Last updated on: 27th June 2024

1. Introduction

   Si Creva Capital Services Private Limited is a private limited company incorporated under the provisions of the Companies Act, 2013 having Corporate Identification Number (CIN) U65923MH2015PTC266425 (“Si Creva/ Company”). Si Creva is a Middle Layer Non-Deposit taking Non-Banking Financial Company registered and regulated by the Reserve Bank of India (“RBI”) as a Non-Banking Finance Company (“NBFC”), bearing Registration no. N-13.02129.

   Si Creva is in the business of the provision of consumer and personal loans by using two digital lending applications viz; ‘Kissht’ and ‘PaywithRing’ and OnEMI Technology Solutions Private Limited is a Lending Service Provider (LSP). Besides this, it is also lending through the mobile app and web-based applications on the platforms of other LSPs.

2. PREAMBLE

   This Document sets out the salient features of Know Your Customer (‘KYC’) and Anti-Money Laundering (‘AML’) norms for Si Creva Capital Services Private Limited (‘SI CREVA’ or ‘the Company’).

3. BACKGROUND

   In terms of the provisions of Prevention of Money Laundering (‘PML’) Act, 2002 and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, as notified and further amended from time to time by the Government of India, NBFC’s being Regulated Entities (REs)are required to follow certain customer identification procedures and conduct customer due diligence while undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions and take steps to ensure implementing the provisions of the aforementioned Act, Rules and Ordinance, including operational instructions issued in pursuance of such amendment(s).

   Accordingly, KYC, AML, CFT and Customer Acceptance Policy of the Company (‘this Policy’) has been prepared in line with the Reserve Bank of India (‘RBI’) Master Direction – Know Your Customer (KYC) Direction, 2016 (updated as of January 04, 2023) and incorporating Company’s approach to KYC, AML,CFT and Customer Acceptance issues.

4. KEY SOURCES OF LAW

   The key regulations that form the framework of the KYC-AML norms applicable to COMPANY are:

   • The Prevention of Money Laundering Act, 2002 as updated from time to time (‘PML Act/ PMLA’).
   • The Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (‘PML Rules’) as updated from time to time.
   • Master Direction on Know Your Customer dated February 25, 2016, issued by the Reserve Bank of India – DBR.AML.BC. No.81/14.01.001/2015-16 ((Updated as on January 04, 2024) as updated from time to time (‘KYC Master Directions’).
   • Other relevant regulations, as applicable on the Company.

5. DEFINITIONS

   The terms herein shall bear the meanings assigned to them below:

   • Terms bearing meaning assigned in terms of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005:

     • “Aadhaar number” shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016);
     • “Act” and “Rules” means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto.
     • “Authentication,” in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

     • Beneficial Owner (BO)

       • Where the customer is a Company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical persons, has/have a controlling ownership interest or who exercise control through other means. Explanation- For the purpose of this sub-clause-

         • “Controlling ownership interest” means ownership of/entitlement to more than 10 per cent of the shares or capital or profits of the Company.
         • “Control” shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements.

       • Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 10 per cent of capital or profits of the partnership or who exercises control through other means.

         Explanation – For the purpose of this sub-clause, “control” shall include the right to control the management or policy decision.

       • Where the customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 15 per cent of the property or capital or profits of the unincorporated association or body of individuals.

         Explanation: Term ‘body of individuals’ includes societies.

         Where no natural person is identified under (a), (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official.

       • Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10% or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.

     • “Certified Copy” – Obtaining a certified copy by the RE shall mean comparing the copy of the proof of possession of Aadhaar number where offline verification cannot be carried out or officially valid document so produced by the customer with the original and recording the same on the copy by the authorised officer of the RE as per the provisions contained in the Act.

       Provided that in case of Non-Resident Indians (NRIs) and Persons of Indian Origin (PIOs), as defined in Foreign Exchange Management (Deposit) Regulations, 2016 {FEMA 5(R)}, alternatively, the original certified copy, certified by any one of the following, may be obtained:

       • authorised officials of overseas branches of Scheduled Commercial Banks registered in India,
       • branches of overseas banks with whom Indian banks have relationships,
       • Notary Public abroad,
       • Court Magistrate,
       • Judge,
       • Indian Embassy/Consulate General in the country where the non-resident customer resides.
     • “Central KYC Records Registry” (CKYCR) means an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.

     • “Designated Director” means a person designated by the RE to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and shall include:

       • the Managing Director or a whole-time Director, duly authorized by the Board of Directors, if the RE is a Company,
       • the Managing Partner, if the RE is a Partnership Firm,
       • the Proprietor, if the RE is a Proprietorship concern,
       • the Managing Trustee, if the RE is a Trust,

       • a person or individual, as the case may be, who controls and manages the affairs of the RE, if the RE is an unincorporated association or a body of individuals, and a person who holds the position of senior management or equivalent designated as a ‘Designated Director’ in respect of Cooperative Banks and Regional Rural Banks.

         Explanation – For the purpose of this clause, the terms “Managing Director” and “Whole-time Director” shall have the meaning assigned to them in the Companies Act, 2013.

     • “Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the RE as per the provisions contained in the Act.
     • “Digital Signature” shall have the same meaning as assigned to it in clause (p) of sub section (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
     • “Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per Rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
     • “Know Your Client (KYC) Identifier” means the unique number or code assigned to a customer by the Central KYC Records Registry.
     • “Non-profit organisations” (NPO) means any entity or organisation constituted for religious or charitable purposes referred to in Clause (15) of Section 2 of the Income-Tax Act, 1961 (43 of 1961) that is registered as a Trust or a Society under the Societies Registration Act, 1860 or any similar State legislation or a Company registered under Section 8 of the Companies Act, 2013.

     • “Officially Valid Document” (OVD) means the passport, the driving licence, proof of possession of Aadhaar number, the Voter’s Identity Card issued by the Election Commission of India, job card issued by National Rural Employment Guarantee Act (‘NREGA’) duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.

       Provided that,

       • where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India.

       • where the OVD furnished by the customer does not have updated address, the following documents, or the equivalent-documents there of shall be deemed to be OVDs for the limited purpose of proof of address:-

         • utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);
         • property or Municipal tax receipt;
         • pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
         • letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation;
       • the customer shall submit OVD with current address within a period of three months of submitting the documents specified at ‘b’ above’

       • where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.

         Explanation: For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.

     • “Offline verification” shall have the same meaning as assigned to it in clause (pa) of Section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of2016).

     • “Person” has the same meaning assigned in the Act and includes:

       • an individual,
       • Hindu undivided family,
       • Company,
       • Firm,
       • an association of persons or a body of individuals, whether incorporated or not,
       • every artificial juridical person, not falling within any one of the above persons (a to e), and
       • any agency, office or branch owned or controlled by any of the above persons (a to f).
     • “Principal Officer” means an officer at the management level nominated by the RE, responsible for furnishing information as per rule 8 of the Rules.

     • “Suspicious transaction” means a “transaction” as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:

       • gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or
       • appears to be made in circumstances of unusual or unjustified complexity; or
       • appears to not have economic rationale or bona-fide purpose; or
       • gives rise to reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.

       Explanation: Transaction involving financing of the activities relating to terrorism includes transaction involving funds suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organization or those who finance or are attempting to finance terrorism.

