtained as proof of business
        • Registration Certificates
        • Certificate/Licence issued by municipal authorities under Shop and establishment
        • Sales Tax and Income Tax returns
        • CST/VAT/GST certificate (provision)
        • Certificate / Registration document issued by Sales Tax/Service Tax/Professional Tax Authorities
        • Complete Income Tax return in the name of the sole proprietor where firms income is reflected, duly acknowledged by Income Tax Authorities
        • Utility Bills such as electricity, water, landline telephone bills etc.

      3. For Legal Persons/Entities

For Customers that are legal persons or entities, the legal status of the legal person/entity should be e-verified/validated through proper and relevant documents submitted online. The identity of the authorized persons of the entity shall be established through V-CIP. An indicative list of the nature and type of documents/information for different types of entities that may be relied upon for customer identification is given in Annexure – 1.

For any person/persons purporting to act on behalf of the legal person/entity, it has to be verified whether they are so authorized and their identification has to be verified through Video Customer Identification Process as above and or physically if required.

Also, the ownership and control structure of the customer should be understood so as to determine who the natural persons are, who ultimately control the legal person. The Company will take reasonable measures to identify the beneficial owner(s) and verify his/her/their identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are.

As at present the company does not propose to hire a third party for verifying identity of customers and carrying out Customer Due Diligence. Should the need arise in future the provisions of para 14 of the RBI Master Directions on KYC referred to in the preamble would be adhered to.

No deviations or exemptions shall normally be permitted in the documents specified for loan account opening. In case of any extreme cases of exceptions, concurrence of policy section/ team should be obtained duly recording the reasons for the same. Suitable operating guidelines for implementation of the KYC/ AML guidelines shall be issued by the Company for its different business segments.

V-CIP procedure

V- CIP will be carried out by authorized officials adequately trained for the purpose.

The authorized official performing the V-CIP shall record audio video as well as capture photographs of the customer present for identification and obtain identification information using offline Verification of Aadhar / Validation of other OVD/e-OVDs including Pan Card uploaded by customer. The software platform has the functionality of validation for OVDs submitted from the databases of respective issuing authorities where available.

A detailed process flow has been put in place in our operational guidelines and internal circulars as required in line with Para 18b of RBI Master Directions referred to above.

V-CIP Infrastructure

The company has acquired the required technology infrastructure which will be housed in the company’s headquarters and the interaction will originate from the company’s own secured network domain. The company has complied with RBI guidelines for cybersecurity and other general guidelines on IT risks.

The company has ensured end to end encryption of data between customer device and the hosting point of the V-CIP application.

The Video recordings shall contain the live GPS coordinates (geo tagging) of the customers and the date-time stamp.

V-CIP infrastructure and the application software and APIs/web services shall undergo necessary tests of vulnerability testing ,penetration testing, end to end encryption capabilities, functional performance maintenance strength by accredited agencies before being used in the live environment.

The entire data and recordings of V-CIP shall be stored in a system located in India in a safe and secure manner and will bear date and time stamps for easy data search. The relevant activity log will also be preserved.

The company will adhere to all the instructions in this regard as specified in para 18a of the RBI Master Directions referred to

3.3 Monitoring of  Transactions

  • The company will be maintaining proper record of transactions prescribed under Rule 3 of the Prevention of Money Laundering Act, 2002 as mentioned below
  • All cash transactions of the value of more than Rs.10 lakhs or its equivalent in foreign currency.
  • All series of cash transactions integrally connected to each other which have been valued below Rupees ten lakhs where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakhs.
  • All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place.
  • All suspicious transactions whether or not made in cash and by way of as mentioned in the rules.Further the company will also monitor:
    Any cash transaction of an amount equal to or exceeding Rs 50,000/-, whether conducted as a single transaction or several transactions that appear to be connected.

3.4 Risk Management

  • Risk based approach shall be followed for categorizing customers. Customers will be classified as low, medium and high risk based on parameters such as inter alia:
  • Customer’s identity and social/financial status
  • Nature of business activi Ability to confirm identity documents through online or other services offered by issuing authorities
  • A broad risk based categorisation has been furnished in Para 3.1 above.