     • A ‘Small Account’ means a savings account which is opened in terms of sub-rule (5) of rule 9 of the PML Rules, 2005. Details of the operation of a small account and controls to be exercised for such account are specified in Section 23.

     • “Transaction” means a purchase, sale, loan, pledge, gift, transfer, delivery, or the arrangement thereof and includes:

       • opening of an account;
       • deposit, withdrawal, exchange, or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means;
       • the use of a safety deposit box or any other form of safe deposit;
       • entering into any fiduciary relationship;
       • any payment made or received, in whole or in part, for any contractual or other legal obligation; or
       • establishing or creating a legal person or legal arrangement.
     • “Video based Customer Identification Process (V-CIP)”: an alternate method of customer identification with facial recognition and customer due diligence by an authorised official of the RE by undertaking seamless, secure, live, informed-consent based audio-visual interaction with the customer to obtain identification information required for CDD purpose, and to ascertain the veracity of the information furnished by the customer through independent verification and maintaining audit trail of the process. Such processes complying with prescribed standards and procedures shall be treated on par with face-to- face CIP for the purpose of this Master Direction.
     • “Group”: The term “Group” shall have the same meaning assigned to it as per (e) of sub- section (9) of section 286 of Income Tax Act, 1961 (43 of 1961).

   • Terms bearing meaning assigned in this Directions, unless the context otherwise requires, shall bear the meanings assigned to them below:

     • “Customer” means a person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.
     • “Walk-in Customer” means a person who does not have an account-based relationship with the RE, but undertakes transactions with the RE.

     • “Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner using reliable and independent sources of identification.

       Explanation: The CDD, at the time of commencement of an account-based relationship or while carrying out occasional transaction of an amount equal to or exceeding rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected, or any international money transfer operations, shall include:

       • Identification of the customer, verification of their identity using reliable and independent sources of identification, obtaining information on the purpose and intended nature of the business relationship, where applicable;
       • Taking reasonable steps to understand the nature of the customer’s business, and its ownership and control;
       • Determining whether a customer is acting on behalf of a beneficial owner, and identifying the beneficial owner and taking all steps to verify the identity of the beneficial owner, using reliable and independent sources of identification.
     • “Customer identification” means undertaking the process of CDD.
     • “KYC Templates” means templates prepared to facilitate collating and reporting the KYC data to the CKYCR, for individuals and legal entities.
     • “Non-face-to-face customers” means customers who open accounts without visiting the branch/offices of the REs or meeting the officials of REs.
     • “On-going Due Diligence” means regular monitoring of transactions in accounts to ensure that those are consistent with Company’s knowledge about the customers, customers’ business and risk profile, the source of funds / wealth.
     • “Periodic Updation” means steps taken to ensure that documents, data, or information collected under the CDD process is kept up-to-date and relevant by undertaking reviews of existing records at periodicity prescribed by the Reserve Bank.

     • “Regulated Entities” (REs) means:

       • all Scheduled Commercial Banks (SCBs)/ Regional Rural Banks (RRBs)/ Local Area Banks (LABs)/ All Primary (Urban) Co-operative Banks (UCBs) /State and Central Co- operative Banks (STCBs / CCBs) and any other entity which has been licenced under Section 22 of Banking Regulation Act, 1949, which as a group shall be referred as ‘Banks’.
       • All India Financial Institutions (AIFIs) .
       • All Non-Banking Financial Companies (NBFCs), Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs).
       • All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers).
       • All authorised persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator.
       • Asset Reconstruction Companies (ARCs)
     • “Shell bank” means a Bank which is incorporated in a country where it has no physical presence and is unaffiliated to any regulated financial group.
     • “Wire transfer” means a transaction carried out, directly or through a chain of transfers, on behalf of an originator person (both natural and legal) through a bank by electronic means with a view to making an amount of money available to a beneficiary person at a Bank.
     • “Domestic and cross-border wire transfer”: When the originator bank and the beneficiary bank is the same person or different person located in the same country, such a transaction is a domestic wire transfer, and if the ‘originator bank’ or ‘beneficiary bank’ is located in different countries such a transaction is cross-border wire transfer.
     • Senior Management’ are the same as defined in ‘Explanation’ to Section 178 of the Companies Act, 2013. “Senior Management” means personnel of the Company who are members of its core management team excluding Board of Directors comprising all members of management one level below the executive directors, including the functional heads.

6. KNOW YOUR CUSTOMER STANDARDS

   • Objective

     The major objectives of the Policy is as follows:

     • Prevent criminal elements from using Company for Money Laundering and Terrorist Financing activities.
     • Lay out an appropriate eligibility criterion for accepting customers.
     • Lay out an effective system for customer identification to appropriately identify the customer.
     • Effectively manage risks of money laundering, situations that facilitate money laundering, or for the funding of terrorist or criminal activities.
     • To enable Company to know and understand its customers and their financial dealings better which, in turn, would help the Company to manage risks prudently.
     • Establish adequate monitoring and reporting systems to identify, create and submit timely reports of customer identity, instances or suspicions of fraud, etc. both internally and to appropriate authorities.
     • Establish adequate and internal control to ensure proper compliance with all applicable regulations.
     • To understand the customer financial dealings to prevent the risk rising from it.
     • To sufficiently comply with applicable laws and regulatory guidelines.

   • Scope

     The Policy applies to Company’s customers, officers, employees, products, and services of the Company.

   • Appointment of Principal Officer and Designated Director

     • As per the requirement of the PML Rules, a Principal Officer for the Company has been appointed and the details of the Principal Officer was informed to FIU India and the RBI.

       The Principal Officer is responsible for ensuring compliance, monitoring transactions, and reporting any transactions/information as covered under the PML Act read with its Rules.

     • As per the requirement of the PML Rules, a Designated Director for the Company has been appointed and the details of the Designated Director was informed to FIU India and RBI.

       Designated Director is responsible to ensure overall compliance with the obligations imposed under chapter IV of the Act and the Rules.

   • The Company has framed its KYC policy incorporating the following four key elements:

     • Customer Acceptance Principles;
     • Customer Identification Procedures including due diligence;
     • Monitoring of Transactions; and
     • Risk Management

   • Customer Acceptance Principles

     The Company shall, for all customer transactions, verify and maintain the record of identity and address(es), both current and permanent addresses of the customer, the nature of business and financial status of the customer.

     The Company needs to set out explicit criteria for acceptance of customers to ensure:

     • No account is opened, or transaction is executed in anonymous or fictitious/benami name(s);
     • No account is opened where the Company is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer. The Company shall consider filing a Suspicious Transaction Report (‘STR’), if necessary, when it is unable to comply with the relevant Customer Due Diligence (‘CDD’) measures in relation to the customer.
     • No transaction or account-based relationship is undertaken without following the CDD procedure.
     • The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, is specified.
     • Additional information, where such information requirement has not been specified in the internal KYC policy of Company, is obtained with the explicit consent of the customer.
     • The Company shall apply CDD procedure at the Unique Customer Identification Code (UCIC) level. A Unique Customer Identification Code (UCIC) shall be allotted while entering into new relationship with Individual Customer as also the existing Individual Customers by the Company. Thus, if an existing KYC compliant customer of a Company desires to open another account with Company, there shall be no need for fresh CDD exercise.
     • CDD Procedure is followed for all the joint account holders, while opening a joint account.
     • Circumstances in which, a customer is permitted to act on behalf of another person/entity, is clearly spelt out.

     • Suitable system is put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanction list indicated in Chapter IX of KYC Master Direction.

       An illustrative list is as below and shall be always driven by the latest update released by the Authority from time to time-

       • ISIL (Da’esh) &Al-Qaida Sanctions List (UNSCR 1267)
       • ISIL (Da’esh) &Al-Qaida Sanctions List (UNSCR 1989)
       • ISIL (Da’esh) &Al-Qaida Sanctions List (UNSCR 2253)
       • Taliban Sanctions List [UNSCR 1988 (2011)]
       • Designated List under 12A(1) of the Act
       • UNSCR 1718 Sanctions list
       • Other UNSCRs
       • Lists in the 1st and 4th schedule of UAPA, 1967
       • Individual Terrorists Under UAPA
       • UNSC 2231 Sanctions Committee Designated List
       • United Nations Security Council Consolidated List
       • The List established and maintained pursuant to Security Council res. 1718 (2006)
       • Updates to UNSCR 1718 Sanctions Committee on DPRK
       • Urgent Updates For Implementation Of Section 51a of UAPA 1967
       • Updates of Designation of Individuals U/s 35(1)(a) of the Unlawful Activities (Prevention) Act, 1967
       • The List established and maintained pursuant to Security Council res. 2231 (2015)

       Further, the Company shall take into consideration those individuals/entities whose names appear in the sanctions lists including United Nations Security Council Resolutions (‘UNSCRs’), and also to those individuals/entities from jurisdictions that do not or insufficiently apply the Financial Action Task Force (FATF) Recommendations as per the FATF statements circulated by the RBI.

     • Permanent account number (PAN) of customers shall be obtained and verified while undertaking transactions as per the provisions of Rule 114B of the Income Tax Rules, as amended from time to time. Form 60 shall be obtained from persons who do not have PAN.

     • Where Good and Services Tax (GST) details are available, the GST number shall be verified from the search/ verification facility of the issuing Authority.

       However, reasonable care shall be taken to ensure that the Customer Acceptance Policy does not result in denial of loan facility to members of the general public, especially those, who are financially or socially disadvantaged.

       Where the Company forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR with FIU-IND.

   • Customer Identification Procedure (‘CIP’)

     Customer Identification means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data, or information in case of individual as well as corporate. The Company will obtain information, stated below, necessary to establish, to its satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship.

     • The Company shall undertake the identification of customers in the following cases:

       • Commencement of an account-based relationship with the customer.
       • When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
       • Selling third party products as agents, selling their own products, payment of due of credit cards/sale and reloading of prepaid/travel cards and any other product for more than rupees fifty thousand.
       • Carrying out transactions for a non-account-based customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected.
       • When the Company has reasons to believe that a customer (account based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand.
       • The Company shall ensure that introduction is not to be sought while opening accounts.

     • The Company shall obtain certified copy of proof of possession of Aadhar number or the OVD and a recent photograph where an equivalent document is done by a third party, subject to the following conditions:

       • Records or the information of the customers due diligence carried out by the third party is obtained by the Company immediately from the third party or from the Central KYC Records Registry.
       • Adequate steps are taken by the Company to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
       • The third party is regulated, supervised, or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
       • The third party shall not be based in a country or jurisdiction assessed as high risk. The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the Company.

       The Company shall not outsource the decision-making function of determining compliance with the KYC norms.

   • Customer Due Diligence (CDD):

     • CDD in case of individuals:

       For customers that are individuals, the Company will obtain the following:

       • PAN or Form 60 defined in Income-tax Rules, 1962;
       • The proof of possession of Aadhaar number where offline verification can be carried out; or
       • the proof of possession of Aadhaar number where offline verification cannot be carried out or any OVD or the equivalent e-document thereof containing the details of his identity and address; or
       • the KYC Identifier with an explicit consent to download records from CKYCR; and the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962; and
       • such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by Company.

       While undertaking CDD in case of individuals, the Company shall ensure that the following is fulfilled where the customer has submitted:

       • Aadhaar number under clause (a) to the Company only if it is notified under first proviso to sub-section (1) of section 11A of the PML Act, in such case, the Company shall carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India. Further, in such a case, if customer wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository, he may give a self-declaration to that effect to the RE.
       • proof of possession of Aadhaar where offline verification can be carried out, the Company shall carry out offline verification.
       • an equivalent e-document of any OVD, the Company shall verify the Digital Signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issues thereunder and take a live photo as specified under digital KYC process mentioned hereunder.
       • any OVD or proof of possession of Aadhaar number where offline verification cannot be carried out, the Company shall carry out verification through digital KYC as specified hereunder.
       • KYC Identifier under clause (ac) of the KYC Master Direction, the Company shall retrieve the KYC records online from the CKYCR.
       • The Company shall obtain a certified copy of proof of possession of Aadhar number or the OVD and a recent photograph where an equivalent document is not submitted.
       • CDD methodologies adopted by the Company shall form part of customer onboarding procedure (Standard Operating Procedure of Pre-terms).
       • Such other documents including in respect of the nature of business and financial status of the customer for e.g. Bank statement, GST Certificate etc, or the equivalent e-documents thereof as may be required by Company.

       Note: The Company shall ensure that the use of Aadhaar, proof of possession of Aadhaar etc., shall be in accordance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act, 2016 and the regulations made thereunder.

       Accounts opened using Aadhaar OTP based e-KYC, in non-face-to-face mode, are subject to the following conditions:

       • There must be a specific consent from the customer for authentication through OTP.
       • As a risk-mitigating measure for such accounts, Company shall ensure that transaction alerts, OTP, etc., are sent only to the mobile number of the customer registered with Aadhaar. Company shall follow this Board approved policy delineating a robust process of due diligence for dealing with requests for change of mobile number in such accounts.
       • As regards borrowal accounts, only term loans shall be sanctioned. The aggregate amount of term loans sanctioned shall not exceed rupees sixty thousand in a year.
       • Accounts, both deposit and borrowal, opened using OTP based e-KYC shall not be allowed for more than one year unless identification as per Section 16 or as per Section 18 (V-CIP) is carried out. If Aadhaar details are used under Section 18, the process shall be followed in its entirety including fresh Aadhaar OTP authentication.
       • If the CDD procedure as mentioned above is not completed within a year, in respect of borrowal accounts, no further debits shall be allowed.
       • A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be opened using OTP based KYC in non-face-to-face mode with any other RE. Further, while uploading KYC information to CKYCR, REs shall clearly indicate that such accounts are opened using OTP based e-KYC and other REs shall not open accounts based on the KYC information of accounts opened with OTP based e-KYC procedure in non-faceto-face mode.
       • The Company shall have strict monitoring procedures including systems to generate alerts in case of any non-compliance/violation, to ensure compliance with the above mentioned conditions.

     • CDD in case of non – individuals:

       For undertaking CDD, the Company shall obtain the following from an individual as well as Non – Individuals while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity:

       The list of documents to be collected and verified depending upon their nature is specified in the table below.