4. Compliance of KYC Policy

Board will ensure that an effective KYC programme is put in place by establishing appropriate procedures and ensuring their effective implementation. It will cover proper management oversight, systems and controls relating to the digital platform, segregation of duties, training and other related matters.
Responsibility would be explicitly allocated within the Company for ensuring that the Company’s policies and procedures are implemented effectively. The Company shall devise procedures for creating risk profiles of existing and new customers and apply various AML measures keeping in view the risks involved in a transaction, account or business relationship.
The Company has an ongoing employee training programme so that the members of the staff are adequately trained in KYC and e-KYC procedures. Further, the Company at all times will ensure that the provisions of the Foreign Contribution (Regulation) Act, 2010, wherever applicable, are strictly adhered to.
The company shall arrange for an independent evaluation of the compliance functions of the Company’s policies and procedures including legal and regulatory requirements, annually.
The Company will put in place a strong internal/concurrent audit system and compliance machinery, staffed adequately with individuals who are well-versed in such policies and procedures. Concurrent/ Internal Auditors and CISA auditors will specifically check and verify the compliance with KYC /e KYC/ AML policies and procedures including digital procedures followed for prevention of Money Laundering. The complaints in this regard will be put up before the Audit Committee of the Board at quarterly intervals. –
The company will ensure that decision making functions of determining compliance with KYC norms are not outsourced.

5. Ongoing Due Diligence

The company shall undertake ongoing due diligence of customers to ensure that transactions are consistent with the customers source of funds.

6. Periodic updation of KYC

Periodic updation of KYC will be done on a risk based approach – at least once in every two years for high risk customers, once in eight years for medium risk customers and once in ten years for low risk customers.
Updation procedure would be as under:
a. For Individual Customer

  • No change in KYC information:
    Self declaration from the customer shall be obtained through the registered E-Mail ID and Mobile No. The new address would need to be verified within a period of 2 months through a verification letter. The customer would also need to upload one suitable OVD from the list at Annexure 1 showing the new address as proof of address.

b. For Legal Entities

  • No change in KYC information:
    Self declaration from LE customer in the mobile App, letter from authorized Official of LE to that effect and Board Resolution confirming no change in KYC particulars shall be obtained.
  • Change in KYC information:
    A fresh KYC process equivalent to onboarding a new LE customer shall be undertaken.

c. Additional Measures:

  • In the event that the CDD documents available in the account have expired at the time of periodic updation of KYC, fresh KYC process equivalent to that applicable for on-boarding a new customer shall be undertaken
  • PAN details of the customer shall be verified from the database of the issuing authority at the time of periodic updation
  • Acknowledgement shall be provided to the customer for receipt of documents for updation and an intimation will be sent to the customer informing the date of updation of KYC details
  • It shall be ensured that the process of updation of KYC is transparent and adverse actions against the customer are avoided unless warranted by specific regulatory requirements.

7. Customer Education

The Company will prepare specific literature/ pamphlets etc. and also include information in its Web-site , so as to educate the customer of the objectives of the KYC and e-KYC programme. The Call center staff would be specially trained in this regard.

8. Digital Platform and Introduction of New Technologies

The Company will pay special attention to any money laundering threats that may arise from the use of the digital platform and other technology apps that would be used. Company will ensure that necessary control mechanisms are built in the System and Software packages to be implemented, to prevent the use of the technology for money laundering purposes. This would primarily be achieved, inter alia, through proper access control i.e. prevention of unauthorized access and maintenance and scrutiny of Audit Trails and Activity Logs. Cyber security measures have been built into the digital platform and adequate IS controls are in place in line with guidelines of Reserve Bank of India.

9. ‘Principal Officer’ and ‘Designated Director’

The Company will designate a senior management officer as Principal Officer. Principal Officer shall be located at the head/corporate office of the Company and shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. The Principal Officer is authorized to fix the accountability for serious lapses and intentional circumvention of prescribed procedures and guidelines, in consultation with the Managing Director of the Company. He will maintain close liaison with enforcement agencies, banks and any other institution which are involved in the fight against money laundering and combating financing of terrorism.
The name designation and address of the Principal Officer shall be communicated to the Financial Intelligence Unit – India.
The Company has designated Mr Mahendra Aditya Sahu (Director) as Designated Director of UFS who will be in charge of ensuring overall compliance with the obligations under chapter IV of the PML Act and the Rules.
The name designation and address of the Designated Director shall also be communicated to the Financial Intelligence Unit – India.

10. Money Laundering and Terrorist Financing

The company shall carry out ‘Money Laundering (ML) and Terrorist Financing(TF) Risk Assessment’ exercise at half yearly intervals to identify, assess and take effective measures to mitigate its ML and TF risks for clients, geographies, products, services, transactions or delivery channels etc. While preparing the internal risk assessment the company shall take cognisance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the company from time to time. The periodicity may be increased/decreased by the Board depending on the outcome of the risk assessment exercise. However, it will be reviewed at least annually.
A risk-based approach for mitigation and management of the identified risk shall be applied by the company. Board level approved policies, controls and procedures shall be put in place in this regard which will be monitored and strengthened where required.