       Types of entity	Type of document to be collected and verified
       Sole Proprietary concerns	Documents specified above for individuals relating to the Proprietor. Any two of the following documents as a proof of business/ activity in the name of the proprietary firm shall also be obtained: Registration certificate including Udyam Registration Certificate (URC) issued by the Government of India. Certificate/licence issued by the municipal authorities under Shop and Establishment Act. Sales and income tax returns. CST/VAT/ GST certificate Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities. IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by an professional body incorporated under a statute. Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm’s income is reflected, duly authenticated/acknowledged by the Income Tax authorities. Utility bills such as electricity, water, landline telephone bills, etc. Note- In cases where the Company is satisfied that it is not possible to furnish two such documents, they would have the discretion to accept only one of those documents as activity proof. In such cases, the Company, however, will undertake Customer Profile Validation (‘CPV’)/Field Investigation (’FI’), collect such information as would be required to establish the existence of such firm, confirm, clarify, and satisfy itself that the business activity has been verified from the address of the proprietary concern.
       Corporate (Limited/Private Limited Company)	For companies, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: Certificate of Incorporation. Updated Memorandum and Articles of Association. PAN of the Company. A resolution from the Board of Directors and power of attorney granted to its managers, officers, or employees apply, open, and operate the loan on its behalf. Documents specified above for individuals relating to beneficial owner, the managers, officers, or employees, as the case may be, holding an attorney to transact on the Company’s behalf. the name of the relevant persons holding senior management position and the registered office and the principal place of its business if it is different.
       Partnership firm	For partnership firm, certified copies of each of the following documents or e-documents shall be obtained: Registration Certificate. Partnership Deed PAN of the Partnership Firm. Documents specified above for individuals relating to beneficial owner, managers, officers, or employees, as the case may be, holding an attorney to transact on its behalf. The name of all Partners. Office, and the principal place of its business, if it is different.
       Unincorporated association or a body of individuals & Unregistered trust/ partnership firms	For Unincorporated association or a body of individuals, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: Resolution of the managing body & Power of Attorney granted to transact business on its behalf. Permanent Account Number or Form No 60 of the unincorporated association or a body of individuals. Power of Attorney granted to transact on its behalf. Documents specified above for individuals relating to beneficial owner, managers, officers, or employees, as the case may be, holding an attorney to transact on its behalf. Such information as may be required by the Company to collectively establish the legal existence of such an association or body of individuals..
       Trust	For Trust, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: Registration Certificate. Trust Deed. Permanent Account Number or Form No 60 of the trust. Documents specified above for individuals relating to beneficial owner, managers, officers, or employees, as the case may be, holding an attorney to transact on its behalf. The names of the beneficiaries, trustees, settlor, protector, if any and Authors of the trust. The address of the registered office of the trust and list of trustees and documents, as specified for individuals, for those discharging the roles as a trustee and authorized to transact on behalf of the trust.
       Customer who is a juridical person (not specifically covered in the earlier sections)	For opening account of a customer who is a juridical person (not specifically covered in the earlier part) such as societies, universities and local bodies like village panchayats, etc., or who purports to act on behalf of such juridical person or individual or trust, certified copies of the following documents or the equivalent e-documents thereof shall be obtained and verified: Document showing name of the person authorised to act on behalf of the entity. Documents, as specified in Section 16, of the person holding an attorney to transact on its behalf. Such documents as may be required by the Company to establish the legal existence of such an entity/juridical person.

       Note:

       • The Company shall collect the necessary documents and information in respect of different classes of clients depending on the perceived risk and having regard to the requirements of Rule 9 of the PML Rules, Directives and Circulars issued by the RBI from time to time.
       • The first 8 digits need to be blackout before accepting Aadhar from customer.
       • The proof of possession of Aadhaar under clause (aa) of sub-rule (4) of PMLA where offline verification can be carried out, the Company shall carry out offline verification**
       • An equivalent e-document of any officially valid document, the Company shall verify the Digital Signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issues thereunder and take a live photo as specified under Video KYC/V-CIP as specified in the Policy.
       • any officially valid document or proof of possession of Aadhaar number under clause (ab) of sub-rule (4) where offline verification cannot be carried out, the Company shall carry out verification through Video KYC/V-CIP as specified in the Policy.
       • In case of trust, the Company will ensure that trustees disclose their status at the time of commencement of an account-based relationship or when carrying out transactions as specified in the KYC Master Direction

     • Identification of Beneficial Owner

       Beneficial Owner is defined in the Definitions section of this Policy.

       According to the regulatory norms, the Company would take reasonable measures to identify the beneficial owners and thereafter verify the beneficial owner(s) in terms of Rule 9(3) of the PML Rules, keeping in view the below:

       Type of Entity	Criteria for Identification of Beneficial Owner
       Company	Individual who has the ownership of/entitlement to more than 10% of share or capital or profits of the Company.
       Partnership Firm	individual/partner who has the ownership of/entitlement to more than10% of the capital or profits of the Firm.
       Association or Body of Individuals	individual who has the ownership of/entitlement to more than 15% of the property or capital or profits of the association.
       Trust	individual who is the setter of the trust, the trustee, the protector, the beneficiaries with 10% or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.

       • Where the customer or the owner of the controlling interest is:

         • an entity listed on a stock exchange in India, or
         • it is an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions, or
         • it is a subsidiary of such listed entities: it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities.
       • In cases of trust/nominee or fiduciary accounts whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary is determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained.

     • Simplified procedure for opening accounts by Non-Banking Finance Companies (COMPANY):

       In case a person who desires to open an account is not able to produce documents, as specified in CDD, the Company may at its discretion open accounts subject to the following conditions:

       • The Company shall obtain a self-attested photograph from the customer.
       • The designated officer of the Company certifies under his signature that the person opening the account has affixed his signature or thumb impression in his presence.
       • The account shall remain operational initially for a period of twelve months, within which usual CDD procedure as mentioned above shall be carried out.
       • Balances in all their accounts taken together shall not exceed rupees fifty thousand at any point of time.
       • The total credit in all the accounts taken together shall not exceed rupees one lakh in a year.
       • The customer shall be made aware that no further transactions will be permitted until the full KYC procedure is completed in case Directions (d) and (e) above are breached by him.
       • The customer shall be notified when the balance reached rupees forty thousand or the total credit in year reaches rupees eighty thousand that appropriate documents for conducting the KYC must be submitted otherwise the operations in the account shall be stopped when the toral balance in all the accounts taken together exceeds the limits prescribed in points (d) and (e) above.
       • The account shall be monitored and when there is suspicion of ML/TF activities or other high- risk scenarios, the identity of the customer shall be established Section 16 & 18 of the Master Direction.

   • KYC Process: Video based Customer Identification Process (V-CIP)

     • The Company may undertake live Video based Customer Identification Process “V-CIP,” the same will be carried out by an authorised official of the Company for establishment of an account-based relationship obtaining his informed consent. The Company may undertake V-CIP to carry out:

       • CDD in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorised signatories, and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.

         In case of CDD of a proprietorship firm, the Company will also obtain the equivalent e-document of the activity proofs with respect to the proprietorship firm.

       • Conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC authentication as per EDD section.
       • Updation / Periodic updation of KYC for eligible customers.

     • It If the Company opts to undertake V-CIP, shall adhere to the following minimum standards:

       • V-CIP Infrastructure

         The Company will comply with the RBI guidelines on minimum baseline cyber security and resilience framework, as updated from time to time as well as other general guidelines on IT risks.

         The technology infrastructure will be housed in own premises of the Company and the V-CIP connection and interaction shall necessarily originate from our own secured network domain. Any technology related outsourcing for the process will be compliant with relevant RBI guidelines.

         Where cloud deployment model is used, it shall be ensured that the ownership of data in such model rests with the Company only and all the data including video recording is transferred to the Company’s exclusively owned / leased server(s) including cloud server, if any, immediately after the V-CIP process is completed and no data shall be retained by the cloud service provider or third-party technology provider assisting the V-CIP of the Company.

         • The Company will ensure end-to-end encryption of data between customer device and the hosting point of the V-CIP application, as per appropriate encryption standards. The customer’s consent should be recorded in an auditable and alteration-proof manner.
         • The V-CIP infrastructure / application will be capable of preventing connection from IP addresses outside India or from spoofed IP addresses.
         • The video recordings will contain the live GPS co-ordinates (geo-tagging) of the customer undertaking the V-CIP and date-time stamp. The quality of the live video in the V-CIP shall be adequate to allow identification of the customer beyond doubt.
         • The application shall have components with face liveness / spoof detection as well as face matching technology with a high degree of accuracy, even though the ultimate responsibility of any customer identification rests with the Company. Appropriate artificial intelligence (AI) technology will be used to ensure that the V-CIP is robust.
         • Based on experience of detected / attempted / ‘near-miss’ cases of forged identity, the technology infrastructure including application software as well as work flows shall be regularly upgraded. Any detected case of forged identity through V-CIP shall be reported as a cyber event under extant regulatory guidelines.
         • The V-CIP infrastructure shall undergo necessary tests such as Vulnerability Assessment, Penetration testing and a Security Audit to ensure its robustness and end-to-end encryption capabilities. Any critical gap reported under this process shall be mitigated before rolling out its implementation. Such tests should be conducted by the empaneled auditors of Indian Computer Emergency Response Team (CERT-In). Such tests should also be carried out periodically in conformance to internal / regulatory guidelines.
         • The V-CIP application software and relevant Application Programming Interface (‘APIs’) / webservices will also undergo appropriate testing of functional, performance, maintenance strength before being used in live environment. Only after closure of any critical gap found during such tests, the application should be rolled out. Such tests shall also be carried out periodically in conformity with internal/ regulatory guidelines.

       • V-CIP Procedure

         • The Company has formulated a clear work flow and standard operating procedure for V-CIP and ensures adherence to it. The V-CIP process shall be operated only by officials of the Company specially trained for this purpose. The Company staff is capable of carrying out liveliness check and detect any other fraudulent manipulation or suspicious conduct of the customer and act upon it.
         • Disruption of any sort including pausing of video, reconnecting calls, etc., should not result in creation of multiple video files. If pause or disruption does not lead to the creation of multiple files, then there is no need to initiate a fresh session by the Entity. However, in case of call drop / disconnection, fresh session shall be initiated.
         • The official of the Company shall ensure that the sequence and/or type of questions including those indicating liveness of the interaction, during video interactions are varied in order to establish that the interactions are real-time and not pre-recorded.
         • Any prompting, observed at end of customer shall lead to rejection of the account opening process.
         • The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the name appearing in some negative list should be factored in at appropriate stage of work flow.

         • The authorise official of the Company performing the V-CIP shall record audio – video as well as capture photograph of the customer present for identification and obtain the identification information using any one of the following:

           • OTP based Aadhar e-KYC authentication.
           • Offline Verification of Aadhaar for identification.
           • KYC records downloaded from CKYCR, using the KYC identifier provided by the customer.
           • Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through Digilocker

           The Company shall ensure to redact or blackout the Aadhaar number.

           In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or Quick Response (‘QR’) code generation date is not older than three working days from the date of carrying out V-CIP.

           Further, in line with the prescribed period of three days for usage of Aadhaar Extensible Markup Language (‘XML’) file / Aadhaar QR code, the Company will ensure that the video process of the V-CIP is undertaken within three working days of downloading / obtaining the identification information through CKYCR / Aadhaar authentication / equivalent e-document, if in the rare cases, the entire process cannot be completed at one go or seamlessly. The Company will ensure that no incremental risk is added due to this.

         • If the address of the customer is different from that indicated in the OVD, suitable records of the current address shall be captured, as per the existing requirement. It shall be ensured that the economic and financial profile/information submitted by the customer is also confirmed from the customer undertaking the V-CIP in a suitable manner.
         • The Company shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority (NDSL) including through Digilocker.
         • Use of printed copy of equivalent e-document including e-PAN is not valid for the V- CIP.
         • The authorised official of the Company shall ensure that photograph of the customer in the Aadhaar/OVD and PAN/e-PAN details matches with the customer undertaking the V- CIP and the identification details in Aadhaar/OVD and PAN/e-PAN shall match with the details provided by the customer.
         • All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of the process and its acceptability of the outcome.
         • All matters not specified under the paragraph but required under other statutes such as the Information Technology (IT) Act shall be appropriately complied with by Company.

       • V-CIP Records and Data Management :

         • The entire data and recordings of V-CIP will be stored in a system / system located in India. The Company will ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp that affords easy historical data search. The extant instructions on record management, as stipulated in this Master Direction, shall also be applicable for V-CIP.
         • The activity log along with the credentials of the official performing the V-CIP shall be preserved.

   • CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR)

     • Government of India has Authorised the Central Registry of Securitisation Asset reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette notification No. S.O 3183 (E) date November 26, 2015.
     • In terms of provision of Rule 9(1A) of PML Rules, the Company shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer.
     • The Company shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as per the KYC templates prepared for ‘Individuals’ and ‘Legal Entities’ (LEs), as the case may be. The templates may be revised from time to time, as may be required and released by CERSAI.
     • The Company was required to start uploading the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017, with CKYCR as prescribed.
     • The Company shall upload KYC records pertaining to accounts of Legal Entities (‘Les’) opened on or after April 1, 2021, with CKYCR in terms of the provisions of the PML Rules. The KYC records have to be uploaded as per the LE Template released by CERSAI.
     • Once KYC Identifier is generated by CKYCR, the Company shall ensure that the same is communicated to the individual/LE as the case may be.
     • In order to ensure that all KYC records are incrementally uploaded on to CKYCR, the Company shall upload/update the KYC data pertaining to accounts of individual customers and LEs opened prior to the above-mentioned dates at the time of periodic updation as specified in this Policy, or earlier, when the updated KYC information is obtained/received from the customer.
     • The Company shall ensure that during periodic updation, the customers are migrated to the current CDD standard.

     • Where a customer for the purpose of establishing an account-based relationship, submits a KYC identifier to Company, with an explicit consent to download records from CKYCR, then the Company shall retrieve the KYC records online from the CKYCR using the KYC identifier and the customer shall not be required to submit the same KYC records or information or any other additional identification documents or details, unless –

       • There is change in KYC information of the customers as existing in the records of CKYCR.
       • The current address of the customer is required to be verified.
       • The Company considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.
       • the validity period of documents downloaded from CKYCR has lapsed.