11. Reporting to Financial Intelligence Unit – India

The Company will be reporting Cash Transaction Reports (CTR ) & Suspicious transactions report (STR), in the prescribed format, to the Director, Financial Intelligence Unit- India (FIU-IND) as per Rule 3 of the PML (Maintenance of Records) Rules 2005 .
The reporting formats and comprehensive reporting format guide prescribed/released by FIU-IND and Report generation Utility and Report Validation Utility shall be taken note of and CTR/STR reports will be filed electronically.
The company will not put any restrictions on operations in the accounts where an STR has been filed and the fact of furnishing STR will be kept strictly confidential.
Robust software throwing alerts where transactions are inconsistent with the risk categorisation shall be put in use for effective identification and reporting of STR.

CDD Procedure and sharing KYC information with Central KYC Records
Authorized Officers will upload KYC records pertaining to accounts of individual/LEs opened on or after April 1, 2021, with CKYCR in terms of the provisions of the Rules ibid. UFS will ensure that KYC records will be uploaded as per the LE Template released by CERSAI
Once a KYC Identifier is generated by CKYCR, Authorized Officers shall ensure that the same is communicated to the individual/LE as the case may be.

Record Management

The following steps shall be taken regarding maintenance, preservation and reporting of customer account information, with reference to provisions of PML Act and Rules.

  • UFS will maintain all necessary records of transactions between the RE and the customer, both domestic and international, for at least five years from the date of transaction;
  • UFS will preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended;
  • UFS will make available the identification records and transaction data to the competent authorities upon request;
  • UFS has a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
  • UFS will maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
    1. the nature of the transactions;
    2. the amount of the transaction and the currency in which it was denominated;
    3. the date on which the transaction was conducted; and
    4. the parties to the transaction.
  • UFS will maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in soft format.

ANNEXURE 1

CUSTOMER IDENTIFICATION PROCEDURE – INDICATIVE LIST OF DOCUMENTS THAT MAY BE OBTAINED FROM CUSTOMERS

IDENTITY PROOF (INDIVIDUAL)

  • Aadhar Card
  • Passport;
  • Photo PAN card;
  • Voter’s Identity Card;
  • Laminated Driving licence – Permanent;
  • Any other documents as acceptable to the company

ADDRESS PROOF (INDIVIDUAL)

  • Telephone Bill;
  • Life Insurance Premium receipt of any insurer ( Policy shall be minimum 12 months in force);
  • Post paid Piped gas connection bill showing consumption and full address;
  • Electricity Bill;
  • Ration Card
  • Voter’s Identity Card;
  • Laminated Driving licence – Permanent;
  • Passport;
  • Copy of sale agreement if current residence is owned;
  • Leave & Licence agreement if the applicant is staying on rent & the agreement is registered / notarized. Wherever notarized Leave & Licence agreement is taken, the notarization shall be in original & the agreement shall be executed on a stamp paper as per the respective State Stamp Act Applicable to lease deed.
  • Postpaid Mobile Bills;
  • Bank Passbook/ Latest Bank Account Statement (first page of the same with full address mentioned which matches with the applicant’s address as per the
    Application form). In case of a Bank Passbook, the page showing the latest banking transaction shall be taken on record;
  • Any other documents as acceptable to the company

ROOF OF LEGAL EXISTENCE AND REGISTERED OFFICE ADDRESS

  • For Partnership firms,
    1. Partnership Deed
    2. Certificate of Registration from Registrar of firms in case the firm is registered
    3. Officially valid documents for Customer Due Diligence in respect of the person
      holding an attorney to transact on its behalf;
  • For Companies,
    1. MOA & AOA
    2. Certificate of Incorporation
    3. PAN of the company
    4. In case of Public Limited Company, Certificate of Commencement of Business may also to be taken
    5. A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf;
    6. Officially valid documents for carrying out Customer Due Diligence in respect of managers, officers or employees holding an attorney to transact on the company’s behalf.

PROOF OF OPERATING ADDRESS

  • Telephone Bill / Electricity Bill in the name of the entity;
  • Leave & Licence agreement in the name of the entity if the entity is operating its business from a rented premises & the agreement is registered / notarized.
    Wherever notarized Leave & Licence agreement is taken, the notarization shall be in original & the agreement shall be executed on a stamp paper as per the respective State Stamp Act
  • Latest Bank Account Statement in the name of the Entity with full address mentioned which matches with the entity’s address as per the Application form along with Banker’s Verification of the Authorised Signatory of the entity.