   • Digital KYC Process

     • The Company shall develop an application for digital KYC process which shall be made available at customer touch points for undertaking KYC of the customers and the KYC process shall be undertaken only through this authenticated application of the Company.
     • The access of the Application shall be controlled by the Company, and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login-id and password, or Live OTP or Time OTP controlled mechanism given by the Company to its authorized officials.
     • The customer, for the purpose of KYC, shall visit the location of the authorized official of the Company or vice-versa. The original OVD shall be in possession of the customer.
     • The Company must ensure that the Live photograph of the customer is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the Company shall put a water-mark in readable form having Customer Acceptance Form (‘CAF’) number, Global Positioning System (‘GPS’) coordinates, authorized official’s name, unique employee Code (assigned by REs) and Date (DD:MM:YYYY) and time stamp (HH:MM:SS) on the captured live photograph of the customer.
     • The Application of the Companycshall have the feature that only live photograph of the customer is captured and no printed or video-graphed photograph of the customer is captured. The background behind the customer while capturing live photograph should be of white colour and no other person shall come into the frame while capturing the live photograph of the customer.
     • Similarly, the live photograph of the original OVD or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall be captured vertically from above and water-marking in readable form as mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph of the original documents.
     • The live photograph of the customer and his original documents shall be captured in proper light so that they are clearly readable and identifiable.
     • Thereafter, all the entries in the CAF shall be filled as per the documents and information furnished by the customer. In those documents where Quick Response (QR) code is available, such details can be auto populated by scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e- Aadhaar downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be auto-populated by scanning the QR available on Aadhaar/e-Aadhaar.
     • Once the above mentioned process is completed, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number. Upon successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officers registered with the RE shall not be used for customer signature. The Company must check that the mobile number used in customer signature shall not be the mobile number of the authorized officer.
     • The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will be sent to his mobile number registered with the Company. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.
     • Subsequent to all these activities, the Application shall give information about the completion of the process and submission of activation request to activation officer of the Company, and also generate the transaction-id/reference-id number of the process. The authorized officer shall intimate the details regarding transaction-id/reference-id number to customer for future reference.
     • The authorized officer of the RE shall check and verify that:- (i) information available in the picture of document is matching with the information entered by authorized officer in CAF. (ii) live photograph of the customer matches with the photo available in the document.; and (iii) all of the necessary details in CAF including mandatory field are filled properly.
     • On Successful verification, the CAF shall be digitally signed by authorized officer of the RE who will take a print of CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.

   • On-Going Due Diligence

     • The Company shall undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, their business and risk profile, the source of funds/wealth.

     • Without prejudice to the generality of factors that call for close monitoring following types of transactions shall necessarily be monitored:

       • Large and complex transactions including Real Time Gross Settlement (‘RTGS’) transactions, and those with unusual patterns, inconsistent with the normal and expected activity of the customer, which have no apparent economic rationale or legitimate purpose.
       • Transactions which exceed the thresholds prescribed for specific categories of accounts.
     • The extent of monitoring shall be aligned with the risk category of the customer.

     • Periodic review of risk categorization of account will be carried out at least once in six months.

       For ongoing due diligence, the Company may consider adopting appropriate innovations including artificial intelligence and machine learning (AI & ML) technologies to support effective monitoring.

   • Enhance Due Diligence

     Enhance Due diligence (non-face to face customer onboarding)

     Non-face-to-face onboarding facilitates the Entities to establish relationship with the customer without meeting the customer physically or through V-CIP.

     Non-face-to-face modes includes use of digital channels such as CKYCR, Digi Locker, equivalent e-document, etc., and non-digital modes such as obtaining copy of OVD certified by additional certifying authorities as allowed for NRIs and PIOs.

     Following EDD measures shall be undertaken by entities for non-face-to-face customer onboarding (other than Aadhaar OTP based customer onboarding):

     • The Company shall ensure that any and all transactions shall be permitted only from the mobile number used for account opening. The Company shall not link alternate mobile numbers of Customers post CDD for transaction OTP, transaction updates, etc. Any request for a change to the mobile number has to be carried out in accordance with the process mentioned under sub- paragraph 2 below.
     • All requests for change of registered mobile number or updation of any documents shall only be carried out upon taking explicit consent of the Customer along-with PAN number of such Customer. All such requests shall only be entertained upon verification of the PAN number of the customer and no requests for re-change in mobile numbers shall be entertained within 24 (twenty-four) hours of receipt or the request or processing of the previous request.
     • In addition to obtaining the current address proof of the Customer through the digital channels mentioned above (viz. CKYCR, DigiLocker, equivalent e-document, etc.), the Company shall verify the current address through positive confirmation, as mentioned in para 8.3 hereinabove.
     • The Company shall obtain PAN from the Customers and shall verify such PAN from the verification facility of NSDL.
     • The Company is required to disburse the loan amount to the customer’s verified bank account, following confirmation through a penny drop by the bank.
     • The Company shall ensure that Customer(s) onboarded through non-face-to-face process i.e. digital channels mentioned above (viz. CKYCR, DigiLocker, equivalent e-document, etc.), shall be categorized as high-risk and such Customer’s account shall be subjected to enhanced monitoring until the identity of the Customer is verified through face-to-face manner either physically or V-CIP.
     • The Company shall apply enhanced due diligence measures, which are effective and proportionate to the risks, to business relationships and transactions with natural and legal persons (including financial institutions) from countries specified by the FATF.

     Accounts of Politically Exposed Persons (PEPs)

     The Company may establish account-based relationship with PEPs (whether as customer or beneficial owner) provided that, apart from performing normal customer due diligence:

     • The Company have in place appropriate risk management systems to determine whether the customer or beneficial owner is a PEP.
     • Reasonable measures are taken by the Company for establishing the source of funds/wealth.
     • For any lending/business relationship with PEP, formal approval at senior level (Head of Credit/ Head of Credit Risk) will be taken and the account will be closely monitored on an on-going basis.
     • In the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP; approval from Senior Management will be obtained to continue the business relationship.
     • All PEP accounts would be classified as High Risk accounts and will be subject to enhanced monitoring on-going basis.

     These instructions shall also be applicable to family members or close associates of PEPs.

     Explanation: For the purpose of this Section, “Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials.

   • The Company to ensure that a group-wide policy is implemented for the purpose of discharging obligations under the provisions of Chapter IV of the PMLA Act, 2002.

7. MONITORING OF TRANSACTIONS

   • In terms of the Rules, the Company is required to report information relating to cash and suspicious transactions electronically to FIU India. The Company needs to comply with such reporting requirement by utilising the formats stipulated in the Master Directions and as prescribed by FIU-IND.
   • The Cash Transaction Report (CTR) (for cash transactions and integrally connected cash transactions, transactions involving receipts by non-profit organizations, cash transactions where forged or counterfeit currency notes or bank notes have been used and cross border wire transfers, every month, as referred to in clauses (A), (B), (BA), (C) and (E) of sub-rule (1) of rule 3 of the PML Rules) for each month shall be submitted to FIU-IND by 15th day of the succeeding month.

   • The Suspicious Transaction Report (STR) shall be submitted within 7 working days of arriving at a conclusion that any transaction, whether cash or non-cash, or a series of transactions integrally connected are of suspicious nature.

     In this regard, the Principal Officer shall record his reasons for treating any transaction or a series of transactions as suspicious. It should be ensured that there is no undue delay in arriving at such a conclusion.

   • The Company shall keep in mind that any delay in furnishing of information would result into a violation of the requirement stipulated in the Rules.

     The Principal Officer will be responsible for timely submission of STR to FIU-IND. No Nil reporting needs to be made to FIU-IND in case there are no cash/suspicious transactions to be reported.

   • Details of accounts resembling any of the individuals / entities in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC) shall be reported to FIU-IND apart from advising Ministry of Home Affairs as required under Unlawful Activities Prevention Act, 1967 (‘UAPA’) notification dated February 2, 2021.The Principal Officer will be responsible for timely submission of STR to FIU-IND. No Nil reporting needs to be made to FIU-IND in case there are no cash/suspicious transactions to be reported.

   • The Company shall not put any restrictions on operations in the accounts merely based on the STR filed.

     The Company, its Directors, Officers, and all employees shall ensure that the fact of maintenance of records referred to in rule 3 of the PML (Maintenance of Records) Rules, 2005 and furnishing of the information to the director is confidential and its Directors, Officers and employees (permanent and temporary) will be prohibited from disclosing (‘tipping off’) the fact that an STR or related information is being reported or provided to the FIU- IND. However, such confidentiality requirement shall not inhibit sharing of information under section 4(b) of Master Direction of any analysis of transactions and activities which appear unusual, if any such analysis has been done.

     This prohibition on tipping off extends not only to the filing of the STR and/or related information but even before, during and after the submission of an STR. Thus, it shall be the duty of all employees involved to ensure that there is no tipping off to the customer at any level.

8. RISK MANAGEMENT

   For Risk Management, the Company shall have a risk based approach which includes the following.

   • Customers shall be categorised as low, medium, and high risk category, based on the assessment and risk perception of the RE.
   • Broad principals may be laid down by the Company for risk-categorisation of customers.
   • The Company shall undertake the risk categorisation at borrowers level and the same shall be based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the customer’s business and their location, geographical risk covering customer as well as transactions, type of products/ services offered, delivery channel used for delivery of products/ services, types of transactions undertaken – cash, cheque/ monetary instruments, wire transfers, forex transactions etc. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.

   The nature and extent of due diligence will depend on the risk perceived by Company. However, while preparing customer profile, the Company should take care to seek only such information from the customer which is relevant to the risk category and is not intrusive and is in conformity with the guidelines issued by RBI in this regard. Any other information from the customer will be sought separately with his/her consent.

   Customer Risk in this context refers to the money laundering and terrorist financing risk associated with a particular customer from the Company’s perspective. This risk categorisation is based on AML/KYC risk perceptions associated with customer profile and not the level of credit risk.

   The risk categorisation of a customer and the specific reasons for such categorisation shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer.

   The various other information collected from Customers relating to the perceived risk, is non-intrusive.

   Explanation: FATF Public Statement, the reports and guidance notes on KYC/AML issued by the Indian Banks Association (IBA), guidance note circulated to all cooperative banks by the RBI etc., may also be used in risk assessment.

   AML AND CFT RISK ASSESSMENT FRAMEWORK

   The Company shall carry out a ‘Money Laundering’ (ML) and ‘Terrorist Financing’ (TF) Risk Assessment for mitigation of AML risk at least annually covering the following aspects:

   • Identification and assessment of money laundering and terrorist financing risks and take effective measures to mitigate those risks for clients, countries or geographic areas, products, services, transactions, or delivery channels, etc.

     The assessment process should consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, the Company shall take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the Company from time to time.

   • The Company shall properly document the outcome of the risk assessment exercise conducted and proportionate to the nature, size, geographical presence, complexity of activities/structure, etc. of the Company. **
   • The placement of such results before the Board or relevant sub-committee of the Board to which power in this regard has been delegated and should be available to competent Authorities and self-regulating bodies.
   • The Company shall apply a risk based approach (RBA) for mitigation and management of risks (identified on their own or through national risk assessment) and should have Board approved policies, controls and procedures in this regard. The Company shall implement a CDD programme, having regard to the ML/TF risks identified and the size of business. Further, the Company shall monitor the implementation of controls and enhance them if necessary.

9. UPDATION/ PERIODIC UPDATION Of KYC

   The Company will adopt a risk-based approach with respect to periodic updation of KYC ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where there is high risk. The Company shall undertake Periodic Updation at least once every two years for high-risk customers, once every eight years for medium risk customers and once every ten years for low-risk customers subject to the following conditions:

   • Individual Customers:

     • No change in KYC information: In case of no change in the KYC information, a self- declaration from the customer in this regard shall be obtained through customer’s email id registered with the Company, customer’s mobile number registered with the Company, digital channels (such as mobile/web-based application of COMPANY), letter etc.
     • Change in address: In case of a change only in the address details of the customer, a self- declaration of the new address shall be obtained from the customer through customer’s email-id registered with the Company, customer’s mobile number registered with the Company, digital channels (such as mobile/ web-based application of Company), letter etc., and the declared address shall be verified through positive confirmation within two months, by means such as address verification letter, contact point verification, deliverables etc. Further, the Company shall obtain a copy of OVD or deemed OVD or the equivalent e-documents thereof, for the purpose of proof of address, declared by the customer at the time of periodic updation.

   • Customers other than individuals:

     • No change in KYC information: In case of no change in the KYC information of the LE customer, a self-declaration in this regard shall be obtained from the LE customer through its email id registered with the Company, digital channels (such as mobile/ web-based application of Company), letter from an official authorized by the LE in this regard, board resolution etc. Further, the Company shall ensure during this process that Beneficial Ownership (BO) information available with Company is accurate and shall update the same, if required, to keep it as up-to- date as possible.
     • Change in KYC information: In case of change in KYC information, the Company shall undertake the KYC process equivalent to that applicable for onboarding a new LE customer.

   • Additional measures: In addition to the above, the Company shall ensure that –

     • The KYC documents of the customer as per the current CDD standards are available. This is applicable even if there is no change in customer information but the documents available with Company are not as per the current CDD standards. Further, in case the validity of the CDD documents available with Company has expired at the time of periodic updation of KYC, the Company shall undertake the KYC process equivalent to that applicable for on-boarding a new customer.
     • Customer’s PAN details, if available with the Company, is verified from the database of the issuing authority at the time of periodic updation of KYC.
     • An acknowledgment is provided to the customer mentioning the date of receipt of the relevant document(s), including self-declaration from the customer, for carrying out periodic updation. Further, it shall be ensured that the information / documents obtained from the customers at the time of periodic updation of KYC are promptly updated in the records / database of the Company and an intimation, mentioning the date of updation of KYC details, is provided to the customer.
     • In order to ensure customer convenience, the Company may consider making available the facility of periodic updation of KYC at any branch, in terms of our internal KYC policy duly approved by the Board of Directors or any committee of the Board to which power has been delegated.
     • The Company will adopt a risk-based approach with respect to periodic updation of KYC. Any additional and exceptional measures, which otherwise are not mandated under the regulatory guidelines may be , adopted by the Company which shall be clearly specified in this internal KYC policy duly approved by the Board of Directors.
   • The Company shall advise the customers that in case of any update in the documents submitted by the customer at the time of establishment of business relationship / account-based relationship and thereafter, as necessary; customers shall submit the update documents within 30 days of the update to the documents for the purpose of updating the records at the Company’s end.

   • Existing Customers:

     • In case of existing customers, the Company will obtain the Permanent Account Number or equivalent e-document thereof or Form No.60, by such date as may be notified by the Central Government, failing which the Company can temporarily cease operations in the account till the time the Permanent Account Number or equivalent e-documents thereof or Form No. 60 is submitted by the customer.

       Provided that before temporarily ceasing operations for an account, the Company will give the customer an accessible notice and a reasonable opportunity to be heard. Further, the Company will also incorporate an appropriate relaxation(s) for continued operation of accounts for customers who are unable to provide Permanent Account Number or equivalent e- document thereof or Form No. 60 owing to injury, illness, or infirmity on account of old age or otherwise, and such like causes. Such accounts would however, be subject to enhanced monitoring.

       Provided further that if a customer having an existing account-based relationship with the Company and gives in writing that he does not want to submit his Permanent Account Number or equivalent e-document thereof or Form No.60, the Company will close the account and all obligations due in relation to the account shall be appropriately settled after establishing the identity of the customer by obtaining the identification documents as applicable to the customer.

       Note – For the purpose of this Section, “temporary ceasing of operations shall mean the following: In case of asset accounts such as loan accounts, for the purpose of ceasing the operation in the account, only credits shall be allowed.

10. EMPLOYEE’S HIRING & TRAINING

    • Hiring of Employees

      The Company shall ensure adequate screening mechanism, including Know Your Employee / Staff policy, as an integral part of their personnel recruitment/hiring process.

      The Company shall ensure that the staff dealing with / being deployed for KYC/AML/CFT matters have, high integrity and ethical standards, good understanding of extant KYC/AML/CFT standards, effective communication skills and ability to keep up with the changing KYC/AML/CFT landscape, nationally and internationally. The Company shall also strive to develop an environment which fosters open communication and high integrity amongst the staff.

      Any inefficient or suspicious behavior of employees shall be dealt with suitably. It shall be ensured that there is no tipping off to the customer at any level.

    • Employees’ Training

      The Company shall have an ongoing employee training program so that the members of the Company are adequately trained in KYC/AML /CFT procedures and fully understand the rationale behind the KYC/AML policies and implement them consistently.

      All necessary circulars, guidelines, notifications issued by the RBI or government authority in connection with KYC / AML /CFT procedures will be communicated to all relevant members of the Company by the compliance officer. Relevant members of the Company shall include frontline staff, back-office staff, senior staff, risk management staff and staff dealing with new clients.

      The training shall include all frontline staff, operations staff and staff dealing with new customers. The front desk staff shall be specially trained to handle issues arising from lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in KYC/ AML/CFT policy of the Company, regulation and related issues shall be ensured by the Compliance Officer.

11. CUSTOMER EDUCATION

    The implementation of KYC procedures requires the Company to demand certain information from customers, which may be of personal nature, or which has hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information.

    The Company’s front line staff will therefore personally discuss this with customers and if required, the Company may also prepare specific literature/ pamphlets, etc. to educate the customer on the objectives of the KYC program.

12. INTRODUCTION OF NEW TECHNOLOGIES

    The Company shall identify and assess the ML/TF risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products.

    The Company shall also ensure,

    • to undertake the ML/TF risk assessments prior to the launch or use of such products, practices, services, technologies; and
    • adoption of a risk-based approach to manage and mitigate the risks through appropriate EDD measures and transaction monitoring, etc.

13. RECORD MANAGEMENT

    The following steps shall be taken regarding maintenance, preservation and reporting of customer information, with reference to provisions of PML Act and Rules.

    • maintain all necessary records of transactions between the Company and the customer, both domestic and international, for at least five years from the date of transaction;

    • maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:

      • the nature of the transactions.
      • the amount of the transaction and the currency in which it was denominated.
      • the date on which the transaction was conducted; and
      • the parties to the transaction.
    • preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended;
    • make available swiftly, the identification records and transaction data to the competent authorities upon request;
    • introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
    • evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities.
    • The records of identity and address of their customer, and records in respect of transactions referred to in Rule 3 shall be maintained in hard or soft copy.

    Explanation. – For the purpose of this Section, the expressions “records pertaining to the identification”, “identification records,” etc., shall include updated records of the identification data, account files, business correspondence and results of any analysis undertaken.

    13A. The Company shall ensure that in case of customers who are non-profit organisations, the details of such customers are registered on the DARPAN Portal of NITI Aayog. If the same are not registered, the Company shall register the details on the DARPAN Portal and also maintain such registration records for a period of five years after the business relationship between the customer and Company has ended or the account has been closed, whichever is later.

14. INTERNAL CONTROL SYSTEM

    • The Company’s internal audit and compliance functions have an important role in evaluating and ensuring adherence to the KYC & AML policy and procedures. The compliance function under the guidance of Compliance Head / officer will provide an independent evaluation of the Company’s policy and procedure, including legal and regulatory requirements.
    • The Company will ensure that its audit function is staffed adequately with individuals who are well-versed in such policies and procedures or hire the services of a reputed Company engaged in providing quality services in the said field.
    • Internal Auditors will specifically check and verify the application of KYC procedures and comment on the lapses observed in this regard. The compliance in this regard will be put up before the Audit Committee of the Board at quarterly intervals. Any gaps identified by the auditors need to be rectified under the supervision of the Business head or Compliance Head / officer.

15. POLICY REVIEW AND UPDATION

    The RMC /Board shall review this Policy annually or on a need-basis i.e. in the event of change in regulatory framework or for business or operational need (whichever is earlier). Such updates / changes to the Policy will be communicated to the relevant staff /personnel (both in-house or outsourced) and relevant stakeholders across the Company.

16. CONFIDENTIALITY AND SHARING OF INFORMATION

    • The Company officials shall maintain confidentiality of information as provided in Section 45NB of RBI Act 1934.
    • The Company shall maintain secrecy regarding the customer information which arises out of the contractual relationship between the Company and the Customer.
    • Information collected from customers for the purpose of opening of accounts shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling or any other purpose without the express permission of the customer.
    • While considering the request for data/information from Government and other agencies, the Company shall satisfy themselves that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the transactions.

    • The exceptions to the said rule shall be as under:

      • Where disclosure is under compulsion of law;
      • Where there is a duty to the public to disclose;
      • The interest of Company required disclosure;
      • Where the disclosure is made with the express or implied consent of the customer.

17. OSV (Original Seen and Verified) NORMS

    All documents provided by the customer (for applicant/co-applicant/guarantor) should be sighted in original and verified by the “Authorised Offcial” of the Company who is authorized to do OSV and signed with OSV remarks. OSV shall be mandatory for all the KYC documents and documents for which original can be produced for verification.

    The Empanelment Agreement with Agencies must cover the following provisions going forward:

    • The Company is authorizing agencies and its employees to do OSV on behalf of the Company.
    • Declaration from Agencies on its behalf and its employees that they will do OSV only post seeing the originals of the documents submitted by the customer for loan appraisal. In case of any discrepancy of fraud, the Agencies will be held responsible for it. The Company will take penal action which may include warning/monetary penalty/ termination of the services from the Agencies. Penal action will depend upon the Companies perception of severity of the discrepancy or fraud.

18. OMNIBUS CLAUSE

    All extant & future Master Circulars/Directions/Guidelines/Guidance Notes issued by Reserve Bank of India (RBI) from time to time would be the directing force for the KYC Policy of the Company and will super cede the contents of this KYC Policy.

For Si Creva Capital Services Private Limited